User:Varad-14

Problem: Active Directory Global catalog authentication is not working. but without global catalog same Active directory is working fine.

Details:

Mediawiki version: Extension version: LdapAuthentication-MW1.15-r45350.tar.gz

Settings:

require_once( 'extensions/LdapAuthentication/LdapAuthentication.php' ); $wgAuth = new LdapAuthenticationPlugin;
 * 1) Ldap plugin

$wgLDAPDomainNames = array( "TS-LDAP" );

$wgLDAPServerNames = array(  "TS-LDAP"=>"slr-xlt-dc1.clt.orp.be.in " );

$wgLDAPEncryptionType = array( "TS-LDAP" => "ssl" );

$wgLDAPSearchAttributes = array( "TS-LDAP" => "sAMAccountName" );

$wgLDAPBaseDNs = array( "TS-LDAP" => "dc=orp,dc=be,dc=in" );

$wgMinimalPasswordLength = 1;


 * 1) Group Lookup:

$wgLDAPProxyAgent = array( "TS-LDAP" => "CN=admin,OU=Generic ID,DC=CLT,DC=ORP,DC=be,DC=IN" );

$wgLDAPProxyAgentPassword = array( "TS-LDAP" => "abc1234$" );

$wgLDAPGroupUseFullDN = array( "TS-LDAP"=>true );

$wgLDAPGroupsUseMemberOf = array( "TS-LDAP" => true );

$wgLDAPGroupUseRetrievedUsername = array( "TS-LDAP" => true );

//The objectclass of the groups we want to search for $wgLDAPGroupObjectclass = array( "TS-LDAP"=>"group" );

//The attribute used for group members $wgLDAPGroupAttribute = array( "TS-LDAP"=>"member" );

//The naming attribute of the group $wgLDAPGroupNameAttribute = array( "TS-LDAP"=>"cn" );

$wgLDAPGroupSearchNestedGroups = array( "TS-LDAP"=>true );

$wgLDAPRetrievePrefs = array( "TS-LDAP" => true );

$wgLDAPPreferences = array( "TS-LDAP" => array( "email"=>"mail","realname"=>"displayname","nickname"=>"displayname" ) );

$wgLDAPDebug = 4; $wgDebugLogGroups["ldap"] = "/tmp/ldapdebug.log";

Problem Details:

Same above config, if i specify basedn=DC=CLT,DC=ORP,DC=be,DC=IN, within this base dn users are authenticated but out of basedn none of the users are not authenticated.But we need global catalog authentication, that mean we need to use basedn as "DC=ORP,DC=be,DC=IN". Once if i specify, not working and find the debug log below,

2014-12-22 11:40:42  mediawiki-Test_: Entering validDomain 2014-12-22 11:40:42  mediawiki-Test_: User is not using a valid domain. 2014-12-22 11:40:42  mediawiki-Test_: Setting domain as: invaliddomain 2014-12-22 11:40:42  mediawiki-Test_: Entering allowPasswordChange 2014-12-22 11:40:42  mediawiki-Test_: Entering modifyUITemplate 2014-12-22 11:40:42  mediawiki-Test_: Allowing the local domain, adding it to the list. 2014-12-22 11:40:58  mediawiki-Test_: Entering validDomain 2014-12-22 11:40:58  mediawiki-Test_: User is using a valid domain. 2014-12-22 11:40:58  mediawiki-Test_: Setting domain as: TS-LDAP 2014-12-22 11:40:58  mediawiki-Test_: Entering getCanonicalName 2014-12-22 11:40:58  mediawiki-Test_: Username isn't empty. 2014-12-22 11:40:58  mediawiki-Test_: Munged username: Test 2014-12-22 11:40:58  mediawiki-Test_: Entering authenticate 2014-12-22 11:40:58  mediawiki-Test_: 2014-12-22 11:40:58  mediawiki-Test_: Entering Connect 2014-12-22 11:40:58  mediawiki-Test_: Using SSL 2014-12-22 11:40:58  mediawiki-Test_: Using servers:  ldaps://slr-xlt-dc1.clt.orp.be.in 2014-12-22 11:40:58  mediawiki-Test_: Connected successfully 2014-12-22 11:40:58  mediawiki-Test_: Entering getSearchString 2014-12-22 11:40:58  mediawiki-Test_: Doing a proxy bind 2014-12-22 11:40:58  mediawiki-Test_: Entering getUserDN 2014-12-22 11:40:58  mediawiki-Test_: Created a regular filter: (sAMAccountName=Test) 2014-12-22 11:40:58  mediawiki-Test_: Entering getBaseDN 2014-12-22 11:40:58  mediawiki-Test_: basedn is not set for this type of entry, trying to get the default basedn. 2014-12-22 11:40:58  mediawiki-Test_: Entering getBaseDN 2014-12-22 11:40:58  mediawiki-Test_: basedn is dc=orp,dc=be,dc=in 2014-12-22 11:40:58  mediawiki-Test_: Using base: dc=orp,dc=be,dc=in 2014-12-22 11:40:58  mediawiki-Test_: Fetched username is not a string (check your hook code...). This message can be safely ignored if you do not have the SetUsernameAttributeFromLDAP hook defined. 2014-12-22 11:40:58  mediawiki-Test_: userdn is: 2014-12-22 11:40:58  mediawiki-Test_: User DN is blank 2014-12-22 11:40:58  mediawiki-Test_: Entering strict. 2014-12-22 11:40:58  mediawiki-Test_: Returning false in strict. 2014-12-22 11:40:58  mediawiki-Test_: Entering allowPasswordChange 2014-12-22 11:40:58  mediawiki-Test_: Entering modifyUITemplate 2014-12-22 11:40:58  mediawiki-Test_: Allowing the local domain, adding it to the list.

Please provide me a solution for this and tried lot in google but no luck.

Regards,

Varad