MediaWiki 1.18.1
PHP 5.3.6 (cgi-fcgi)
MySQL 5.5.12
LdapAuthentication-trunk-r108179
Windows 2008R2 AD
Sometimes I got error:
Warning: ldap_start_tls(): Unable to start TLS: Can't contact LDAP server in LdapAuthentication.php on line 577
After relogon to wiki this text disappear. In configuration $wgLDAPEncryptionType = array('VG' => 'clear');
Small addition. In debug.log I see:
2012-01-13 06:21:56 WikiVG: 2.0a Using servers:
With empty server.
After relogin to wiki in new strings I see:
2012-01-13 06:21:40 WikiVG: 2.0a Using servers: ldap://vs-dc-16-2.vg.local:389
But after small time (about 5 min) I will get error again.
Have you tried applying this patch? MediaWiki 1.18 has a bug that messes up ldap user sessions.
This patch not fix my problem. I've got same error after small time after relogin.
I have the same problem. I am also wondering why it reconnects to the ldap server every time a new page loads. Shouldn't the session stay active?
Here's the end of a XDebug stack trace with the relevant info. Any ideas?
[10-Feb-2012 06:03:12] PHP 13. User::newFromName($name = 'Josh', $validate = *uninitialized*)
C:\Apache2.2\htdocs\includes\resourceloader\ResourceLoaderUserGroupsModule.php:35
[10-Feb-2012 06:03:12] PHP 14. User::getCanonicalName($name = 'Josh', $validate = 'valid')
C:\Apache2.2\htdocs\includes\User.php:361
[10-Feb-2012 06:03:12] PHP 15. LdapAuthenticationPlugin->getCanonicalName($username = 'Josh')
C:\Apache2.2\htdocs\includes\User.php:770
[10-Feb-2012 06:03:12] PHP 16. LdapAuthenticationPlugin->connect($domain = *uninitialized*)
C:\Apache2.2\htdocs\extensions\LdapAuthentication\LdapAuthentication.php:1172
[10-Feb-2012 06:03:12] PHP 17. ldap_start_tls(resource(247) of type (ldap link))
C:\Apache2.2\htdocs\extensions\LdapAuthentication\LdapAuthentication.php:577This is the same issue I reported in this thread, and while this patch did fix part of my issue, I'm still getting this error when searching or clicking any "redlink" pages while NOT logged in. Once I log in, the errors go away (for me). I also tried installing LDAP Authentication r108775 without improvement.
I still have high hopes that Ryan will be able to figure it out!
I'm running 1.18.1 and am getting this exact error from time to time. I haven't figured out the pattern, but I AM using the latest TRUNK version of the LDAP Extension (R108775) due to other issues with R90286. This was not happening with R90286...
This is definitely a large issue with our deployment since EVERY user sees the errors occasionally, whereas with R90286 we had errors only on the login page. Thoughts? And thanks for what has generally been a really stable and helpful extension for the past 7 years (for us at least!)
This post was posted by JonathanKing~mediawikiwiki, but signed as JonathanKing.
I can replicate this. It's due to the getCanonicalName change I made. I'm looking into it.
Well, there's a bigger problem in play here. MediaWiki's authentication code stupidly uses the same function for user names and page titles. So, when a redlink is clicked, it will cause an LDAP lookup. I've worked around the issue for anons in r112471. Logged in users will still trigger an LDAP lookup for every redlink click, unless apc or memcache is being used for caching.
I'll try to fix this somehow in MediaWiki core in a way that's hopefully less terrible.
Ryan, thanks for looking into this. Where can I get r112471? And how long do you think it'll be before a comprehensive fix is in place?
This post was posted by JonathanKing~mediawikiwiki, but signed as JonathanKing.
It'll probably be quite a while before the MediaWiki core fix. r112471 is simply a revision in svn. If you get the trunk version of the extension, you'll have that revision.
Any news on this bug? In the meantime, does anyone know how I can prevent the error from displaying to the user? Any assistance would be most appreciated.
Thanks!
I have a feeling this is related to the "Remember me" check box at login. Most (if not all) users that receive the error have used that checkbox. When I ask users to not use that option (and re-login), they never get the error. I've looked for a way to disable that checkbox, but that's just a bandaid solution, and I'm not happy with that. I'm hoping this helps!