#foswiki 2016-09-20,Tue

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)

WhoWhatWhen
BhargavaSanaHi gac410: Finally, I got hold of the login information in our current wiki setup
as you suspected, it is ldap authentication
$Foswiki::cfg{LoginManager} = 'Foswiki::LoginManager::LdapApacheLogin';
[00:18]
FoswikiBothttps://trunk.foswiki.org/System/PerlDoc?module=Foswiki::LoginManager::LdapApacheLogin [00:18]
BhargavaSana$Foswiki::cfg{UserMappingManager} = 'Foswiki::Users::LdapUserMapping'; $Foswiki::cfg{PasswordManager} = 'Foswiki::Users::LdapPasswdUser'; [00:19]
FoswikiBothttps://trunk.foswiki.org/System/PerlDoc?module=Foswiki::Users::LdapUserMapping https://trunk.foswiki.org/System/PerlDoc?module=Foswiki::Users::LdapPasswdUser [00:19]
gac410Hm okay you are stepping outside my knowledge. [00:19]
BhargavaSanaI dont see LdapApacheLogin as an option in login manager in configure [00:21]
gac410You need to install LdapContrib (I think) ...
You may also need LdapNGPlugin NewUserContrib, ... not really sure. Need to see what's installed on your old system.
[00:22]
BhargavaSanaAlright, the best way to get a list of all plugins in the old system is logging in as admin and navigating to config page, right? [00:27]
gac410Look at System/InstalledPlugins.. That will show you the *enabled* plugins those are the more important
It will also list all "Contribs" ... which is really a search of any topics in System web ending with "Contrib"
[00:28]
BhargavaSanaSure
I am having to get this info indirectly because I cannot get access admin access credentials to our current system which would expose a lot of other information to me
[00:29]
gac410Typically InstalledPlugin isn't an admin pag.
e
[00:30]
BhargavaSanagreat! I was able to access the page [00:32]
gac410I guarantee you when you get into the data migration, you will HAVE to be able to review the topic contents. The conversion from ISO-8859-1 and/or CP1252 or whatever old data you have will need review of the utf8/ unicode converted data to figure out questionable data. [00:32]
BhargavaSanaI will go ahead and install all these plugins
Right. I remember you cautioning me about it.
[00:32]
gac410You may also need to review ACLs we have a tool to do it, but ... stuff needs to be inspected / verified. (Conversion of "Empty" DENY rules into ALLOW * format) [00:34]
.............. (idle for 1h7mn)
***ChanServ sets mode: +o Lynnwood [01:41]
................................. (idle for 2h42mn)
GithubBot[distro] gac410 pushed 1 new commit to Item13897: https://git.io/viymO
distro/Item13897 0426516 George Clark: Item13897: Merge branch 'master' into Item13897...
[04:23]
***GithubBot has left [04:23]
FoswikiBothttps://foswiki.org/Tasks/Item13897 [ Item13897: Implement ImproveOOModel proposal. ] [04:23]
.................... (idle for 1h37mn)
***ChanServ sets mode: +o CDot [06:00]
........................ (idle for 1h55mn)
ChanServ sets mode: +o MichaelDaum [07:55]
..................................................... (idle for 4h24mn)
ChanServ sets mode: +o gac410 [12:19]
............. (idle for 1h0mn)
foswiki_irc8Hello
a couple of days ago I wrote the question https://foswiki.org/Support/Question1819
but no updates/comments on the question so far, would you please let me know if there is any internal issue if I use firstname.lastname (yes, with dot within the user name) as login method for Foswiki?
[13:19]
.... (idle for 16mn)
Colasfoswiki_irc8, it should work OK if you use firstname.lastname as "logins", an additiona field on registration, different from the WikiName
In the configuration:
#---++ Registration
# Registration is the process by which new users register themselves with
# Foswiki.
# **BOOLEAN LABEL="Allow Login Names"**
# If you want users to be able to use a login ID other than their
# wikiname, you need to turn this on. It controls whether the 'LoginName'
# box appears during the user registration process, and is used to tell
# the User Mapping module whether to map login names to wikinames or not
# (if it supports mappings, that is).
#
# Note: TopicUserMapping stores the login name in the WikiUsers topic.
# Changing this value on a system with established users can cause login
# issues.
$Foswiki::cfg{Register}{AllowLoginName} = $FALSE;
[13:36]
GustavoSchroederhmm, very good information Colas
means I can make use of the existing LDAP/AD database with fisrtname.lastname
[13:38]
Colasthen users can log with either the WikiName or the login
ah, with LDAP it is even simpler
[13:39]
GustavoSchroederand make Foswiki do the user mapping to correctly form the WikiName to login [13:39]
Colasjust use the LdapContrib, and this will be handled automatically
you must configure the LdapContrib to tell it what LDAP field to use for login
[13:39]
GustavoSchroederyup, that was my Question1819
wright, I did take a look at LdapContrib
[13:40]
Colasah ok, reading Question1819. yes, it works. We use LDAP here at IBM with the login being the email (lie you I guess) [13:41]
GustavoSchroederand found the WikiNameAttributes var that will serve to form the correct WikiName for each fisrt.last@domain user [13:41]
Colass/lie/like/ [13:41]
GustavoSchroederhmm, sounds good
that was my next question
I shall make use of LdapContrib to such integration
[13:41]
Colasyep, LDapContrib will make things work the way youe xpected [13:42]
GustavoSchroederand once connected to the ldap db, can the user login with WikiName? or using the email as you stated before? [13:42]
Colasyou can use both [13:43]
GustavoSchroederI think perhaps both, with the ability to choose [13:43]
Colasnote that you can even use LDAP groups also, just like native WikiGroups [13:43]
GustavoSchroederawesome, that will make things even simpler [13:44]
Colasyes. The only problem is when data in your LDAP is messy and people get weird WikiNames since Foswiki will build a WikiName from the LDAP fields [13:44]
GustavoSchroedercorrect, I was thinking about that at first hand
and having a look at what we have in the ldap db as first name and 'sn' (surname)
[13:45]
ColasFor instance some braindead HR added "(Contractor)" in the LDAP names...
and with 400.000 employees, we have a lot of braindead HRs :-)
I dont know if you have the powers to enfore a cleanup of the LDAP
[13:45]
GustavoSchroeder:-)
not even a brain damage
It's a heck of a braindead man!
[13:47]
Colas:-) [13:48]
GustavoSchroederyes, I have the conditions to correct the ldap db [13:48]
Colasthen everything should be fine [13:49]
GustavoSchroederand that shall be the first step, to normalize cn + sn
in the way the we match the correct wiki names
[13:49]
Colasthat will be nice [13:49]
GustavoSchroederhmm, now how about if I already have an existing local wikiname called GustavoSchroeder
and once I integrate with ldap contrib, of course the wikiname is going to clash
but will the user be able to login even with clashing wikiname?
I did search a lot, but couldn't find on the docs if this kind of scenario will work
I think that the local user name should be overriden with the ldap auth, but really not sure about it
if you have any hint about it I appreciate
otherwise will connect to the ldap db and warn the users we'll face some turbulence for the next couple of hours :-)
[13:50]
ColasI guess it should work. You will log with your email, the LdapContrib will find you in LDAP, buiild the wikiName, and find your existing user page and everything should work
the turbulence will happen if the old wikiname is not the same. Then the user will have 2 accounts
[13:58]
GustavoSchroederhmm, that makes the normalization step a must ;-)
thanks a lot for the help Colas, I will continue with planning and other steps to integrate such a great software to our company's ldap db
[14:00]
Colasyep, and rest assured that once you are a bit familliar with Foswiki, you will see that it can be tweaked to adapt to a lot of situations
This adaptability is what makes it a bit hard for the first timer, too many variables, and it is hard to properly document such a flexible tool
[14:02]
GustavoSchroederI fully agree
I have been using foswiki for +8y
[14:04]
Colasoops, ok :-) [14:05]
GustavoSchroederand previously at EDS used Twiki for a while
the flexibility provided by Foswiki is excelent
on one hand it's hard to document
on the other, it provides greater control and ability to adapt
which for example other wikis do not
my opinion is that Foswiki is rock solid and should continue on such a path...
the path to the Unix enlightment as described by Master Foo at Eric Raymond's "Rootless root" saga!
[14:05]
Colasyes. I have been using it since 2000 first at ILOG, then now at IBM when it acquired ILOG in 2009. It has now about 60,000 pages and 60,000 attachments... [14:09]
GustavoSchroederhmm, I do not have the experience of such a heavy user base load
stats are mainly around less than 1000 topics/attachs
does it works flawless with that load of pages/users? or you guys find some issues poping around once a while?
