Category: External Authentication (LDAP, AD, PAM, CAS, etc)
Show subcategories objects| Name | Type |
|---|---|
| "Prevent automatic/robot registration:" interferes with OpenID | tracker item |
|
PAM authentication broken
An attempt to log in using PAM (php-auth-pam) gives the following error message: Notice: Undefined variable: error in /var/www/tikiwiki/tikiwiki-1.9.7/lib/userslib.php on line 554 Warning: Error variable must be passed by reference in /var/www/tikiwiki/tikiwiki-1.9.7/lib/userslib.php on line 554 Warning: Cannot modify header information - headers already sent by (output started at /var/www/tikiwiki/tikiwiki-1.9.7/lib/userslib.php:554) in /var/www/tikiwiki/tikiwiki-1.9.7/tiki-login.php on line 292 I'm using: - php5-auth-pam-0.4-9.2 (Debian package) - tikiwiki-1.9.7 (source) |
tracker item |
|
Humphrey
Contributors |
tracker item |
|
LDAP login error causes blank page instead of "Login error" page
We are running Tiki 6.2 (clean install), on a Windows 2003 Server, Apache 2.2.16 w SSL, PHP 5.3.3, remote MySQL 5 database. This bug is across all browsers. Our organization has LDAP (Active Directory) enabled. If a user does not type in the correct password or has chosen to remember an old password (that has since been resent by AD) they will not be able to login and there is no screen to tell them why not. On login error, I can see in the LDAP logs: Error: Bind failed: Invalid credentials but a blank page is presented. Since the user does not think their invalid login is the problem, they keep trying and blame the system. |
tracker item |
|
LDAP authentication doesn't support special characters like "æ,ø,å" in CN name.
If CN contains any character of; æ,ø,å the login fails with "Invalid password" error. |
tracker item |
|
Active Directory domain users are not recognized by TikiWiki
Domain Users are not recognized by TikiWiki when using IIS and Webserver auth against AD. substr function in tiki-setup_base.php mistakenly removing first char of the login name during substracting domain part. For example "DOMAIN\username" is truncated "sername". I've fixed the issue with the patch below. |
tracker item |
|
Add SAML support
((SAML)) http://en.wikipedia.org/wiki/Security_Assertion_Markup_Language http://simplesamlphp.org/ |
tracker item |
|
Adding NTLM authentication support
NTLM is an authentication protocol which is widely used in Microsoft based network environments. By using it with HTTP you can use that method for single-sign-on (SSO) authentication within your web browser. This means that without needing to enter additional username or passwords, you can be authenticated at the website you're visiting. This is quite convenient especially for company intranets. NTLM should work with all major browsers (Internet Explorer, Firefox and Opera). |
tracker item |
|
After setting auth to active directory/ldap - can't log in as admin now
Upgraded a test/development site from 1.9.9 to 1.10beta1. Trying to get ldap authentication working to an active directory server. After configuring for ldap auth to AD - with 'use tiki for admin auth' checked - now I cannot log in as the admin user. The AD server is taking a really long time to respond, it's at another location - so it always times out. Unfortunately the Tiki site seems to keep trying LDAP and timing out before it will check internally for the admin user. The net result... I'm currently locked out of my development/test Tiki site. LDAP times out and I can't get in as admin either. |
tracker item |
|
amette
Contributors |
tracker item |
|
Cannot manually create user when using LDAP
When using LDAP External authentication, I am unable to create a new user on the user administration page. It does not require a password to create the user, but when you click Add, you receive the error message "Password should be at least characters long" Users are created when they login the first time, but I need to configure permissions before they login. |
tracker item |
|
cnd
Contributors |
tracker item |
| Community Currencies | wiki |
|
Config login with ADS on Tikiwiki 1.9.7
Hi, I attempted to configure tikiwiki to use PEAR:Auth authentication posted by this link http://doc.tikiwiki.org/tiki-index.php?page=Login%20Config. However, I still get error "invalid username or password". Is there any way I can debug this? My installed PHP version 4.4.6 with PEAR:Auth installed. My Apache version 2.0.59 configured with LDAP. Any suggestion is appreciated. |
tracker item |
| Display Realname instead of login at "Switch user" for admins through module login_box | tracker item |
| Extend include_path for Net/LDAP2.php | tracker item |
|
Fix CAS authentication in 1.9.x
[http://sourceforge.net/tracker/index.php?func=detail&aid=1325010&group_id=64258&atid=506846] |
tracker item |
|
imap/ldap authentication problem
