Description
I installed moinmoin from Debian 5.0 (python-moinmoin 1.7.1-3+lenny2) as am wiki farm. One moinmoin instance work with LDAP Authentication again an AD. With the Firefox it works fine. But with the Internet Explorer V6 und V7 it's possible to login, but when i try to edit any page, i logged automatic out.
Steps to reproduce
- install moinmoin 1.7 via apt-get
- create an moinmoin farm instance.
- configure authentication again LDAP (/usr/share/doc/python-moinmoin/examples/config/more_samples/ldap_wikiconfig_snippet.gz)
- connect via Internet Explorer. Log in and try to edit an page.
Example
Component selection
- general
Details
MoinMoin Version |
1.7.1 |
OS and Version |
Debian 5.0 |
Python Version |
2.5.2 |
Server Setup |
apache 2.2.9 |
Server Details |
CGI |
Language you are using the wiki in (set in the browser/UserPreferences) |
german |
Workaround
Discussion
That doesn't sound like a ldap auth problem (you ARE logged in for a single page, right?), but rather like IE having a problem to keep the session. Moin keeps the session using the MOIN_SESSION cookie, please check that. maybe delete it and log in again.
I think that's an Internet Explorer Problem, too. But without LDAP Authentication it works. I have removed all MOIN_Session cookies from data/cache/common/session Directory. But it do not help. I also cleared Cookies on Browser Side.
I made an upgrade to 1.8.4. But still the same Problem. I have attached now my
1 # -*- coding: iso-8859-1 -*-
2 # IMPORTANT! This encoding (charset) setting MUST be correct! If you live in a
3 # western country and you don't know that you use utf-8, you probably want to
4 # use iso-8859-1 (or some other iso charset). If you use utf-8 (a Unicode
5 # encoding) you MUST use: coding: utf-8
6 # That setting must match the encoding your editor uses when you modify the
7 # settings below. If it does not, special non-ASCII chars will be wrong.
8
9 """
10 This is a sample config for a wiki that is part of a wiki farm and uses
11 farmconfig for common stuff. Here we define what has to be different from
12 the farm's common settings.
13 """
14
15 # we import the FarmConfig class for common defaults of our wikis:
16 from farmconfig import FarmConfig
17
18 # now we subclass that config (inherit from it) and change what's different:
19 class Config(FarmConfig):
20
21 # basic options (you normally need to change these)
22 sitename = u'Internes EDV Wiki' # [Unicode]
23 interwikiname = 'Internes EDV Wiki'
24
25 # name of entry page / front page [Unicode], choose one of those:
26
27 # a) if most wiki content is in a single language
28 #page_front_page = u"MyStartingPage"
29
30 # b) if wiki content is maintained in many languages
31 page_front_page = u"FrontPage"
32
33 data_dir = '/var/lib/moin/edv_intern-wiki/data/'
34
35 # The GUI WYSISYG editor is not installed with Debian.
36 # See /usr/share/doc/$(cdbs_curpkg)/README.Debian for more info
37 editor_force = True
38 editor_default = 'text' # internal default, just for completeness
39
40 theme_default = 'mandarin'
41
42 acl_rights_before = u"Known:admin,read,write,delete,revert"
43 acl_rights_default = u"-All:read"
44
45 from MoinMoin.auth.ldap_login import LDAPAuth
46 ldap_authenticator1 = LDAPAuth(
47 # the values shown below are the DEFAULT values (you may remove them if you are happy with them),
48 # the examples shown in the comments are typical for Active Directory (AD) or OpenLDAP.
49 server_uri='ldap://x.x.x.x:3268', # ldap / active directory server URI
50 # use ldaps://server:636 url for ldaps,
51 # use ldap://server for ldap without tls (and set start_tls to 0),
52 # use ldap://server for ldap with tls (and set start_tls to 1 or 2).
53 bind_dn='cn=LDAPAuth,ou=Dienste-Konten,ou=Admin-Dienste,dc=YYLAN,dc=DE', # We can either use some fixed user and password for binding to LDAP.
54 # Be careful if you need a % char in those strings - as they are used as
55 # a format string, you have to write %% to get a single % in the end.
56 #bind_dn = 'binduser@example.org' # (AD)
57 #bind_dn = 'cn=admin,dc=example,dc=org' # (OpenLDAP)
58 #bind_pw = 'secret'
59 # or we can use the username and password we got from the user:
60 #bind_dn = '%(username)s@example.org' # DN we use for first bind (AD)
61 #bind_pw = '%(password)s' # password we use for first bind
62 # or we can bind anonymously (if that is supported by your directory).
63 # In any case, bind_dn and bind_pw must be defined.
64 bind_pw='XXxxXX',
65 base_dn='dc=YYLAN,dc=DE', # base DN we use for searching
66 #base_dn = 'ou=SOMEUNIT,dc=example,dc=org'
67 scope=2, # scope of the search we do (2 == ldap.SCOPE_SUBTREE)
68 referrals=0, # LDAP REFERRALS (0 needed for AD)
69 search_filter='(&(sAMAccountName=%(username)s)(memberOf=CN=EDV_intern-Wiki,OU=Gruppen,OU=RS,DC=XXxxXX,DC=DE))', # ldap filter used for searching:
70 #search_filter = '(sAMAccountName=%(username)s)' # (AD)
71 #search_filter = '(uid=%(username)s)' # (OpenLDAP)
72 # you can also do more complex filtering like:
73 # "(&(cn=%(username)s)(memberOf=CN=WikiUsers,OU=Groups,DC=example,DC=org))"
74 # some attribute names we use to extract information from LDAP (if not None,
75 # if None, the attribute won't be extracted from LDAP):
76 givenname_attribute='givenname', # often 'givenName' - ldap attribute we get the first name from
77 surname_attribute='sn', # often 'sn' - ldap attribute we get the family name from
78 aliasname_attribute='displayName', # often 'displayName' - ldap attribute we get the aliasname from
79 email_attribute='mail', # often 'mail' - ldap attribute we get the email address from
80 email_callback=None, # callback function called to make up email address
81 coding='utf-8', # coding used for ldap queries and result values
82 timeout=10, # how long we wait for the ldap server [s]
83 start_tls=0, # usage of Transport Layer Security 0 = No, 1 = Try, 2 = Required
84 tls_cacertdir='',
85 tls_cacertfile='',
86 tls_certfile='',
87 tls_keyfile='',
88 tls_require_cert=0, # 0 == ldap.OPT_X_TLS_NEVER (needed for self-signed certs)
89 bind_once=False, # set to True to only do one bind - useful if configured to bind as the user on the first attempt
90 )
91
92 auth = [ldap_authenticator1, ] # this is a list, you may have multiple ldap authenticators
93 # as well as other authenticators
94
95 cookie_lifetime = 1 # 1 hour after last access ldap login is required again
96 user_autocreate = True
97
98 # customize user preferences (optional, see MoinMoin/config/multiconfig for internal defaults)
99 # you maybe want to use user_checkbox_remove, user_checkbox_defaults, user_form_defaults,
100 # user_form_disable, user_form_remove.
OK, I had a quick look. I didn't find the session problem, but you maybe want to have a look at your ACL configuration, the default acl looks strange. I'll have a look at the code later. If I don't find a bug there, maybe you can prepare debug auth logging meanwhile (see wiki/config/logging/logfile_debug_auth) meanwhile, so we can get more infos from the running system. Please also add debug logging for MoinMoin.session module. -- ThomasWaldmann 2009-07-23 11:35:00
Plan
- Priority:
- Assigned to:
- Status: