Tags:
create new tag
view all tags

SID-01226: Problem in Twiki and AD integration.

Status: Unanswered Unanswered TWiki version: 5.0.1 Perl version: perl 5
Category: CategoryAuthentication Server OS: Centos 5 Last update: 14 years ago

Dear All,

I have installed Twiki 5.0 on Centos. I have configured Twiki apache authendication. It is working fine with the below configuration in twiki.conf. 

<Directory "/var/www/twiki/bin">
    AllowOverride None
    Order Allow,Deny
    Allow from all
    Deny from env=blockAccess
   Options ExecCGI FollowSymLinks
    SetHandler cgi-script
    AuthUserFile /var/www/twiki/data/.htpasswd
    AuthName 'Please Enter Username and Password to login.'
    AuthType Basic
    ErrorDocument 401 " username or password not correct try again"
<FilesMatch "^(configure)$">
    SetHandler cgi-script
    Order Deny,Allow
    Deny from all
    Allow from 127.0.0.1 172.19.37.xx
</FilesMatch>
<FilesMatch "(attach|edit|manage|rename|save|view|upload|mail|logon|rest|.*auth).*">
   require valid-user
</FilesMatch>
</Directory>

Now I am trying Authenticate Twiki against our Active Directory. I using the below like as reference, AuthenticationWithApacheAndLDAP

I am using the below configuration in my twiki.conf file : 

<Directory "/var/www/twiki/bin">
    AllowOverride None
    Order Allow,Deny
    Allow from all
    Deny from env=blockAccess
   Options ExecCGI FollowSymLinks
    SetHandler cgi-script
    AuthType Basic
    AuthType "Wiki: Enter Your Network Username/Password"
    AuthBasicProvider ldap
    AuthzLDAPAuthoritative off
   AuthLDAPURL ldap://ldap.abc.co.in:3268/DC=abc,DC=co,DC=in?sAMAccountName?sub?(objectClass=*)
  ErrorDocument 401 "Please use your Network username and password to login this wiki."
<FilesMatch "^(configure)$">
    SetHandler cgi-script
    Order Deny,Allow
    Deny from all
    Allow from 127.0.0.1 172.19.37.xx
</FilesMatch>
<FilesMatch "(attach|edit|manage|rename|save|view|upload|mail|logon|rest|.*auth).*">
   require valid-user
</FilesMatch>
</Directory>

When I am trying to load in browser, It show the below line without asking any username and password.

Please use your Network username and password to login this wiki.

This because of this line in configuration file : ErrorDocument 401 "Please use your Network username and password to login this wiki."

But I don't know why it shows this without showing login popup window.

Apache error_log shows the below error :

# tail /var/log/httpd/error_log 

[Thu Jul 07 17:48:58 2011] [notice] caught SIGTERM, shutting down
[Thu Jul 07 17:48:59 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Jul 07 17:48:59 2011] [notice] Digest: generating secret for digest authentication ...
[Thu Jul 07 17:48:59 2011] [notice] Digest: done
[Thu Jul 07 17:48:59 2011] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads.
[Thu Jul 07 17:48:59 2011] [notice] Apache/2.2.3 (CentOS) configured -- resuming normal operations
[Thu Jul 07 17:49:18 2011] [error] [client 172.19.37.xx] access to /twiki/bin/view failed, reason: verification of user id '<null>' not configured
[Thu Jul 07 17:49:18 2011] [error] [client 172.19.37.xx] File does not exist: /var/www/html/favicon.ico

I checked different things :

1). The following apache modules are enabled : LoadModule ldap_module modules/mod_ldap.so LoadModule authnz_ldap_module modules/mod_authnz_ldap.so

2). AuthLDAPURL ldap://ldap.abc.co.in:398/DC=abc,DC=co,DC=in?sAMAccountName?sub?(objectClass=*) It also show the same error in error_log.

3). And also removed the below entry in my configuration file and retyed . <FilesMatch "(attach|edit|manage|rename|save|view|upload|mail|logon|rest|.*auth).*"> </FilesMatch>

It also show the same error in error_log.

4). And also made following changes in LocalSite.cfg

$TWiki::cfg{PasswordManager} = 'TWiki::Users::LdapUser'; $TWiki::cfg{LoginManager} = 'none';

It also show the same error in error_log.

I totally missed, where and what I am doing wrong. Any help will really apriciated.

-- MohanLakshmanan - 2011-07-07

Discussion and Answer

Did you find any configuration problem in my twiki.conf above?

-- MohanLakshmanan - 2011-07-08

Closing this question after more than 30 days of inactivity. Feel free to reopen if needed. Consider engaging one of the TWiki consultants if you need timely help. We invite you to get involved with the community, it is more likely you get community support if you support the open source project!

-- PeterThoeny - 2011-09-08

      Change status to:
ALERT! If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.
SupportForm
Status Unanswered
Title Problem in Twiki and AD integration.
SupportCategory CategoryAuthentication
TWiki version 5.0.1
Server OS Centos 5
Web server Apache 2.2.17
Perl version perl 5
Edit | Attach | Watch | Print version | History: r5 < r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r5 - 2011-09-08 - PeterThoeny
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2026 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.