Tags:
ldap1Add my vote for this tag create new tag
, view all tags

SID-02328: TWiki 6.0.2 AD Authentication

Status: Unanswered Unanswered TWiki version: 6.0.2 Perl version:
Category: CategoryAuthentication Server OS: Centos 7 Last update: 41 minutes ago

Hello,

I've seen similar issues around the forums but they seem to have resolved their issue but not post their fix. I purchased and setup the new 6.0.2 Twiki via the OVA file. I want to be able to use LDAP authentication so I followed the direction for LdapContrib. However, it does not appear to be working. I'm not sure if the users are supposed to show when you click on the TWiki UserList and if the groups are supposed to show under TwikiGroups? Any assistance would be greatly appreciated. After the solution is found, I will be sure to post it here. I feel i'm close and just missing a small detail.

Below is my setup: LdapContrib LdapContribAdminPlugin LdapNgPlugin

ldap server is Active Directory

All installed with no errors.

LdapContrib.cfg: (note i removed urls, IPs and domain names so those are actually correct in the file)

# Local site settings for TWiki. This file is managed by the 'configure'
# CGI script, though you can also make (careful!) manual changes with a
# text editor.
$TWiki::cfg{DefaultUrlHost} = 'Correct Host URL';
$TWiki::cfg{UrlHostRegex} = '';
$TWiki::cfg{PermittedRedirectHostUrls} = 'All the correct redirect URLs';
$TWiki::cfg{ScriptUrlPath} = '/do';
$TWiki::cfg{PubUrlPath} = '/pub';
$TWiki::cfg{PubDir} = '/var/www/twiki/pub';
$TWiki::cfg{TemplateDir} = '/var/www/twiki/templates';
$TWiki::cfg{DataDir} = '/var/www/twiki/data';
$TWiki::cfg{LocalesDir} = '/var/www/twiki/locale';
$TWiki::cfg{WorkingDir} = '/var/www/twiki/working';
$TWiki::cfg{ScriptSuffix} = '';
$TWiki::cfg{Password} = 'dstBwIGWoMqXQ';
$TWiki::cfg{SafeEnvPath} = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin';
$TWiki::cfg{UseClientSessions} = 1;
$TWiki::cfg{Sessions}{ExpireAfter} = 21600;
$TWiki::cfg{Sessions}{ExpireCookiesAfter} = 0;
$TWiki::cfg{Sessions}{IDsInURLs} = 0;
$TWiki::cfg{Sessions}{UseIPMatching} = 1;
$TWiki::cfg{Sessions}{MapIP2SID} = 0;
$TWiki::cfg{LoginManager} = 'TWiki::LoginManager::TemplateLogin';
$TWiki::cfg{TwoStepAuthManager} = 'none';
$TWiki::cfg{TemplateLogin}{PreventBrowserRememberingPassword} = 0;
$TWiki::cfg{LoginNameFilterIn} = '^[^\\s\\*?~^\\$@%`"\'&;\\\\|<>\\x00-\\x1f]+$';
$TWiki::cfg{DefaultUserLogin} = 'guest';
$TWiki::cfg{DefaultUserWikiName} = 'TWikiGuest';
$TWiki::cfg{AdminUserLogin} = 'admin';
$TWiki::cfg{AdminUserWikiName} = 'TWikiAdminUser';
$TWiki::cfg{SuperAdminGroup} = 'TWikiAdminGroup';
$TWiki::cfg{Access}{AdminDomain} = 'site';
$TWiki::cfg{UsersTopicName} = 'TWikiUsers';
$TWiki::cfg{AuthScripts} = 'attach,edit,manage,rename,save,upload,viewauth,rdiffauth,rest,mdrepo';
$TWiki::cfg{ForbidUserAction} = '';
$TWiki::cfg{AuthRealm} = 'Enter your LoginName. (Typically First name and last name, no space, no dots, capitalized, e.g. JohnSmith, unless you chose otherwise). Visit TWikiRegistration if you do not have one.';
$TWiki::cfg{UserMappingManager} = 'TWiki::Users::LdapUserMapping';
$TWiki::cfg{Register}{EnableNewUserRegistration} = 1;
$TWiki::cfg{Register}{HidePasswd} = 1;
$TWiki::cfg{Register}{AllowSystemGeneratedPassword} = 1;
$TWiki::cfg{PasswordManager} = 'TWiki::Users::LdapPasswdUser';
$TWiki::cfg{MinPasswordLength} = '8';
$TWiki::cfg{MustChangePasswordAfterReset} = 1;
$TWiki::cfg{Htpasswd}{FileName} = '/var/www/twiki/data/.htpasswd';
$TWiki::cfg{Htpasswd}{Encoding} = 'crypt';
$TWiki::cfg{CryptToken}{Enable} = 1;
$TWiki::cfg{CryptToken}{SecureActions} = 'register,save,comment,createweb,upload';
$TWiki::cfg{OS} = 'UNIX';
$TWiki::cfg{DetailedOS} = 'linux';
$TWiki::cfg{DenyDotDotInclude} = 1;
$TWiki::cfg{AllowInlineScript} = 1;
$TWiki::cfg{UploadFilter} = '^(\\.htaccess|.*\\.(?i)(?:php[0-9s]?(\\..*)?|[sp]htm[l]?(\\..*)?|pl|py|cgi))$';
$TWiki::cfg{NameFilter} = '[\\s\\*?~^\\$\\#@%`"\'&;\\\\|<>\\[\\]\\+\\x00-\\x1f]';
$TWiki::cfg{AccessibleENV} = '^(HTTP_\\w+|REMOTE_\\w+|SERVER_\\w+|REQUEST_\\w+|MOD_PERL|TWIKI_ACTION)$';
$TWiki::cfg{AntiSpam}{EmailPadding} = '';
$TWiki::cfg{AntiSpam}{HideUserDetails} = 1;
$TWiki::cfg{AntiSpam}{RobotsAreWelcome} = 1;
$TWiki::cfg{Log}{view} = 1;
$TWiki::cfg{Log}{viewfile} = 1;
$TWiki::cfg{Log}{search} = 1;
$TWiki::cfg{Log}{changes} = 1;
$TWiki::cfg{Log}{rdiff} = 1;
$TWiki::cfg{Log}{edit} = 1;
$TWiki::cfg{Log}{save} = 1;
$TWiki::cfg{Log}{upload} = 1;
$TWiki::cfg{Log}{attach} = 1;
$TWiki::cfg{Log}{rename} = 1;
$TWiki::cfg{Log}{register} = 1;
$TWiki::cfg{Log}{mdrepo} = 1;
