Thread:Extension talk:LDAP Authentication/Cannot get Group based login restriction to work

We are running an OpenLDAP server. My username in ldap is 'jake'. The DN for me is "uid=jake,ou=People,dc=ourdomain,dc=com". I am able to successfully login using the basic LDAP settings.

However when I attempt to add in Group Based Login Restriction options to the mix, I cannot login. I made the following group in LDAP:

cn=wiki,ou=Group,dc=ourdomain,dc=com

I added myself, jake, as the only user to this domain. In LocalSettings.php I added:

$wgLDAPRequiredGroups = array( "OurDomain"=>array( "cn=wiki,ou=group,dc=ourdomain,dc=com" ) );

When I attempt a login, the debug logs spits this out:

2010-04-21 23:28:45 mediawiki: Entering validDomain 2010-04-21 23:28:45 mediawiki: User is using a valid domain. 2010-04-21 23:28:45 mediawiki: Setting domain as: OurDomain 2010-04-21 23:28:45 mediawiki: Entering getCanonicalName 2010-04-21 23:28:45 mediawiki: Username isn't empty. 2010-04-21 23:28:45 mediawiki: Munged username: Jake 2010-04-21 23:28:45 mediawiki: Entering authenticate 2010-04-21 23:28:45 mediawiki: 2010-04-21 23:28:45 mediawiki: Entering Connect 2010-04-21 23:28:45 mediawiki: Using TLS or not using encryption. 2010-04-21 23:28:45 mediawiki: Using servers:  ldap://ldap.ourdomain.com 2010-04-21 23:28:45 mediawiki: Connected successfully 2010-04-21 23:28:45 mediawiki: Entering getSearchString 2010-04-21 23:28:45 mediawiki: Doing a straight bind 2010-04-21 23:28:45 mediawiki: userdn is: uid=Jake,ou=people,dc=ourdomain,dc=com 2010-04-21 23:28:45 mediawiki: 2010-04-21 23:28:45 mediawiki: Binding as the user 2010-04-21 23:28:45 mediawiki: Bound successfully 2010-04-21 23:28:45 mediawiki: Entering getGroups 2010-04-21 23:28:45 mediawiki: Retrieving LDAP group membership 2010-04-21 23:28:45 mediawiki: Searching for the groups 2010-04-21 23:28:45 mediawiki: Entering searchGroups 2010-04-21 23:28:45 mediawiki: Entering getBaseDN 2010-04-21 23:28:45 mediawiki: basedn is ou=group,dc=ourdomain,dc=com 2010-04-21 23:28:45 mediawiki: Search string: (&(=Jake)(objectclass=)) 2010-04-21 23:28:45 mediawiki: No entries returned from search. 2010-04-21 23:28:45 mediawiki: Entering checkGroups 2010-04-21 23:28:45 mediawiki: Checking for (new style) group membership 2010-04-21 23:28:45 mediawiki: Required groups: cn=wiki,ou=group,dc=ourdomain,dc=com 2010-04-21 23:28:45 mediawiki: Couldn't find the user in any groups. 2010-04-21 23:28:45 mediawiki: Entering strict. 2010-04-21 23:28:45 mediawiki: Returning true in strict. 2010-04-21 23:28:45 mediawiki: Entering allowPasswordChange 2010-04-21 23:28:45 mediawiki: Entering modifyUITemplate

So what is the problem? You can see that the plugin finds the ldap server, then it finds me, then it can't find me in the group, even though I am clearly in the group on the LDAP server. I'm the only user in the group.