Loading...
 

Category: External Authentication (LDAP, AD, PAM, CAS, etc)

External Authentication (LDAP, AD, PAM, CAS, etc)
Show subcategories objects

Name Type
"Prevent automatic/robot registration:" interferes with OpenID
Problem noticed here:
http://www.wiki-translation.com/tiki-view_forum_thread.php?forumId=2&comments_parentId=39

{img src=images/code.png}%%% {CODE()}
I'm trying to log in with my OpenID. I don't have a wiki-translation.com account yet.

After validating my OpenID, I'm taken to a Tiki page that prompts me to create a new account on wiki-translation.com to associate with my OpenID. I enter a username and password, but then get the following error:

Wrong registration code
{CODE}


__Duplicate of {wish id=2204}__
tracker item
PAM authentication broken
An attempt to log in using PAM (php-auth-pam) gives the following error message:

Notice: Undefined variable: error in /var/www/tikiwiki/tikiwiki-1.9.7/lib/userslib.php on line 554

Warning: Error variable must be passed by reference in /var/www/tikiwiki/tikiwiki-1.9.7/lib/userslib.php on line 554

Warning: Cannot modify header information - headers already sent by (output started at /var/www/tikiwiki/tikiwiki-1.9.7/lib/userslib.php:554) in /var/www/tikiwiki/tikiwiki-1.9.7/tiki-login.php on line 292


I'm using:
- php5-auth-pam-0.4-9.2 (Debian package)
- tikiwiki-1.9.7 (source)
tracker item
Humphrey
Contributors
tracker item
LDAP login error causes blank page instead of "Login error" page
We are running Tiki 6.2 (clean install), on a Windows 2003 Server, Apache 2.2.16 w SSL, PHP 5.3.3, remote MySQL 5 database. This bug is across all browsers.

Our organization has LDAP (Active Directory) enabled. If a user does not type in the correct password or has chosen to remember an old password (that has since been resent by AD) they will not be able to login and there is no screen to tell them why not. On login error, I can see in the LDAP logs:

Error: Bind failed: Invalid credentials

but a blank page is presented. Since the user does not think their invalid login is the problem, they keep trying and blame the system.
tracker item
LDAP authentication doesn't support special characters like "æ,ø,å" in CN name.
If CN contains any character of; æ,ø,å the login fails with "Invalid password" error.

tracker item
Active Directory domain users are not recognized by TikiWiki
Domain Users are not recognized by TikiWiki when using IIS and Webserver auth against AD.

substr function in tiki-setup_base.php mistakenly removing first char of the login name during substracting domain part. For example "DOMAIN\username" is truncated "sername".

I've fixed the issue with the patch below.
tracker item
Add SAML support
((SAML))

http://en.wikipedia.org/wiki/Security_Assertion_Markup_Language
http://simplesamlphp.org/
tracker item
Adding NTLM authentication support
NTLM is an authentication protocol which is widely used in Microsoft based network environments. By using it with HTTP you can use that method for single-sign-on (SSO) authentication within your web browser.
This means that without needing to enter additional username or passwords, you can be authenticated at the website you're visiting. This is quite convenient especially for company intranets. NTLM should work with all major browsers (Internet Explorer, Firefox and Opera).
tracker item
After setting auth to active directory/ldap - can't log in as admin now
Upgraded a test/development site from 1.9.9 to 1.10beta1. Trying to get ldap authentication working to an active directory server. After configuring for ldap auth to AD - with 'use tiki for admin auth' checked - now I cannot log in as the admin user. The AD server is taking a really long time to respond, it's at another location - so it always times out. Unfortunately the Tiki site seems to keep trying LDAP and timing out before it will check internally for the admin user. The net result... I'm currently locked out of my development/test Tiki site. LDAP times out and I can't get in as admin either.
tracker item
amette
Contributors
tracker item
Cannot manually create user when using LDAP
When using LDAP External authentication, I am unable to create a new user on the user administration page.