$TWiki::cfg{ConfigurationLogName} = '/var/www/twiki/data/configurationlog.txt';
$TWiki::cfg{DebugFileName} = '/var/www/twiki/data/debug.txt';
$TWiki::cfg{WarningFileName} = '/var/www/twiki/data/warn%DATE%.txt';
$TWiki::cfg{LogFileName} = '/var/www/twiki/data/log%DATE%.txt';
$TWiki::cfg{Languages}{bg}{Enabled} = 1;
$TWiki::cfg{Languages}{cs}{Enabled} = 1;
$TWiki::cfg{Languages}{da}{Enabled} = 1;
$TWiki::cfg{Languages}{de}{Enabled} = 1;
$TWiki::cfg{Languages}{es}{Enabled} = 1;
$TWiki::cfg{Languages}{fr}{Enabled} = 1;
$TWiki::cfg{Languages}{it}{Enabled} = 1;
$TWiki::cfg{Languages}{ja}{Enabled} = 1;
$TWiki::cfg{Languages}{ko}{Enabled} = 1;
$TWiki::cfg{Languages}{nl}{Enabled} = 1;
$TWiki::cfg{Languages}{pl}{Enabled} = 1;
$TWiki::cfg{Languages}{pt}{Enabled} = 1;
$TWiki::cfg{Languages}{ru}{Enabled} = 1;
$TWiki::cfg{Languages}{sv}{Enabled} = 1;
$TWiki::cfg{Languages}{'zh-cn'}{Enabled} = 1;
$TWiki::cfg{Languages}{'zh-tw'}{Enabled} = 1;
$TWiki::cfg{DisplayTimeValues} = 'gmtime';
$TWiki::cfg{DefaultDateFormat} = '$year-$mo-$day';
$TWiki::cfg{Site}{Locale} = 'en_US.ISO-8859-1';
$TWiki::cfg{Site}{LocaleRegexes} = 1;
$TWiki::cfg{UpperNational} = '';
$TWiki::cfg{LowerNational} = '';
$TWiki::cfg{PluralToSingular} = 1;
$TWiki::cfg{StoreImpl} = 'RcsWrap';
$TWiki::cfg{RCS}{ExtOption} = '';
$TWiki::cfg{RCS}{dirPermission} = 493;
$TWiki::cfg{RCS}{filePermission} = 420;
$TWiki::cfg{Store}{RememberChangesFor} = 2678400;
$TWiki::cfg{SummariseSizeLimit} = 0;
$TWiki::cfg{RCS}{asciiFileSuffixes} = '\\.(txt|html|xml|pl)$';
$TWiki::cfg{RCS}{initBinaryCmd} = '/usr/bin/rcs -i -t-none -kb %FILENAME|F%';
$TWiki::cfg{RCS}{initTextCmd} = '/usr/bin/rcs -i -t-none -ko %FILENAME|F%';
$TWiki::cfg{RCS}{tmpBinaryCmd} = '/usr/bin/rcs -kb %FILENAME|F%';
$TWiki::cfg{RCS}{ciCmd} = '/usr/bin/ci -m%COMMENT|U% -t-none -w%USERNAME|S% -u %FILENAME|F%';
$TWiki::cfg{RCS}{ciDateCmd} = '/usr/bin/ci -m%COMMENT|U% -t-none -d%DATE|D% -u -w%USERNAME|S% %FILENAME|F%';
$TWiki::cfg{RCS}{coCmd} = '/usr/bin/co -p%REVISION|N% -ko %FILENAME|F%';
$TWiki::cfg{RCS}{histCmd} = '/usr/bin/rlog -h %FILENAME|F%';
$TWiki::cfg{RCS}{infoCmd} = '/usr/bin/rlog -r%REVISION|N% %FILENAME|F%';
$TWiki::cfg{RCS}{rlogDateCmd} = '/usr/bin/rlog -d%DATE|D% %FILENAME|F%';
$TWiki::cfg{RCS}{diffCmd} = '/usr/bin/rcsdiff -q -w -B -r%REVISION1|N% -r%REVISION2|N% -ko --unified=%CONTEXT|N% %FILENAME|F%';
$TWiki::cfg{RCS}{lockCmd} = '/usr/bin/rcs -l %FILENAME|F%';
$TWiki::cfg{RCS}{unlockCmd} = '/usr/bin/rcs -u %FILENAME|F%';
$TWiki::cfg{RCS}{breaklockCmd} = '/usr/bin/rcs -u -M %FILENAME|F%';
$TWiki::cfg{RCS}{delRevCmd} = '/usr/bin/rcs -o%REVISION|N% %FILENAME|F%';
$TWiki::cfg{RCS}{SearchAlgorithm} = 'TWiki::Store::SearchAlgorithms::Forking';
$TWiki::cfg{RCS}{QueryAlgorithm} = 'TWiki::Store::QueryAlgorithms::BruteForce';
$TWiki::cfg{RCS}{EgrepCmd} = '/bin/grep -E %CS{|-i}% %DET{|-l}% -H -- %TOKEN|U% %FILES|F%';
$TWiki::cfg{RCS}{FgrepCmd} = '/bin/grep -F %CS{|-i}% %DET{|-l}% -H -- %TOKEN|U% %FILES|F%';
$TWiki::cfg{EnableHierarchicalWebs} = 1;
$TWiki::cfg{SystemWebName} = 'TWiki';
$TWiki::cfg{TrashWebName} = 'Trash';
$TWiki::cfg{UsersWebName} = 'Main';
$TWiki::cfg{EnableEmail} = 1;
$TWiki::cfg{WebMasterEmail} = '';
$TWiki::cfg{WebMasterName} = 'TWiki Administrator';
$TWiki::cfg{SmimeCertificateFile} = '';
$TWiki::cfg{SmimeKeyFile} = '';
$TWiki::cfg{SmimeKeyPassword} = '';
$TWiki::cfg{MailProgram} = '/usr/sbin/sendmail -t -oi -oeq';
$TWiki::cfg{SMTP}{MAILHOST} = 'smtp.spmremote.com';
$TWiki::cfg{SMTP}{SENDERHOST} = 'kb.spmc.com';
$TWiki::cfg{SMTP}{Username} = '';
$TWiki::cfg{SMTP}{Password} = '';
$TWiki::cfg{RemoveImgInMailnotify} = 1;
$TWiki::cfg{NotifyTopicName} = 'WebNotify';
$TWiki::cfg{SMTP}{Debug} = 0;
$TWiki::cfg{PROXY}{HOST} = '';
$TWiki::cfg{PROXY}{PORT} = '';
$TWiki::cfg{PROXY}{Username} = '';
$TWiki::cfg{PROXY}{Password} = '';
$TWiki::cfg{PROXY}{SkipProxyForDomains} = '';
$TWiki::cfg{HTTP}{HiddenFields} = 'cookie';
$TWiki::cfg{Stats}{TopViews} = 10;
$TWiki::cfg{Stats}{TopViewers} = 10;
$TWiki::cfg{Stats}{TopContrib} = 10;
$TWiki::cfg{Stats}{TopicName} = 'WebStatistics';
$TWiki::cfg{Stats}{SiteTopViews} = 0;
$TWiki::cfg{Stats}{SiteTopUpdates} = 0;
$TWiki::cfg{Stats}{SiteTopViewers} = 10;
$TWiki::cfg{Stats}{SiteTopContrib} = 10;
$TWiki::cfg{Stats}{SiteStatsTopicName} = 'SiteStatistics';
$TWiki::cfg{Stats}{dfCmd} = '/bin/df %DIRECTORY|F%';
$TWiki::cfg{Stats}{ExcludedWebRegex} = '';
$TWiki::cfg{Stats}{TopAffiliation} = 10;
$TWiki::cfg{Stats}{SiteTopAffiliation} = 10;
$TWiki::cfg{TemplatePath} = '/var/www/twiki/templates/$web/$name.$skin.tmpl, /var/www/twiki/templates/$name.$skin.tmpl, /var/www/twiki/templates/$web/$name.tmpl, /var/www/twiki/templates/$name.tmpl, $web.$skinSkin$nameTemplate, TWiki.$skinSkin$nameTemplate, $web.$nameTemplate, TWiki.$nameTemplate';
$TWiki::cfg{LinkProtocolPattern} = '(file|ftp|gopher|https|http|irc|mailto|news|nntp|telnet)';
$TWiki::cfg{Links}{ExternalLinksInNewWindow} = 1;
$TWiki::cfg{Links}{ExternalLinksIcon} = 1;
$TWiki::cfg{Links}{InternalDomains} = '';
$TWiki::cfg{Links}{TwitterUrlPattern} = 'https://twitter.com/%ID%';
$TWiki::cfg{SitePrefsTopicName} = 'TWikiPreferences';
$TWiki::cfg{LocalSitePreferences} = 'Main.TWikiPreferences';
$TWiki::cfg{HomeTopicName} = 'WebHome';
$TWiki::cfg{WebPrefsTopicName} = 'WebPreferences';
$TWiki::cfg{NumberOfRevisions} = 4;
$TWiki::cfg{ReplaceIfEditedAgainWithin} = 3600;
$TWiki::cfg{LeaseLength} = 3600;
$TWiki::cfg{LeaseLengthLessForceful} = 3600;
$TWiki::cfg{MimeTypesFileName} = '/var/www/twiki/data/mime.types';
$TWiki::cfg{Operators}{Query} = [
'TWiki::Query::OP_and',
'TWiki::Query::OP_eq',
'TWiki::Query::OP_lc',
'TWiki::Query::OP_lte',
'TWiki::Query::OP_not',
'TWiki::Query::OP_ref',
'TWiki::Query::OP_d2n',
'TWiki::Query::OP_gte',
'TWiki::Query::OP_length',
'TWiki::Query::OP_lt',
'TWiki::Query::OP_ob',
'TWiki::Query::OP_uc',
'TWiki::Query::OP_dot',
'TWiki::Query::OP_gt',
'TWiki::Query::OP_like',
'TWiki::Query::OP_ne',
'TWiki::Query::OP_or',
'TWiki::Query::OP_where'
];
$TWiki::cfg{Operators}{If} = [
'TWiki::If::OP_allows',
'TWiki::If::OP_defined',
'TWiki::If::OP_isempty',
'TWiki::If::OP_ingroup',
'TWiki::If::OP_isweb',
'TWiki::If::OP_context',
'TWiki::If::OP_dollar',
'TWiki::If::OP_istopic'
];
$TWiki::cfg{Mdrepo}{Store} = '';
$TWiki::cfg{Mdrepo}{Dir} = '';
$TWiki::cfg{Mdrepo}{Tables} = [
'sites',
'webs:b'
];
$TWiki::cfg{Mdrepo}{RecordIDRe} = '\\w+';
$TWiki::cfg{Mdrepo}{FieldNameRe} = '\\w+';
$TWiki::cfg{ReadOnlyAndMirrorWebs}{SiteName} = '';
$TWiki::cfg{ReadOnlyAndMirrorWebs}{ScriptOnMaster} = 'edit, save, attach, upload, rename, manage';
$TWiki::cfg{WEBLIST}{canmovetoExclude} = '';
$TWiki::cfg{WEBLIST}{cancopytoExclude} = '';
$TWiki::cfg{UserSubwebs}{UserPrefsTopicName} = 'WebHome';
$TWiki::cfg{Plugins}{BackupRestorePlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{ColorPickerPlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{CommentPlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{DatePickerPlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{EditTablePlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{EmptyPlugin}{Enabled} = 0;
$TWiki::cfg{Plugins}{HeadlinesPlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{InterwikiPlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{JQueryPlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{PreferencesPlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{RenderListPlugin}{Enabled} = 0;
$TWiki::cfg{Plugins}{SetGetPlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{SlideShowPlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{SmiliesPlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{SpreadSheetPlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{TablePlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{TagMePlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{TinyMCEPlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{TWikiNetSkinPlugin}{Enabled} = 0;
$TWiki::cfg{Plugins}{TwistyPlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{WatchlistPlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{WysiwygPlugin}{Enabled} = 1;
$TWiki::cfg{PluginsOrder} = 'SpreadSheetPlugin';
$TWiki::cfg{ExtensionsRepositories} = 'TWiki.org=(http://twiki.org/cgi-bin/view/Plugins/,http://twiki.org/p/pub/Plugins/)&#39;;
$TWiki::cfg{Plugins}{BackupRestorePlugin}{BackupDir} = '/tmp';
$TWiki::cfg{Plugins}{BackupRestorePlugin}{KeepNumberOfBackups} = '7';
$TWiki::cfg{Plugins}{BackupRestorePlugin}{TempDir} = '/tmp';
$TWiki::cfg{Plugins}{BackupRestorePlugin}{createZipCmd} = '/usr/bin/zip -r';
$TWiki::cfg{Plugins}{BackupRestorePlugin}{listZipCmd} = '/usr/bin/unzip -l';
$TWiki::cfg{Plugins}{BackupRestorePlugin}{unZipCmd} = '/usr/bin/unzip -o';
$TWiki::cfg{Plugins}{BackupRestorePlugin}{Debug} = 0;
$TWiki::cfg{Plugins}{DatePickerPlugin}{Format} = '%Y-%m-%d';
$TWiki::cfg{Plugins}{DatePickerPlugin}{Lang} = 'en';
$TWiki::cfg{Plugins}{DatePickerPlugin}{Style} = 'twiki';
$TWiki::cfg{Plugins}{SetGetPlugin}{Debug} = 0;
$TWiki::cfg{TagMePlugin}{SplitSpace} = 0;
$TWiki::cfg{TagMePlugin}{NormalizeTagInput} = 0;
$TWiki::cfg{TagMePlugin}{LogAction} = 0;
$TWiki::cfg{TagMePlugin}{AlwaysRefine} = 0;
$TWiki::cfg{TagMePlugin}{UserAgnostic} = 0;
$TWiki::cfg{TagMePlugin}{TagLenLimit} = 30;
$TWiki::cfg{JSCalendarContrib}{format} = '%Y-%m-%d';
$TWiki::cfg{JSCalendarContrib}{lang} = 'en';
$TWiki::cfg{JSCalendarContrib}{style} = 'blue';
$TWiki::cfg{MailerContrib}{EmailFilterIn} = '';
$TWiki::cfg{MailerContrib}{CustomUserGroupNotations} = '';
$TWiki::cfg{Site}{CharSet} = 'iso-8859-1';
$TWiki::cfg{Plugins}{WatchlistPlugin}{ChangesFormat} = '| $title in <nop>$web web | $date - r$rev - $wikiname |';
$TWiki::cfg{Plugins}{WatchlistPlugin}{ChangesHeader} = '| Topic | Last Update |';
$TWiki::cfg{Plugins}{WatchlistPlugin}{ChangesFooter} = '<div style="margin: 5px 0 0 3px;">Show %CALCULATE{$SET(limit, %URLPARAM{"limit" default="50"}%)$LISTJOIN(, , $LISTMAP($IF($VALUE($GET(limit))==$item, <b>$item</b>, <a href="%SCRIPTURLPATH{"view"}%/%WEB%/%TOPIC%?limit=$item" rel="nofollow">$item</a>), 10, 20, 50, 100, 500, 1000))}% recent changes</div>';
$TWiki::cfg{Plugins}{WatchlistPlugin}{EmptyMessage} = 'The watchlist is empty. To watch topics, select the "Watch" menu item on topics of interest.';
$TWiki::cfg{Plugins}{WatchlistPlugin}{NotifyTextFormat} = '- $topic in $web web, updated by $wikiname, $date, r$rev$n $viewscript/$web/$topic$n$n';
$TWiki::cfg{Plugins}{WatchlistPlugin}{UseEmailField} = 0;
$TWiki::cfg{Plugins}{WatchlistPlugin}{LogAction} = 1;
$TWiki::cfg{Plugins}{WatchlistPlugin}{Debug} = 0;
$TWiki::cfg{Plugins}{JqPlotPlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{LdapContribAdminPlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{LdapNgPlugin}{Enabled} = 1;
$TWiki::cfg{Plugins}{LdapNgPlugin}{UseDefaultServer} = 1;
$TWiki::cfg{Plugins}{LdapNgPlugin}{DisableLDAPUSERS} = 0;
$TWiki::cfg{Plugins}{LdapNgPlugin}{Helper} = '';
$TWiki::cfg{Plugins}{LdapNgPlugin}{CacheBlob} = 0;
$TWiki::cfg{Plugins}{LdapNgPlugin}{AutoClear} = 0;
$TWiki::cfg{Plugins}{LdapNgPlugin}{SeparatorAfterHeaderBeforeFooter} = 0;
$TWiki::cfg{Plugins}{LdapNgPlugin}{DynamicWikiNames}{Enabled} = 1;
$TWiki::cfg{Plugins}{LdapNgPlugin}{DynamicWikiNames}{RequireLoggedIn} = 1;
$TWiki::cfg{Plugins}{LdapNgPlugin}{DynamicWikiNames}{Filter} = 'objectClass=User';
$TWiki::cfg{Plugins}{LdapNgPlugin}{DynamicWikiNames}{Format} = '|Name|$givenName $sn|$n|Mail|$mail|';
$TWiki::cfg{Ldap}{Debug} = 1;
$TWiki::cfg{Ldap}{Host} = 'ldap.server.com';
$TWiki::cfg{Ldap}{Port} = 389;
$TWiki::cfg{Ldap}{Version} = '3';
$TWiki::cfg{Ldap}{Base} = 'DC=domain,DC=com';
$TWiki::cfg{Ldap}{BindDN} = 'CN=ldap,CN=Users,DC=domain,DC=com';
$TWiki::cfg{Ldap}{BindPassword} = 'password';
$TWiki::cfg{Ldap}{UseSASL} = 0;
$TWiki::cfg{Ldap}{SASLMechanism} = 'PLAIN CRAM-MD5 EXTERNAL ANONYMOUS';
$TWiki::cfg{Ldap}{GSSAPIuser} = '';
$TWiki::cfg{Ldap}{UseTLS} = 0;
$TWiki::cfg{Ldap}{TLSSSLVersion} = 'tlsv1';
$TWiki::cfg{Ldap}{TLSVerify} = 'require';
$TWiki::cfg{Ldap}{TLSCAPath} = '';
$TWiki::cfg{Ldap}{TLSCAFile} = '';
$TWiki::cfg{Ldap}{TLSClientCert} = '';
$TWiki::cfg{Ldap}{TLSClientKey} = '';
$TWiki::cfg{Ldap}{SecondaryPasswordManager} = 'TWiki::Users::HtPasswdUser';
$TWiki::cfg{Ldap}{UserScope} = 'sub';
$TWiki::cfg{Ldap}{LoginFilter} = 'objectClass=user';
$TWiki::cfg{Ldap}{LoginAttribute} = 'userPrincipalName';
$TWiki::cfg{Ldap}{LoginPattern} = '^.+$';
$TWiki::cfg{Ldap}{MailAttribute} = 'mail';
$TWiki::cfg{Ldap}{WikiNameAttributes} = 'cn';
$TWiki::cfg{Ldap}{NormalizeWikiNames} = 1;
$TWiki::cfg{Ldap}{NormalizeLoginNames} = 0;
$TWiki::cfg{Ldap}{CaseSensitiveLogin} = 0;
$TWiki::cfg{Ldap}{WikiNameAliases} = '';
$TWiki::cfg{Ldap}{AllowChangePassword} = 0;
$TWiki::cfg{Ldap}{PreserveTWikiUserMapping} = 1;
$TWiki::cfg{Ldap}{PreserveWikiNames} = 0;
$TWiki::cfg{Ldap}{MapGroups} = 1;
$TWiki::cfg{Ldap}{GroupScope} = 'sub';
$TWiki::cfg{Ldap}{GroupFilter} = 'objectClass=group';
$TWiki::cfg{Ldap}{GroupAttribute} = 'cn';
$TWiki::cfg{Ldap}{GroupPattern} = '^.+$';
$TWiki::cfg{Ldap}{PrimaryGroupAttribute} = 'gidNumber';
$TWiki::cfg{Ldap}{MemberAttribute} = 'memberUid';
$TWiki::cfg{Ldap}{InnerGroupAttribute} = 'memberUid';
$TWiki::cfg{Ldap}{MemberIndirection} = 0;
$TWiki::cfg{Ldap}{WikiGroupsBackoff} = 1;
$TWiki::cfg{Ldap}{NormalizeGroupNames} = 0;
$TWiki::cfg{Ldap}{CaseSensitiveGroup} = 0;
$TWiki::cfg{Ldap}{RewriteGroups} = {};
$TWiki::cfg{Ldap}{MergeGroups} = 0;
$TWiki::cfg{Ldap}{Precache} = 'all';
$TWiki::cfg{Ldap}{MaxCacheAge} = 86400;
$TWiki::cfg{Ldap}{CLIOnlyRefresh} = 0;
$TWiki::cfg{Ldap}{PageSize} = 500;
$TWiki::cfg{Ldap}{BackupCacheFile} = 0;
$TWiki::cfg{Ldap}{BackupFileAge} = 0;
$TWiki::cfg{Ldap}{Exclude} = 'WIKIWORDS, admin, guest';
$TWiki::cfg{Ldap}{UserBase} = ['OU=O365,OU=Azure,DC=domain,DC=com'];
$TWiki::cfg{Ldap}{GroupBase} = ['OU=TwikiGroups,DC=domain,DC=com'];
1;

