Thread:Extension talk:LDAP Authentication/Group Access not working

Hi

I try to connect it with my AD but it doesn't seem to be able find the user in the group "wiki". On my AD I have the following structure

Users - wiki (Global Domain Group) - my user

require_once( "$IP/extensions/LdapAuthentication/LdapAuthentication.php" ); $wgAuth = new LdapAuthenticationPlugin; $wgLDAPDomainNames = array( "DOMAIN" ); $wgLDAPServerNames = array( "DOMAIN" => "SRV.DOMAIN" ); $wgLDAPSearchStrings = array( "DOMAIN" => "DOMAIN\\USER-NAME" ); $wgLDAPEncryptionType = array( "DOMAIN" => "clear" ); $wgLDAPUseLocal = false; $wgMinimalPasswordLength = 1; $wgLDAPBaseDNs = array( "DOMAIN" => "dc=int,dc=DOM,dc=ch" ); $wgLDAPSearchAttributes = array( "DOMAIN" => "sAMAccountName" ); $wgLDAPRetrievePrefs = array( "DOMAIN" => "true" ); $wgLDAPDebug = 3; //for debugging LDAP $wgShowExceptionDetails = true; //for debugging MediaWiki $wgLDAPGroupSearchNestedGroups = array("DOMAIN"=>true); $wgLDAPRequiredGroups = array("DOMAIN"=>array("CN=wiki,OU=Users,DC=int,DC=DOMAIN,DC=com")); $wgLDAPGroupUseFullDN = array("DOMAIN"=>true); $wgLDAPGroupObjectclass = array("DOMAIN"=>'group'); $wgLDAPGroupAttribute = array("DOMAIN"=>'member'); $wgDebugLogGroups["ldap"] = "/var/tmp/ldap.log";

2011-03-17 10:58:19 wikidb-wiki_: Entering validDomain 2011-03-17 10:58:19 wikidb-wiki_: User is not using a valid domain. 2011-03-17 10:58:19 wikidb-wiki_: Setting domain as: invaliddomain 2011-03-17 10:58:19 wikidb-wiki_: Entering allowPasswordChange 2011-03-17 10:58:19 wikidb-wiki_: Entering modifyUITemplate 2011-03-17 10:58:23 wikidb-wiki_: Entering validDomain 2011-03-17 10:58:23 wikidb-wiki_: User is using a valid domain. 2011-03-17 10:58:23 wikidb-wiki_: Setting domain as: int.warex.ch 2011-03-17 10:58:23  wikidb-wiki_: Entering getCanonicalName 2011-03-17 10:58:23 wikidb-wiki_: Username isn't empty. 2011-03-17 10:58:23 wikidb-wiki_: Munged username: Csa 2011-03-17 10:58:23 wikidb-wiki_: Entering authenticate 2011-03-17 10:58:23 wikidb-wiki_: 2011-03-17 10:58:23 wikidb-wiki_: Entering Connect 2011-03-17 10:58:23 wikidb-wiki_: Using TLS or not using encryption. 2011-03-17 10:58:23 wikidb-wiki_: Using servers:  ldap://warexsvr04.int.warex.ch 2011-03-17 10:58:23  wikidb-wiki_: Connected successfully 2011-03-17 10:58:23 wikidb-wiki_: Entering getSearchString 2011-03-17 10:58:23 wikidb-wiki_: Doing a straight bind 2011-03-17 10:58:23 wikidb-wiki_: userdn is: WAREX\Csa 2011-03-17 10:58:23 wikidb-wiki_: 2011-03-17 10:58:23 wikidb-wiki_: Binding as the user 2011-03-17 10:58:23 wikidb-wiki_: Bound successfully 2011-03-17 10:58:23 wikidb-wiki_: Entering getUserDN 2011-03-17 10:58:23 wikidb-wiki_: Created a regular filter: (sAMAccountName=Csa) 2011-03-17 10:58:23 wikidb-wiki_: Entering getBaseDN 2011-03-17 10:58:23 wikidb-wiki_: basedn is not set for this type of entry, trying to get the default basedn. 