Hello, Installed tikiwiki 1.9 on a CentOS 4.4. Assigned autenthication to external LDAP server ( Windows AD ) , but the problem remains even with IMAP. Login with admin works Login with external users presents again the login screen ( no "bad password" just the login screen again and again ) I debugged the code and found the both IMAP and LDAP modeles correctly check the user and at the end of tiki-login.php the "tiki-user-tikiwiki" Cookie is set with the IMAP/LDAP username, but then at start of "tiki-index.php" the $user variable is empty. A further check states that session_id() at the end of tiki-login.php is different from session_id() at start of tiki-index.php ( and this explains why the value of variables are different ). 10 correct authentication produce 10 different PHPSESS file with correct username but tiki-index.php always load the first one ( without username set ). This has been reproduced with php-4.3.9-3.22 on a Centos 4.2, 4.3 and 4.4 |
tracker item |
|
IMAP/POP3/vpopmail no longer works
After upgrading from 1.9.7 to 2.0 I am no longer able to configure IMAP authentication. templates/tiki-admin-include-login.tpl no longer contains any mention of IMAP, POP3 or vpopmail as it did in 1.9.7. (Note: this renders tikiwiki unuseable for my organization) |
tracker item |
|
Limit users from CAS
While CAS authentication is great, it allows multiple users to login if you have a widely common CAS server. For example, SecurePass [1] strong authentication allow ALL securepass users to login through their CAS. The need is to optionally limit which users or users domain can login to tikiwiki through CAS. [1] www.secure-pass.net |
tracker item |
|
LDAP Group Synchronisation broken
With revision 31581 the LDAP group synchronisation has been limited to only happen 60 seconds after the login: http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/trunk/lib/userslib.php?r1=31565&r2=31581&pathrev=31581 So far as I can see this method is only called during the LDAP login procedure, so the if-statement in line 1415 will always be false, thus no synchronisation will happen. I checked this problem with 7.1, 7.2 and 8.3 and never succeded to get the groups from an AD although the LDAP login worked. After disseminating the code and removing this if-statement the feature works again. I wonder what the the use of this if-statement was? The commit message refers to webdav changes - how does it affect this? Can this statement be removed so LDAP group synchronisation works or is there another way to fix this? |
tracker item |
|
Fix dependency of LDAP group sync to external directory
LDAP group synchronisation is dependent on the "corresponding user attribute", a setting which is only needed if an external directory is used for group synchronisation. The fix is simple - the combination of if-staments just need to be adjusted slightly - see patch. |
tracker item |
|
Enhancement: Add option to select whether LDAP group synchronisation creates new groups or only sync existing ones
When groups are synchronised with a big LDAP organisation many empty groups may end up in Tikiwiki. This enhancement / patch adds an option to let the administrator of a tikiwiki instance decide whether during synchronisation of groups only the user assignments to existing groups will be done or if non-existent groups will be created in tikiwiki. The default behaviour - as of now - is that when a LDAP user logs in all the groups he belongs to will be created in tikiwiki and he is being added as a member of these groups. This enhancement adds the preference "ldap_create_groups_tiki" which is "y" by default - which corresponds to the current behaviour. If "ldap_create_groups_tiki" is set to "n" and a LDAP user logs in the group synchronisation process will silently ignore groups that exist in LDAP but not in tikiwiki. Existing groups will be synced, though. |
tracker item |
|
LDAP/Active Directory Multiple Domain Support
I am referencing forum post: https://tiki.org/tiki-view_forum_thread.php?comments_parentId=43682&topics_offset=1 I would like the ability for users in child domains to access the TikiWiki site the same way users in the parent site are able to access it. According to the forum post, "Tiki is not currently capable of authenticating against multiple domains (or multiple LDAP servers)" and "The code could be modified to search, say, the global catalog for the user's DN and then authenticate against the corresponding domain, but this would be custom coding" I would like an option to specify multiple domains, or a custom code I could use to search the global catalog for the user's DN. Basically I want all of my users in all of my offices to access the Tiki site. Not just the home office users. |
tracker item |
|
LDAP Group Sync in Tiki-9 Broken
I was unable to get group sync for ldap working, and after changing two lines of code in userslib.php I was able to get it working. The changes I made are the __procedure__ section, and I have included my settings also in case someone is having a similar issue, or is just trying to set up LDAP group sync and would like to see a working example, and in case it is useful in your troubleshooting. |
tracker item |
;){kind=link}
;){kind=link}
;){kind=link}
;){kind=link}
http://www.wiki-translation.com/tiki-view_forum_thread.php?forumId=2&comments_parentId=39
{img src=images/code.png}%%% {CODE()}
I'm trying to log in with my OpenID. I don't have a wiki-translation.com account yet.
After validating my OpenID, I'm taken to a Tiki page that prompts me to create a new account on wiki-translation.com to associate with my OpenID. I enter a username and password, but then get the following error:
Wrong registration code
{CODE}
__Duplicate of {wish id=2204}__