 |
|
You are here: Foswiki>Support Web>SupportQuestions>Question1646 (24 Aug 2015, AndreLichtsteiner)Edit Attach
This question about Authentication or Authorisation: Asked
LdapContrib login failure for users with underscore followed by [a-f][a-f] (such as test_abcd)
I recently upgraded our instance of Foswiki from 1.1.9 to 2.0.1.We currently use LDAP to authenticate using ActiveDirectory and everything was working just fine with the 1.1.9 instance.
All user names contain underscores and only some users have the issue. In testing, it seems that the only users that are unable to login are the ones that have hex characters after the underscore.
The users that are unable to login get "Wide character in subroutine entry at /path/to/foswiki/lib/Foswiki/Contrib/LdapContrib.pm line 1898." With other errors in the logs such as "login: "\\x{00be}" does not map to utf8 at /path/to/foswiki/lib/Foswiki/Logger/PlainFile.pm line 138."
Other symptoms include user names instead of WikiNames in the breadcrumb and topic revision history such as "You are here: Foswiki>Main Web>WebHome (19 Aug 2015, test_5fuser)" and "Topic revision: r2 - 19 Aug 2015, test_5fuser".
My Ldap configuration is as follows:
$Foswiki::cfg{Ldap}{AllowChangePassword} = 0;
$Foswiki::cfg{Ldap}{Base} = 'DC=MY,DC=COMPANY,DC=COM';
$Foswiki::cfg{Ldap}{BindDN} = 'CN=User,OU=Accounts,DC=MY,DC=COMPANY,DC=COM';
$Foswiki::cfg{Ldap}{BindPassword} = '';
$Foswiki::cfg{Ldap}{CaseSensitiveLogin} = 0;
$Foswiki::cfg{Ldap}{CharSet} = 'utf-8';
$Foswiki::cfg{Ldap}{Debug} = 1;
$Foswiki::cfg{Ldap}{DefaultCacheExpire} = '0';
$Foswiki::cfg{Ldap}{Exclude} = 'WikiGuest, ProjectContributor, RegistrationAgent, UnknownUser, AdminGroup, NobodyGroup, AdminUser, admin, guest';
$Foswiki::cfg{Ldap}{GroupAttribute} = 'cn';
$Foswiki::cfg{Ldap}{GroupBase} = ['OU=Groups,DC=MY,DC=COMPANY,DC=COM'];
$Foswiki::cfg{Ldap}{GroupFilter} = 'cn=Group-*';
$Foswiki::cfg{Ldap}{GroupScope} = 'sub';
$Foswiki::cfg{Ldap}{Host} = 'LDAP.MY.COMPANY.COM';
$Foswiki::cfg{Ldap}{IPv6} = 0;
$Foswiki::cfg{Ldap}{IgnoreViewRightsInSearch} = 0;
$Foswiki::cfg{Ldap}{IndexEmails} = 1;
$Foswiki::cfg{Ldap}{InnerGroupAttribute} = 'member';
$Foswiki::cfg{Ldap}{KerberosKeyTab} = '/etc/krb5.keytab';
$Foswiki::cfg{Ldap}{LoginAttribute} = 'sAMAccountName';
$Foswiki::cfg{Ldap}{LoginFilter} = 'objectClass=organizationalPerson';
$Foswiki::cfg{Ldap}{MailAttribute} = 'mail';
$Foswiki::cfg{Ldap}{MapGroups} = 1;
$Foswiki::cfg{Ldap}{MaxCacheAge} = '86400';
$Foswiki::cfg{Ldap}{MemberAttribute} = 'member';
$Foswiki::cfg{Ldap}{MemberIndirection} = 1;
$Foswiki::cfg{Ldap}{MergeGroups} = 0;
$Foswiki::cfg{Ldap}{NormalizeGroupNames} = 1;
$Foswiki::cfg{Ldap}{NormalizeLoginNames} = 1;
$Foswiki::cfg{Ldap}{NormalizeWikiNames} = 1;
$Foswiki::cfg{Ldap}{PageSize} = '500';
$Foswiki::cfg{Ldap}{PersonAttribures} = {'c' => 'Country','company' => 'OrganisationName','department' => 'Department','division' => 'Division','facsimileTelephoneNumber' => 'Telefax','givenName' => 'FirstName','l' => 'Location','mail' => 'Email','manager' => 'Manager','mobile' => 'Mobile','physicalDeliveryOfficeName' => 'Address','postalAddress' => 'Address','sAMAccountName' => 'LoginName','sn' => 'LastName','streetAddress' => 'Address','telephoneNumber' => 'Telephone','title' => 'Title','uid' => 'LoginName'};
$Foswiki::cfg{Ldap}{PersonDataForm} = 'UserForm';
$Foswiki::cfg{Ldap}{Port} = '389';
$Foswiki::cfg{Ldap}{Precache} = 1;
$Foswiki::cfg{Ldap}{PreferLocalSettings} = 1;
$Foswiki::cfg{Ldap}{PrimaryGroupAttribute} = 'memberOf';
$Foswiki::cfg{Ldap}{RewriteGroups} = {'^GROUP(.*)$' => '$1Group','^Group(.*)$' => '$1Group'};
$Foswiki::cfg{Ldap}{RewriteWikiNames} = {'^(.*)@.*$' => '$1'};
$Foswiki::cfg{Ldap}{SASLMechanism} = 'PLAIN CRAM-MD5 EXTERNAL ANONYMOUS';
$Foswiki::cfg{Ldap}{SecondaryPasswordManager} = 'Foswiki::Users::HtPasswdUser';
$Foswiki::cfg{Ldap}{TLSCAFile} = '';
$Foswiki::cfg{Ldap}{TLSCAPath} = '/etc/ssl/certs/';
$Foswiki::cfg{Ldap}{TLSClientCert} = '';
$Foswiki::cfg{Ldap}{TLSClientKey} = '';
$Foswiki::cfg{Ldap}{TLSSSLVersion} = 'tlsv1';
$Foswiki::cfg{Ldap}{TLSVerify} = 'require';
$Foswiki::cfg{Ldap}{UseSASL} = 0;
$Foswiki::cfg{Ldap}{UseTLS} = 0;
$Foswiki::cfg{Ldap}{UserBase} = ['OU=Users,DC=MY,DC=COMPANY,DC=COM'];
$Foswiki::cfg{Ldap}{UserMappingTopic} = '';
$Foswiki::cfg{Ldap}{UserScope} = 'sub';
$Foswiki::cfg{Ldap}{Version} = '3';
$Foswiki::cfg{Ldap}{WikiGroupsBackoff} = 1;
$Foswiki::cfg{Ldap}{WikiNameAliases} = '';
$Foswiki::cfg{Ldap}{WikiNameAttributes} = 'cn';
-- DouglasKnowles - 20 Aug 2015 We are observing similar problems. I'm considering this a bug, so I opened a task: Tasks.Item13630 -- Main.AndreLichtsteiner - 24 Aug 2015 - 10:16
QuestionForm edit
| Subject | Authentication or Authorisation |
| Extension | LdapContrib |
| Version | Foswiki 2.0.0 |
| Status | Asked |
| Related Topics |
Edit | Attach | Print version | History: r2 < r1 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r2 - 24 Aug 2015, AndreLichtsteiner
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. 
Legal Imprint Privacy Policy
Legal Imprint Privacy Policy