debug.txt:
| 2017-09-01 - 21:30:49 | tieing cache with mode read (10.4.5.54/ssoid/web.topic/LdapContrib.pm:839)
| 2017-09-01 - 21:30:49 | called untieCache () (10.4.5.54/ssoid/web.topic/LdapContrib.pm:841)
| 2017-09-01 - 21:30:49 | cacheAge=9999999999, maxCacheAge=86400, LASTUPDATED=0, refresh=1 (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:30:49 | called refreshCache with mode 1, preserveTWikiUserMapping: 0 (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:30:49 | tieing cache with mode read (10.4.5.54/ssoid/web.topic/LdapContrib.pm:891)
| 2017-09-01 - 21:30:49 | called eachGroupMember(TWikiAdminGroup) (10.4.5.54/ssoid/Main.TWikiGuest/UserMapping.pm:349)
| 2017-09-01 - 21:30:49 | TWikiAdminGroup is not a valid groupName (10.4.5.54/ssoid/Main.TWikiGuest/callerFile:callerLine)
| 2017-09-01 - 21:30:49 | called isGroup(christopher.crowe@spmcPLEASENOSPAM.com) (10.4.5.54/ssoid/Main.TWikiGuest/callerFile:callerLine)
| 2017-09-01 - 21:30:49 | called checkCacheForGroupName(christopher.crowe@spmcPLEASENOSPAM.com) (10.4.5.54/ssoid/Main.TWikiGuest/LdapContrib.pm:2184)
| 2017-09-01 - 21:30:49 | called getGroupNames() (10.4.5.54/ssoid/Main.TWikiGuest/callerFile:callerLine)
| 2017-09-01 - 21:30:49 | called isIgnoredGroup(christopher.crowe@spmcPLEASENOSPAM.com) (10.4.5.54/ssoid/Main.TWikiGuest/LdapContrib.pm:3405)
| 2017-09-01 - 21:30:49 | called getAllIgnoredGroups() (10.4.5.54/ssoid/Main.TWikiGuest/callerFile:callerLine)
| 2017-09-01 - 21:30:49 | called untieCache () (10.4.5.54/ssoid/Main.TWikiGuest/LdapContrib.pm:521)
| 2017-09-01 - 21:30:56 | tieing cache with mode read (10.4.5.54/ssoid/web.topic/LdapContrib.pm:839)
| 2017-09-01 - 21:30:56 | called untieCache () (10.4.5.54/ssoid/web.topic/LdapContrib.pm:841)
| 2017-09-01 - 21:30:56 | cacheAge=9999999999, maxCacheAge=86400, LASTUPDATED=0, refresh=1 (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:30:56 | called refreshCache with mode 1, preserveTWikiUserMapping: 0 (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:30:56 | tieing cache with mode read (10.4.5.54/ssoid/web.topic/LdapContrib.pm:891)
| 2017-09-01 - 21:30:56 | called eachGroupMember(TWikiAdminGroup) (10.4.5.54/ssoid/Main.WebHome/UserMapping.pm:349)
| 2017-09-01 - 21:30:56 | TWikiAdminGroup is not a valid groupName (10.4.5.54/ssoid/Main.WebHome/callerFile:callerLine)
| 2017-09-01 - 21:30:56 | TWikiContributor is not a valid loginName (10.4.5.54/ssoid/Main.WebHome/callerFile:callerLine)
| 2017-09-01 - 21:30:56 | called isGroup(TWikiAdminGroup) (10.4.5.54/ssoid/Main.WebHome/callerFile:callerLine)
| 2017-09-01 - 21:30:56 | TWikiAdminGroup is not a valid groupName (10.4.5.54/ssoid/Main.WebHome/callerFile:callerLine)
| 2017-09-01 - 21:30:56 | TWikiAdminGroup is not a valid loginName (10.4.5.54/ssoid/Main.WebHome/callerFile:callerLine)
| 2017-09-01 - 21:30:56 | called eachGroupMember(TWikiAdminGroup) (10.4.5.54/ssoid/Main.WebHome/UserMapping.pm:349)
| 2017-09-01 - 21:30:56 | called eachGroupMember(TWikiAdminGroup) (10.4.5.54/ssoid/Main.WebHome/UserMapping.pm:349)
| 2017-09-01 - 21:30:56 | called untieCache () (10.4.5.54/ssoid/Main.WebHome/LdapContrib.pm:521)
| 2017-09-01 - 21:30:59 | tieing cache with mode read (10.4.5.54/ssoid/web.topic/LdapContrib.pm:839)
| 2017-09-01 - 21:30:59 | called untieCache () (10.4.5.54/ssoid/web.topic/LdapContrib.pm:841)
| 2017-09-01 - 21:30:59 | cacheAge=9999999999, maxCacheAge=86400, LASTUPDATED=0, refresh=1 (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:30:59 | called refreshCache with mode 1, preserveTWikiUserMapping: 0 (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:30:59 | tieing cache with mode read (10.4.5.54/ssoid/web.topic/LdapContrib.pm:891)
| 2017-09-01 - 21:30:59 | called eachGroupMember(TWikiAdminGroup) (10.4.5.54/ssoid/Main.UserList/UserMapping.pm:349)
| 2017-09-01 - 21:30:59 | TWikiAdminGroup is not a valid groupName (10.4.5.54/ssoid/Main.UserList/callerFile:callerLine)
| 2017-09-01 - 21:30:59 | TWikiContributor is not a valid loginName (10.4.5.54/ssoid/Main.UserList/callerFile:callerLine)
| 2017-09-01 - 21:30:59 | called untieCache () (10.4.5.54/ssoid/Main.UserList/LdapContrib.pm:521)
| 2017-09-01 - 21:31:05 | tieing cache with mode read (10.4.5.54/ssoid/web.topic/LdapContrib.pm:839)
| 2017-09-01 - 21:31:05 | called untieCache () (10.4.5.54/ssoid/web.topic/LdapContrib.pm:841)
| 2017-09-01 - 21:31:05 | cacheAge=9999999999, maxCacheAge=86400, LASTUPDATED=0, refresh=1 (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:31:05 | called refreshCache with mode 1, preserveTWikiUserMapping: 0 (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:31:05 | tieing cache with mode read (10.4.5.54/ssoid/web.topic/LdapContrib.pm:891)
| 2017-09-01 - 21:31:05 | called eachGroupMember(TWikiAdminGroup) (10.4.5.54/ssoid/Main.UserList/UserMapping.pm:349)
| 2017-09-01 - 21:31:05 | TWikiAdminGroup is not a valid groupName (10.4.5.54/ssoid/Main.UserList/callerFile:callerLine)
| 2017-09-01 - 21:31:05 | TWikiContributor is not a valid loginName (10.4.5.54/ssoid/Main.UserList/callerFile:callerLine)
| 2017-09-01 - 21:31:05 | called untieCache () (10.4.5.54/ssoid/Main.UserList/LdapContrib.pm:521)

