[Moin-user] questions about ldap auth

ReimarBauer rb.proj at googlemail.com
Sat Sep 11 18:24:31 EDT 2010 

On 10.09.2010 10:23, Marco Strullato wrote:
> Hi all,
Hi

> this is my first time with moin wiki, I've ever used mediawiki before...
> so, I have some questions:
> -the first is how can I set the log level: I see in the error log of
> apache waring and info logs: I'd like to have only error logs.

look into
http://hg.moinmo.in/moin/1.9/file/tip/wiki/config/logging/README or into
the one you downloaded


I am not sure but your data dir var looks like it points to the template
of the data und underlay dir which will become overwritten on an upgrade
of the source.

you should set up an own wiki instance with a copy of those dirs.
see for some documentations docs/INSTALL.html


> -I'm trying also to set up ldap authentication: this is my configuration file.
> 
in wiki/config/more_samples you find some ldap configuration example e.g.
http://hg.moinmo.in/moin/1.9/file/tip/wiki/config/more_samples/ldap_wikiconfig_snippet
(seems like you have used it)

the config file is a python script. and python sets levels by indenting.
you need to set the right indenting. one level is 4 blanks, don't use tabs.

the from MoinMoin.auth looks like to have wrong indenting.
(instead of mail you can also use a pastebin e.g. paste.pocoo.org, this
is easier to read for us, and you can discuss problems on
chat.freenode.net #moin)

where does this setting come from acl_enabled = 1 ? this sounds like a
very old configuration. acls are builtin in newer versions and can't be
disabled. See HelpOnConfiguration or as superuser SystemInfo (for
listing your settings)

many times acl_rights_default is set.

you want to set autocreate=True

> from farmconfig import FarmConfig
> from MoinMoin.security.antispam import SecurityPolicy
> from MoinMoin.security import Permissions
> class Config(FarmConfig):
>     sitename = u'Wiki' # [Unicode]
>     interwikiname = u'Wiki' # [Unicode]
>     page_front_page = u"FrontPage"
>     data_dir = '/usr/share/moin/wiki/data'
>     data_underlay_dir='/usr/share/moin/wiki/underlay'
>     superuser = [u"marco", ]
>     acl_rights_before = u"marco:read,write,delete,revert,admin"
>     acl_rights_default = u"Trusted:read,write,delete,revert
> Known:read,write,delete,revert All:read,write"
>     acl_rights_after = u"" # most users don't need this
>     acl_hierarchic = False # True to use hierarchical ACLs
>     unzip_single_file_size = 2.0 * 1000 ** 2
>     unzip_attachments_space = 200.0 * 1000 ** 2
>     unzip_attachments_count = 101 # 1 zip file + 100 files contained in it
>     textchas = None # a data structure with site-specific questions/answers
>     textchas_disabled_group = None # e.g. u'NoTextChasGroup' if you
> are a member of this group, you don't get textchas
>    from MoinMoin.auth.ldap_login import LDAPAuth
>     ldap_authenticator1 = LDAPAuth(
>         server_uri='ldap://ldap01',
>         bind_dn=''
>         bind_pw='',
>         base_dn='ou=wiki,c=it',  # base DN we use for searching
>         scope=2, # scope of the search we do (2 == ldap.SCOPE_SUBTREE)
>         referrals=0, # LDAP REFERRALS (0 needed for AD)
>         search_filter='(uid=%(username)s)',  # ldap filter used for searching:
>         givenname_attribute='givenName',
>         surname_attribute='sn',
>         aliasname_attribute='displayName',
>         email_attribute='mail',
>         email_callback=None, # callback function called to make up email address
>         coding='utf-8', # coding used for ldap queries and result values
>         timeout=10, # how long we wait for the ldap server [s]
>         start_tls=0, # usage of Transport Layer Security 0 = No, 1 =
> Try, 2 = Required
>         tls_cacertdir=None,
>         tls_cacertfile=None,
>         tls_certfile=None,
>         tls_keyfile=None,
>         tls_require_cert=0, # 0 == ldap.OPT_X_TLS_NEVER (needed for
> self-signed certs)
>         bind_once=False, # set to True to only do one bind - useful if
> configured to bind as the user on the first attempt
>         autocreate=False, # set to True to automatically create/update
> user profiles
>         name='ldap', # use e.g. 'ldap_pdc' and 'ldap_bdc' (or 'ldap1'
> and 'ldap2') if you auth against 2 ldap servers
>         report_invalid_credentials=False, # whether to emit "invalid
> username or password" msg at login time or not
>     )
> 
>     auth = [ldap_authenticator1, ] # this is a list, you may have
> multiple ldap authenticators
>     cookie_lifetime = (0,1) # no anon user sessions, 1h session
> lifetime for logged-in users
>     class SecurityPolicy(Permissions):
>         def save(self, editor, newtext, rev, **kw):
>             # only known users are allowed to edit
>             return self.request.user.valid
>     acl_enabled = 1
>     acl_rights_default = 'Known:read,write,delete,revert All:read'
> 
> what I get is that I'm authenticated from the ldap but I'm not
> authorized. What should I check?
see above
> 
> -is there a list of special pages as in mediawiki?

see bottom of FindPage

btw. because of some strange vars, which moin version do you try 1.9 ?



cheers
Reimar

More information about the Moin-user mailing list