[14:10]
ColasNo big issues. The WikiUsers topics is a bit long to display (~1mn) but this is not often used. The global searches are slow, of course, so I recommend using a separate web search engine for such big sites. We used a Google Appliance at some time, no are using IBM serach engine.
we used before google an open source search engine, aspseek, now called mnogosearch
There is a great search engine now, Solr/Lucene, that is provided as a foswiki addon
[14:16]
...... (idle for 25mn)
GustavoSchroederI have same issue here with search Colas
some blessed braindead folks like to create tons of different webs
and regardless of the arguments that it will make things slow it's braindead you know ;-)
[14:42]
....... (idle for 30mn)
will take a look at Solr/Lucene, thanks for the hint :D [15:13]
gone for good
thanks a lot
[15:20]
......................... (idle for 2h4mn)
***ChanServ sets mode: +o Lynnwood__ [17:24]
..... (idle for 23mn)
ChanServ sets mode: +o Lynnwood
ChanServ sets mode: +o Lynnwood__
[17:47]
.................. (idle for 1h27mn)
BhargavaSanaHi All, I am trying to register first user in the bootstrap process
But I setup ldap authentication in configure
When I put in details for the new user and try to save it, an authentication dialog pops up
I dont know what to put in it, nothing is working
should I set Template Login authentication before registering first user
?
Thank you!
[19:17]
.... (idle for 16mn)
gac410BhargavaSana: If you've got ldap auth working, you should be able to authenticate without needing to register a user.
You say "in the bootstrap process" but if you've saved the configuration using bin/configure, then bootstrap is done. ... not used again.
So in bin/configure, you should have set a "super user password" ... which is in the security/auth Passwords sub-tab. That password can let you log in with a special ID of "admin" using that password.
That should work even if your ldap auth is all messed up.
[19:35]
BhargavaSanaHi gac410: I did not set "Internal Admin Password:" because it said "it is no longer recommended per good security practices"
I am still trying to setup ldap auth
[19:38]
gac410hm... well, it's good to have it at least initially. [19:39]
BhargavaSanaSure
I will go ahead and set it
[19:39]
gac410Especially for something like ldap where you can't get logged on if the ldap connection breaks. And you can't fix it ;) [19:39]
BhargavaSanaUnderstood, I set it up now :)
So, I need not register my first user and add to admingroup?
[19:40]
gac410right. that admin / secret password ... will work for now. Use that to get in and run configure. that way you can debug ldap and get that running.
unfortunately I'm completely in the dark with ldap.
[19:41]
BhargavaSanaGreat, I will not worry about the warning - "Don't close your browser until you've completed the configuration process and registered your first user."
Regarding ldap, I just looking at current apache config and trying to replicate it
hopefully it works
[19:43]
gac410gotta step away again. ... [19:45]
BhargavaSanathank you! [19:45]
.................... (idle for 1h35mn)
Hello
Could anyone please help me with following ldap errors?
[Tue Sep 20 14:13:36.409659 2016] [cgi:error] [pid 25142] [client 127.0.0.1:58115] AH01215: - LdapContrib - called refreshUsersCache(cn=Users,dc=sfcta,dc=org), referer: http://localhost/bin/view/System/BeginnersStartHere
[Tue Sep 20 14:13:36.412640 2016] [cgi:error] [pid 25142] [client 127.0.0.1:58115] AH01215: - LdapContrib - reading users from cache with page size=500, referer: http://localhost/bin/view/System/BeginnersStartHere
[Tue Sep 20 14:13:36.413162 2016] [cgi:error] [pid 25142] [client 127.0.0.1:58115] AH01215: - LdapContrib - called search(filter=objectClass=user, base=cn=Users,dc=sfcta,dc=org, scope=sub, sizelimit=0, attrs=sAMAccountName,mail,gidNumber,cn), referer: http://localhost/bin/view/System/BeginnersStartHere
[Tue Sep 20 14:13:36.417669 2016] [cgi:error] [pid 25142] [client 127.0.0.1:58115] AH01215: - LdapContrib - error in search: failed to connect to files: Name or service not known, referer: http://localhost/bin/view/System/BeginnersStartHere
[21:20]
....... (idle for 32mn)
[Tue Sep 20 14:52:28.602440 2016] [cgi:error] [pid 25709] [client 127.0.0.1:58209] AH01215: - LdapContrib - cacheAge=1157, maxCacheAge=86400, lastUpdate=1474407191, refresh=0, referer: http://localhost/bin/view/Main/WebHome [21:54]

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)