Warn####.txt - I tried several formats of the username.

| 2017-09-01 - 21:11:11 | (TWiki::Contrib::LdapContrib) LdapContrib - no result looking for group christopher.crowe in LDAP (groupAttribute cn). Adding group to ignore list. (10.4.5.54/ssoid/Main.UserList/LdapContrib.pm:2184)
| 2017-09-01 - 21:11:22 | (TWiki::Contrib::LdapContrib) LdapContrib - Can not refresh cache now. It is already being refreshed by process 23959! (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:11:22 | (TWiki::Contrib::LdapContrib) LdapContrib - no result looking for group christopher.crowe@spmcPLEASENOSPAM.com in LDAP (groupAttribute cn). Adding group to ignore list. (10.4.5.54/ssoid/Main.UserList/LdapContrib.pm:2184)
| 2017-09-01 - 21:11:26 | (TWiki::Contrib::LdapContrib) LdapContrib - Can not refresh cache now. It is already being refreshed by process 23959! (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:11:26 | (TWiki::Contrib::LdapContrib) LdapContrib - no result looking for group ccrowe in LDAP (groupAttribute cn). Adding group to ignore list. (10.4.5.54/ssoid/Main.UserList/LdapContrib.pm:2184)
| 2017-09-01 - 21:13:33 | (TWiki::Contrib::LdapContrib) LdapContrib - Can not refresh cache now. It is already being refreshed by process 23959! (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:13:33 | (TWiki::Contrib::LdapContrib) LdapContrib - no result looking for group christophercrowe in LDAP (groupAttribute cn). Adding group to ignore list. (10.4.5.54/ssoid/Main.UserList/LdapContrib.pm:2184)
| 2017-09-01 - 21:16:56 | (TWiki::Contrib::LdapContrib) LdapContrib - Can not refresh cache now. It is already being refreshed by process 23959! (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:17:00 | (TWiki::Contrib::LdapContrib) LdapContrib - Can not refresh cache now. It is already being refreshed by process 23959! (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:17:04 | (TWiki::Contrib::LdapContrib) LdapContrib - Can not refresh cache now. It is already being refreshed by process 23959! (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:28:08 | (TWiki::Contrib::LdapContrib) LdapContrib - Can not refresh cache now. It is already being refreshed by process 23959! (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:29:20 | (TWiki::Contrib::LdapContrib) LdapContrib - Can not refresh cache now. It is already being refreshed by process 23959! (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:29:22 | (TWiki::Contrib::LdapContrib) LdapContrib - Can not refresh cache now. It is already being refreshed by process 23959! (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:29:23 | (TWiki::Contrib::LdapContrib) LdapContrib - Can not refresh cache now. It is already being refreshed by process 23959! (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:29:32 | (TWiki::Contrib::LdapContrib) LdapContrib - Can not refresh cache now. It is already being refreshed by process 23959! (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:30:49 | (TWiki::Contrib::LdapContrib) LdapContrib - Can not refresh cache now. It is already being refreshed by process 23959! (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:30:56 | (TWiki::Contrib::LdapContrib) LdapContrib - Can not refresh cache now. It is already being refreshed by process 23959! (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:30:59 | (TWiki::Contrib::LdapContrib) LdapContrib - Can not refresh cache now. It is already being refreshed by process 23959! (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:31:05 | (TWiki::Contrib::LdapContrib) LdapContrib - Can not refresh cache now. It is already being refreshed by process 23959! (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:34:03 | (TWiki::Contrib::LdapContrib) LdapContrib - Can not refresh cache now. It is already being refreshed by process 23959! (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:34:11 | (TWiki::Contrib::LdapContrib) LdapContrib - Can not refresh cache now. It is already being refreshed by process 23959! (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:34:34 | (TWiki::Contrib::LdapContrib) LdapContrib - Can not refresh cache now. It is already being refreshed by process 23959! (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:34:42 | (TWiki::Contrib::LdapContrib) LdapContrib - Can not refresh cache now. It is already being refreshed by process 23959! (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:34:42 | (TWiki::Contrib::LdapContrib) LdapContrib - no result looking for group christopher crowe in LDAP (groupAttribute cn). Adding group to ignore list. (10.4.5.54/ssoid/Main.UserList/LdapContrib.pm:2184)
| 2017-09-01 - 21:34:48 | (TWiki::Contrib::LdapContrib) LdapContrib - Can not refresh cache now. It is already being refreshed by process 23959! (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:34:56 | (TWiki::Contrib::LdapContrib) LdapContrib - Can not refresh cache now. It is already being refreshed by process 23959! (10.4.5.54/ssoid/web.topic/callerFile:callerLine)
| 2017-09-01 - 21:35:01 | (TWiki::Contrib::LdapContrib) LdapContrib - Can not refresh cache now. It is already being refreshed by process 23959! (10.4.5.54/ssoid/web.topic/callerFile:callerLine)

