Question

Hi,

I cant seem to get LdapContrib to work, no matter what settings i try i can never authenticate. Could someone please assist or tell me when i can find debug logs of the Plugin to debug? I am trying to validate against our Active Directory My Config is:

$TWiki::cfg{Ldap}{Host} = 'ms-m-dc';
$TWiki::cfg{Ldap}{Port} = 389;
$TWiki::cfg{Ldap}{Version} = '3';
$TWiki::cfg{Ldap}{Base} = 'dc=ZA,dc=Company,dc=net';
#$TWiki::cfg{Ldap}{Base} = 'dc=ZA,dc=Companydc=net';
#$TWiki::cfg{Ldap}{Base} = 'dc=ZA,dc=Company,dc=net';
$TWiki::cfg{Ldap}{LoginAttribute} = 'sAMAccountName';
$TWiki::cfg{Ldap}{WikiNameAttribute} = 'cn';
$TWiki::cfg{Ldap}{WikiNameRemoveWhiteSpace} = 1;
$TWiki::cfg{Ldap}{LoginFilter} = 'objectClass=user';
$TWiki::cfg{Ldap}{GroupFilter} = '';
$TWiki::cfg{Ldap}{TWikiGroupsBackoff} = 1;
$TWiki::cfg{Ldap}{MemberAttribute} = 'department';
$TWiki::cfg{Ldap}{MemberIndirection} = 1;
$TWiki::cfg{Ldap}{BindDN} = 'CN=Larre Do,OU=Users,OU=People,OU=Region,DC=ZA,DC=Company,DC=net';
$TWiki::cfg{Ldap}{BindPassword} = 'My Password';

I have tried numerous variations of this, If anyone can please assist? Or maybe point me to where i can find an error log of LDAPContrib?

No matter what i try i get unrecognised user/password error

If i am authenticating against LDAP do i still need to register a user? etc?

Environment

-- LarreDo - 06 Sep 2006

Answer

If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.

From ProblemwithLDAPContrib: "To enable debugging edit the file lib/TWiki/Contrib/LdapContrib.pm and remove the comments in the function writeDebug() and in its calls, i.e. in the function connect()."

Now I think you're having the same problem that I and another are having (see LdapContribCannotFindMe and LdapContribNovellAuthentication). LdapContrib authenticates you by trying to bind with your username and password, but the problem is:

the LDAP server only binds with the password and:

1. the full DN (Distinguished Name), like "cn=Jones,\ Tom,ou=users,dc=company,dc=org"
2. the RDN (Relative Distinguished Name), which is usually the CN, like "Jones, Tom", or
3. userprincipalname, if assigned, which is our email address

It would be nice if the LDAP server allowed binding with the password and the samaccountname, or whatever LDAP attribute happens to hold the "username". This is not the fault of the LdapContrib but of the LDAP server.

-- AndrewBanks - 06 Sep 2006

Hi Thanks for the info, i have given up on LdapContrib cos i have check the links and still couldnt get it to work. I did get Apache Ldap authentication working though.

-- LarreDo - 07 Sep 2006