This question about Using an extension: Answered

LDAP Authentication: Empty Cache but no error Messages. How do I register a User for LDAP manually?

Hi all,

I'm loosing my mind on this. I installed FosWiki on a newly installed Debian Wheezy using the Debian Packages. Afterwards I installed LDAPContrib in Order to make it easier for my users to log in. Unfortunately I am not able to log in using an AD user. In fact I got the feeling that there is some important part missing. I understand that the users are not created automatically (unless you use the newUser Plugin which I don't). So how do I set up a user that can be verified through LDAP? Every Time I open the register form I get these fields:
  • Your name as displayed online. Note, this must be a unique Wiki name. By default it is derived from your first and last name.

  • Your email address will be kept confidential.

So where does the linking to the AD account happen? Where should I put the samAccountName? I tried the Mail Address but it didn't work. Every login attempt was denied with "Oops: we could not recognize you."

Here is what I already tried:

  • Deleted the cache.db file in the work folder.
  • Rebooted several times.

However I was not able to figure out what I was doing wrong. Here is my LocalSite.cfg:

$Foswiki::cfg{UserMappingManager} = 'Foswiki::Users::LdapUserMapping';
$Foswiki::cfg{PasswordManager} = 'Foswiki::Users::LdapPasswdUser';
$Foswiki::cfg{MinPasswordLength} = 7;
$Foswiki::cfg{Htpasswd}{FileName} = '$Foswiki::cfg{DataDir}/.htpasswd';
$Foswiki::cfg{Htpasswd}{Encoding} = 'apache-md5';

