Question

If I use the Apache configuration (below) TWiki will authenticate to my LDAP server. If I try just using LdapContrib? without these modifications, it will not - basically saying that the user is not found. In addition, I want users to be able to modify their password on LDAP using TWiki's ChangePassword? facility which (perhaps not surprisingly) also doesn't work given that LdapContrib? will not talk to the LDAP server directly.

I have included my LocalSite? .cfg below as well.

Any thoughts or suggestions greatly appreciated.

#### AuthBasicProvider? ldap

AuthzLDAPAuthoritative? off

AuthLDAPBindDN? "uid=TWikiLdapUser,ou=Special Users,dc=lupsca,dc=arc,dc=ab,dc=ca"

AuthLDAPBindPassword? blabla

AuthLDAPURL? ldap://lupsca.arc.ab.ca:389/OU=people,DC=lupsca,DC=arc,DC=ab,DC=ca?uid?sub?(objectClass=*)

# AuthLDAPGroupAttribute? TWikiGroups # AuthLDAPGroupAttributeIsDN? off # require valid-user ###

# Local site settings for TWiki. This file is managed by the 'configure'

# CGI script, though you can also make (careful!) manual changes with a # text editor.

$TWiki::cfg{DefaultUrlHost} = 'http://lupsca.arc.ab.ca';

$TWiki::cfg{ScriptUrlPath} = '/twiki/bin';

$TWiki::cfg{PubUrlPath} = '/twiki/pub';

$TWiki::cfg{PubDir} = '/var/www/html/twiki/pub';

$TWiki::cfg{TemplateDir} = '/var/www/html/twiki/templates';

$TWiki::cfg{DataDir} = '/var/www/html/twiki/data';

$TWiki::cfg{LocalesDir} = '/var/www/html/twiki/locale';

$TWiki::cfg{TempfileDir} = '/var/www/html/twikitmp';

$TWiki::cfg{ScriptSuffix} = '';

$TWiki::cfg{OS} = 'UNIX';

$TWiki::cfg{DetailedOS} = 'linux';

$TWiki::cfg{Password} = 'blalba;

$TWiki::cfg{UseClientSessions} = 1;

$TWiki::cfg{Sessions}{ExpireAfter} = 21600;

$TWiki::cfg{Sessions}{IDsInURLs} = 0;

$TWiki::cfg{Sessions}{UseIPMatching} = 1;

$TWiki::cfg{Sessions}{MapIP2SID} = 0;

$TWiki::cfg{LoginManager} = 'TWiki::Client::ApacheLogin';

$TWiki::cfg{LoginNameFilterIn} = '^[^\\s\\*?~^\\$@%`"\'&;|<>\\x00-\\x1f]+$';

$TWiki::cfg{DefaultUserLogin} = 'guest';

$TWiki::cfg{DefaultUserWikiName} = 'TWikiGuest';

$TWiki::cfg{AdminUserWikiName} = 'TWikiAdminGroup';

$TWiki::cfg{SuperAdminGroup} = 'TWikiAdminGroup';

$TWiki::cfg{UsersTopicName} = 'TWikiUsers';

$TWiki::cfg{MapUserToWikiName} = 1;

$TWiki::cfg{AuthScripts} = 'attach,edit,manage,rename,save,upload,viewauth,rdiffauth';

$TWiki::cfg{AuthRealm} = 'Enter your LoginName. (Typically First name and last name, no space, no dots, capitalized, e.g. JohnSmith, unless you chose otherwise). Visit TWikiRegistration if you do not have one.';

$TWiki::cfg{PasswordManager} = 'TWiki::Users::LdapUser';

$TWiki::cfg{MinPasswordLength} = 8;

$TWiki::cfg{Htpasswd}{FileName} = '/var/www/html/twiki/data/.htpasswd';

$TWiki::cfg{Htpasswd}{Encoding} = 'crypt';

$TWiki::cfg{UserMappingManager} = 'TWiki::Users::LdapUserMapping';

$TWiki::cfg{Register}{HidePasswd} = 1;

$TWiki::cfg{Register}{NeedVerification} = 0;

$TWiki::cfg{SafeEnvPath} = '/bin:/usr/bin';

$TWiki::cfg{DenyDotDotInclude} = 1;

$TWiki::cfg{AllowInlineScript} = 1;

$TWiki::cfg{UploadFilter} = '^(\\.htaccess|.*\\.(?i)(?:php[0-9s]?(\\..*)?|[sp]htm[l]?(\\..*)?|pl|py|cgi))$';

$TWiki::cfg{NameFilter} = '[\\s\\*?~^\\$@%`"\'&;|<>\\x00-\\x1f]';

$TWiki::cfg{AntiSpam}{EmailPadding} = 'NOSPAM';

