Discussion:
Devel with Authad
Law, Andrew
2013-02-26 13:39:00 UTC
Permalink
Hello,

Thought I would try out the current devel version with my IIS 7.5, AD, Windows... environment.

Anybody else tried this already with plugin=authad? I followed the steps on the plugin page and I can login with Single Sign On and all looks good.

The only thing I have noticed is that my groups are missing. Is this still a known work in progress or should this be classed as a bug? (I can open a bug report in that case).

Activating the Debug option does not give me any extra info as to what is happening (or not happening in this case..).

Local.php

$conf['authtype'] = 'authad';
$conf['superuser'] = 'me';
$conf['useacl'] = 1;

Local.protected.php

$conf['plugin']['authad']['account_suffix'] = '@i.work.here.com';
$conf['plugin']['authad']['base_dn'] = 'NULL';
$conf['plugin']['authad']['domain_controllers'] = 'server.i.work.here.com';
$conf['plugin']['authad']['sso'] = 1;
$conf['plugin']['authad']['ad_username'] = 'myuser';
$conf['plugin']['authad']['ad_password'] = 'mypassword';
$conf['plugin']['authad']['real_primarygroup'] = 1;
$conf['plugin']['authad']['debug'] = 1;

Cheers, Andy
--
DokuWiki mailing list - more info at
http://www.dokuwiki.org/mailinglist
Andreas Gohr
2013-03-01 12:56:30 UTC
Permalink
Hi,
Post by Law, Andrew
Anybody else tried this already with plugin=authad? I followed the steps on the plugin page and I can login with Single Sign On and all looks good.
The only thing I have noticed is that my groups are missing. Is this still a known work in progress or should this be classed as a bug?
There should be no difference in handling groups. This is most
probably a configuration error.
Post by Law, Andrew
$conf['plugin']['authad']['base_dn'] = 'NULL';
NULL is most probably not correct. Should be something like 'DC=i,
DC=work, DC=here, DC=com' or so...

Andi
--
splitbrain.org
--
DokuWiki mailing list - more info at
http://www.dokuwiki.org/mailinglist
Law, Andrew
2013-03-01 13:21:47 UTC
Permalink
Hello,
NULL is most probably not correct. Should be something like 'DC=i, DC=work, DC=here, DC=com' or so...
I read that with the NULL here:

http://adldap.sourceforge.net/wiki/doku.php?id=documentation_configuration#base_dn

and it works OK on Adora Belle. I tried it too with 'DC=i, DC=work, DC=here, DC=com' with the same result. I am a member of no groups..

Maybe it is down to the upgrade to adLDAP 4.0.4?

Regards, Andy

-----Ursprüngliche Nachricht-----
Von: dokuwiki-***@freelists.org [mailto:dokuwiki-***@freelists.org] Im Auftrag von Andreas Gohr
Gesendet: Freitag, 1. März 2013 13:57
An: ***@freelists.org
Betreff: [dokuwiki] Re: Devel with Authad

Hi,
Anybody else tried this already with plugin=authad? I followed the steps on the plugin page and I can login with Single Sign On and all looks good.
The only thing I have noticed is that my groups are missing. Is this still a known work in progress or should this be classed as a bug?
There should be no difference in handling groups. This is most probably a configuration error.
$conf['plugin']['authad']['base_dn'] = 'NULL';
NULL is most probably not correct. Should be something like 'DC=i, DC=work, DC=here, DC=com' or so...

Andi

--
splitbrain.org
--
DokuWiki mailing list - more info at
http://www.dokuwiki.org/mailinglist
--
DokuWiki mailing list - more info at
http://www.dokuwiki.org/mailinglist
Andreas Gohr
2013-03-01 13:40:54 UTC
Permalink
Post by Law, Andrew
http://adldap.sourceforge.net/wiki/doku.php?id=documentation_configuration#base_dn
and it works OK on Adora Belle. I tried it too with 'DC=i, DC=work, DC=here, DC=com' with the same result. I am a member of no groups..
Interesting. However you did put in a 'NULL' not a NULL (one is a
string, the other a special constant).
Post by Law, Andrew
Maybe it is down to the upgrade to adLDAP 4.0.4?
Shouldn't be a problem, but I don't have access to a ActiveDirectory
currently. Better report a bug.

Anyone here on the list who can give this a test and debug if necessary?

Andi
--
splitbrain.org
--
DokuWiki mailing list - more info at
http://www.dokuwiki.org/mailinglist
Law, Andrew
2013-03-01 14:00:42 UTC
Permalink
Interesting. However you did put in a 'NULL' not a NULL (one is a string, the other a special constant).
Nope, that was a problem with my cut and paste skills. It is correct in my configuration.

Thanks, Andy
--
DokuWiki mailing list - more info at
http://www.dokuwiki.org/mailinglist
Andreas Gohr
2013-03-01 14:39:40 UTC
Permalink
I just checked against our company's test AD server and group
memberships work just fine. I used the following settings:

$conf['authtype'] = 'authad';
$conf['auth']['ad']['account_suffix'] = '@server.example.com';
$conf['auth']['ad']['base_dn'] = 'DC=server,DC=example,DC=com';
$conf['auth']['ad']['domain_controllers'] = 'ipaddress';
$conf['auth']['ad']['use_ssl'] = 1;
$conf['auth']['ad']['ad_username'] = 'Administrator';
$conf['auth']['ad']['ad_password'] = 'pass';
$conf['auth']['ad']['debug'] = 1;


Andi
--
splitbrain.org
--
DokuWiki mailing list - more info at
http://www.dokuwiki.org/mailinglist
Law, Andrew
2013-03-01 14:54:53 UTC
Permalink
Did you not have $conf['plugin']['authad'] at the start of each line?

Cheers, Andy

-----Ursprüngliche Nachricht-----
Von: dokuwiki-***@freelists.org [mailto:dokuwiki-***@freelists.org] Im Auftrag von Andreas Gohr
Gesendet: Freitag, 1. März 2013 15:40
An: ***@freelists.org
Betreff: [dokuwiki] Re: AW: Re: AW: Re: Devel with Authad

I just checked against our company's test AD server and group memberships work just fine. I used the following settings:

$conf['authtype'] = 'authad';
$conf['auth']['ad']['domain_controllers'] = 'ipaddress'; $conf['auth']['ad']['use_ssl'] = 1; $conf['auth']['ad']['ad_username'] = 'Administrator'; $conf['auth']['ad']['ad_password'] = 'pass'; $conf['auth']['ad']['debug'] = 1;


Andi

--
splitbrain.org
--
DokuWiki mailing list - more info at
http://www.dokuwiki.org/mailinglist
--
DokuWiki mailing list - more info at
http://www.dokuwiki.org/mailinglist
Andreas Gohr
2013-03-01 15:03:02 UTC
Permalink
Post by Law, Andrew
Did you not have $conf['plugin']['authad'] at the start of each line?
Ah I used an old config which is automatically converted to the new
format. So the old $conf['auth']['ad']['account_suffix'] is the same
as the new $conf['plugin']['authad']['account_suffix']

Andi

PS: don't top post
--
splitbrain.org
--
DokuWiki mailing list - more info at
http://www.dokuwiki.org/mailinglist
Law, Andrew
2013-03-01 15:22:23 UTC
Permalink
Ah I used an old config which is automatically converted to the new format. So the old $conf['auth']['ad']['account_suffix'] is the same as the new $conf['plugin']['authad']['account_suffix']
OK, thanks for the tip.

I started again from scratch and now it works for me too. If only I knew why.. Thanks a lot.

Cheers, Andy
--
DokuWiki mailing list - more info at
http://www.dokuwiki.org/mailinglist
Law, Andrew
2013-03-04 08:49:24 UTC
Permalink
Hello everybody,

Ahh ok, seems to only happen when I activate single-sign-on (NTLM, IIS 7.5).

@Andi (or anybody else), does SSO work for you?

Cheers, Andy
--
DokuWiki mailing list - more info at
http://www.dokuwiki.org/mailinglist
Loading...