Thread:Extension talk:LDAP Authentication/LDAP Group Restrictions Block Everyone

Hello,

Starting my first wiki, I wanted to avoid creating a secondary user base and came across this neat little extension. While it works in the simplest solution (only users in my Open Directory can log in), I do not seem to get it to work when trying to restrict access to members of a specific group (I called that group "wiki"). I enabled debugging, but cannot find where the log is being placed (looked in the common places and also within the wiki folder, but unless it is merged into the system.log or another log, I was unable to find it), not even when running fseventer to see, which file is updated while I try.

My system specs are:
 * Mac OS X 10.6.7 Server (PHP 5.3.4)
 * MediaWiki 1.20.6
 * LDAP Authentication (I downloaded the "latest stable for 1.20" on May 24, 2013, so I think it is either 2.0c or 2.0d according to the version history page)

The configuration used: require_once( "$IP/extensions/LdapAuthentication/LdapAuthentication.php" ); $wgAuth = new LdapAuthenticationPlugin; $wgLDAPDomainNames = array('My.Domain.net'); $wgLDAPServerNames = array('My.Domain.net' => 'my.domain.net'); $wgLDAPUseLocal = false; $wgLDAPEncryptionType = array('My.Domain.net' => 'clear'); $wgLDAPSearchAttributes = array('My.Domain.net' => 'uid'); $wgLDAPBaseDNs = array('My.Domain.net' => 'dc=my,dc=domain,dc=net'); $wgLDAPGroupBaseDNs = array('My.Domain.net' => 'cn=Groups,dc=my,dc=domain,dc=net'); $wgLDAPUserBaseDNs = array('My.Domain.net' => 'cn=Users,dc=my,dc=domain,dc=net'); $wgLDAPRequiredGroups = array('My.Domain.net' => array('cn=wiki,cn=groups,dc=my,dc=domain,dc=net'));

The line which causes trouble is the following one: $wgLDAPRequiredGroups = array('My.Domain.net' => array('cn=wiki,cn=groups,dc=my,dc=domain,dc=net'));

If I comment it out, the login works just fine, but is not restricted to users in the group "wiki".

Even with $wgLDAPRequiredGroups set to the above, the file /Library/Logs/PasswordService/ApplePasswordServer.Server.log provides a login success message. Therefore, my LDAP server receives a correct login.

While it is still possible to be a bug, I rather think that it is me entering incorrect information.

The following I tried (modifying the above-mentioned line): I also used a command-line tool, 'slapacl', and got some results, including my user as a member of that group, when using "cn=wiki,cn=groups,dc=my,dc=domain,dc=net" as search base.
 * removed cn=groups
 * changed 'cn' in front of wiki to 'uid', 'gid' and 'guid', trying each time
 * changed 'cn' in front of groups to 'ou', but I still think that Apple's Open Directory does not have 'ou's.

I would love to hear what I can do to:
 * fix the above line
 * get to the extension's log file (which may give me a hint already)

Thanks a lot in advance!

Jan