$TWiki::cfg{AntiSpam}{HideUserDetails} = 1;

$TWiki::cfg{AntiSpam}{RobotsAreWelcome} = 0;

$TWiki::cfg{Log}{view} = 1;

$TWiki::cfg{Log}{search} = 1;

$TWiki::cfg{Log}{changes} = 1;

$TWiki::cfg{Log}{rdiff} = 1;

$TWiki::cfg{Log}{edit} = 1;

$TWiki::cfg{Log}{save} = 1;

$TWiki::cfg{Log}{upload} = 1;

$TWiki::cfg{Log}{attach} = 1;

$TWiki::cfg{Log}{rename} = 1;

$TWiki::cfg{Log}{register} = 1;

$TWiki::cfg{ConfigurationLogName} = '/var/www/html/twiki/data/configurationlog.txt';

$TWiki::cfg{DebugFileName} = '/var/www/html/twiki/data/debug.txt';

$TWiki::cfg{WarningFileName} = '/var/www/html/twiki/data/warn19 Jul 2008.txt';

$TWiki::cfg{LogFileName} = '/var/www/html/twiki/data/log19 Jul 2008.txt';

$TWiki::cfg{Languages}{it}{Enabled} = 1;

$TWiki::cfg{Languages}{fr}{Enabled} = 1;

$TWiki::cfg{Languages}{nl}{Enabled} = 1;

$TWiki::cfg{Languages}{'zh-cn'}{Enabled} = 1;

$TWiki::cfg{Languages}{'zh-tw'}{Enabled} = 1;

$TWiki::cfg{Languages}{de}{Enabled} = 1;

$TWiki::cfg{Languages}{da}{Enabled} = 1;

$TWiki::cfg{Languages}{sv}{Enabled} = 1;

$TWiki::cfg{Languages}{pl}{Enabled} = 1;

$TWiki::cfg{Languages}{cs}{Enabled} = 1;

$TWiki::cfg{Languages}{ru}{Enabled} = 1;

$TWiki::cfg{Languages}{es}{Enabled} = 1;

$TWiki::cfg{Languages}{pt}{Enabled} = 1;

$TWiki::cfg{DisplayTimeValues} = 'gmtime';

$TWiki::cfg{Site}{Locale} = 'en_US.ISO-8859-1';

$TWiki::cfg{Site}{LocaleRegexes} = 1;

$TWiki::cfg{UpperNational} = '';

$TWiki::cfg{LowerNational} = '';

$TWiki::cfg{PluralToSingular} = 1;

$TWiki::cfg{StoreImpl} = 'RcsWrap';

$TWiki::cfg{RCS}{ExtOption} = '';

$TWiki::cfg{RCS}{dirPermission} = 493;

$TWiki::cfg{RCS}{filePermission} = 420;

$TWiki::cfg{RCS}{asciiFileSuffixes} = '\\.(txt|html|xml|pl)$';

$TWiki::cfg{RCS}{initBinaryCmd} = '/usr/bin/rcs -i -t-none -kb %FILENAME|F%';

$TWiki::cfg{RCS}{initTextCmd} = '/usr/bin/rcs -i -t-none -ko %FILENAME|F%';

$TWiki::cfg{RCS}{tmpBinaryCmd} = '/usr/bin/rcs -kb %FILENAME|F%';

$TWiki::cfg{RCS}{ciCmd} = '/usr/bin/ci -m%COMMENT|U% -t-none -w%USERNAME|S% -u %FILENAME|F%';

$TWiki::cfg{RCS}{ciDateCmd} = '/usr/bin/ci -m%COMMENT|U% -t-none -d%DATE|D% -u -w%USERNAME|S% %FILENAME|F%';

$TWiki::cfg{RCS}{coCmd} = '/usr/bin/co -p%REVISION|N% -ko %FILENAME|F%';

$TWiki::cfg{RCS}{histCmd} = '/usr/bin/rlog -h %FILENAME|F%';

$TWiki::cfg{RCS}{infoCmd} = '/usr/bin/rlog -r%REVISION|N% %FILENAME|F%';

$TWiki::cfg{RCS}{rlogDateCmd} = '/usr/bin/rlog -d%DATE|D% %FILENAME|F%';

$TWiki::cfg{RCS}{diffCmd} = '/usr/bin/rcsdiff -q -w -B -r%REVISION1|N% -r%REVISION2|N% -ko --unified=%CONTEXT|N% %FILENAME|F%';

$TWiki::cfg{RCS}{lockCmd} = '/usr/bin/rcs -l %FILENAME|F%';

$TWiki::cfg{RCS}{unlockCmd} = '/usr/bin/rcs -u %FILENAME|F%';

