SID-01020: LDAP Authentication, NewUserPlugin and Errors

Status:	Answered	TWiki version:	5.0.0	Perl version:
Category:	CategoryAuthentication	Server OS:	centos 5	Last update:	15 years ago

I am trying to install LDAP Authentication and have the NewUserPlugin create the TWikiUsers entries and the individual user pages.

This problem happens with users that have a "." in there login name(i.e. j.smith).

If I Disable the NewUserPlugin in config, then LDAP Authentication works.

When I enable the newUserPlugin, I get the following errors:

On the webhome page I see:

TWiki detected an internal error - please check your TWiki logs and webserver logs for more information.
Insecure dependency in open while running with -T switch

In the httpd/error_log I see:

asking lookupWikiName::SUPER for WebHome
loginName for WebHome not found
view: Use of uninitialized value in list assignment at /twiki/lib/TWiki/Users/TWikiUserMapping.pm line 1076.
Insecure dependency in open while running with -T switch at /twiki/lib/TWiki/Store/RcsFile.pm line 793.

-- ScottGutman - 2010-11-10

Discussion and Answer

We tested over 140 extensions for TWiki-5.0 compatibility, the LdapContrib and NewUserPlugin are pending. It looks like there is an issue it could be related to configuration or a bug.

What kind of user mapper and password manager do you use?

-- PeterThoeny - 2010-11-10

$TWiki::cfg{LoginManager} = 'TWiki::LoginManager::LdapApacheLogin';
$TWiki::cfg{UserMappingManager} = 'TWiki::Users::LdapUserMapping';
$TWiki::cfg{PasswordManager} = 'TWiki::Users::LdapUser';
$TWiki::cfg{Ldap}{SecondaryPasswordManager} = 'TWiki::Users::HtPasswdUser';

I know that at one point, the normalization was rendering "." with "_2e". So j.smith would be j_2esmith . I wonder if that has anything to do with it?

-- ScottGutman - 2010-11-10

In an LDAP setup, I usually use TWiki::LoginManager::TemplateLogin for {LoginManager}, and TWiki::Users::TWikiUserMapping for {UserMappingManager}. That allows TWiki to map from LDAP login name to WikiName, provided that users are registered in TWiki.

But a word of caution as mentioned before: We have not yet tested the LdapContrib with TWiki-5.0.

-- PeterThoeny - 2010-11-10

I made the changes you suggested. The weird name rendering is gone, thank you. However, if I don't add an entry in the TWikiUsers page, the WikiName is not JohnSmith but Jsmith. If I add an entry, like this " * JohnSmith - j.smith - 2010-01-01", then the WikiName is mapped correctly. I have a few questions about this.

1. What happens if the user is not previously registered in TWiki?
2. Do I need to manually edit TWikiUsers?
3. Is there a mechanism to add them to TWikiUsers?
4. When I open TWikiGroups, Only TWiki based groups are shown. How do I list all groups? ({MapGroups} is checked,TWikiGroupsBackoff is checked )
5. Please forgive my ignorance, but in LDAP settings is says this To use an LDAP server for authentication you have to use the PasswordManager LdapUser. To Use groups defined in LDAP enable the UserMappingManager LdapUserMapping. (see the Security Setting section) Will the setting you gave me still do what i want?

-- ScottGutman - 2010-11-19

• 1., 2., 3. Install the RequireRegistrationPlugin
• 4., 5. Known issue, group import via LDAP does not work. Help in debugging and fixing is appreciated.

-- PeterThoeny - 2010-11-19

How much do you think it would cost a twiki person to fix ldap groups?

-- ScottGutman - 2010-12-02

Closing this question after more than 30 days of inactivity. Feel free to reopen if needed. Consider engaging one of the TWiki consultants if you need timely help. We invite you to get involved with the community, it is more likely you get community support if you support the open source project!

Scott, feel free to continue via e-mail on fixing the code.

-- PeterThoeny - 2011-02-21

If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.