Ryan:

it's nice, that you keep on updating your LDAP Authentication page. It's also for yourself, I guess. --Tom Gries [mail] 21:32, 4 Nov 2004 (UTC)

Updating User-information from LDAP in the Local Database

edit

I tried to update the user preferences in the local database with Information form LDAP but this didn't work out of the box.

I had to apply a line to the updateUser() function in LdapAuthentication.php:

function updateUser( &$user ) {
               $this->printDebug("Entering updateUser",1);

               if ( != $this->lang) {
                       $user->setOption('language',$this->lang);
               }
               if ( != $this->nickname) {
                       $user->setOption('nickname',$this->nickname);
               }
               if ( != $this->realname) {
                       $user->setRealName("Reinhard");
               }
               if ( != $this->email) {
                       $user->setEmail($this->email);
               }
               $user->saveSettings();
       }

An explicit call of saveSettings is required to update the user in the Database. Only after this "Patch" the user details are dispalyed in the user's preferences (and used for signatures, etc.) I'm using mediawiki 1.8.2. Maybe this behavior has changed with this version.

Reinhard

That is likely. I tested this pretty thoroughly before I released it. I thought that $user->saveSettings was done after this function was called? I'll take a look at the newer versions of mediawiki and see if anything has changed.
-- Ryan Lane

AD help

edit

Hi. From reading LDAP Authentication Configuration Examples and LDAP Authentication, it seems I may have to do steps from both. Which steps do I have to do to get this to work? We have Wiki 1.7.1, MySql 5.0, Windows 2003 Server, and PHP 5.1.4. I left a question on LDAP Authentication Configuration Examples, so please leave answer there. Thanks. Rlevse 12:57, 19 July 2006 (UTC)Reply

NTLM / ActiveDirectory

edit

Hi, not sure if this is the best place to discuss this or not, but here we go: I have created a modified version of LdapAuthentication.php which incorporates elements of 'Auto Login via REMOTE USER' plugin. This allows us to tie into AD whilst still picking up credentials transparently via NTLM (Apache2 / mod_auth_sspi / Win2k3). So, our users can load our wiki in IE, and not have to type any credentials and your code still auto-creates their account on first login.

LdapNtlmAuthentication.php

I would definitely appreciate any feedback on how sane the modifications are. Looking forward to hearing from you --Afhole 11:19, 24 November 2006 (UTC)Reply

Hi back at ya. You may want to wait until my next release, and then incorporate the changes into that one. Send me a patch of the changes and I'll see if it fits well into the plugin. The next version of the plugin will include smartcard authentication, and uses the auto authenticate method. I've changed quite a bit in the plugin so it may be hard for me to integrate this into it.
After saying that, I do very much want to include NTLM authentication into the plugin; I just don't have the means to test that where I am. I should be releasing the next version of the plugin in a week or two.
-- Ryan Lane
Hi Again... I have updated the LdapNtlmAuthentication.php script based on version 1.1b of your ldap script. It appears to work fine, but I'm doing some more testing at the moment. It is controlled by the config var $wgLDAPUseNTLM (true/false) which must be set before LdapAuthenticationPlugin is instanciated. Also, I'm seeing an issue with saving pages. The first save generates an error 'This is only a preview; changes have not yet been saved!' and the content disappears, then it takes a few clicks to get the page to save.
--Afhole 16:51, 13 December 2006 (UTC)Reply
The way you did it is slightly strange. Is it using the AutoAuthenticate hook? If so, why not do it similar to the way the SSLAuth is working? Have the user call the method from LocalSettings.php instead of calling it through the constructor. Also, this plugin doesn't really do much with LDAP. It really looks more like NTLM tacked on; although, I probably need to seperate out the secondary authentication and information grabbing pieces from the authenticate() method so that SSL auth and others can use it a little easier.
Can you attach a (diff -u) patch to the bugzilla page? I'll take a look at how to integrate it to use more of the LDAP features.
-- Ryan Lane
I have attached the diff to the bugzilla page MediaZilla: 814
As you say, it is pretty much just NTLM tacked on, I more or less pasted the code in from the Auth_remoteuser script and it seemed to work. Hopefully you can strip out the necessary code and integrate it a bit more sensibly.
Many Thanks --Afhole