2011-03-17 10:58:23 wikidb-wiki_: Entering getBaseDN 2011-03-17 10:58:23 wikidb-wiki_: basedn is dc=int,dc=warex,dc=ch 2011-03-17 10:58:23 wikidb-wiki_: Using base: dc=int,dc=warex,dc=ch 2011-03-17 10:58:23 wikidb-wiki_: Fetched username is not a string (check your hook code...). This message can be safely ignored if you do not have the SetUsernameAttributeFromLDAP hook defined. 2011-03-17 10:58:23 wikidb-wiki_: Pulled the user's DN: CN=Christian Sandrini,CN=Users,DC=int,DC=warex,DC=ch 2011-03-17 10:58:23 wikidb-wiki_: Entering getGroups 2011-03-17 10:58:23 wikidb-wiki_: Retrieving LDAP group membership 2011-03-17 10:58:23 wikidb-wiki_: Searching for the groups 2011-03-17 10:58:23 wikidb-wiki_: Entering searchGroups 2011-03-17 10:58:23 wikidb-wiki_: Entering getBaseDN 2011-03-17 10:58:23 wikidb-wiki_: basedn is not set for this type of entry, trying to get the default basedn. 2011-03-17 10:58:23 wikidb-wiki_: Entering getBaseDN 2011-03-17 10:58:23 wikidb-wiki_: basedn is dc=int,dc=warex,dc=ch 2011-03-17 10:58:23 wikidb-wiki_: Search string: (&(member=CN=Christian Sandrini,CN=Users,DC=int,DC=warex,DC=ch)(objectclass=group)) 2011-03-17 10:58:23 wikidb-wiki_: Returned groups: cn=domain admins,cn=users,dc=int,dc=warex,dc=ch::cn=g_p1000,cn=users,dc=int,dc=warex,dc=ch::cn=g_p1001,cn=users,dc=int,dc=warex,dc=ch::cn=g_p1002,cn=users,dc=int,dc=warex,dc=ch::cn=g_software,cn=users,dc=int,dc=warex,dc=ch::cn=g_warex,cn=users,dc=int,dc=warex,dc=ch::cn=g_warexfax,cn=users,dc=int,dc=warex,dc=ch::cn=wiki,cn=users,dc=int,dc=warex,dc=ch 2011-03-17 10:58:23 wikidb-wiki_: Entering searchNestedGroups 2011-03-17 10:58:23 wikidb-wiki_: Searching groups: cn=domain admins,cn=users,dc=int,dc=warex,dc=ch::cn=g_p1000,cn=users,dc=int,dc=warex,dc=ch::cn=g_p1001,cn=users,dc=int,dc=warex,dc=ch::cn=g_p1002,cn=users,dc=int,dc=warex,dc=ch::cn=g_software,cn=users,dc=int,dc=warex,dc=ch::cn=g_warex,cn=users,dc=int,dc=warex,dc=ch::cn=g_warexfax,cn=users,dc=int,dc=warex,dc=ch::cn=wiki,cn=users,dc=int,dc=warex,dc=ch 2011-03-17 10:58:23 wikidb-wiki_: Entering searchGroups 2011-03-17 10:58:23 wikidb-wiki_: Entering getBaseDN 2011-03-17 10:58:23 wikidb-wiki_: basedn is not set for this type of entry, trying to get the default basedn. 2011-03-17 10:58:23 wikidb-wiki_: Entering getBaseDN 2011-03-17 10:58:23 wikidb-wiki_: basedn is dc=int,dc=warex,dc=ch 2011-03-17 10:58:23 wikidb-wiki_: Search string: (&(member=cn=domain admins,cn=users,dc=int,dc=warex,dc=ch)(objectclass=group)) 2011-03-17 10:58:23 wikidb-wiki_: Returned groups: cn=administrators,cn=builtin,dc=int,dc=warex,dc=ch 2011-03-17 10:58:23 wikidb-wiki_: Group cn=domain admins,cn=users,dc=int,dc=warex,dc=ch is in the following groups: cn=administrators,cn=builtin,dc=int,dc=warex,dc=ch 2011-03-17 10:58:23 wikidb-wiki_: Adding cn=administrators,cn=builtin,dc=int,dc=warex,dc=ch to the list of groups (1) 2011-03-17 10:58:23 wikidb-wiki_: Adding  to the list of groups (2) 2011-03-17 10:58:23 wikidb-wiki_: Entering searchGroups 2011-03-17 10:58:23 wikidb-wiki_: Entering getBaseDN 2011-03-17 10:58:23 wikidb-wiki_: basedn is not set for this type of entry, trying to get the default basedn. 