Archive

Posts Tagged ‘Red Hat’

Wikimedia – LDAP integrated

July 11th, 2012 No comments

Had to setup an internal wikimedia page, and I wanted it to be LDAP based, so I won’t have to create new users for each and every person.

This is how I got mine done:

Operating System: Red Hat 6 Update 3

Database: SQLite (MySQL/PostgreSQL are optional as well

WikiMedia Version: 1.19.1

Extracted Directory: /var/www/wiki

Additional Requirements: LdapAuthenticationPlugin, php-ldap package, Domain Controller Certificate

.After installing SQLite, Wikimedia and PHP, wiki must have a stored certificate file from a domain controller in order to make it LDAP Integrated

NOTICE: once it is LDAP you will ONLY be able to login with Active Directory credentials

:There are 2 methods to obtain a certificate

  1. Exporting the certification from a CA server, import it via WinSCP to the wiki server.  And convert it to .pem .
  2. Querying a CA server / DC server for the certificate, and copy the output to a file.

Method 1:

To convert an exported certificate, type:

openssl x509 -inform der -in certificatefile.cer -out certificatefile.pem

  1. Store the converted file at /etc/pki/tls/certs.
  2. Edit /etc/openldap/ldap.conf and change TLS_CACERT  & TLS_CACERTFILE  entries with the converted file name.

Method 2:

Querying a server for its certificate:

  1. openssl s_client –connect my.domain.com:636
  2. copy everything in between and including —-START CERTIFICATE— and —– END CERTIFICATE to a filename.cer  and place it at /etc/pki/lts/certs
  3. Edit /etc/openldap/ldap.conf and change the TLS_CACERT  & TLS_CACERTFILE  entries.

:Enable troubleshooting logs and add LDAP modules entries

  1.  mkdir –p /var/log/wiki
  2.  touch /var/log/wiki/wiki.log
  3.  chown apache:apache /var/log/wiki/wiki.log
  4. chmod 644 /var/log/wiki/wiki.log

 

:Wikimedia and LDAP Authentication

Download  LdapAuthenticationPlugin from here and store the file at /var/www/wiki/extension/LdapAuthentication

:Edit the file: /var/www/wiki/LocalSettings.php , And append the following lines at the end

require_once( “/var/www/wiki/extensions/LdapAuthentication/LdapAuthentication.php” );

$wgAuth = new LdapAuthenticationPlugin();

$wgLDAPDomainNames = array( “example” );

$wgLDAPServerNames = array( “example” => “DCServer.example.com”  );

$wgLDAPSearchStrings = array( “example” => “USER-NAME@EXAMPLE” );

$wgLDAPEncryptionType = array( “example” => “ssl” );

$wgLDAPDebug = 3;

$wgDebugLogGroups["ldap"] = “/var/log/wiki/wiki.log” ;

:Restart apache service

  • Restart apache daemon to check integrity /etc/init.d/httpd restart

Logging with your Active Directory credentials should be possible by now. If it isn’t, consider troubleshooting the log we enabled:

tail –f /var/log/wiki/wiki.log

This will show you any upcoming errors in real time, while you try to authenticate with your AD credentials.

Categories: Miscellanous Tags: ,