<html>
<head>
<style>
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Verdana
}
</style>
</head>
<body class='hmmessage'>
<SPAN><SPAN>pm</SPAN><BR><SPAN></SPAN><BR><SPAN>thanks for the reply. much appreciated!</SPAN><BR><BR><SPAN>I tried your suggesstions - however this made no difference. login/logout changes to logout but the page does not display. the @ by itself was being picked up by the config which I've changed to the setting above. </SPAN><SPAN>so now in authuser I have</SPAN><BR><SPAN></SPAN><BR><SPAN>@admin: david,</SPAN><BR><SPAN>@editors: *, test,</SPAN><BR><SPAN></SPAN></SPAN><BR>
<SPAN><A href="ldap://name-omitted:389/OU=MANSERV,O=abc?uid?sub">ldap://name-omitted:389/OU=MANSERV,O=abc?uid?sub</A> (t</SPAN><SPAN><SPAN>he ldap server relevant to my setup.)</SPAN></SPAN><BR>
<SPAN><SPAN></SPAN></SPAN> <BR>
<SPAN><SPAN>a random page attributes now being:</SPAN></SPAN><BR>
<SPAN><SPAN></SPAN></SPAN> <BR>
<SPAN><SPAN>read: @nopass</SPAN></SPAN><BR>
<SPAN><SPAN>edit: @editors</SPAN><BR>
<BR><SPAN>I'm running two wikis one with ldap the other without. both are in separate </SPAN><SPAN>folders so technically do not conflict with each other. </SPAN><BR>
<SPAN>just in case they did I have given both a unique session name in their respective configs.</SPAN><BR>
<SPAN></SPAN><BR><SPAN>might it may be worth trying a fresh install of pmwiki? perhaps outside the web directory (I could always point iis to point to this as a virtual directory for dns to resolve).</SPAN><BR><SPAN></SPAN><BR><SPAN>i'm unable to test outside of work as I would not get access to the ldap server. </SPAN><BR><SPAN></SPAN><BR><SPAN>if I login as admin or test then authuser authenticates me fine.</SPAN><BR><SPAN></SPAN><BR><SPAN>thanks for any suggestions.</SPAN><BR><SPAN></SPAN><BR><SPAN>david</SPAN><BR><BR></SPAN>
<SPAN></SPAN> <BR>
<SPAN></SPAN> <BR>
<SPAN>On 12 Feb 2009, at 21:05, "Patrick R. Michaud" <<A title=mailto:pmichaud@pobox.com href="mailto:pmichaud@pobox.com"><A title=mailto:pmichaud@pobox.com href="mailto:pmichaud@pobox.com">pmichaud@pobox.com</A></A>> wrote:</SPAN><BR><SPAN></SPAN><BR><BR>
<BLOCKQUOTE type="cite"><SPAN>On Thu, Feb 12, 2009 at 06:36:00PM +0000, david roundell wrote:</SPAN><BR></BLOCKQUOTE>
<BLOCKQUOTE type="cite">
<BLOCKQUOTE type="cite"><SPAN>noticed today that when i try a 'secure' page that requires a user to</SPAN><BR></BLOCKQUOTE></BLOCKQUOTE>
<BLOCKQUOTE type="cite">
<BLOCKQUOTE type="cite"><SPAN>authenticate themselves that the name/password prompt reappears, even after</SPAN><BR></BLOCKQUOTE></BLOCKQUOTE>
<BLOCKQUOTE type="cite">
<BLOCKQUOTE type="cite"><SPAN>correctly entering the right username/password. you would think this is perhaps</SPAN><BR></BLOCKQUOTE></BLOCKQUOTE>
<BLOCKQUOTE type="cite">
<BLOCKQUOTE type="cite"><SPAN>a problem with 'talking' to the ldap server. however, the login/logout changes</SPAN><BR></BLOCKQUOTE></BLOCKQUOTE>
<BLOCKQUOTE type="cite">
<BLOCKQUOTE type="cite"><SPAN>to logout - so this tells me (i think) that the id and password have been</SPAN><BR></BLOCKQUOTE></BLOCKQUOTE>
<BLOCKQUOTE type="cite">
<BLOCKQUOTE type="cite"><SPAN>authenticated.</SPAN><BR></BLOCKQUOTE></BLOCKQUOTE>
<BLOCKQUOTE type="cite"><SPAN></SPAN><BR></BLOCKQUOTE>
<BLOCKQUOTE type="cite"><SPAN>You're likely correct -- if the login/logout changes to 'logout',</SPAN><BR></BLOCKQUOTE>
<BLOCKQUOTE type="cite"><SPAN>that's an indication that the person is authenticated and something</SPAN><BR></BLOCKQUOTE>
<BLOCKQUOTE type="cite"><SPAN>else is happening.</SPAN><BR></BLOCKQUOTE>
<BLOCKQUOTE type="cite"><SPAN></SPAN><BR></BLOCKQUOTE>
<BLOCKQUOTE type="cite"><SPAN></SPAN><BR></BLOCKQUOTE>
