小贝子编程

MediaWiki无法使LDAP身份验证工作



我的想法快用完了。我无法在我的网络上进行LDAP身份验证,我有一台本地机器(带mediawiki的Linux Ubuntu 14)

Domain Name - XXXX
Domain Controllers - OBI1.XXXX.local cg-p-dc-04.XXXX.local cg-p-dc-05.XXXX.local

这是我的LocalSettings.php

require_once "$IP/extensions/LdapAuthentication/LdapAuthentication.php";
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDomainNames = array( "XXXX" );
$wgLDAPServerNames = array( "XXXX" => "cg-p-dc-05.XXXX.local" );
$wgLDAPProxyAgent = array("XXXX" => "cn=serviceaccount,dc=XXXX,dc=local");
$wgLDAPProxyAgentPassword = array("XXXX"=> "XXXX01");
$wgLDAPSearchStrings = array( "XXXX" => "XXXX\USER-NAME" );
$wgLDAPEncryptionType = array( "XXXX" => "clear" );
$wgLDAPUseLocal = false;
$wgMinimalPasswordLength = 1;
$wgLDAPBaseDNs = array( "XXXX" => "dc=XXXX,dc=local" );
$wgLDAPSearchAttributes = array( "XXXX" => "sAMAccountName" );
$wgLDAPRetrievePrefs = array( "XXXX" => "true" );
$wgLDAPPreferences = array('XXXX' => array( 'email' => 'mail','realname' => 'displayname'));
$wgLDAPDebug = 3; //for debugging LDAP
$wgShowExceptionDetails = true; //for debugging MediaWiki
$wgDebugLogGroups['ldap'] = '/var/www/html/XXXXwiki/wiki.log';
error_reporting( -1 );
ini_set( 'display_errors', 1 );

这是我的日志摘录

2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering validDomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 User is not using a valid domain ().
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 No domain found, returning invaliddomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 Setting domain as: invaliddomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering allowPasswordChange
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 No domain found, returning invaliddomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 No domain found, returning invaliddomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering modifyUITemplate
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 No domain found, returning invaliddomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 No domain found, returning invaliddomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 No domain found, returning invaliddomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering validDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 User is using a valid domain (XXXX).
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Setting domain as: XXXX
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getCanonicalName
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Username is: username
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Munged username: username
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering authenticate for username username
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering Connect
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Can't set option to LDAP! Option code and value: 0=2
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Can't set option to LDAP! Option code and value: 1=0
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 PHP's LDAP connect method returned true (note, this does not imply it connected to the server).
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getSearchString
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Doing a straight bind
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Binding as the user
2015-04-30 10:14:12 cg-p-ops-01v wikidb-wiki_: 2.1.0 Failed to bind as uid=username,ou=people,dc=LDAP,dc=XXXX,dc=local
2015-04-30 10:14:12 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering strict.
2015-04-30 10:14:12 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:14:12 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:14:12 cg-p-ops-01v wikidb-wiki_: 2.1.0 Returning true in strict().
2015-04-30 10:14:12 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering allowPasswordChange
2015-04-30 10:14:12 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:14:12 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:14:12 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:14:12 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.

无论我尝试什么样的设置,我仍然会得到Incorrect password entered. Please try again.

我在Mediawiki支持上问了这个问题,但没有得到任何反馈

heiglandreas是对的,因为您正在使用AD(假设是因为您在寻找sAMAccountName),所以需要首先绑定扩展。

因此,您应该添加以下指令:

$wgLDAPProxyAgent = array('XXXXX' => 'cn=someone,dc=XXXX,dc=local');
$wgLDAPProxyAgentPassword = array('XXXX' => 'password');

显然,cn=someone,dc=XXXX,dc=local和密码应该更改,以反映AD中的真实凭据。

我已经设法解决了这个问题。似乎我的linux盒子不喜欢域控制器的主机名,我不得不恢复使用这些机器的IP地址才能工作。

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium