Re: LDAP Authentication Issue:

classic Classic list List threaded Threaded
2 messages Options
Jon
Reply | Threaded
Open this post in threaded view
|

Re: LDAP Authentication Issue:

Jon
I've made some headway, but my LDAP Logs show this:

2014-08-29 16:58:06 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Entering getDomain
2014-08-29 16:58:06 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Entering getDomain
2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Entering validDomain
2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f User is using a
valid domain (XXXXXXX.NET).
2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Setting domain as:
XXXXXXX.NET
2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Entering
getCanonicalName
2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Username is: Jontest
2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Entering getDomain
2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Munged username:
Jontest
2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Entering
getCanonicalName
2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Username is an IP,
not munging.
2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Entering
getCanonicalName
2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Username is an IP,
not munging.
2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Entering getDomain
2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Entering userExists
2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Entering getDomain
2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Entering getDomain
2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Entering
authenticate for username Jontest
2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Entering getDomain
2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Entering getDomain
2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Entering getDomain
2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Entering Connect
2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Entering getDomain
2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Using TLS or not
using encryption.
2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Entering getDomain
2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Using servers:
2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Entering getDomain
2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Using TLS
2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Failed to start TLS.
2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Entering
allowPasswordChange
2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Entering getDomain
2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Entering getDomain
2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Entering
modifyUITemplate
2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Entering getDomain
2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Entering getDomain
2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Entering getDomain

Any thoughts on what could be causing this?

--
Jonathan Joseph
423-494-5698
[hidden email]
_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: LDAP Authentication Issue:

Larry Silverman
The "Failed to start TLS" is a strong clue. That would seem to indicate
that your Mediawiki configuration is set up to connect using TLS encryption
to the LDAP/AD server. Does the server accept TLS connections? Does the
server have a valid, unexpired, third-party certificate? Or is it a
self-signed certificate? I don't know if there's a way to tell the Ldap
plugin to not check the certificate's validity, but if you're using a
self-signed or expired cert, you might need to find a way to tell the
plugin not to care (or get the cert updated).

If you can get it working without TLS to start with, then add TLS later,
that'd be one approach.

Larry Silverman
Chief Technology Officer
TrackAbout, Inc.


On Fri, Aug 29, 2014 at 1:39 PM, Jon <[hidden email]> wrote:

> I've made some headway, but my LDAP Logs show this:
>
> 2014-08-29 16:58:06 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Entering getDomain
> 2014-08-29 16:58:06 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Entering getDomain
> 2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Entering
> validDomain
> 2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f User is using a
> valid domain (XXXXXXX.NET).
> 2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Setting domain as:
> XXXXXXX.NET
> 2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Entering
> getCanonicalName
> 2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Username is:
> Jontest
> 2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Entering getDomain
> 2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Munged username:
> Jontest
> 2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Entering
> getCanonicalName
> 2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Username is an IP,
> not munging.
> 2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Entering
> getCanonicalName
> 2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Username is an IP,
> not munging.
> 2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Entering getDomain
> 2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Entering
> userExists
> 2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Entering getDomain
> 2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Entering getDomain
> 2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Entering
> authenticate for username Jontest
> 2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Entering getDomain
> 2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Entering getDomain
> 2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Entering getDomain
> 2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Entering Connect
> 2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Entering getDomain
> 2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Using TLS or not
> using encryption.
> 2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Entering getDomain
> 2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Using servers:
> 2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Entering getDomain
> 2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Using TLS
> 2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Failed to start
> TLS.
> 2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Entering
> allowPasswordChange
> 2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Entering getDomain
> 2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Entering getDomain
> 2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Entering
> modifyUITemplate
> 2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Entering getDomain
> 2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Entering getDomain
> 2014-08-29 16:58:11 XXXXXXX.XXXXXXX.net mediawiki: 2.0f Entering getDomain
>
> Any thoughts on what could be causing this?
>
> --
> Jonathan Joseph
> 423-494-5698
> [hidden email]
> _______________________________________________
> MediaWiki-l mailing list
> To unsubscribe, go to:
> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
>
_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l