Thread:Extension talk:LDAP Authentication/Does not use real ldap uid when checking groups, but wikified uid (2)

I am using Mediawiki 1.14.1 with the latest stable LDAP authentication extension to authenticate against a Linux OpenLDAP server. The basic authentication works fine, however, as soon as I add group checking like this, it does not work anymore:

$wgLDAPRequiredGroups = array( "AI"=>array("cn=wikiusers,ou=Groups,dc=mydomain,dc=com") ); $wgLDAPGroupUseFullDN = array( "AI"=>false ); $wgLDAPGroupObjectclass = array( "AI"=>"posixgroup" ); $wgLDAPGroupAttribute = array( "AI"=>"memberuid" ); $wgLDAPGroupSearchNestedGroups = array( "AI"=>false ); $wgLDAPGroupNameAttribute = array( "AI"=>"cn" );

Looking in the slapd logs, I see this:

Nov 16 12:03:51 arti2 slapd[20513]: conn=184 fd=41 ACCEPT from IP=123.123.123.123:47086 (IP=0.0.0.0:636) Nov 16 12:03:51 arti2 slapd[20513]: conn=184 fd=41 TLS established tls_ssf=128 ssf=128 Nov 16 12:03:51 arti2 slapd[20513]: conn=184 op=0 BIND dn="" method=128 Nov 16 12:03:51 arti2 slapd[20513]: conn=184 op=0 RESULT tag=97 err=0 text= Nov 16 12:03:51 arti2 slapd[20513]: conn=184 op=1 SRCH base="dc=mydomain,dc=com" scope=2 deref=0 filter="(uid=username)" Nov 16 12:03:51 arti2 slapd[20513]: conn=184 op=1 SRCH attr=* Nov 16 12:03:51 arti2 slapd[20513]: conn=184 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Nov 16 12:03:51 arti2 slapd[20513]: conn=184 op=2 BIND dn="uid=username,ou=People,dc=mydomain,dc=com" method=128 Nov 16 12:03:51 arti2 slapd[20513]: conn=184 op=2 BIND dn="uid=username,ou=People,dc=mydomain,dc=com" mech=SIMPLE ssf=0 Nov 16 12:03:51 arti2 slapd[20513]: conn=184 op=2 RESULT tag=97 err=0 text= Nov 16 12:03:51 arti2 slapd[20513]: conn=184 op=3 SRCH base="dc=mydomain,dc=com" scope=2 deref=0 filter="(&(memberUid=Username)(objectClass=posixGroup))" Nov 16 12:03:51 arti2 slapd[20513]: conn=184 op=3 SEARCH RESULT tag=101 err=0 nentries=0 text=

Notice that it uses the wikified uid as memberUid when looking up the groups. If I check this query with ldapsearch, no results are indeed returned with the capitalized name, however changing the first letter to lower case, makes the query work correctly.