Tags:
create new tag
view all tags

Question

If I use the Apache configuration (below) TWiki will authenticate to my LDAP server. If I try just using LdapContrib without these modifications, it will not - basically saying that the user is not found. In addition, I want users to be able to modify their password on LDAP using TWiki's ChangePassword facility which (perhaps not surprisingly) also doesn't work given that LdapContrib will not talk to the LDAP server directly.

I have included my LocalSite.cfg below as well.

Any thoughts or suggestions greatly appreciated.

httpd - twiki.conf file

#### AuthBasicProvider ldap

AuthzLDAPAuthoritative off

AuthLDAPBindDN "uid=TWikiLdapUser,ou=Special Users,dc=lupsca,dc=arc,dc=ab,dc=ca"

AuthLDAPBindPassword blabla

AuthLDAPURL ldap://lupsca.arc.ab.ca:389/OU=people,DC=lupsca,DC=arc,DC=ab,DC=ca?uid?sub?(objectClass=*)

# AuthLDAPGroupAttribute TWikiGroups # AuthLDAPGroupAttributeIsDN off # require valid-user ###

# Local site settings for TWiki. This file is managed by the 'configure'

# CGI script, though you can also make (careful!) manual changes with a # text editor.

$TWiki::cfg{DefaultUrlHost} = 'http://lupsca.arc.ab.ca';

$TWiki::cfg{ScriptUrlPath} = '/twiki/bin';

$TWiki::cfg{PubUrlPath} = '/twiki/pub';

$TWiki::cfg{PubDir} = '/var/www/html/twiki/pub';

$TWiki::cfg{TemplateDir} = '/var/www/html/twiki/templates';

$TWiki::cfg{DataDir} = '/var/www/html/twiki/data';

$TWiki::cfg{LocalesDir} = '/var/www/html/twiki/locale';

$TWiki::cfg{TempfileDir} = '/var/www/html/twikitmp';

$TWiki::cfg{ScriptSuffix} = '';

$TWiki::cfg{OS} = 'UNIX';

$TWiki::cfg{DetailedOS} = 'linux';

$TWiki::cfg{Password} = 'blalba;

$TWiki::cfg{UseClientSessions} = 1;

$TWiki::cfg{Sessions}{ExpireAfter} = 21600;

$TWiki::cfg{Sessions}{IDsInURLs} = 0;

$TWiki::cfg{Sessions}{UseIPMatching} = 1;

$TWiki::cfg{Sessions}{MapIP2SID} = 0;

$TWiki::cfg{LoginManager} = 'TWiki::Client::ApacheLogin';

$TWiki::cfg{LoginNameFilterIn} = '^[^\\s\\*?~^\\$@%`"\'&;|<>\\x00-\\x1f]+$';

$TWiki::cfg{DefaultUserLogin} = 'guest';

$TWiki::cfg{DefaultUserWikiName} = 'TWikiGuest';

$TWiki::cfg{AdminUserWikiName} = 'TWikiAdminGroup';

$TWiki::cfg{SuperAdminGroup} = 'TWikiAdminGroup';

$TWiki::cfg{UsersTopicName} = 'TWikiUsers';

$TWiki::cfg{MapUserToWikiName} = 1;

$TWiki::cfg{AuthScripts} = 'attach,edit,manage,rename,save,upload,viewauth,rdiffauth';

$TWiki::cfg{AuthRealm} = 'Enter your LoginName. (Typically First name and last name, no space, no dots, capitalized, e.g. JohnSmith, unless you chose otherwise). Visit TWikiRegistration if you do not have one.';

$TWiki::cfg{PasswordManager} = 'TWiki::Users::LdapUser';

$TWiki::cfg{MinPasswordLength} = 8;

$TWiki::cfg{Htpasswd}{FileName} = '/var/www/html/twiki/data/.htpasswd';

$TWiki::cfg{Htpasswd}{Encoding} = 'crypt';

