Description

I installed moinmoin from Debian 5.0 (python-moinmoin 1.7.1-3+lenny2) as am wiki farm. One moinmoin instance work with LDAP Authentication again an AD. With the Firefox it works fine. But with the Internet Explorer V6 und V7 it's possible to login, but when i try to edit any page, i logged automatic out.

Steps to reproduce

  1. install moinmoin 1.7 via apt-get
  2. create an moinmoin farm instance.
  3. configure authentication again LDAP (/usr/share/doc/python-moinmoin/examples/config/more_samples/ldap_wikiconfig_snippet.gz)
  4. connect via Internet Explorer. Log in and try to edit an page.

Example

Component selection

  • general

Details

MoinMoin Version

1.7.1

OS and Version

Debian 5.0

Python Version

2.5.2

Server Setup

apache 2.2.9

Server Details

CGI

Language you are using the wiki in (set in the browser/UserPreferences)

german

Workaround

Discussion

That doesn't sound like a ldap auth problem (you ARE logged in for a single page, right?), but rather like IE having a problem to keep the session. Moin keeps the session using the MOIN_SESSION cookie, please check that. maybe delete it and log in again.

I think that's an Internet Explorer Problem, too. But without LDAP Authentication it works. I have removed all MOIN_Session cookies from data/cache/common/session Directory. But it do not help. I also cleared Cookies on Browser Side. 

