User-name mapping configuration hook doesn't work

Jump to: navigation, search

Hello

MediaWiki 1.18.0 PHP 5.3.8 (cgi-fcgi) LDAPAuthentication: trunk (r108101)

User-name mapping configuration hook doesn't work as expected. I assume this feature enables the wiki to display a different username while using another id for LDAP authentication.

I setup the extension so users can log in to the wiki with their LDAP username and display their e-mail address as their Username. However, the extension tries to authenticate with hooked username instead of LDAP username.

In the log, the first time it performs the search with my LDAP ID (sAMAccountName=myLDAPid) but the second time, it performs with hooked username (sAMAccountName=Yuryu).

Is this expected?

from LocalSettings.php:

require_once( "$IP/extensions/LdapAuthentication/LdapAuthentication.php" );

$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDomainNames = array( 'mydomain' );
$wgLDAPServerNames = array( 'mydomain' => 'domain.example.com' );
$wgLDAPSearchAttributes = array( 'mydomain' => 'sAMAccountName' );
$wgLDAPBaseDNs = array( 'mydomain' => 'DC=domain,DC=example,DC=com' );
$wgLDAPEncryptionType = array( 'mydomain' => 'clear' );
$wgLDAPUseLocal = false;
$wgMinimalPasswordLength = 6;
$wgLDAPProxyAgent =  array( 'mydomain' => 'CN=search,OU=Users,DC=domain,DC=example,DC=com' );
$wgLDAPProxyAgentPassword = array( 'mydomain' => 'password' );

$wgLDAPPreferences = array( "mydomain"=>array( "email"=>"mail", "realname"=>"displayname","nickname"=>"givenname") );

$wgLDAPDebug = 2;
$wgDebugLogGroups["ldap"] = "c:/windows/temp/mwldap.log";

$wgHooks['SetUsernameAttributeFromLDAP'][] = 'SetUsernameAttribute';
 
function SetUsernameAttribute(&$LDAPUsername, $info) {
        $mail_user = explode('@', $info[0]['mail'][0]);
        $LDAPUsername = $mail_user[0];
        return true;
}

Log (stripped):