$TWiki::cfg{UserMappingManager} = 'TWiki::Users::LdapUserMapping';

$TWiki::cfg{Register}{HidePasswd} = 1;

$TWiki::cfg{Register}{NeedVerification} = 0;

$TWiki::cfg{SafeEnvPath} = '/bin:/usr/bin';

$TWiki::cfg{DenyDotDotInclude} = 1;

$TWiki::cfg{AllowInlineScript} = 1;

$TWiki::cfg{UploadFilter} = '^(\\.htaccess|.*\\.(?i)(?:php[0-9s]?(\\..*)?|[sp]htm[l]?(\\..*)?|pl|py|cgi))$';

$TWiki::cfg{NameFilter} = '[\\s\\*?~^\\$@%`"\'&;|<>\\x00-\\x1f]';

$TWiki::cfg{AntiSpam}{EmailPadding} = 'NOSPAM';

$TWiki::cfg{AntiSpam}{HideUserDetails} = 1;

$TWiki::cfg{AntiSpam}{RobotsAreWelcome} = 0;

$TWiki::cfg{Log}{view} = 1;

$TWiki::cfg{Log}{search} = 1;

$TWiki::cfg{Log}{changes} = 1;

$TWiki::cfg{Log}{rdiff} = 1;

$TWiki::cfg{Log}{edit} = 1;

$TWiki::cfg{Log}{save} = 1;

$TWiki::cfg{Log}{upload} = 1;

$TWiki::cfg{Log}{attach} = 1;

$TWiki::cfg{Log}{rename} = 1;

$TWiki::cfg{Log}{register} = 1;

$TWiki::cfg{ConfigurationLogName} = '/var/www/html/twiki/data/configurationlog.txt';

$TWiki::cfg{DebugFileName} = '/var/www/html/twiki/data/debug.txt';

$TWiki::cfg{WarningFileName} = '/var/www/html/twiki/data/warn2026-02-09.txt';

$TWiki::cfg{LogFileName} = '/var/www/html/twiki/data/log2026-02-09.txt';

$TWiki::cfg{Languages}{it}{Enabled} = 1;

$TWiki::cfg{Languages}{fr}{Enabled} = 1;

$TWiki::cfg{Languages}{nl}{Enabled} = 1;

$TWiki::cfg{Languages}{'zh-cn'}{Enabled} = 1;

$TWiki::cfg{Languages}{'zh-tw'}{Enabled} = 1;

$TWiki::cfg{Languages}{de}{Enabled} = 1;

$TWiki::cfg{Languages}{da}{Enabled} = 1;

$TWiki::cfg{Languages}{sv}{Enabled} = 1;

$TWiki::cfg{Languages}{pl}{Enabled} = 1;

$TWiki::cfg{Languages}{cs}{Enabled} = 1;

$TWiki::cfg{Languages}{ru}{Enabled} = 1;

$TWiki::cfg{Languages}{es}{Enabled} = 1;

$TWiki::cfg{Languages}{pt}{Enabled} = 1;

$TWiki::cfg{DisplayTimeValues} = 'gmtime';

$TWiki::cfg{Site}{Locale} = 'en_US.ISO-8859-1';

$TWiki::cfg{Site}{LocaleRegexes} = 1;

$TWiki::cfg{UpperNational} = '';

$TWiki::cfg{LowerNational} = '';

$TWiki::cfg{PluralToSingular} = 1;

$TWiki::cfg{StoreImpl} = 'RcsWrap';

$TWiki::cfg{RCS}{ExtOption} = '';

$TWiki::cfg{RCS}{dirPermission} = 493;

$TWiki::cfg{RCS}{filePermission} = 420;

$TWiki::cfg{RCS}{asciiFileSuffixes} = '\\.(txt|html|xml|pl)$';

$TWiki::cfg{RCS}{initBinaryCmd} = '/usr/bin/rcs -i -t-none -kb %FILENAME|F%';

$TWiki::cfg{RCS}{initTextCmd} = '/usr/bin/rcs -i -t-none -ko %FILENAME|F%';

$TWiki::cfg{RCS}{tmpBinaryCmd} = '/usr/bin/rcs -kb %FILENAME|F%';

$TWiki::cfg{RCS}{ciCmd} = '/usr/bin/ci -m%COMMENT|U% -t-none -w%USERNAME|S% -u %FILENAME|F%';

$TWiki::cfg{RCS}{ciDateCmd} = '/usr/bin/ci -m%COMMENT|U% -t-none -d%DATE|D% -u -w%USERNAME|S% %FILENAME|F%';

$TWiki::cfg{RCS}{coCmd} = '/usr/bin/co -p%REVISION|N% -ko %FILENAME|F%';

$TWiki::cfg{RCS}{histCmd} = '/usr/bin/rlog -h %FILENAME|F%';

$TWiki::cfg{RCS}{infoCmd} = '/usr/bin/rlog -r%REVISION|N% %FILENAME|F%';

$TWiki::cfg{RCS}{rlogDateCmd} = '/usr/bin/rlog -d%DATE|D% %FILENAME|F%';

$TWiki::cfg{RCS}{diffCmd} = '/usr/bin/rcsdiff -q -w -B -r%REVISION1|N% -r%REVISION2|N% -ko --unified=%CONTEXT|N% %FILENAME|F%';

$TWiki::cfg{RCS}{lockCmd} = '/usr/bin/rcs -l %FILENAME|F%';

$TWiki::cfg{RCS}{unlockCmd} = '/usr/bin/rcs -u %FILENAME|F%';

$TWiki::cfg{RCS}{breaklockCmd} = '/usr/bin/rcs -u -M %FILENAME|F%';

$TWiki::cfg{RCS}{delRevCmd} = '/usr/bin/rcs -o%REVISION|N% %FILENAME|F%';

$TWiki::cfg{RCS}{SearchAlgorithm} = 'TWiki::Store::SearchAlgorithms::Forking';

$TWiki::cfg{RCS}{EgrepCmd} = '/bin/egrep %CS{|-i}% %DET{|-l}% -H -- %TOKEN|U% %FILES|F%';

$TWiki::cfg{RCS}{FgrepCmd} = '/bin/fgrep %CS{|-i}% %DET{|-l}% -H -- %TOKEN|U% %FILES|F%';

$TWiki::cfg{RCS}{WorkAreaDir} = '/var/www/html/twiki/pub/_work_areas';

$TWiki::cfg{EnableHierarchicalWebs} = 1;

$TWiki::cfg{SystemWebName} = 'TWiki';

$TWiki::cfg{TrashWebName} = 'Trash';

$TWiki::cfg{UsersWebName} = 'Main';

$TWiki::cfg{WebMasterEmail} = 'caumann@pobox.com';

$TWiki::cfg{WebMasterName} = 'TWiki Administrator';

$TWiki::cfg{MailProgram} = '/usr/sbin/sendmail -t -oi -oeq';

$TWiki::cfg{SMTP}{MAILHOST} = '/////';

$TWiki::cfg{SMTP}{SENDERHOST} = '';

$TWiki::cfg{SMTP}{Username} = 'emai...';

$TWiki::cfg{SMTP}{Password} = 'blalba';

$TWiki::cfg{RemoveImgInMailnotify} = 1;

$TWiki::cfg{NotifyTopicName} = 'WebNotify';

$TWiki::cfg{SMTP}{Debug} = 1;

$TWiki::cfg{PROXY}{HOST} = '';

$TWiki::cfg{PROXY}{PORT} = '';

$TWiki::cfg{Stats}{TopViews} = 10;

$TWiki::cfg{Stats}{TopContrib} = 10;

$TWiki::cfg{Stats}{TopicName} = 'WebStatistics';

$TWiki::cfg{TemplatePath} = '/var/www/html/twiki/templates/$web/$name.$skin.tmpl, /var/www/html/twiki/templates/$name.$skin.tmpl, /var/www/html/twiki/templates/$web/$name.tmpl, /var/www/html/twiki/templates/$name.tmpl, $web.$skinSkin$nameTemplate, TWiki.$skinSkin$nameTemplate, $web.$nameTemplate, TWiki.$nameTemplate';

$TWiki::cfg{LinkProtocolPattern} = '(file|ftp|gopher|https|http|irc|mailto|news|nntp|telnet)';

$TWiki::cfg{SiteWebTopicName} = '';

$TWiki::cfg{SitePrefsTopicName} = 'TWikiPreferences';

$TWiki::cfg{LocalSitePreferences} = 'Main.TWikiPreferences';

$TWiki::cfg{HomeTopicName} = 'WebHome';

$TWiki::cfg{WebPrefsTopicName} = 'WebPreferences';

$TWiki::cfg{NumberOfRevisions} = 4;

$TWiki::cfg{ReplaceIfEditedAgainWithin} = 3600;

$TWiki::cfg{LeaseLength} = 3600;

$TWiki::cfg{LeaseLengthLessForceful} = 3600;

$TWiki::cfg{MimeTypesFileName} = '/var/www/html/twiki/data/mime.types';

$TWiki::cfg{RegistrationApprovals} = '/var/www/hmtl/twiki/data/RegistrationApprovals';

$TWiki::cfg{Plugins}{CommentPlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{EditTablePlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{InterwikiPlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{PreferencesPlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{SlideShowPlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{SmiliesPlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{SpreadSheetPlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{TablePlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{TwistyPlugin}{Enabled} = 1;

$TWiki::cfg{PluginsOrder} = 'SpreadSheetPlugin';

$TWiki::cfg{Site}{CharSet} = 'iso-8859-15';

$TWiki::cfg{Site}{Lang} = 'en';

$TWiki::cfg{Site}{FullLang} = 'en-us';

$TWiki::cfg{Plugins}{WysiwygPlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{ActionTrackerPlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{BibliographyPlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{CompareRevisionsAddonPlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{EmptyPlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{RenderListPlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{GenPDFLatexPlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{HistoryPlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{IfDefinedPlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{LatexModePlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{SectionalEditPlugin}{Enabled} = 0;

$TWiki::cfg{Plugins}{SpellerPagesPlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{TopicReferencePlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{BreadCrumbsPlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{FilterPlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{FlexWebListPlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{GluePlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{RedDotPlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{NatSkinPlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{ImagePlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{JQueryPlugin}{Enabled} = 1;

$TWiki::cfg{Ldap}{Host} = 'lupsca.arc.ab.ca';

$TWiki::cfg{Ldap}{Port} = 389;

$TWiki::cfg{Ldap}{Version} = '3';

$TWiki::cfg{Ldap}{Base} = 'dc=lupsca,dc=arc,dc=ab,dc=ca';

$TWiki::cfg{Ldap}{BindDN} = 'UID=TWikiLdapUser,ou=Special User,dc=lupsca,dc=arc,dc=ab,dc=ca';

$TWiki::cfg{Ldap}{BindPassword} = 'blabla';

$TWiki::cfg{Ldap}{SSL} = 0;

$TWiki::cfg{Ldap}{UseSASL} = 0;

$TWiki::cfg{Ldap}{SASLMechanism} = 'PLAIN CRAM-MD5 EXTERNAL ANONYMOUS';

$TWiki::cfg{Ldap}{Debug} = 1;

$TWiki::cfg{Ldap}{UserBase} = 'ou=People,dc=lupsca,dc=arc,dc=ab,dc=ca';

$TWiki::cfg{Ldap}{LoginFilter} = 'objectClass=*';

$TWiki::cfg{Ldap}{LoginAttribute} = 'uid';

$TWiki::cfg{Ldap}{WikiNameAttribute} = 'uid';

$TWiki::cfg{Ldap}{NormalizeWikiNames} = 1;

$TWiki::cfg{Ldap}{NormalizeLoginName} = 1;

$TWiki::cfg{Ldap}{AllowChangePassword} = 1;

$TWiki::cfg{Ldap}{SecondaryPasswordManager} = 'TWiki::Users::HtPasswdUser';

$TWiki::cfg{Ldap}{GroupBase} = 'ou=TWikiGroups,dc=lupsca,dc=arc,dc=ab,dc=ca';

$TWiki::cfg{Ldap}{GroupFilter} = 'objectClass=*';

$TWiki::cfg{Ldap}{GroupAttribute} = 'cn';

$TWiki::cfg{Ldap}{MemberAttribute} = 'uniqueMember';

$TWiki::cfg{Ldap}{MemberIndirection} = 1;

$TWiki::cfg{Ldap}{TWikiGroupsBackoff} = 1;

$TWiki::cfg{Ldap}{NormalizeGroupName} = 1;

$TWiki::cfg{Ldap}{MapGroups} = 1;

$TWiki::cfg{Ldap}{MaxCacheAge} = 86400;

$TWiki::cfg{Ldap}{PageSize} = 500;

$TWiki::cfg{Ldap}{Exclude} = 'TWikiGuest, TWikiContributor, TWikiRegistrationAgent, TWikiAdminGroup, NobodyGroup';

$TWiki::cfg{Plugins}{LdapNgPlugin}{Enabled} = 1;

$TWiki::cfg{Plugins}{NewUserPlugin}{Enabled} = 1;

1;

Environment

TWiki version: TWikiRelease04x01x02
TWiki plugins: DefaultPlugin, EmptyPlugin, InterwikiPlugin
Server OS: Red Hat EL 5
Web server: Apache 2.2.3-11
Perl version: 5.8.8
Client OS: Windows or RHEL5
Web Browser: Firefox
Categories: Authentication, Plugins

-- CraigAumann - 07 Dec 2007

Answer

ALERT! If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.

The mysteries of LdapContrib continue to puzzle me. With Apache authentication as above, and with groups defined on LDAP, I can't get it to figure out user permissions. For example, using LdapNgPlugin, I run:

%LDAP{"(objectClass=*)" base="(ou=TWikiGroups)" limit="10" header="| Nr | Group | Members |$n" format="| $index | $cn | $uniquemember |" clear="$mail,$memberUid" sort="cn" }%

and one of the lines produced is:

TWikiLDAPAdministratorsGroup? uid=CraigAumann,ou=People,dc=lupsca,dc=arc,dc=ab,dc=ca, uid=TestUser,ou=People,dc=lupsca,dc=arc,dc=ab,dc=ca

However, while I can log into TWiki using TestUser, the permissions to view pages etc aren't being granted, even though TestUser is a member of the TWikiLDAPAdministratorsGroup and this group has permissions to view Main.

As the full DNs seem to be stored, I do have the MemberIndirection flag set to 1 as well. But to no avail.

I've tried fiddling with the NewUserPlugin, but presently have it disabled as I don't believe it should be necessary.

Suggestions? Thanks

-- CraigAumann - 08 Dec 2007

Sorry, closing this question after more than 30 days of inactivity. Feel free to re-open if needed.

-- PeterThoeny - 02 Feb 2008

Hi Craig, i used the same settings as you used.Im able to getting authenticated but i cannot map the loginid(like this 123456) to wikiname(firstname with loginname). could anyone help on this .

-- TWikiGuest - 15 May 2008

Change status to:
WebForm
SupportStatus ClosedUnanswered
Edit | Attach | Watch | Print version | History: r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r4 - 2008-05-15 - TWikiGuest
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2026 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.