New thread: LDAP auth works, but cannot get SSO to work
New page
This problem has been driving me insane. (Note: all versions and settings are below) I have mediawiki setup with the LDAP Authentication plugin. I have it successfully authenticate against AD, it will filter by group without any trouble, and it will even import nickname, realname, and email addresses without any issues. I add the appropriate settings to turn on SSO (and take out the one line I don't need) and then all I get is HTTP 500 errors. I have gone through an unbelieveable amount of documentation on this and found nothing. Other plugins can do SSO, but they can't do the group based filtering that this one can. I need some help understanding what is going wrong.
OS: Windows Server 2008 R2 SP1
Webserver: IIS 7.5 (I have to use this; Apache is not an option.)
Mediawiki Version: 1.20.2
LDAP Authentication Version: 2.0c
PHP Version: 5.3.21
MySQL Version: 5.5
LDAP Directory: Active Directory on Server 2008 R2 running at Server 2003 Level
Web Site Authentication Settings:
Anonymous Authentication: Disabled
Basic Authentication: Enabled
Windows Authentication: Enabled
Here are the added lines to my localsettings.php:
require_once("$IP/extensions/LdapAuthentication/LdapAuthentication.php");
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDomainNames = array( "CPHOSPITAL" );
$wgLDAPBaseDNs = array( "CPHOSPITAL"=>"dc=cphospital,dc=org" );
$wgLDAPServerNames = array( "CPHOSPITAL" => "CPH-SRV-DC1 CPH-SRV-DC2" );
$wgLDAPSearchStrings = array( "CPHOSPITAL" => "USER-NAME@CPHOSPITAL.ORG" );
$wgLDAPEncryptionType = array( "CPHOSPITAL" => "clear" );
$wgLDAPRetrievePrefs = array( 'CPHOSPITAL' => true );
$wgLDAPPreferences = array( "CPHOSPITAL"=>array( "email"=>"mail","realname"=>"cn","nickname"=>"sAMAccountName","language"=>"preferredLanguage") );
$wgLDAPRequiredGroups = array( "CPHOSPITAL"=>array("CN=Information Systems - Security,OU=Information Systems,OU=Departments,OU=Canton Potsdam Hospital,DC=cphospital,DC=org") );
$wgLDAPGroupUseFullDN = array( "CPHOSPITAL"=>true );
$wgLDAPGroupObjectclass = array( "CPHOSPITAL"=>"group" );
$wgLDAPGroupAttribute = array( "CPHOSPITAL"=>"member" );
$wgLDAPGroupSearchNestedGroups = array( "CPHOSPITAL"=>true );
$wgLDAPGroupNameAttribute = array( "CPHOSPITAL"=>"cn" );
$wgLDAPSearchAttributes = array( "CPHOSPITAL"=>"sAMAccountName" );
This setup works perfectly.
Here is what I changed to turn on SSO:
require_once("$IP/extensions/LdapAuthentication/LdapAuthentication.php");
'''require_once("$IP/extensions/LdapAuthentication/LdapAutoAuthentication.php");'''
'''//'''$wgAuth = new LdapAuthenticationPlugin();
'''$wgLDAPAutoAuthDomain = "CPHOSPITAL";'''
$wgLDAPDomainNames = array( "CPHOSPITAL" );
$wgLDAPBaseDNs = array( "CPHOSPITAL"=>"dc=cphospital,dc=org" );
$wgLDAPServerNames = array( "CPHOSPITAL" => "CPH-SRV-DC1 CPH-SRV-DC2" );
$wgLDAPSearchStrings = array( "CPHOSPITAL" => "USER-NAME@CPHOSPITAL.ORG" );
$wgLDAPEncryptionType = array( "CPHOSPITAL" => "clear" );
$wgLDAPRetrievePrefs = array( 'CPHOSPITAL' => true );
$wgLDAPPreferences = array( "CPHOSPITAL"=>array( "email"=>"mail","realname"=>"cn","nickname"=>"sAMAccountName","language"=>"preferredLanguage") );
$wgLDAPRequiredGroups = array( "CPHOSPITAL"=>array("CN=Information Systems - Security,OU=Information Systems,OU=Departments,OU=Canton Potsdam Hospital,DC=cphospital,DC=org") );
$wgLDAPGroupUseFullDN = array( "CPHOSPITAL"=>true );
$wgLDAPGroupObjectclass = array( "CPHOSPITAL"=>"group" );
$wgLDAPGroupAttribute = array( "CPHOSPITAL"=>"member" );
$wgLDAPGroupSearchNestedGroups = array( "CPHOSPITAL"=>true );
$wgLDAPGroupNameAttribute = array( "CPHOSPITAL"=>"cn" );
$wgLDAPSearchAttributes = array( "CPHOSPITAL"=>"sAMAccountName" );
'''AutoAuthSetup();'''
After that, it will only give me HTTP 500 errors; it will not display the website. Have no idea what to do. Any help would be appreciated. Thanks.