2012-01-05 08:02:33  mediawiki-mw_: 2.0a Entering validDomain
2012-01-05 08:02:33  mediawiki-mw_: 2.0a User is using a valid domain (mydomain).
2012-01-05 08:02:33  mediawiki-mw_: 2.0a Setting domain as: mydomain
2012-01-05 08:02:33  mediawiki-mw_: 2.0a Entering getCanonicalName
2012-01-05 08:02:33  mediawiki-mw_: 2.0a Username isn't empty.
2012-01-05 08:02:33  mediawiki-mw_: 2.0a Entering Connect
2012-01-05 08:02:33  mediawiki-mw_: 2.0a Using TLS or not using encryption.
2012-01-05 08:02:33  mediawiki-mw_: 2.0a PHP's LDAP connect method returned true (note, this does not imply it connected to the server).
2012-01-05 08:02:33  mediawiki-mw_: 2.0a Entering getUserDN
2012-01-05 08:02:33  mediawiki-mw_: 2.0a Doing a proxy bind
2012-01-05 08:02:33  mediawiki-mw_: 2.0a Created a regular filter: (sAMAccountName=myLDAPid)
2012-01-05 08:02:33  mediawiki-mw_: 2.0a Entering getBaseDN
2012-01-05 08:02:33  mediawiki-mw_: 2.0a basedn is not set for this type of entry, trying to get the default basedn.
2012-01-05 08:02:33  mediawiki-mw_: 2.0a Entering getBaseDN
2012-01-05 08:02:33  mediawiki-mw_: 2.0a Using base: DC=domain,DC=example,DC=com
2012-01-05 08:02:33  mediawiki-mw_: 2.0a Username munged by hook: yuryu
2012-01-05 08:02:33  mediawiki-mw_: 2.0a Using LDAPUsername: yuryu
2012-01-05 08:02:33  mediawiki-mw_: 2.0a Munged username: Yuryu
2012-01-05 08:02:33  mediawiki-mw_: 2.0a Entering getCanonicalName
2012-01-05 08:02:33  mediawiki-mw_: 2.0a Username isn't empty.
2012-01-05 08:02:33  mediawiki-mw_: 2.0a Entering Connect
2012-01-05 08:02:33  mediawiki-mw_: 2.0a Using TLS or not using encryption.
2012-01-05 08:02:33  mediawiki-mw_: 2.0a Using servers:  ldap://domain.example.com:389
2012-01-05 08:02:33  mediawiki-mw_: 2.0a PHP's LDAP connect method returned true (note, this does not imply it connected to the server).
2012-01-05 08:02:33  mediawiki-mw_: 2.0a Entering getUserDN
2012-01-05 08:02:33  mediawiki-mw_: 2.0a Doing a proxy bind
2012-01-05 08:02:33  mediawiki-mw_: 2.0a Created a regular filter: (sAMAccountName=Yuryu)
2012-01-05 08:02:33  mediawiki-mw_: 2.0a Entering getBaseDN
2012-01-05 08:02:33  mediawiki-mw_: 2.0a basedn is not set for this type of entry, trying to get the default basedn.
2012-01-05 08:02:33  mediawiki-mw_: 2.0a Entering getBaseDN
2012-01-05 08:02:33  mediawiki-mw_: 2.0a Using base: DC=domain,DC=example,DC=com2012-01-05 08:02:33  mediawiki-mw_: 2.0a Couldn't find an entry
2012-01-05 08:02:33  mediawiki-mw_: entering SetUsernameAttribute
2012-01-05 08:02:33  mediawiki-mw_: LDAPUsername = yuryu
2012-01-05 08:02:33  mediawiki-mw_: 2.0a Username munged by hook: yuryu
2012-01-05 08:02:33  mediawiki-mw_: 2.0a Using LDAPUsername: yuryu
2012-01-05 08:02:33  mediawiki-mw_: 2.0a Munged username: Yuryu
2012-01-05 08:02:33  mediawiki-mw_: 2.0a Entering getCanonicalName
2012-01-05 08:02:33  mediawiki-mw_: 2.0a Username isn't empty.
2012-01-05 08:02:33  mediawiki-mw_: 2.0a Fetched userInfo from memcache.
2012-01-05 08:02:33  mediawiki-mw_: 2.0a Username matched a key in memcache, using the fetched name: Yuryu
2012-01-05 08:02:33  mediawiki-mw_: 2.0a Entering getCanonicalName
2012-01-05 08:02:33  mediawiki-mw_: 2.0a Username isn't empty.
2012-01-05 08:02:33  mediawiki-mw_: 2.0a Fetched userInfo from memcache.
2012-01-05 08:02:33  mediawiki-mw_: 2.0a Username matched a key in memcache, using the fetched name: Yuryu
2012-01-05 08:02:33  mediawiki-mw_: 2.0a Entering userExists
2012-01-05 08:02:33  mediawiki-mw_: 2.0a
2012-01-05 08:02:33  mediawiki-mw_: 2.0a Entering authenticate for username Yuryu
2012-01-05 08:02:33  mediawiki-mw_: 2.0a
2012-01-05 08:02:33  mediawiki-mw_: 2.0a Entering Connect
2012-01-05 08:02:33  mediawiki-mw_: 2.0a Using TLS or not using encryption.
2012-01-05 08:02:33  mediawiki-mw_: 2.0a Using servers:  ldap://domain.example.com:389
2012-01-05 08:02:33  mediawiki-mw_: 2.0a PHP's LDAP connect method returned true (note, this does not imply it connected to the server).
2012-01-05 08:02:33  mediawiki-mw_: 2.0a Entering getSearchString
2012-01-05 08:02:33  mediawiki-mw_: 2.0a Entering getUserDN
2012-01-05 08:02:33  mediawiki-mw_: 2.0a Doing a proxy bind
2012-01-05 08:02:33  mediawiki-mw_: 2.0a Created a regular filter: (sAMAccountName=Yuryu)
2012-01-05 08:02:33  mediawiki-mw_: 2.0a Entering getBaseDN
2012-01-05 08:02:33  mediawiki-mw_: 2.0a basedn is not set for this type of entry, trying to get the default basedn.
2012-01-05 08:02:33  mediawiki-mw_: 2.0a Entering getBaseDN
2012-01-05 08:02:33  mediawiki-mw_: 2.0a Using base: DC=domain,DC=example,DC=com
2012-01-05 08:02:33  mediawiki-mw_: 2.0a Couldn't find an entry
2012-01-05 08:02:33  mediawiki-mw_: 2.0a userdn is:
2012-01-05 08:02:33  mediawiki-mw_: 2.0a User DN is blank
2012-01-05 08:02:34  mediawiki-mw_: 2.0a Entering allowPasswordChange
2012-01-05 08:02:34  mediawiki-mw_: 2.0a Entering modifyUITemplate
Yuryu08:14, 5 January 2012

This is likely a bug due to refactoring in 2.0a. I'll try to test this and fix it soon.

Ryan lane19:01, 6 January 2012

This reproduced with r97560. I couldn't find any revision working with this feature enabled.

For the meantime, I decided to use the AD account name as the MediaWiki account name and deploy RealNames extension to display user's realname for convenience.

Thanks for your support.

Yuryu04:16, 12 January 2012
 
 
Retrieved from "http://www.mediawiki.org/wiki/Thread:Extension_talk:LDAP_Authentication/User-name_mapping_configuration_hook_doesn%27t_work#User-name_mapping_configuration_hook_doesn.27t_work_10755"
Personal tools

Variants
Actions
Navigation
Support
Download
Development
Communication
Toolbox