$TWiki::cfg{RCS}{breaklockCmd} = '/usr/bin/rcs -u -M %FILENAME|F%';

$TWiki::cfg{RCS}{delRevCmd} = '/usr/bin/rcs -o%REVISION|N% %FILENAME|F%';

$TWiki::cfg{RCS}{SearchAlgorithm} = 'TWiki::Store::SearchAlgorithms::Forking';

$TWiki::cfg{RCS}{EgrepCmd} = '/bin/egrep %CS{|-i}% %DET{|-l}% -H -- %TOKEN|U% %FILES|F%';

$TWiki::cfg{RCS}{FgrepCmd} = '/bin/fgrep %CS{|-i}% %DET{|-l}% -H -- %TOKEN|U% %FILES|F%';

$TWiki::cfg{RCS}{WorkAreaDir} = '/var/www/html/twiki/pub/_work_areas';

$TWiki::cfg{EnableHierarchicalWebs} = 1;

$TWiki::cfg{SystemWebName} = 'TWiki';

$TWiki::cfg{TrashWebName} = 'Trash';

$TWiki::cfg{UsersWebName} = 'Main';

$TWiki::cfg{WebMasterEmail} = 'caumann@pobox.com';

$TWiki::cfg{WebMasterName} = 'TWiki Administrator';

$TWiki::cfg{MailProgram} = '/usr/sbin/sendmail -t -oi -oeq';

$TWiki::cfg{SMTP}{MAILHOST} = '/////';

$TWiki::cfg{SMTP}{SENDERHOST} = '';

$TWiki::cfg{SMTP}{Username} = 'emai...';

$TWiki::cfg{SMTP}{Password} = 'blalba';

$TWiki::cfg{RemoveImgInMailnotify} = 1;

$TWiki::cfg{NotifyTopicName} = 'WebNotify';

$TWiki::cfg{SMTP}{Debug} = 1;

$TWiki::cfg{PROXY}{HOST} = '';

$TWiki::cfg{PROXY}{PORT} = '';

$TWiki::cfg{Stats}{TopViews} = 10;

$TWiki::cfg{Stats}{TopContrib} = 10;

$TWiki::cfg{Stats}{TopicName} = 'WebStatistics';

$TWiki::cfg{TemplatePath} = '/var/www/html/twiki/templates/$web/$name.$skin.tmpl, /var/www/html/twiki/templates/$name.$skin.tmpl, /var/www/html/twiki/templates/$web/$name.tmpl, /var/www/html/twiki/templates/$name.tmpl, $web.$skinSkin$nameTemplate, TWiki.$skinSkin$nameTemplate, $web.$nameTemplate, TWiki.$nameTemplate';

$TWiki::cfg{LinkProtocolPattern} = '(file|ftp|gopher|https|http|irc|mailto|news|nntp|telnet)';

$TWiki::cfg{SiteWebTopicName} = '';

$TWiki::cfg{SitePrefsTopicName} = 'TWikiPreferences';

$TWiki::cfg{LocalSitePreferences} = 'Main.TWikiPreferences';

$TWiki::cfg{HomeTopicName} = 'WebHome';

$TWiki::cfg{WebPrefsTopicName} = 'WebPreferences';

$TWiki::cfg{NumberOfRevisions} = 4;

$TWiki::cfg{ReplaceIfEditedAgainWithin} = 3600;

$TWiki::cfg{LeaseLength} = 3600;

$TWiki::cfg{LeaseLengthLessForceful} = 3600;

$TWiki::cfg{MimeTypesFileName} = '/var/www/html/twiki/data/mime.types';

$TWiki::cfg{RegistrationApprovals} = '/var/www/hmtl/twiki/data/RegistrationApprovals';

$TWiki::cfg{Plugins}{CommentPlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{EditTablePlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{InterwikiPlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{PreferencesPlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{SlideShowPlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{SmiliesPlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{SpreadSheetPlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{TablePlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{TwistyPlugin}{Enabled} = 1;

$TWiki::cfg{PluginsOrder} = 'SpreadSheetPlugin';

$TWiki::cfg{Site}{CharSet} = 'iso-8859-15';

$TWiki::cfg{Site}{Lang} = 'en';

$TWiki::cfg{Site}{FullLang} = 'en-us';

$TWiki::cfg{Plugins}{WysiwygPlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{ActionTrackerPlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{BibliographyPlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{CompareRevisionsAddonPlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{EmptyPlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{RenderListPlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{GenPDFLatexPlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{HistoryPlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{IfDefinedPlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{LatexModePlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{SectionalEditPlugin}{Enabled} = 0;