$Foswiki::cfg{Ldap}{PersonDataForm} = 'UserForm';
$Foswiki::cfg{Ldap}{PersonAttribures} = {
'c' => 'Country',
'company' => 'OrganisationName',
'department' => 'Department',
'division' => 'Division',
'facsimileTelephoneNumber' => 'Telefax',
'givenName' => 'FirstName',
'l' => 'Location',
'mail' => 'Email',
'manager' => 'Manager',
'mobile' => 'Mobile',
'physicalDeliveryOfficeName' => 'Address',
'postalAddress' => 'Address',
'sAMAccountName' => 'LoginName',
'sn' => 'LastName',
'streetAddress' => 'Address',
'telephoneNumber' => 'Telephone',
'title' => 'Title',
'uid' => 'LoginName'
};
$Foswiki::cfg{Ldap}{IndexEmails} = 1;
$Foswiki::cfg{Ldap}{PreferLocalSettings} = 1;
$Foswiki::cfg{Ldap}{DefaultCacheExpire} = '';
$Foswiki::cfg{Ldap}{IgnoreViewRightsInSearch} = 0;
$Foswiki::cfg{Ldap}{Host} = 'srv-win-dc01.mydomain.com';
$Foswiki::cfg{Ldap}{Port} = 389;
$Foswiki::cfg{Ldap}{IPv6} = 0;
$Foswiki::cfg{Ldap}{Version} = '3';
$Foswiki::cfg{Ldap}{Base} = 'DC=mydomain,DC=com';
$Foswiki::cfg{Ldap}{BindDN} = 'CN=AD_Reader,OU=ServiceAccounts,OU=Users,OU=mydomain,DC=mydomain,DC=com';
$Foswiki::cfg{Ldap}{BindPassword} = 'AD_Reader';
$Foswiki::cfg{Ldap}{CharSet} = 'utf-8';
$Foswiki::cfg{Ldap}{UseSASL} = 0;
$Foswiki::cfg{Ldap}{SASLMechanism} = 'PLAIN CRAM-MD5 EXTERNAL ANONYMOUS';
$Foswiki::cfg{Ldap}{UseTLS} = 0;
$Foswiki::cfg{Ldap}{TLSSSLVersion} = 'tlsv1';
$Foswiki::cfg{Ldap}{TLSVerify} = 'require';
$Foswiki::cfg{Ldap}{TLSCAPath} = '';
$Foswiki::cfg{Ldap}{TLSCAFile} = '';
$Foswiki::cfg{Ldap}{TLSClientCert} = '';
$Foswiki::cfg{Ldap}{TLSClientKey} = '';
$Foswiki::cfg{Ldap}{Debug} = 1;
$Foswiki::cfg{Ldap}{UserBase} = [
'OU=IT,OU=DE-Bad Camberg,OU=Employees,OU=Users,OU=mydomain,DC=mydomain,DC=com'
];
$Foswiki::cfg{Ldap}{LoginFilter} = 'objectClass=posixAccount';
$Foswiki::cfg{Ldap}{UserScope} = 'sub';
$Foswiki::cfg{Ldap}{LoginAttribute} = 'uid';
$Foswiki::cfg{Ldap}{MailAttribute} = 'mail';
$Foswiki::cfg{Ldap}{WikiNameAttributes} = 'cn';
$Foswiki::cfg{Ldap}{NormalizeWikiNames} = 1;
$Foswiki::cfg{Ldap}{NormalizeLoginNames} = 0;
$Foswiki::cfg{Ldap}{CaseSensitiveLogin} = 0;
$Foswiki::cfg{Ldap}{WikiNameAliases} = '';
$Foswiki::cfg{Ldap}{RewriteWikiNames} = {
'^(.*)@.*$' => '$1'
};
$Foswiki::cfg{Ldap}{AllowChangePassword} = 0;
$Foswiki::cfg{Ldap}{SecondaryPasswordManager} = 'Foswiki::Users::HtPasswdUser';
$Foswiki::cfg{Ldap}{GroupBase} = [
'OU=Security,OU=Groups,OU=mydomain,DC=mydomain,DC=com'
];
$Foswiki::cfg{Ldap}{GroupFilter} = 'objectClass=posixGroup';
$Foswiki::cfg{Ldap}{GroupScope} = 'sub';
$Foswiki::cfg{Ldap}{GroupAttribute} = 'cn';
$Foswiki::cfg{Ldap}{PrimaryGroupAttribute} = 'gidNumber';
$Foswiki::cfg{Ldap}{MemberAttribute} = 'memberUid';
$Foswiki::cfg{Ldap}{InnerGroupAttribute} = 'memberUid';
$Foswiki::cfg{Ldap}{MemberIndirection} = 0;
$Foswiki::cfg{Ldap}{WikiGroupsBackoff} = 1;
$Foswiki::cfg{Ldap}{NormalizeGroupNames} = 0;
$Foswiki::cfg{Ldap}{MapGroups} = 0;
$Foswiki::cfg{Ldap}{RewriteGroups} = {};
$Foswiki::cfg{Ldap}{MergeGroups} = 0;
$Foswiki::cfg{Ldap}{MaxCacheAge} = 86400;
$Foswiki::cfg{Ldap}{Precache} = 1;
$Foswiki::cfg{Ldap}{PageSize} = 500;
$Foswiki::cfg{Ldap}{Exclude} = 'WikiGuest, ProjectContributor, RegistrationAgent, UnknownUser, AdminGroup, NobodyGroup, AdminUser, admin, guest';

Maybe someone of you guy can help me with this. I really don't know where to look at next.

Thanks in advance

Daniel

-- GrofaIT - 10 May 2016

See got 0 keys in cache aka "nothing found". You current settings to search for keys don't match your Active Directory, i.e. LoginFilter and GroupFilter are still defaults that only make sense when using an OpenLDAP server.

You need to adjust the following settings for an AD:

  • LoginFilter: (&(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
  • LoginAttribute: sAMAccountName
  • WikiNameAttributes: cn
  • GroupFilter: objectClass=group
  • GroupAttribute: cn
  • MemberAttribute: member
  • MemberIndirection: true

Don't forget to enable {Register}[AllowLoginName}

Then restart your webserver. Go to System.LdapContrib and click on the refresh button.

From there on just log in using your sAMAccountName. Note that you do not have to register on the Foswiki site. The point of using LdapContrib is to avoid this in the first place. User accounts are maintained in AD, not in Foswiki.

-- MichaelDaum - 10 May 2016

Awesome. Non it works like a charm now. Thanks a lot you saved me. smile

-- GrofaIT - 11 May 2016
 

QuestionForm edit

Subject Using an extension
Extension LdapContrib
Version Foswiki 2.1.2
Status Answered
Related Topics
Topic revision: r3 - 11 May 2016, GrofaIT
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy