Extension talk:Windows NTLM LDAP Auto Auth

group mapping for version 1.12 edit

this works for me but changes does not effect! Insert near line 215.

<syntaxhighlgiht lang="php"> // Check user is in securty group

  $securityFlag = false;
     $i = 0;
  foreach ($wgWinLDAPGroupMapExternal as $securityGroup) {
     foreach ($wgWinLDAPGroupMembership as $userGroup) {
        if ($userGroup == $securityGroup) {
           $securityFlag = true;

+ $dbr = wfGetDB( DB_SLAVE ); + $user_id = $dbr->selectField( 'user', 'user_id', array( 'user_real_name' => $wgWinLDAPUserReal ), __METHOD__ ); + $dbw = wfGetDB( DB_MASTER ); + $dbw->insert( 'user_groups', array( 'ug_user' => $user_id, 'ug_group' => $wgWinLDAPGroupMapInternal[$i],), 'User::addGroup', array( 'IGNORE' ) ); + $this->debugme("Security group check passed added User $wgWinLDAPUserReal ID $user_id to group $wgWinLDAPGroupMapInternal[$i]"); </syntaxhighlgiht>

have fun ! hkl

next edit

Latest comment: 15 years ago1 comment1 person in discussion

Anybody know how this compares/differs from Extension:LDAP_Authentication?--Tempmantemp 09:21, 2 February 2009 (UTC)Reply

Is it possible to Port that one to Apache/Linux? I want Single-Sign-On on my Network and Default Auth from outside... -- plvoy 21:27, 8 March 2010 (GMT)

Due to updates in file SpecialUserlogin.php in 1.15.3. this extension doesn't work. Workaround is to use (less secure) SpecialUserlogin.php from 1.15.2. instead -- Honza 1:29, 8 April 2010 (CEST)

empty mail and error mapping edit

(Sorry for my very bad english)

Problems:

If user are not email, this line fail : $wgWinLDAPUserEmail = $records[$i]["mail"][0];
I add this lines in LocalSettings.php :

$wgWinLDAPGroupMapExternal = array("CN=MySuperGroup,OU=Utilisateurs,OU=Groupes,OU=SIEGE,DC=intranet-exemple,DC=fr","CN=MySuperGroup,OU=Utilisateurs,OU=Groupes,OU=SIEGE,DC=intranet-exemple,DC=fr","CN=MyUserGoup,OU=Utilisateurs,OU=Groupes,OU=SIEGE,DC=intranet-exemple,DC=fr");
$wgWinLDAPGroupMapInternal = array("sysop","bureaucrat","user");

After connection, in my debug file I found :

Debug : Group membership [3]
Debug : Group membership [CN=****,OU=Utilisateurs,OU=Groupes,OU=SIEGE,DC=intranet-exemple,DC=fr]
Debug : Group membership [CN=MySuperGroup,OU=Utilisateurs,OU=Groupes,OU=SIEGE,DC=intranet-exemple,DC=fr]
Debug : Group membership [CN=****,OU=Utilisateurs,OU=Groupes,OU=SIEGE,DC=intranet-exemple,DC=fr]
Debug : Security group check passed added to group [sysop]
Debug : Security group check passed added to group [bureaucrat]

The mapping seems to work but the user is not connected to groups sysop and bureaucrat (he stay just user)

What's the problem ?

Linux and IIS 7 edit

Is this extension useable within the Linux environment without using IIS for authentication?

Also, it says this has been tested up to IIS 5, what about IIS 7?

1.20 Installation edit

As the extension does not use passwords, you must set $wgMinimalPasswordLength = 0; in LocalSettings.php (same 1.16 Installation notes)
LocalSettings.php change

change line:

require_once('AuthPlugin.php');

to:

require_once('includes/AuthPlugin.php');

WinNTLMLDAPAutoAuth.php cahnge

change Line62-Line77:

    // Submit a fake login form to authenticate the user.
    $username = $wgWinLDAPGCServerValue;
    $params = new FauxRequest(array(
            'wpName' => $username,
            'wpPassword' => '',
            'wpDomain' => '',
            'wpRemember' => ''
            )); 
 
    // Authenticate user data will automatically create new users.
    $loginForm = new LoginForm($params);
    $result = $loginForm->authenticateUserData();
    if ($result != LoginForm::SUCCESS) {
        error_log('Unexpected authentication failure.');
        return;
    }

to:

    // Submit a fake login form to authenticate the user.
    $username = $wgWinLDAPGCServerValue;

    $token = '';
    $firsttry = true;
    do {
    	$retry = false;
        $params = new FauxRequest(array(
                'wpName' => $username,
                'wpPassword' => '',
                'wpDomain' => '',
                'wpRemember' => '',
                'wpLoginToken' => $token
                ));

        // Authenticate user data will automatically create new users.
        $loginForm = new LoginForm($params);
        $result = $loginForm->authenticateUserData();
        
        if (firsttry && $result == LoginForm::NEED_TOKEN) {
            $token = $loginForm->getLoginToken();
            $retry = true;
        }elseif ($result != LoginForm::SUCCESS) {
            error_log('Unexpected authentication failure.');
            return;
        } 
        $firsttry = false;

    } while ( $retry );

change Line337:

function addUser($user, $password)

to:

function addUser($user, $password, $email='', $realname='')

change Line367:

function initUser(&$user)

to:

function initUser(&$user, $autocreate=false)

change Line382:

function modifyUITemplate(&$template)

to:

function modifyUITemplate(&$template, &$type)

Add topic