$TWiki::cfg{Plugins}{SpellerPagesPlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{TopicReferencePlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{BreadCrumbsPlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{FilterPlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{FlexWebListPlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{GluePlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{RedDotPlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{NatSkinPlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{ImagePlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{JQueryPlugin}{Enabled} = 1;

$TWiki::cfg{Ldap}{Host} = 'lupsca.arc.ab.ca';

$TWiki::cfg{Ldap}{Port} = 389;

$TWiki::cfg{Ldap}{Version} = '3';

$TWiki::cfg{Ldap}{Base} = 'dc=lupsca,dc=arc,dc=ab,dc=ca';

$TWiki::cfg{Ldap}{BindDN} = 'UID=TWikiLdapUser,ou=Special User,dc=lupsca,dc=arc,dc=ab,dc=ca';

$TWiki::cfg{Ldap}{BindPassword} = 'blabla';

$TWiki::cfg{Ldap}{SSL} = 0;

$TWiki::cfg{Ldap}{UseSASL} = 0;

$TWiki::cfg{Ldap}{SASLMechanism} = 'PLAIN CRAM-MD5 EXTERNAL ANONYMOUS';

$TWiki::cfg{Ldap}{Debug} = 1;

$TWiki::cfg{Ldap}{UserBase} = 'ou=People,dc=lupsca,dc=arc,dc=ab,dc=ca';

$TWiki::cfg{Ldap}{LoginFilter} = 'objectClass=*';

$TWiki::cfg{Ldap}{LoginAttribute} = 'uid';

$TWiki::cfg{Ldap}{WikiNameAttribute} = 'uid';

$TWiki::cfg{Ldap}{NormalizeWikiNames} = 1;

$TWiki::cfg{Ldap}{NormalizeLoginName} = 1;

$TWiki::cfg{Ldap}{AllowChangePassword} = 1;

$TWiki::cfg{Ldap}{SecondaryPasswordManager} = 'TWiki::Users::HtPasswdUser';

$TWiki::cfg{Ldap}{GroupBase} = 'ou=TWikiGroups,dc=lupsca,dc=arc,dc=ab,dc=ca';

$TWiki::cfg{Ldap}{GroupFilter} = 'objectClass=*';

$TWiki::cfg{Ldap}{GroupAttribute} = 'cn';

$TWiki::cfg{Ldap}{MemberAttribute} = 'uniqueMember';

$TWiki::cfg{Ldap}{MemberIndirection} = 1;

$TWiki::cfg{Ldap}{TWikiGroupsBackoff} = 1;

$TWiki::cfg{Ldap}{NormalizeGroupName} = 1;

$TWiki::cfg{Ldap}{MapGroups} = 1;

$TWiki::cfg{Ldap}{MaxCacheAge} = 86400;

$TWiki::cfg{Ldap}{PageSize} = 500;

$TWiki::cfg{Ldap}{Exclude} = 'TWikiGuest, TWikiContributor? , TWikiRegistrationAgent? , TWikiAdminGroup? , NobodyGroup';

$TWiki::cfg{Plugins}{LdapNgPlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{NewUserPlugin}{Enabled} = 1;

1;

Environment

Answer

If you answer a question - or have a question you asked answered by someone - please remember to edit the page and set the status to answered. The status is in a drop-down list below the edit box.

The mysteries of LdapContrib? continue to puzzle me. With Apache authentication as above, and with groups defined on LDAP, I can't get it to figure out user permissions. For example, using LdapNgPlugin? , I run:

%LDAP{"(objectClass=*)" base="(ou=TWikiGroups)" limit="10" header="| Nr | Group | Members |$n" format="| $index | $cn | $uniquemember |" clear="$mail,$memberUid" sort="cn" }%

and one of the lines produced is:

TWikiLDAPAdministratorsGroup? ? uid=CraigAumann,ou=People,dc=lupsca,dc=arc,dc=ab,dc=ca, uid=TestUser,ou=People,dc=lupsca,dc=arc,dc=ab,dc=ca

However, while I can log into TWiki using TestUser? , the permissions to view pages etc aren't being granted, even though TestUser? is a member of the TWikiLDAPAdministratorsGroup? and this group has permissions to view Main.

As the full DNs seem to be stored, I do have the MemberIndirection? flag set to 1 as well. But to no avail.

I've tried fiddling with the NewUserPlugin? , but presently have it disabled as I don't believe it should be necessary.

Suggestions? Thanks

-- CraigAumann - 08 Dec 2007

Sorry, closing this question after more than 30 days of inactivity. Feel free to re-open if needed.

-- PeterThoeny - 02 Feb 2008

Hi Craig, i used the same settings as you used.Im able to getting authenticated but i cannot map the loginid(like this 123456) to wikiname(firstname with loginname). could anyone help on this .

-- TWikiGuest - 15 May 2008