It does not require a password to create the user, but when you click Add, you receive the error message "Password should be at least characters long"


Users are created when they login the first time, but I need to configure permissions before they login.
tracker item
cnd
Contributors
tracker item
Community Currencies
wiki
Config login with ADS on Tikiwiki 1.9.7
Hi,

I attempted to configure tikiwiki to use PEAR:Auth authentication posted by this link http://doc.tikiwiki.org/tiki-index.php?page=Login%20Config.

However, I still get error "invalid username or password". Is there any way I can debug this?

My installed PHP version 4.4.6 with PEAR:Auth installed.
My Apache version 2.0.59 configured with LDAP.

Any suggestion is appreciated.
tracker item
Display Realname instead of login at "Switch user" for admins through module login_box
tracker item
Extend include_path for Net/LDAP2.php
tracker item
Fix CAS authentication in 1.9.x
[http://sourceforge.net/tracker/index.php?func=detail&aid=1325010&group_id=64258&atid=506846]

tracker item
imap/ldap authentication problem
Hello,
Installed tikiwiki 1.9 on a CentOS 4.4.
Assigned autenthication to external LDAP server ( Windows AD ) , but the problem
remains even with IMAP.
Login with admin works
Login with external users presents again the login screen ( no "bad password" just the login screen again and again )

I debugged the code and found the both IMAP and LDAP modeles correctly check the user
and at the end of tiki-login.php the "tiki-user-tikiwiki" Cookie is set with the IMAP/LDAP username, but then at start of "tiki-index.php" the $user variable is empty.
A further check states that session_id() at the end of tiki-login.php is different from session_id() at start of tiki-index.php ( and this explains why the value of variables are different ).
10 correct authentication produce 10 different PHPSESS file with correct username but tiki-index.php always load the first one ( without username set ).

This has been reproduced with php-4.3.9-3.22 on a Centos 4.2, 4.3 and 4.4

tracker item
IMAP/POP3/vpopmail no longer works
After upgrading from 1.9.7 to 2.0 I am no longer able to configure IMAP authentication.

templates/tiki-admin-include-login.tpl no longer contains any mention of IMAP, POP3 or vpopmail as it did in 1.9.7.

(Note: this renders tikiwiki unuseable for my organization)
tracker item
Limit users from CAS
While CAS authentication is great, it allows multiple users to login if you have a widely common CAS server.
For example, SecurePass [1] strong authentication allow ALL securepass users to login through their CAS.
The need is to optionally limit which users or users domain can login to tikiwiki through CAS.

[1] www.secure-pass.net
tracker item
LDAP Group Synchronisation broken
With revision 31581 the LDAP group synchronisation has been limited to only happen 60 seconds after the login:

http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/trunk/lib/userslib.php?r1=31565&r2=31581&pathrev=31581

So far as I can see this method is only called during the LDAP login procedure, so the if-statement in line 1415 will always be false, thus no synchronisation will happen.

I checked this problem with 7.1, 7.2 and 8.3 and never succeded to get the groups from an AD although the LDAP login worked. After disseminating the code and removing this if-statement the feature works again.

I wonder what the the use of this if-statement was? The commit message refers to webdav changes - how does it affect this?
Can this statement be removed so LDAP group synchronisation works or is there another way to fix this?
tracker item
Fix dependency of LDAP group sync to external directory
LDAP group synchronisation is dependent on the "corresponding user attribute", a setting which is only needed if an external directory is used for group synchronisation.

The fix is simple - the combination of if-staments just need to be adjusted slightly - see patch.
tracker item
Enhancement: Add option to select whether LDAP group synchronisation creates new groups or only sync existing ones
When groups are synchronised with a big LDAP organisation many empty groups may end up in Tikiwiki.

This enhancement / patch adds an option to let the administrator of a tikiwiki instance decide whether during synchronisation of groups only the user assignments to existing groups will be done or if non-existent groups will be created in tikiwiki.

The default behaviour - as of now - is that when a LDAP user logs in all the groups he belongs to will be created in tikiwiki and he is being added as a member of these groups.

This enhancement adds the preference "ldap_create_groups_tiki" which is "y" by default - which corresponds to the current behaviour.