<BLOCKQUOTE type="cite">
<BLOCKQUOTE type="cite"><SPAN>the attributes on a random page are:</SPAN><BR></BLOCKQUOTE></BLOCKQUOTE>
<BLOCKQUOTE type="cite">
<BLOCKQUOTE type="cite"><SPAN></SPAN><BR></BLOCKQUOTE></BLOCKQUOTE>
<BLOCKQUOTE type="cite">
<BLOCKQUOTE type="cite"><SPAN>read p/w: @ id:*</SPAN><BR></BLOCKQUOTE></BLOCKQUOTE>
<BLOCKQUOTE type="cite">
<BLOCKQUOTE type="cite"><SPAN>edit p/w: @ id:*</SPAN><BR></BLOCKQUOTE></BLOCKQUOTE>
<BLOCKQUOTE type="cite"><SPAN></SPAN><BR></BLOCKQUOTE>
<BLOCKQUOTE type="cite"><SPAN>The bare '@' looks very odd to me -- it might be causing</SPAN><BR></BLOCKQUOTE>
<BLOCKQUOTE type="cite"><SPAN>an issue. Normally to restrict access to authenticated</SPAN><BR></BLOCKQUOTE>
<BLOCKQUOTE type="cite"><SPAN>folks I would expect "id:*" with no @ .</SPAN><BR></BLOCKQUOTE>
<BLOCKQUOTE type="cite"><SPAN></SPAN><BR></BLOCKQUOTE>
<BLOCKQUOTE type="cite">
<BLOCKQUOTE type="cite"><SPAN>the page siteadmin.authuser has @editors: id:*</SPAN><BR></BLOCKQUOTE></BLOCKQUOTE>
<BLOCKQUOTE type="cite"><SPAN></SPAN><BR></BLOCKQUOTE>
<BLOCKQUOTE type="cite"><SPAN>Inside of SiteAdmin.AuthUser the groups already assume "id:", so</SPAN><BR></BLOCKQUOTE>
<BLOCKQUOTE type="cite"><SPAN>this should probably be "@editors: *". If you're using groups</SPAN><BR></BLOCKQUOTE>
<BLOCKQUOTE type="cite"><SPAN>in this way, though, you probably want your read/edit passwords</SPAN><BR></BLOCKQUOTE>
<BLOCKQUOTE type="cite"><SPAN>to be "@editors".</SPAN><BR></BLOCKQUOTE>
<BLOCKQUOTE type="cite"><SPAN></SPAN><BR></BLOCKQUOTE>
<BLOCKQUOTE type="cite"><SPAN>Pm</SPAN><BR></BLOCKQUOTE>
<HR id=stopSpelling>
<BR>
From: roundelld@hotmail.com<BR>To: pmwiki-users@pmichaud.com<BR>Subject: authuser and ldap authentication - help needed!<BR>Date: Thu, 12 Feb 2009 18:36:00 +0000<BR><BR>
<STYLE>
.ExternalClass .EC_hmmessage P
{padding:0px;}
.ExternalClass body.EC_hmmessage
{font-size:10pt;font-family:Verdana;}
</STYLE>
hello<BR> <BR>using pmwiki at work and was able to successfully authenticate users via ldap. this is a great help!<BR>noticed today that when i try a 'secure' page that requires a user to authenticate themselves that the name/password prompt reappears, even after correctly entering the right username/password. you would think this is perhaps a problem with 'talking' to the ldap server. however, the login/logout changes to logout - so this tells me (i think) that the id and password have been authenticated. the attributes on a random page are:<BR> <BR>read p/w: @ id:*<BR>edit p/w: @ id:*<BR> <BR>the page siteadmin.authuser has @editors: id:*<BR> <BR>config has<BR> <BR><FONT size=2>ini_set('session.gc_maxlifetime', 3600);<BR>$AuthUser['ldap'] = 'ldap://name-omitted:389/OU=MANSERV,O=abc?uid?sub';<BR>include_once('scripts/authuser.php');<BR> <BR>and authuser.php has been amended to search the entire name directory<BR> <BR><FONT size=2>function AuthUserLDAP($pagename, $id, $pw, $pwlist) {<BR>if (!$id) return false;<BR>if (!$pw) return false;<BR>if (!function_exists('ldap_connect')) return false;<BR>$fullUser = $id."@net.name-omitted.co.uk";<BR> <BR>the only recent change was a dns entry was created so the servername during testing went from <A href="http://abc-123/xyz">http://abc-123/xyz</A> to <BR><A href="http://abc-xyz/">http://abc-xyz</A> - the content in the folder remained static as did permissions.<BR> <BR>any clues/directions/pointers as to why the page does not display the content even with correct user id/pw? i can sign in using an admin id perfectly fine. obviously this is not desired for users!<BR> <BR>thanks for any help!<BR> <BR>david<BR></FONT> <BR> <BR> <BR><BR></FONT></body>
</html>