OS: Windows Server 2008 R2 SP1
Webserver: IIS 7.5 (I have to use this; Apache is not an option.)
Mediawiki Version: 1.20.2
LDAP Authentication Version: 2.0c
PHP Version: 5.3.21
MySQL Version: 5.5
LDAP Directory: Active Directory on Server 2008 R2 running at Server 2003 Level
Web Site Authentication Settings:
Anonymous Authentication: Disabled
Basic Authentication: Enabled
Windows Authentication: Enabled
Here are the added lines to my localsettings.php:
require_once("$IP/extensions/LdapAuthentication/LdapAuthentication.php");
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDomainNames = array( "CPHOSPITAL" );
$wgLDAPBaseDNs = array( "CPHOSPITAL"=>"dc=cphospital,dc=org" );
$wgLDAPServerNames = array( "CPHOSPITAL" => "CPH-SRV-DC1 CPH-SRV-DC2" );
$wgLDAPSearchStrings = array( "CPHOSPITAL" => "USER-NAME@CPHOSPITAL.ORG" );
$wgLDAPEncryptionType = array( "CPHOSPITAL" => "clear" );
$wgLDAPRetrievePrefs = array( 'CPHOSPITAL' => true );
$wgLDAPPreferences = array( "CPHOSPITAL"=>array( "email"=>"mail","realname"=>"cn","nickname"=>"sAMAccountName","language"=>"preferredLanguage") );
$wgLDAPRequiredGroups = array( "CPHOSPITAL"=>array("CN=Information Systems - Security,OU=Information Systems,OU=Departments,OU=Canton Potsdam Hospital,DC=cphospital,DC=org") );
$wgLDAPGroupUseFullDN = array( "CPHOSPITAL"=>true );
$wgLDAPGroupObjectclass = array( "CPHOSPITAL"=>"group" );
$wgLDAPGroupAttribute = array( "CPHOSPITAL"=>"member" );
$wgLDAPGroupSearchNestedGroups = array( "CPHOSPITAL"=>true );
$wgLDAPGroupNameAttribute = array( "CPHOSPITAL"=>"cn" );
$wgLDAPSearchAttributes = array( "CPHOSPITAL"=>"sAMAccountName" );
This setup works perfectly.
Here is what I changed to turn on SSO:
require_once("$IP/extensions/LdapAuthentication/LdapAuthentication.php");
'''require_once("$IP/extensions/LdapAuthentication/LdapAutoAuthentication.php");'''
'''//'''$wgAuth = new LdapAuthenticationPlugin();
'''$wgLDAPAutoAuthDomain = "CPHOSPITAL";'''
$wgLDAPDomainNames = array( "CPHOSPITAL" );
$wgLDAPBaseDNs = array( "CPHOSPITAL"=>"dc=cphospital,dc=org" );
$wgLDAPServerNames = array( "CPHOSPITAL" => "CPH-SRV-DC1 CPH-SRV-DC2" );
$wgLDAPSearchStrings = array( "CPHOSPITAL" => "USER-NAME@CPHOSPITAL.ORG" );
$wgLDAPEncryptionType = array( "CPHOSPITAL" => "clear" );
$wgLDAPRetrievePrefs = array( 'CPHOSPITAL' => true );
$wgLDAPPreferences = array( "CPHOSPITAL"=>array( "email"=>"mail","realname"=>"cn","nickname"=>"sAMAccountName","language"=>"preferredLanguage") );
$wgLDAPRequiredGroups = array( "CPHOSPITAL"=>array("CN=Information Systems - Security,OU=Information Systems,OU=Departments,OU=Canton Potsdam Hospital,DC=cphospital,DC=org") );
$wgLDAPGroupUseFullDN = array( "CPHOSPITAL"=>true );
$wgLDAPGroupObjectclass = array( "CPHOSPITAL"=>"group" );
$wgLDAPGroupAttribute = array( "CPHOSPITAL"=>"member" );
$wgLDAPGroupSearchNestedGroups = array( "CPHOSPITAL"=>true );
$wgLDAPGroupNameAttribute = array( "CPHOSPITAL"=>"cn" );
$wgLDAPSearchAttributes = array( "CPHOSPITAL"=>"sAMAccountName" );
'''AutoAuthSetup();'''
After that, it will only give me HTTP 500 errors; it will not display the website. Have no idea what to do. Any help would be appreciated. Thanks.
No comments:
Post a Comment