2011-03-17 10:58:23 wikidb-wiki_: Entering getBaseDN 2011-03-17 10:58:23 wikidb-wiki_: basedn is dc=int,dc=warex,dc=ch 2011-03-17 10:58:23 wikidb-wiki_: Search string: (&(member=cn=g_p1000,cn=users,dc=int,dc=warex,dc=ch)(objectclass=group)) 2011-03-17 10:58:23 wikidb-wiki_: Returned groups: 2011-03-17 10:58:23 wikidb-wiki_: Group cn=g_p1000,cn=users,dc=int,dc=warex,dc=ch is in the following groups: 2011-03-17 10:58:23 wikidb-wiki_: Entering searchGroups 2011-03-17 10:58:23 wikidb-wiki_: Entering getBaseDN 2011-03-17 10:58:23 wikidb-wiki_: basedn is not set for this type of entry, trying to get the default basedn. 2011-03-17 10:58:23 wikidb-wiki_: Entering getBaseDN 2011-03-17 10:58:23 wikidb-wiki_: basedn is dc=int,dc=warex,dc=ch 2011-03-17 10:58:23 wikidb-wiki_: Search string: (&(member=cn=g_p1001,cn=users,dc=int,dc=warex,dc=ch)(objectclass=group)) 2011-03-17 10:58:23 wikidb-wiki_: Returned groups: 2011-03-17 10:58:23 wikidb-wiki_: Group cn=g_p1001,cn=users,dc=int,dc=warex,dc=ch is in the following groups: 2011-03-17 10:58:23 wikidb-wiki_: Entering searchGroups 2011-03-17 10:58:23 wikidb-wiki_: Entering getBaseDN 2011-03-17 10:58:23 wikidb-wiki_: basedn is not set for this type of entry, trying to get the default basedn. 2011-03-17 10:58:23 wikidb-wiki_: Entering getBaseDN 2011-03-17 10:58:23 wikidb-wiki_: basedn is dc=int,dc=warex,dc=ch 2011-03-17 10:58:23 wikidb-wiki_: Search string: (&(member=cn=g_p1002,cn=users,dc=int,dc=warex,dc=ch)(objectclass=group)) 2011-03-17 10:58:23 wikidb-wiki_: Returned groups: 2011-03-17 10:58:23 wikidb-wiki_: Group cn=g_p1002,cn=users,dc=int,dc=warex,dc=ch is in the following groups: 2011-03-17 10:58:23 wikidb-wiki_: Entering searchGroups 2011-03-17 10:58:23 wikidb-wiki_: Entering getBaseDN 2011-03-17 10:58:23 wikidb-wiki_: basedn is not set for this type of entry, trying to get the default basedn. 2011-03-17 10:58:23 wikidb-wiki_: Entering getBaseDN 2011-03-17 10:58:23 wikidb-wiki_: basedn is dc=int,dc=warex,dc=ch 2011-03-17 10:58:23 wikidb-wiki_: Search string: (&(member=cn=g_software,cn=users,dc=int,dc=warex,dc=ch)(objectclass=group)) 2011-03-17 10:58:23 wikidb-wiki_: Returned groups: cn=l_software,cn=users,dc=int,dc=warex,dc=ch 2011-03-17 10:58:23 wikidb-wiki_: Group cn=g_software,cn=users,dc=int,dc=warex,dc=ch is in the following groups: cn=l_software,cn=users,dc=int,dc=warex,dc=ch 2011-03-17 10:58:23 wikidb-wiki_: Adding cn=l_software,cn=users,dc=int,dc=warex,dc=ch to the list of groups (1) 2011-03-17 10:58:23 wikidb-wiki_: Adding  to the list of groups (2) 2011-03-17 10:58:23 wikidb-wiki_: Entering searchGroups 2011-03-17 10:58:23 wikidb-wiki_: Entering getBaseDN 2011-03-17 10:58:23 wikidb-wiki_: basedn is not set for this type of entry, trying to get the default basedn. 2011-03-17 10:58:23 wikidb-wiki_: Entering getBaseDN 2011-03-17 10:58:23 wikidb-wiki_: basedn is dc=int,dc=warex,dc=ch 2011-03-17 10:58:23 wikidb-wiki_: Search string: (&(member=cn=g_warex,cn=users,dc=int,dc=warex,dc=ch)(objectclass=group)) 2011-03-17 10:58:23 wikidb-wiki_: Returned groups: cn=l_warex,cn=users,dc=int,dc=warex,dc=ch 2011-03-17 10:58:23 wikidb-wiki_: Group cn=g_warex,cn=users,dc=int,dc=warex,dc=ch is in the following groups: cn=l_warex,cn=users,dc=int,dc=warex,dc=ch 2011-03-17 10:58:23 wikidb-wiki_: Adding cn=l_warex,cn=users,dc=int,dc=warex,dc=ch to the list of groups (1) 2011-03-17 10:58:23 wikidb-wiki_: Adding  to the list of groups (2) 2011-03-17 10:58:23 wikidb-wiki_: Entering searchGroups 2011-03-17 10:58:23 wikidb-wiki_: Entering getBaseDN 2011-03-17 10:58:23 wikidb-wiki_: basedn is not set for this type of entry, trying to get the default basedn. 2011-03-17 10:58:23 wikidb-wiki_: Entering getBaseDN 2011-03-17 10:58:23 wikidb-wiki_: basedn is dc=int,dc=warex,dc=ch 2011-03-17 10:58:23 wikidb-wiki_: Search string: (&(member=cn=g_warexfax,cn=users,dc=int,dc=warex,dc=ch)(objectclass=group)) 2011-03-17 10:58:23 wikidb-wiki_: Returned groups: 2011-03-17 10:58:23 wikidb-wiki_: Group cn=g_warexfax,cn=users,dc=int,dc=warex,dc=ch is in the following groups: 2011-03-17 10:58:23 wikidb-wiki_: Entering searchGroups 2011-03-17 10:58:23 wikidb-wiki_: Entering getBaseDN 2011-03-17 10:58:23 wikidb-wiki_: basedn is not set for this type of entry, trying to get the default basedn. 2011-03-17 10:58:23 wikidb-wiki_: Entering getBaseDN 2011-03-17 10:58:23 wikidb-wiki_: basedn is dc=int,dc=warex,dc=ch 2011-03-17 10:58:23 wikidb-wiki_: Search string: (&(member=cn=wiki,cn=users,dc=int,dc=warex,dc=ch)(objectclass=group)) 2011-03-17 10:58:23 wikidb-wiki_: Returned groups: 2011-03-17 10:58:23 wikidb-wiki_: Group cn=wiki,cn=users,dc=int,dc=warex,dc=ch is in the following groups: 2011-03-17 10:58:23 wikidb-wiki_: Entering searchNestedGroups 2011-03-17 10:58:23 wikidb-wiki_: Searching groups: cn=administrators,cn=builtin,dc=int,dc=warex,dc=ch::cn=l_software,cn=users,dc=int,dc=warex,dc=ch::cn=l_warex,cn=users,dc=int,dc=warex,dc=ch 2011-03-17 10:58:23 wikidb-wiki_: Entering searchGroups 2011-03-17 10:58:23 wikidb-wiki_: Entering getBaseDN 2011-03-17 10:58:23 wikidb-wiki_: basedn is not set for this type of entry, trying to get the default basedn. 2011-03-17 10:58:23 wikidb-wiki_: Entering getBaseDN 2011-03-17 10:58:23 wikidb-wiki_: basedn is dc=int,dc=warex,dc=ch 2011-03-17 10:58:23 wikidb-wiki_: Search string: (&(member=cn=administrators,cn=builtin,dc=int,dc=warex,dc=ch)(objectclass=group)) 2011-03-17 10:58:23 wikidb-wiki_: Returned groups: 2011-03-17 10:58:23 wikidb-wiki_: Group cn=administrators,cn=builtin,dc=int,dc=warex,dc=ch is in the following groups: 2011-03-17 10:58:23 wikidb-wiki_: Entering searchGroups 2011-03-17 10:58:23 wikidb-wiki_: Entering getBaseDN 2011-03-17 10:58:23 wikidb-wiki_: basedn is not set for this type of entry, trying to get the default basedn. 