 1 # -*- coding: iso-8859-1 -*-
 2 # IMPORTANT! This encoding (charset) setting MUST be correct! If you live in a
 3 # western country and you don't know that you use utf-8, you probably want to
 4 # use iso-8859-1 (or some other iso charset). If you use utf-8 (a Unicode
 5 # encoding) you MUST use: coding: utf-8
 6 # That setting must match the encoding your editor uses when you modify the
 7 # settings below. If it does not, special non-ASCII chars will be wrong.
 8 
 9 """
 10 This is a sample config for a wiki that is part of a wiki farm and uses
 11 farmconfig for common stuff. Here we define what has to be different from
 12 the farm's common settings.
 13 """
 14 
 15 # we import the FarmConfig class for common defaults of our wikis:
 16 from farmconfig import FarmConfig
 17 
 18 # now we subclass that config (inherit from it) and change what's different:
 19 class Config(FarmConfig):
 20 
 21  # basic options (you normally need to change these)
 22  sitename = u'Internes EDV Wiki' # [Unicode]
 23  interwikiname = 'Internes EDV Wiki'
 24 
 25  # name of entry page / front page [Unicode], choose one of those:
 26 
 27  # a) if most wiki content is in a single language
 28  #page_front_page = u"MyStartingPage"
 29 
 30  # b) if wiki content is maintained in many languages
 31  page_front_page = u"FrontPage"
 32 
 33  data_dir = '/var/lib/moin/edv_intern-wiki/data/'
 34 
 35  # The GUI WYSISYG editor is not installed with Debian.
 36  # See /usr/share/doc/$(cdbs_curpkg)/README.Debian for more info
 37  editor_force = True
 38  editor_default = 'text' # internal default, just for completeness
 39 
 40  theme_default = 'mandarin'
 41 
 42  acl_rights_before = u"Known:admin,read,write,delete,revert"
 43  acl_rights_default = u"-All:read"
 44 
 45  from MoinMoin.auth.ldap_login import LDAPAuth
 46  ldap_authenticator1 = LDAPAuth(
 47  # the values shown below are the DEFAULT values (you may remove them if you are happy with them),
 48  # the examples shown in the comments are typical for Active Directory (AD) or OpenLDAP.
 49  server_uri='ldap://x.x.x.x:3268', # ldap / active directory server URI
 50  # use ldaps://server:636 url for ldaps,
 51  # use ldap://server for ldap without tls (and set start_tls to 0),
 52  # use ldap://server for ldap with tls (and set start_tls to 1 or 2).
 53  bind_dn='cn=LDAPAuth,ou=Dienste-Konten,ou=Admin-Dienste,dc=YYLAN,dc=DE', # We can either use some fixed user and password for binding to LDAP.
 54  # Be careful if you need a % char in those strings - as they are used as
 55  # a format string, you have to write %% to get a single % in the end.
 56  #bind_dn = 'binduser@example.org' # (AD)
 57  #bind_dn = 'cn=admin,dc=example,dc=org' # (OpenLDAP)
 58  #bind_pw = 'secret'
 59  # or we can use the username and password we got from the user:
 60  #bind_dn = '%(username)s@example.org' # DN we use for first bind (AD)
 61  #bind_pw = '%(password)s' # password we use for first bind
 62  # or we can bind anonymously (if that is supported by your directory).
 63  # In any case, bind_dn and bind_pw must be defined.
 64  bind_pw='XXxxXX',
 65  base_dn='dc=YYLAN,dc=DE', # base DN we use for searching
 66  #base_dn = 'ou=SOMEUNIT,dc=example,dc=org'
 67  scope=2, # scope of the search we do (2 == ldap.SCOPE_SUBTREE)
 68  referrals=0, # LDAP REFERRALS (0 needed for AD)
 69  search_filter='(&(sAMAccountName=%(username)s)(memberOf=CN=EDV_intern-Wiki,OU=Gruppen,OU=RS,DC=XXxxXX,DC=DE))', # ldap filter used for searching:
 70  #search_filter = '(sAMAccountName=%(username)s)' # (AD)
 71  #search_filter = '(uid=%(username)s)' # (OpenLDAP)
 72  # you can also do more complex filtering like:
 73  # "(&(cn=%(username)s)(memberOf=CN=WikiUsers,OU=Groups,DC=example,DC=org))"
 74  # some attribute names we use to extract information from LDAP (if not None,
 75  # if None, the attribute won't be extracted from LDAP):
 76  givenname_attribute='givenname', # often 'givenName' - ldap attribute we get the first name from
 77  surname_attribute='sn', # often 'sn' - ldap attribute we get the family name from
 78  aliasname_attribute='displayName', # often 'displayName' - ldap attribute we get the aliasname from
 79  email_attribute='mail', # often 'mail' - ldap attribute we get the email address from
 80  email_callback=None, # callback function called to make up email address
 81  coding='utf-8', # coding used for ldap queries and result values
 82  timeout=10, # how long we wait for the ldap server [s]
 83  start_tls=0, # usage of Transport Layer Security 0 = No, 1 = Try, 2 = Required
 84  tls_cacertdir='',
 85  tls_cacertfile='',
 86  tls_certfile='',
 87  tls_keyfile='',
 88  tls_require_cert=0, # 0 == ldap.OPT_X_TLS_NEVER (needed for self-signed certs)
 89  bind_once=False, # set to True to only do one bind - useful if configured to bind as the user on the first attempt
 90  )
 91 
 92  auth = [ldap_authenticator1, ] # this is a list, you may have multiple ldap authenticators
 93  # as well as other authenticators
 94 
 95  cookie_lifetime = 1 # 1 hour after last access ldap login is required again
 96  user_autocreate = True
 97 
 98  # customize user preferences (optional, see MoinMoin/config/multiconfig for internal defaults)
 99  # you maybe want to use user_checkbox_remove, user_checkbox_defaults, user_form_defaults,
 100  # user_form_disable, user_form_remove.

I made an upgrade to 1.8.4. But still the same Problem. I have attached now my wikiconfig.py -- MarioHoffmann

OK, I had a quick look. I didn't find the session problem, but you maybe want to have a look at your ACL configuration, the default acl looks strange. I'll have a look at the code later. If I don't find a bug there, maybe you can prepare debug auth logging meanwhile (see wiki/config/logging/logfile_debug_auth) meanwhile, so we can get more infos from the running system. Please also add debug logging for MoinMoin.session module. -- ThomasWaldmann 2009年07月23日 11:35:00

Plan

  • Priority:
  • Assigned to:
  • Status:

CategoryMoinMoinBug

MoinMoin: MoinMoinBugs/AuthViaLdapNotPossibleForInternetExplorer (last edited 2009年07月23日 11:35:00 by ThomasWaldmann )

AltStyle によって変換されたページ (->オリジナル) /