SID-02263: LdapAuthorisationFailure
Status: |
Asked |
TWiki version: |
6.0.2 |
Perl version: |
Perl v5.20 |
Category: |
LdapContrib |
Server OS: |
Debian 8, 3.16.0-4-amd64 |
Last update: |
7 years ago |
Hi,
We would like to configure our TWiki to allow users to login using LDAP, via
LdapContrib. Whilst we can successfully make
LdapNG pull LDAP info from our LDAP server, we're unable to configure
LdapContrib to authenticate against it; tcpdump shows no traffic even flowing to the LDAP server interface. I've included the current
LocalSite.cfg (with server and company names omitted).
Any pointers would be much appreciated.
Thanks.
$TWiki::cfg{Ldap}{Debug} = 1;
$TWiki::cfg{Ldap}{Host} = 'server.company.co.uk';
$TWiki::cfg{Ldap}{Port} = 636;
$TWiki::cfg{Ldap}{Version} = '3';
$TWiki::cfg{Ldap}{Base} = 'dc=company,dc=co,dc=uk';
$TWiki::cfg{Ldap}{BindDN} = '';
$TWiki::cfg{Ldap}{BindPassword} = '';
$TWiki::cfg{Ldap}{UseSASL} = 0;
$TWiki::cfg{Ldap}{SASLMechanism} = 'PLAIN CRAM-MD5 EXTERNAL ANONYMOUS';
$TWiki::cfg{Ldap}{GSSAPIuser} = '';
$TWiki::cfg{Ldap}{UseTLS} = 1;
$TWiki::cfg{Ldap}{TLSSSLVersion} = 'tlsv1';
$TWiki::cfg{Ldap}{TLSVerify} = 'optional';
$TWiki::cfg{Ldap}{TLSCAPath} = '';
$TWiki::cfg{Ldap}{TLSCAFile} = '';
$TWiki::cfg{Ldap}{TLSClientCert} = '';
$TWiki::cfg{Ldap}{TLSClientKey} = '';
$TWiki::cfg{Ldap}{SecondaryPasswordManager} = 'TWiki::Users::HtPasswdUser';
$TWiki::cfg{Ldap}{UserScope} = 'sub';
$TWiki::cfg{Ldap}{LoginFilter} = '(objectClass=tclOrgPerson)';
$TWiki::cfg{Ldap}{LoginAttribute} = 'tclWikiName';
$TWiki::cfg{Ldap}{LoginPattern} = '^.+$';
$TWiki::cfg{Ldap}{MailAttribute} = 'mail';
$TWiki::cfg{Ldap}{WikiNameAttributes} = 'tclWikiName';
$TWiki::cfg{Ldap}{NormalizeWikiNames} = 1;
$TWiki::cfg{Ldap}{NormalizeLoginNames} = 1;
$TWiki::cfg{Ldap}{CaseSensitiveLogin} = 0;
$TWiki::cfg{Ldap}{WikiNameAliases} = '';
$TWiki::cfg{Ldap}{AllowChangePassword} = 1;
$TWiki::cfg{Ldap}{PreserveTWikiUserMapping} = 1;
$TWiki::cfg{Ldap}{PreserveWikiNames} = 1;
$TWiki::cfg{Ldap}{MapGroups} = 0;
$TWiki::cfg{Ldap}{GroupScope} = 'sub';
$TWiki::cfg{Ldap}{GroupFilter} = '(objectClass=groupOfNames)';
$TWiki::cfg{Ldap}{GroupAttribute} = 'cn';
$TWiki::cfg{Ldap}{GroupPattern} = '^.+$';
$TWiki::cfg{Ldap}{PrimaryGroupAttribute} = 'gidNumber';
$TWiki::cfg{Ldap}{MemberAttribute} = 'member';
$TWiki::cfg{Ldap}{InnerGroupAttribute} = 'member';
$TWiki::cfg{Ldap}{MemberIndirection} = 1;
$TWiki::cfg{Ldap}{WikiGroupsBackoff} = 1;
$TWiki::cfg{Ldap}{NormalizeGroupNames} = 1;
$TWiki::cfg{Ldap}{CaseSensitiveGroup} = 1;
$TWiki::cfg{Ldap}{RewriteGroups} = {};
$TWiki::cfg{Ldap}{MergeGroups} = 0;
$TWiki::cfg{Ldap}{Precache} = 'all';
$TWiki::cfg{Ldap}{MaxCacheAge} = 10;
$TWiki::cfg{Ldap}{CLIOnlyRefresh} = 0;
$TWiki::cfg{Ldap}{PageSize} = 500;
$TWiki::cfg{Ldap}{BackupCacheFile} = 1;
$TWiki::cfg{Ldap}{BackupFileAge} = 0;
$TWiki::cfg{Ldap}{Exclude} = 'admin, guest';
$TWiki::cfg{Ldap}{UserBase} = [
'ou=users,dc=company,dc=co,dc=uk'
];
$TWiki::cfg{Plugins}{LdapContribAdminPlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{LdapNgPlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{LdapNgPlugin}{UseDefaultServer} = 1;
$TWiki::cfg{Plugins}{LdapNgPlugin}{DisableLDAPUSERS} = 1;
$TWiki::cfg{Plugins}{LdapNgPlugin}{Helper} = '';
$TWiki::cfg{Plugins}{LdapNgPlugin}{CacheBlob} = 1;
$TWiki::cfg{Plugins}{LdapNgPlugin}{AutoClear} = 0;
$TWiki::cfg{Plugins}{LdapNgPlugin}{SeparatorAfterHeaderBeforeFooter} = 0;
$TWiki::cfg{Plugins}{LdapNgPlugin}{DynamicWikiNames}{Enabled} = 1;
$TWiki::cfg{Plugins}{LdapNgPlugin}{DynamicWikiNames}{RequireLoggedIn} = 1;
$TWiki::cfg{Plugins}{LdapNgPlugin}{DynamicWikiNames}{Filter} = '(objectClass=tclOrgPerson)';
$TWiki::cfg{Plugins}{LdapNgPlugin}{DynamicWikiNames}{Format} = '|Name|$givenName $sn|$n|Mail|$mail|';
$TWiki::cfg{Ldap}{RewriteWikiNames} = {
'^(.*)@.*$' => '$1'
};
$TWiki::cfg{Ldap}{GroupBase} = [
'ou=users,dc=company,dc=co,dc=uk'
];
--
TWiki Guest - 2016-10-20
Discussion and Answer
If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.