If "ldap_create_groups_tiki" is set to "n" and a LDAP user logs in the group synchronisation process will silently ignore groups that exist in LDAP but not in tikiwiki. Existing groups will be synced, though.
tracker item
LDAP/Active Directory Multiple Domain Support
I am referencing forum post: https://tiki.org/tiki-view_forum_thread.php?comments_parentId=43682&topics_offset=1

I would like the ability for users in child domains to access the TikiWiki site the same way users in the parent site are able to access it. According to the forum post, "Tiki is not currently capable of authenticating against multiple domains (or multiple LDAP servers)" and "The code could be modified to search, say, the global catalog for the user's DN and then authenticate against the corresponding domain, but this would be custom coding"

I would like an option to specify multiple domains, or a custom code I could use to search the global catalog for the user's DN.

Basically I want all of my users in all of my offices to access the Tiki site. Not just the home office users.
tracker item
LDAP Group Sync in Tiki-9 Broken
I was unable to get group sync for ldap working, and after changing two lines of code in userslib.php I was able to get it working.

The changes I made are the __procedure__ section, and I have included my settings also in case someone is having a similar issue, or is just trying to set up LDAP group sync and would like to see a working example, and in case it is useful in your troubleshooting.
tracker item

Keywords

The following is a list of keywords that should serve as hubs for navigation within the Tiki development and should correspond to documentation keywords.

Each feature in Tiki has a wiki page which regroups all the bugs, requests for enhancements, etc. It is somewhat a form of wiki-based project management. You can also express your interest in a feature by adding it to your profile. You can also try out the Dynamic filter.

Accessibility (WAI & 508)
Accounting
Administration
Ajax
Articles & Submissions
Backlinks
Banner
Batch
BigBlueButton audio/video/chat/screensharing
Blog
Bookmark
Browser Compatibility
Calendar
Category
Chat
Comment
Communication Center
Consistency
Contacts Address book
Contact us
Content template
Contribution
Cookie
Copyright
Credits
Custom Home (and Group Home Page)
Database MySQL - MyISAM
Database MySQL - InnoDB
Date and Time
Debugger Console
Diagram
Directory (of hyperlinks)
Documentation link from Tiki to doc.tiki.org (Help System)
Docs
DogFood
Draw -superseded by Diagram
Dynamic Content
Preferences
Dynamic Variable
External Authentication
FAQ
Featured links
Feeds (RSS)
File Gallery
Forum
Friendship Network (Community)
Gantt
Group
Groupmail
Help
History
Hotword
HTML Page
i18n (Multilingual, l10n, Babelfish)
Image Gallery
Import-Export
Install
Integrator
Interoperability
Inter-User Messages
InterTiki
jQuery
Kaltura video management
Karma
Live Support
Logs (system & action)
Lost edit protection
Mail-in
Map
Menu
Meta Tag
Missing features
Visual Mapping
Mobile
Mods
Modules
MultiTiki
MyTiki
Newsletter
Notepad
OS independence (Non-Linux, Windows/IIS, Mac, BSD)
Organic Groups (Self-managed Teams)
Packages
Payment
PDF
Performance Speed / Load / Compression / Cache
Permission
Poll
Profiles
Quiz
Rating
Realname
Report
Revision Approval
Scheduler
Score
Search engine optimization (SEO)
Search
Security
Semantic links
Share
Shopping Cart
Shoutbox
Site Identity
Slideshow
Smarty Template
Social Networking
Spam protection (Anti-bot CATPCHA)
Spellcheck
Spreadsheet
Staging and Approval
Stats
Survey
Syntax Highlighter (Codemirror)
Tablesorter
Tags
Task
Tell a Friend
Terms and Conditions
Theme
TikiTests
Timesheet
Token Access
Toolbar (Quicktags)
Tours
Trackers
TRIM
User Administration
User Files
User Menu
Watch
Webmail and Groupmail
WebServices
Wiki History, page rename, etc
Wiki plugins extends basic syntax
Wiki syntax text area, parser, etc
Wiki structure (book and table of content)
Workspace and perspectives
WYSIWTSN
WYSIWYCA
WYSIWYG
XMLRPC
XMPP




Useful Tools