troubleshooting Question

Troubleshoot mediawiki <-> ActiveDirectory authentication

Avatar of hostarica
hostarica asked on
Active DirectoryPHPWeb ServersSSL / HTTPS
1 Comment1 Solution532 ViewsLast Modified:
Hello,

I'm trying to configure a fresh install of Mediawiki 1.26  to authenticate users from an Active Directory server but it simply refuses to allow this software to work properly. I know the AD server works fine as I also configured an instance of Racktables against it with no problems.
Below is the current configs added to /var/www/html/LocalSettings.php:

require_once( "$IP/extensions/LdapAuthentication/LdapAuthentication.php" );
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDomainNames = array( "domain.local" );
$wgLDAPServerNames = array( "domain.local" => "dcmaster.domain.local" );

$wgLDAPSearchStrings = array( "domain.local" => "domain.local\\USER-NAME" );
#$wgLDAPEncryptionType = array( "domain.local" => "tls" );
$wgLDAPUseSSL = false;
$wgLDAPUseTLS = false;
$wgLDAPUseLocal = false;
$wgMinimalPasswordLength = 1;

$wgLDAPBaseDNs = array( "domain.local" => "dc=domain,dc=local" );
# Example: If your domain is mydomain.internet.ca then you want to put in "dc=mydomain,dc=internet,dc=ca".

$wgLDAPSearchAttributes = array( "domain.local" => "sAMAccountName" );
$wgLDAPRetrievePrefs = array( "domain.local" => "true" );

$wgLDAPPreferences = array('domain.local' => array( 'email' => 'mail','realname' => 'displayname'));
# This will automatically map the users e-mail address and full name from Active Directory to their account in MediaWiki

Open in new window


However, Access is not granted and I can't seem to find any logfiles either on the mediawiki server or on the AD server.
While trying to sniff the connection packets I found the following info:

[root@wiki ~]# tshark  -ni any '(host 172.16.100.10)'
<deleted lines>
5 0.001356667 172.16.100.10 -> 172.16.100.20 LDAP 199 extendedResp(1) (00000000: LdapErr: DSID-0C090FAA, comment: [b]Error initializing SSL/TLS, data 0, v2580) LDAP_START_TLS_OID[/b]

Open in new window


As far as I know SSL/TLS should be disabled, however it still shows as if trying to authenticate.
I have reached a wall with this since my google-fu skills seem to show nothing similar.
Has anyone had any experience on this?
ASKER CERTIFIED SOLUTION
Brian Murphy
Senior Information Technology Consultant
Log in to continue reading
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform for $9.99/mo
View membership options
Unlock 1 Answer and 1 Comment.
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
The Value of Experts Exchange in My Daily IT Life

Experts Exchange (EE) has become my company's go-to resource to get answers. I've used EE to make decisions, solve problems and even save customers. OutagesIO has been a challenging project and... Keep reading >>

Mike

Owner of Outages.IO
Phoenix, Arizona, United States
Member Since 2016
Join a full scale community that combines the best parts of other tools into one platform.
Unlock 1 Answer and 1 Comment.
View membership options
“All of life is about relationships, and EE has made a virtual community a real community. It lifts everyone's boat.”
William Peck

Member since 2004