We relaunched the TWiki.org project with an expanded TWiki charter, and we invite you to participate! The TWiki.org Code of Conduct agreement took effect on 27 Oct 2008. We ask existing twiki.org users to opt-in. You need to opt-in to participate in the Blog, Codev, Plugins and TWiki webs. -- PeterThoeny - 27 Oct 2008
You are here: TWiki> Support Web>LdapContribUsersGroupsDoNotDisplay (08 Jun 2007, AlexandreTrofimov)
Tags:
create new tag
, view all tags

Question

Colleagues,

Just installed TWiki as a candidate for an intranet collaborative application. We are already running M$ Active Directory 2000. Would like to use LDAP authentication and group membership in twiki. LdapContrib v.0.91 is installed.

Problem: TWikiUsers and TWikiGroups topics only display the built-in entries, nothing from LDAP.

The authentication works as needed: it lets in registered AD users with correct passwords, and rejects anyone else. The logged-in user name displayed on twiki pages is just the Windoze login name (sAMAccountName attribute). The {Ldap}{WikiNameAttribute} and {Ldap}{NormalizeWikiName} settings do not seem to have any effect.

Is there any way to achieve what we want? Where can I look further?

Many, many thanks in advance, Alexandre

P.S. Output of the configure script is attached.

Relevant part of our LocalSite.cfg (with confidential info stripped out) follows: 

$TWiki::cfg{AuthRealm} = 'Enter your TWiki.LoginName. (Typically First name and last name, no space, no dots, capitalized, e.g. !JohnSmith, unless you chose otherwise). Visit TWiki.TWikiRegistration if you do not have one.';
$TWiki::cfg{PasswordManager} = 'TWiki::Users::LdapUser';
$TWiki::cfg{MinPasswordLength} = 6;
$TWiki::cfg{Htpasswd}{FileName} = '/var/www/twiki/data/.htpasswd';
$TWiki::cfg{Htpasswd}{Encoding} = 'crypt';
$TWiki::cfg{Register}{HidePasswd} = 0;
$TWiki::cfg{UserMappingManager} = 'TWiki::Users::LdapUserMapping';
$TWiki::cfg{Register}{AllowLoginName} = 1;

$TWiki::cfg{Ldap}{Host} = 'ldap.site.company.com';
$TWiki::cfg{Ldap}{Port} = 389;
$TWiki::cfg{Ldap}{Version} = '3';
$TWiki::cfg{Ldap}{Base} = 'DC=site,DC=company,DC=com';
$TWiki::cfg{Ldap}{BasePasswd} = 'OU=USERS,OU=SITE,DC=site,DC=company,DC=com';
$TWiki::cfg{Ldap}{BaseGroup} = 'OU=GROUPS,OU=SITE,DC=site,DC=company,DC=com';
$TWiki::cfg{Ldap}{LoginAttribute} = 'sAMAccountName';
$TWiki::cfg{Ldap}{LoginFilter} = 'objectClass=user';
$TWiki::cfg{Ldap}{GroupAttribute} = 'cn';
$TWiki::cfg{Ldap}{GroupFilter} = 'objectClass=group';
$TWiki::cfg{Ldap}{MemberAttribute} = 'memberOf';
$TWiki::cfg{Ldap}{MemberIndirection} = 1;
$TWiki::cfg{Ldap}{WikiNameAttribute} = 'sn, givenName';
$TWiki::cfg{Ldap}{NormalizeWikiName} = 1; 
#$TWiki::cfg{Ldap}{TWikiGroupsBackoff} = 1;
$TWiki::cfg{Ldap}{BindDN} = 'CN=Trofimov\, Alexandre,OU=USERS,OU=SITE,DC=site,DC=company,DC=com';
$TWiki::cfg{Ldap}{BindPassword} = 'secret';
$TWiki::cfg{Ldap}{SSL} = 0; 
$TWiki::cfg{Ldap}{MaxCacheHits} = -1; 
$TWiki::cfg{Ldap}{MapGroups} = 1;
$TWiki::cfg{Ldap}{Exclude} = 'TWikiGuest, TWikiContributor, TWikiRegistrationAgent, TWikiAdminGroup, NobodyGroup';

Environment

TWiki version: TWikiRelease04x01x02
TWiki plugins: Default package + LdapContrib? , Glue, LdapNG? , NewUser
Server OS: Ubuntu Linux 6.06, kernel 2.6.15-28-686
Web server: Apache 2.0.55
Perl version: 5.8.7
Client OS: Ubuntu Linux 6.06, kernel 2.6.15-28-686
Web Browser: Firefox 1.5.0.10
Categories: Authentication, Authorisation

-- AlexandreTrofimov - 22 Mar 2007

Answer

ALERT! If you answer a question - or have a question you asked answered by someone - please remember to edit the page and set the status to answered. The status is in a drop-down list below the edit box.

Hi Alexandre,

Perhaps the config details from LdapContribLoginsAreSpotty would be useful to you.

When I'm able to login I see the WikiName instead of the login name in the upper left corner and using the NewUserPlugin my WikiName was added to the Users page.

Unfortunately in my case I think I either have a setting wrong somewhere or there is an issue with LdapContrib as logins don't always work.

-- DeorenMoor - 10 Apr 2007

added link in LdapContribDev

-- SvenDowideit - 30 Apr 2007

Please upgrade to the latest LdapContrib v1.0.1 and try again, please.

-- MichaelDaum - 01 May 2007

See my post LdapAuthenticationCaseSensitivityBug

'sAMAccountName', your LoginAttribute? , typically uses capital-letter characters for values because that's how Microsoft likes it.

It'd be interesting to know if this is the cause of your problem or not - your symptoms are very similar to my bug. If this is your problem, you could try a workaround until it is fixed.

-- KevinFirko - 17 May 2007

Michael:

Many thanks! It works like a charm after upgrading to v.1.11 of LdapContrib.

Deoren:

Had similar issues, resolved by disabling mod_perl.

Kevin:

On our site, letters' case in login name do not seem to affect the login process: it all works the same, whether I use trofimov, Trofimov, or TROFIMOV - mapped correctly to LastnameFirstname wiki name.

-- AlexandreTrofimov - 08 Jun 2007

 
Change status to:
WebForm
SupportStatus AnsweredQuestions
Attachments Attachments
Topic attachments
I Attachment Action Size Date Who Comment
elsegz twiki-configuration.html.tar.gz manage 33.2 K 22 Mar 2007 - 16:52 AlexandreTrofimov Output of configure script, gripped html.
Edit | Attach | Print version | History: r7 < r6 < r5 < r4 < r3 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r7 - 08 Jun 2007 - 15:18:03 - AlexandreTrofimov
 
TWIKI.NET
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback