linux - MediaWiki 无法让 LDAP 身份验证工作

标签 linux ldap mediawiki

我的想法已经用完了。我无法让 LDAP 身份验证在我的网络上工作,我有一台本地机器(带有 mediawiki 的 Linux Ubuntu 14)

Domain Name - XXXX
Domain Controllers - OBI1.XXXX.local cg-p-dc-04.XXXX.local cg-p-dc-05.XXXX.local

这是我的 LocalSettings.php

require_once "$IP/extensions/LdapAuthentication/LdapAuthentication.php";
$wgAuth = new LdapAuthenticationPlugin();

$wgLDAPDomainNames = array( "XXXX" );
$wgLDAPServerNames = array( "XXXX" => "cg-p-dc-05.XXXX.local" );
$wgLDAPProxyAgent = array("XXXX" => "cn=serviceaccount,dc=XXXX,dc=local");
$wgLDAPProxyAgentPassword = array("XXXX"=> "XXXX01");
$wgLDAPSearchStrings = array( "XXXX" => "XXXX\\USER-NAME" );
$wgLDAPEncryptionType = array( "XXXX" => "clear" );
$wgLDAPUseLocal = false;
$wgMinimalPasswordLength = 1;
$wgLDAPBaseDNs = array( "XXXX" => "dc=XXXX,dc=local" );
$wgLDAPSearchAttributes = array( "XXXX" => "sAMAccountName" );
$wgLDAPRetrievePrefs = array( "XXXX" => "true" );
$wgLDAPPreferences = array('XXXX' => array( 'email' => 'mail','realname' => 'displayname'));
$wgLDAPDebug = 3; //for debugging LDAP
$wgShowExceptionDetails = true; //for debugging MediaWiki
$wgDebugLogGroups['ldap'] = '/var/www/html/XXXXwiki/wiki.log';
error_reporting( -1 );
ini_set( 'display_errors', 1 );

这是我的日志摘录

2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering validDomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 User is not using a valid domain ().
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 No domain found, returning invaliddomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 Setting domain as: invaliddomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering allowPasswordChange
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 No domain found, returning invaliddomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 No domain found, returning invaliddomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering modifyUITemplate
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 No domain found, returning invaliddomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 No domain found, returning invaliddomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 No domain found, returning invaliddomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering validDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 User is using a valid domain (XXXX).
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Setting domain as: XXXX
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getCanonicalName
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Username is: username
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Munged username: username
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering authenticate for username username
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering Connect
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Can't set option to LDAP! Option code and value: 0=2
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Can't set option to LDAP! Option code and value: 1=0
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 PHP's LDAP connect method returned true (note, this does not imply it connected to the server).
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getSearchString
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Doing a straight bind
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Binding as the user
2015-04-30 10:14:12 cg-p-ops-01v wikidb-wiki_: 2.1.0 Failed to bind as uid=username,ou=people,dc=LDAP,dc=XXXX,dc=local
2015-04-30 10:14:12 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering strict.
2015-04-30 10:14:12 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:14:12 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:14:12 cg-p-ops-01v wikidb-wiki_: 2.1.0 Returning true in strict().
2015-04-30 10:14:12 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering allowPasswordChange
2015-04-30 10:14:12 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:14:12 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:14:12 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:14:12 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.

无论我尝试何种设置,我仍然得到 输入的密码不正确。请重试。

我在 Mediawiki 支持上问过这个问题,但没有得到任何反馈

最佳答案

heiglandreas 是对的,因为您正在使用 AD(假设是因为您正在寻找 sAMAccountName),您需要先绑定(bind)扩展。

因此您应该添加以下指令:

$wgLDAPProxyAgent = array('XXXXX' => 'cn=someone,dc=XXXX,dc=local');
$wgLDAPProxyAgentPassword = array('XXXX' => 'password');

显然 cn=someone,dc=XXXX,dc=local 和密码应该更改以反射(reflect)您 AD 中的真实凭据。

关于linux - MediaWiki 无法让 LDAP 身份验证工作,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/29991866/

上一篇:c++ - 为什么在使用 boost::asio 为 STDIN/STDOUT 管道传输到程序时,read() 会因 EAGAIN 失败?

下一篇:c++ - 通过 kerberos 或任何安全协议(protocol)向 Windows 服务器应用程序验证 linux 客户端应用程序

相关文章:

php - Mediawiki 标签扩展 - 链式标签不被处理

linux - Debian 8 上的 IPTables

linux - 何时可以禁用驱动程序中的中断

linux - 以 root 身份运行通知发送

.net - 如何从 LDAP 目录中提取 TNSNames

PHP 警告 : PHP Startup: Unable to load dynamic library '...' failed to map segment from shared object: Cannot allocate memory in Unknown on line 0

linux - POSIX 将用户输入可接受的字符数限制为 4096,如何增加?

java - 我在哪里可以获得 com.sun.jndi.ldap.* 包的(匹配)源代码?

asp.net - ActiveDirectoryMembershipProvider "The specified domain or server could not be contacted."

python - 如何在python中对Wikipedia类别进行分组?

©2024 IT工具网  联系我们