Thread:Extension talk:LDAP Authentication/"Failed to connect", but only for certain users

I'm having a strange problem, using 1.2c and MW 1.15.4.

So, I have two users, A and B, both of which I've verified have good LDAP records. (I've tested using ldapsearch that A and B can bind using their passwords.) When A tries to log in to MW, it's successful every time and I get this in my debug log:

2010-07-19 21:58:50 wikidb: Entering validDomain 2010-07-19 21:58:50 wikidb: User is using a valid domain. 2010-07-19 21:58:50 wikidb: Setting domain as: test 2010-07-19 21:58:50 wikidb: Entering validDomain 2010-07-19 21:58:50 wikidb: User is using a valid domain. 2010-07-19 21:58:50 wikidb: Setting domain as: test 2010-07-19 21:58:50 wikidb: Entering getCanonicalName 2010-07-19 21:58:50 wikidb: Username isn't empty. 2010-07-19 21:58:50 wikidb: Munged username: Uckelman 2010-07-19 21:58:50 wikidb: Entering authenticate 2010-07-19 21:58:50 wikidb: 2010-07-19 21:58:50 wikidb: Entering Connect 2010-07-19 21:58:50 wikidb: Using TLS or not using encryption. 2010-07-19 21:58:50 wikidb: Using servers:  ldap://localhost 2010-07-19 21:58:50 wikidb: Connected successfully 2010-07-19 21:58:50 wikidb: Entering getSearchString 2010-07-19 21:58:50 wikidb: Doing a straight bind 2010-07-19 21:58:50 wikidb: userdn is: uid=A,ou=people,dc=vassalengine,dc=org 2010-07-19 21:58:50 wikidb: 2010-07-19 21:58:50 wikidb: Binding as the user 2010-07-19 21:58:50 wikidb: Bound successfully 2010-07-19 21:58:50 wikidb: Entering getGroups 2010-07-19 21:58:50 wikidb: Entering checkGroups 2010-07-19 21:58:50 wikidb: Entering getPreferences 2010-07-19 21:58:50 wikidb: Retrieving preferences 2010-07-19 21:58:50 wikidb: Retrieved email (...) using attribute (mail) 2010-07-19 21:58:50 wikidb: Retrieved nickname (...) using attribute (cn) 2010-07-19 21:58:50 wikidb: Entering synchUsername 2010-07-19 21:58:50 wikidb: Authentication passed 2010-07-19 21:58:50 wikidb: Entering updateUser 2010-07-19 21:58:50 wikidb: Setting user preferences. 2010-07-19 21:58:50 wikidb: Setting nickname. 2010-07-19 21:58:50 wikidb: Setting email. 2010-07-19 21:58:50 wikidb: Saving user settings.

When B tries to log in, it fails every time with an "Invalid username" error, and I get this in my debug log:

2010-07-19 21:57:45 wikidb: Entering validDomain 2010-07-19 21:57:45 wikidb: User is using a valid domain. 2010-07-19 21:57:45 wikidb: Setting domain as: test 2010-07-19 21:57:45 wikidb: Entering validDomain 2010-07-19 21:57:45 wikidb: User is using a valid domain. 2010-07-19 21:57:45 wikidb: Setting domain as: test 2010-07-19 21:57:45 wikidb: Entering getCanonicalName 2010-07-19 21:57:45 wikidb: Username isn't empty. 2010-07-19 21:57:45 wikidb: Munged username: B 2010-07-19 21:57:45  wikidb: Entering userExists 2010-07-19 21:57:45 wikidb: Entering Connect 2010-07-19 21:57:45 wikidb: Using TLS or not using encryption. 2010-07-19 21:57:45 wikidb: Using servers:  ldap://localhost 2010-07-19 21:57:45 wikidb: Failed to connect

It appears that the ldap_connect is failing, which puzzles me, since the arguments to ldap_connect don't depend on which user is logging in---and the problem isn't transient.

User B's real username consists of 10 lowercase ASCII letters, nothing which MediaWiki can't handle as a username, so far as I know. User B has a sufficiently long password. User B doesn't yet exist in MW's database, while user A does. I have the following settings for LDAP:

$wgLDAPDomainNames = array('test'); $wgLDAPServerNames = array('test' => 'localhost'); $wgLDAPBaseDNs = array('test' => 'dc=vassalengine,dc=org'); $wgLDAPSearchStrings = array( 'test' => 'uid=USER-NAME,ou=people,dc=vassalengine,dc=org'); $wgLDAPEncryptionType = array('test' => 'clear'); $wgLDAPUseLocal = false; $wgMinimalPasswordLength = 6;

$wgLDAPWriterDN = array('test' => 'uid=worker,dc=vassalengine,dc=org'); $wgLDAPWriterPassword = array('test' => '...'); $wgLDAPWriteLocation = array('test' => 'ou=people,dc=vassalengine,dc=org');

$wgLDAPUpdateLDAP = array('test' => true); $wgLDAPAddLDAPUsers = array('test' => true); $wgLDAPDisableAutoCreate = array('test' => false);

$wgLDAPRetrievePrefs = array('test' => true); $wgLDAPPreferences = array('test' => array( 'email' => 'mail', 'realname' => 'displayName', 'nickname' => 'cn', 'language' => 'preferredLanguage' ));

Any idea why I'm seeing this problem? I'm stumped.