Tags:
create new tag
, view all tags

SID-02263: LdapAuthorisationFailure

Status: Asked Asked TWiki version: 6.0.2 Perl version: Perl v5.20
Category: LdapContrib Server OS: Debian 8, 3.16.0-4-amd64 Last update: 1 year ago

Hi,

We would like to configure our TWiki to allow users to login using LDAP, via LdapContrib. Whilst we can successfully make LdapNG pull LDAP info from our LDAP server, we're unable to configure LdapContrib to authenticate against it; tcpdump shows no traffic even flowing to the LDAP server interface. I've included the current LocalSite.cfg (with server and company names omitted).

Any pointers would be much appreciated.

Thanks.

$TWiki::cfg{Ldap}{Debug} = 1; $TWiki::cfg{Ldap}{Host} = 'server.company.co.uk'; $TWiki::cfg{Ldap}{Port} = 636; $TWiki::cfg{Ldap}{Version} = '3'; $TWiki::cfg{Ldap}{Base} = 'dc=company,dc=co,dc=uk'; $TWiki::cfg{Ldap}{BindDN} = ''; $TWiki::cfg{Ldap}{BindPassword} = ''; $TWiki::cfg{Ldap}{UseSASL} = 0; $TWiki::cfg{Ldap}{SASLMechanism} = 'PLAIN CRAM-MD5 EXTERNAL ANONYMOUS'; $TWiki::cfg{Ldap}{GSSAPIuser} = ''; $TWiki::cfg{Ldap}{UseTLS} = 1; $TWiki::cfg{Ldap}{TLSSSLVersion} = 'tlsv1'; $TWiki::cfg{Ldap}{TLSVerify} = 'optional'; $TWiki::cfg{Ldap}{TLSCAPath} = ''; $TWiki::cfg{Ldap}{TLSCAFile} = ''; $TWiki::cfg{Ldap}{TLSClientCert} = ''; $TWiki::cfg{Ldap}{TLSClientKey} = ''; $TWiki::cfg{Ldap}{SecondaryPasswordManager} = 'TWiki::Users::HtPasswdUser'; $TWiki::cfg{Ldap}{UserScope} = 'sub'; $TWiki::cfg{Ldap}{LoginFilter} = '(objectClass=tclOrgPerson)'; $TWiki::cfg{Ldap}{LoginAttribute} = 'tclWikiName'; $TWiki::cfg{Ldap}{LoginPattern} = '^.+$'; $TWiki::cfg{Ldap}{MailAttribute} = 'mail'; $TWiki::cfg{Ldap}{WikiNameAttributes} = 'tclWikiName'; $TWiki::cfg{Ldap}{NormalizeWikiNames} = 1; $TWiki::cfg{Ldap}{NormalizeLoginNames} = 1; $TWiki::cfg{Ldap}{CaseSensitiveLogin} = 0; $TWiki::cfg{Ldap}{WikiNameAliases} = ''; $TWiki::cfg{Ldap}{AllowChangePassword} = 1; $TWiki::cfg{Ldap}{PreserveTWikiUserMapping} = 1; $TWiki::cfg{Ldap}{PreserveWikiNames} = 1; $TWiki::cfg{Ldap}{MapGroups} = 0; $TWiki::cfg{Ldap}{GroupScope} = 'sub'; $TWiki::cfg{Ldap}{GroupFilter} = '(objectClass=groupOfNames)'; $TWiki::cfg{Ldap}{GroupAttribute} = 'cn'; $TWiki::cfg{Ldap}{GroupPattern} = '^.+$'; $TWiki::cfg{Ldap}{PrimaryGroupAttribute} = 'gidNumber'; $TWiki::cfg{Ldap}{MemberAttribute} = 'member'; $TWiki::cfg{Ldap}{InnerGroupAttribute} = 'member'; $TWiki::cfg{Ldap}{MemberIndirection} = 1; $TWiki::cfg{Ldap}{WikiGroupsBackoff} = 1; $TWiki::cfg{Ldap}{NormalizeGroupNames} = 1; $TWiki::cfg{Ldap}{CaseSensitiveGroup} = 1; $TWiki::cfg{Ldap}{RewriteGroups} = {}; $TWiki::cfg{Ldap}{MergeGroups} = 0; $TWiki::cfg{Ldap}{Precache} = 'all'; $TWiki::cfg{Ldap}{MaxCacheAge} = 10; $TWiki::cfg{Ldap}{CLIOnlyRefresh} = 0; $TWiki::cfg{Ldap}{PageSize} = 500; $TWiki::cfg{Ldap}{BackupCacheFile} = 1; $TWiki::cfg{Ldap}{BackupFileAge} = 0; $TWiki::cfg{Ldap}{Exclude} = 'admin, guest'; $TWiki::cfg{Ldap}{UserBase} = [ 'ou=users,dc=company,dc=co,dc=uk' ];

$TWiki::cfg{Plugins}{LdapContribAdminPlugin}{Enabled} = 1; $TWiki::cfg{Plugins}{LdapNgPlugin}{Enabled} = 1; $TWiki::cfg{Plugins}{LdapNgPlugin}{UseDefaultServer} = 1; $TWiki::cfg{Plugins}{LdapNgPlugin}{DisableLDAPUSERS} = 1; $TWiki::cfg{Plugins}{LdapNgPlugin}{Helper} = ''; $TWiki::cfg{Plugins}{LdapNgPlugin}{CacheBlob} = 1; $TWiki::cfg{Plugins}{LdapNgPlugin}{AutoClear} = 0; $TWiki::cfg{Plugins}{LdapNgPlugin}{SeparatorAfterHeaderBeforeFooter} = 0; $TWiki::cfg{Plugins}{LdapNgPlugin}{DynamicWikiNames}{Enabled} = 1; $TWiki::cfg{Plugins}{LdapNgPlugin}{DynamicWikiNames}{RequireLoggedIn} = 1; $TWiki::cfg{Plugins}{LdapNgPlugin}{DynamicWikiNames}{Filter} = '(objectClass=tclOrgPerson)'; $TWiki::cfg{Plugins}{LdapNgPlugin}{DynamicWikiNames}{Format} = '|Name|$givenName $sn|$n|Mail|$mail|';

$TWiki::cfg{Ldap}{RewriteWikiNames} = { '^(.*)@.*$' => '$1' }; $TWiki::cfg{Ldap}{GroupBase} = [ 'ou=users,dc=company,dc=co,dc=uk' ];

-- TWiki Guest - 2016-10-20

Discussion and Answer

      Change status to:
ALERT! If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.
SupportForm
Status Asked
Title LdapAuthorisationFailure
SupportCategory LdapContrib
TWiki version 6.0.2
Server OS Debian 8, 3.16.0-4-amd64
Web server Apache/2.4.10 (Debian)
Perl version Perl v5.20
Browser & version Firefox 49.0.1
Topic revision: r1 - 2016-10-20 - TWikiGuest
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.