-- Christopher Crowe - 2017-09-01

Discussion and Answer

Your LDAP server is Microsoft. As it is typical for that company, everything they do is a bit non-standard. A few Microsoft specific settings that should help:

$TWiki::cfg{Ldap}{UserBase} = 'dc=example,dc=com';
$TWiki::cfg{Ldap}{LoginFilter} = 'objectClass=user';
$TWiki::cfg{Ldap}{LoginAttribute} = 'sAMAccountName';
$TWiki::cfg{Ldap}{GroupBase} = 'ou=group,dc=example,dc=com';
$TWiki::cfg{Ldap}{GroupFilter} = 'objectClass=group';
$TWiki::cfg{Ldap}{PrimaryGroupAttribute} = 'gidNumber';
$TWiki::cfg{Ldap}{Exclude} = 'TWikiAdminGroup, TWikiGuest, TWikiContributor, RegistrationAgent, UnknownUser, AdminGroup, NobodyGroup, AdminUser, admin, guest';

LDAP settup can be tricky. I recommend to contact the LDAP admin in your org for the recommended settings.

-- Peter Thoeny - 2017-09-03

Aside from LoginAttribute and the additional exceptions in your example the rest in my configuration is the same. I am the LDAP admin and have the settings I need. It's usually straight forward after plugging in a few simple details as I have a few other systems running off LDAP. This looked pretty straight forward as well, but not fully understanding the logs here. I'll change the LoginAttribute to see if that makes the difference.

But why does LdapContrib think that the below are not actual groups / users? Is it trying to check for these in LDAP?

| 2017-09-01 - 21:30:59 | TWikiAdminGroup is not a valid groupName (10.4.5.54/ssoid/Main.UserList/callerFile:callerLine) | 2017-09-01 - 21:30:59 | TWikiContributor is not a valid loginName (10.4.5.54/ssoid/Main.UserList/callerFile:callerLine)

Also, in the logs I can see that it's searching for the usernames I type in via "groupAttribute cn" but it doesn't specify what group it's actually searching. I'm assuming it's searching in a group within the GroupBase i specified?

What also has not been clear is whether or not using LDAP is a sync with these plugins or just a reference for authentication. Meaning, once this is working, will the users show in the twiki user list as well as the groups?

Thanks for your help Peter.

-- Christopher Crowe - 2017-09-04

Changing the attribute did not make a difference.

Just in case I would not be able to get this to work i started to prepare on using apache ldap authentication to load the site. Interesting enough, when i added the ldap configurations in the httpd.conf for /var/www/twiki it passed the credentials into twiki. So when i logged in to the pop up login box and authenticated the logged in user actually showed me logged in to twiki under that username and was relying on twikigroups for access rights. I was able to login via userPrincipalName and twiki converted it from name@domainPLEASENOSPAM.com to namedomaincom as the twiki username.

I would much rather be able to authenticate via the twiki login page rather than the Apache pop-up, so i must be missing some minor detail that is preventing this considering it's able to pass the credentials to Twiki.

If i'm unable to get this working, is it possible to have twiki present the username as name@domainPLEASENOSPAM.com instead of it converting to namedomaincom?

-- Christopher Crowe - 2017-09-05

Starting the process over to see if I may have missed something.

-- Christopher Crowe - 2017-10-18

Still not having success with using ldapcontrib. Everything I've read it appears to be right. I've even used the /tools/ldaptest script and I'm able to pull data with the information I'm using in config. When i do a dump of the cache.db the only thing in there is all of my usernames in the "Unknown group" category. It's almost as if the user lookup is not working. I've ensured the [] brackets were on the bases and i'm not getting any helpful errors in debug.txt and warn###.txt to determine why the autentication is not working.

The debug log repeats the following for all users:

| 2017-10-26 - 16:31:37 | called isGroup(testtwiki) (10.4.5.115/ssoid/Main.WebHome/callerFile:callerLine)
| 2017-10-26 - 16:31:37 | called checkCacheForGroupName(testtwiki) (10.4.5.115/ssoid/Main.WebHome/LdapContrib.pm:2184)
| 2017-10-26 - 16:31:37 | called getGroupNames() (10.4.5.115/ssoid/Main.WebHome/callerFile:callerLine)
| 2017-10-26 - 16:31:37 | called isIgnoredGroup(testtwiki) (10.4.5.115/ssoid/Main.WebHome/LdapContrib.pm:3405)
| 2017-10-26 - 16:31:37 | called getAllIgnoredGroups() (10.4.5.115/ssoid/Main.WebHome/callerFile:callerLine)
occasionally i'll see following throughout the log:
| 2017-10-26 - 16:34:18 | called eachGroupMember(TWikiAdminGroup) (10.4.5.115/ssoid/Main.TWikiGroupTemplate/UserMapping.pm:349)
| 2017-10-26 - 16:34:18 | called eachGroupMember(TWikiAdminGroup) (10.4.5.115/ssoid/Main.TWikiGroupTemplate/UserMapping.pm:349)
| 2017-10-26 - 16:34:18 | called eachGroupMember(TWikiAdminGroup) (10.4.5.115/ssoid/Main.TWikiGroupTemplate/UserMapping.pm:349)
| 2017-10-26 - 16:34:18 | called eachGroupMember(TWikiAdminGroup) (10.4.5.115/ssoid/Main.TWikiGroupTemplate/UserMapping.pm:349)
| 2017-10-26 - 16:34:18 | called eachGroupMember(InformationTechnologyGroup) (10.4.5.115/ssoid/Main.TWikiGroupTemplate/UserMapping.pm:349)
| 2017-10-26 - 16:34:18 | called untieCache () (10.4.5.115/ssoid/Main.TWikiGroupTemplate/LdapContrib.pm:521)
I've ssen this, but not understanding why it's looking it up:
| 2017-10-26 - 16:33:43 | called isGroup(%URLPARAM{"topic"}%) (10.4.5.115/ssoid/Main.TWikiGroupTemplate/callerFile:callerLine)
| 2017-10-26 - 16:33:43 | called checkCacheForGroupName(%urlparam{"topic"}%) (10.4.5.115/ssoid/Main.TWikiGroupTemplate/LdapContrib.pm:2184)
| 2017-10-26 - 16:33:43 | called getGroupNames() (10.4.5.115/ssoid/Main.TWikiGroupTemplate/callerFile:callerLine)
| 2017-10-26 - 16:33:43 | called isIgnoredGroup(%urlparam{"topic"}%) (10.4.5.115/ssoid/Main.TWikiGroupTemplate/LdapContrib.pm:3405)
| 2017-10-26 - 16:33:43 | called getAllIgnoredGroups() (10.4.5.115/ssoid/Main.TWikiGroupTemplate/callerFile:callerLine)
| 2017-10-26 - 16:33:43 | group %urlparam{"topic"}% is unknown, need to refresh part of the ldap cache (10.4.5.115/ssoid/Main.TWikiGroupTemplate/callerFile:callerLine)
| 2017-10-26 - 16:33:43 | called getGroup(%urlparam{"topic"}%) (10.4.5.115/ssoid/Main.TWikiGroupTemplate/callerFile:callerLine)
| 2017-10-26 - 16:33:43 | called search(filter=(&(objectClass=group)(cn=%urlparam{"topic"}%)), base=OU=TwikiGroups,DC=spmremote,DC=com, scope=sub, limit=0, attrs=*) (10.4.5.115/ssoid/Main.TWikiGroupTemplate/callerFile:callerLine)
| 2017-10-26 - 16:33:43 | called connect (10.4.5.115/ssoid/Main.TWikiGroupTemplate/callerFile:callerLine)
| 2017-10-26 - 16:33:48 | proxy bind using CN=ldap,CN=Users,DC=spmremote,DC=com (10.4.5.115/ssoid/Main.TWikiGroupTemplate/callerFile:callerLine)
| 2017-10-26 - 16:33:48 | found 0 entries (10.4.5.115/ssoid/Main.TWikiGroupTemplate/callerFile:callerLine)
| 2017-10-26 - 16:33:48 | Group %urlparam{"topic"}% is invalid - no hits in LDAP. (10.4.5.115/ssoid/Main.TWikiGroupTemplate/callerFile:callerLine)
| 2017-10-26 - 16:33:48 | called untieCache () (10.4.5.115/ssoid/Main.TWikiGroupTemplate/LdapContrib.pm:760)
| 2017-10-26 - 16:33:48 | tieing cache with mode write (10.4.5.115/ssoid/Main.TWikiGroupTemplate/LdapContrib.pm:3425)
| 2017-10-26 - 16:33:48 | called addIgnoredGroup(%urlparam{"topic"}%) (10.4.5.115/ssoid/Main.TWikiGroupTemplate/callerFile:callerLine)
| 2017-10-26 - 16:33:48 | called getAllIgnoredGroups() (10.4.5.115/ssoid/Main.TWikiGroupTemplate/callerFile:callerLine)
| 2017-10-26 - 16:33:48 | called untieCache () (10.4.5.115/ssoid/Main.TWikiGroupTemplate/LdapContrib.pm:3513)
| 2017-10-26 - 16:33:48 | tieing cache with mode read (10.4.5.115/ssoid/Main.TWikiGroupTemplate/LdapContrib.pm:3516)
| 2017-10-26 - 16:33:48 | called untieCache () (10.4.5.115/ssoid/Main.TWikiGroupTemplate/LdapContrib.pm:521)
| 2017-10-26 - 16:33:48 | called disconnect() (10.4.5.115/ssoid/Main.TWikiGroupTemplate/callerFile:callerLine)
| 2017-10-26 - 16:34:17 | tieing cache with mode read (10.4.5.115/ssoid/web.topic/LdapContrib.pm:839)
| 2017-10-26 - 16:34:17 | called untieCache () (10.4.5.115/ssoid/web.topic/LdapContrib.pm:841)
| 2017-10-26 - 16:34:17 | cacheAge=9999999999, maxCacheAge=86400, LASTUPDATED=0, refresh=1 (10.4.5.115/ssoid/web.topic/callerFile:callerLine)
| 2017-10-26 - 16:34:17 | called refreshCache with mode 1, preserveTWikiUserMapping: 0 (10.4.5.115/ssoid/web.topic/callerFile:callerLine)
| 2017-10-26 - 16:34:17 | Called backupCacheFile() (10.4.5.115/ssoid/web.topic/callerFile:callerLine)
| 2017-10-26 - 16:34:17 | tieing cache with mode read (10.4.5.115/ssoid/web.topic/LdapContrib.pm:891)
Then from the warn###.txt log i keep getting:
| 2017-10-26 - 16:34:17 | (TWiki::Contrib::LdapContrib) LdapContrib - Can not refresh cache now. It is already being refreshed by process 27605! (10.4.5.115/ssoid/web.topic/callerFile:callerLine)
However, i can't find any process 27605, so tried a reboot, but it just keeps happening. Even leaving it for a day it just spams that.

Any further thoughts?

-- Christopher Crowe - 2017-10-26

When I setup Ldap on apache for authentication and use the LDAPapachelogin, I'm able to login, the information passes to twiki. If i disable the apache ldap and change the login to the templateLogin, I'm able to login with the cached information from the twiki's actual login page. So it seems part of ldapcontrib is working. It seems ldapcontrib is not able to properly connect and retrieve the information from the ldap server on its own even though i'm using the same settings i used to setup the apache ldap connection.

Please let me know if i should repost this under a different category at this point.

-- Christopher Crowe - 2017-10-27

Closing topic, no success. Set it up using Apache Ldap authenticating users and groups. Thanks for giving it a stab Peter.

Followed the below older instructions.

http://twiki.org/cgi-bin/view/TWiki/ApacheLdapAuthSetup

Some additional group settings I added for the LDAP auth if you plan to use groups and nested groups with this method. Note, I'm using Windows LDAP so change your attributes accordingly. Your groups still need to be named correctly ending in group.

AuthLDAPGroupAttribute primaryGroupID AuthLDAPMaxSubGroupDepth 2 AuthLDAPSubgroupAttribute member AuthLDAPSubGroupClass group AuthLDAPGroupAttributeIsDN on

-- Christopher Crowe - 2017-10-31

      Change status to:
ALERT! If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.
SupportForm
Status Unanswered
Title TWiki 6.0.2 AD Authentication
SupportCategory CategoryAuthentication
TWiki version 6.0.2
Server OS Centos 7
Web server Apache
Perl version

Browser & version chrome, IE
Edit | Attach | Watch | Print version | History: r8 < r7 < r6 < r5 < r4 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r8 - 2017-10-31 - ChristopherCrowe
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.