2011-03-17 10:58:23 wikidb-wiki_: Entering getBaseDN 2011-03-17 10:58:23 wikidb-wiki_: basedn is dc=int,dc=warex,dc=ch 2011-03-17 10:58:23 wikidb-wiki_: Search string: (&(member=cn=l_software,cn=users,dc=int,dc=warex,dc=ch)(objectclass=group)) 2011-03-17 10:58:23 wikidb-wiki_: Returned groups: 2011-03-17 10:58:23 wikidb-wiki_: Group cn=l_software,cn=users,dc=int,dc=warex,dc=ch is in the following groups: 2011-03-17 10:58:23 wikidb-wiki_: Entering searchGroups 2011-03-17 10:58:23 wikidb-wiki_: Entering getBaseDN 2011-03-17 10:58:23 wikidb-wiki_: basedn is not set for this type of entry, trying to get the default basedn. 2011-03-17 10:58:23 wikidb-wiki_: Entering getBaseDN 2011-03-17 10:58:23 wikidb-wiki_: basedn is dc=int,dc=warex,dc=ch 2011-03-17 10:58:23 wikidb-wiki_: Search string: (&(member=cn=l_warex,cn=users,dc=int,dc=warex,dc=ch)(objectclass=group)) 2011-03-17 10:58:23 wikidb-wiki_: Returned groups: 2011-03-17 10:58:23 wikidb-wiki_: Group cn=l_warex,cn=users,dc=int,dc=warex,dc=ch is in the following groups: 2011-03-17 10:58:23 wikidb-wiki_: Entering searchNestedGroups 2011-03-17 10:58:23 wikidb-wiki_: No more groups to search. 2011-03-17 10:58:23 wikidb-wiki_: Got the following nested groups: cn=administrators,cn=builtin,dc=int,dc=warex,dc=ch::cn=l_software,cn=users,dc=int,dc=warex,dc=ch::cn=l_warex,cn=users,dc=int,dc=warex,dc=ch::cn=domain admins,cn=users,dc=int,dc=warex,dc=ch::cn=g_p1000,cn=users,dc=int,dc=warex,dc=ch::cn=g_p1001,cn=users,dc=int,dc=warex,dc=ch::cn=g_p1002,cn=users,dc=int,dc=warex,dc=ch::cn=g_software,cn=users,dc=int,dc=warex,dc=ch::cn=g_warex,cn=users,dc=int,dc=warex,dc=ch::cn=g_warexfax,cn=users,dc=int,dc=warex,dc=ch::cn=wiki,cn=users,dc=int,dc=warex,dc=ch 2011-03-17 10:58:23 wikidb-wiki_: Entering checkGroups 2011-03-17 10:58:23 wikidb-wiki_: Checking for (new style) group membership 2011-03-17 10:58:23 wikidb-wiki_: Required groups: cn=wiki,ou=users,dc=int.warex.ch,dc=com 2011-03-17 10:58:23 wikidb-wiki_: Checking against: cn=administrators,cn=builtin,dc=int,dc=warex,dc=ch 2011-03-17 10:58:23 wikidb-wiki_: Checking against: cn=l_software,cn=users,dc=int,dc=warex,dc=ch 2011-03-17 10:58:23 wikidb-wiki_: Checking against: cn=l_warex,cn=users,dc=int,dc=warex,dc=ch 2011-03-17 10:58:23 wikidb-wiki_: Checking against: cn=domain admins,cn=users,dc=int,dc=warex,dc=ch 2011-03-17 10:58:23 wikidb-wiki_: Checking against: cn=g_p1000,cn=users,dc=int,dc=warex,dc=ch 2011-03-17 10:58:23 wikidb-wiki_: Checking against: cn=g_p1001,cn=users,dc=int,dc=warex,dc=ch 2011-03-17 10:58:23 wikidb-wiki_: Checking against: cn=g_p1002,cn=users,dc=int,dc=warex,dc=ch 2011-03-17 10:58:23 wikidb-wiki_: Checking against: cn=g_software,cn=users,dc=int,dc=warex,dc=ch 2011-03-17 10:58:23 wikidb-wiki_: Checking against: cn=g_warex,cn=users,dc=int,dc=warex,dc=ch 2011-03-17 10:58:23 wikidb-wiki_: Checking against: cn=g_warexfax,cn=users,dc=int,dc=warex,dc=ch 2011-03-17 10:58:23 wikidb-wiki_: Checking against: cn=wiki,cn=users,dc=int,dc=warex,dc=ch 2011-03-17 10:58:23 wikidb-wiki_: Couldn't find the user in any groups. 2011-03-17 10:58:23 wikidb-wiki_: Entering strict. 2011-03-17 10:58:23 wikidb-wiki_: Returning true in strict. 2011-03-17 10:58:23 wikidb-wiki_: Entering allowPasswordChange 2011-03-17 10:58:23 wikidb-wiki_: Entering modifyUITemplate