Thread:Extension talk:LDAP Authentication/Trouble configuring group membership check

I am running a fresh install of LdapAuthentication 1.2d (2010-11-23) from the snapshot, MediaWiki 1.16.2, with LDAP. I am not an LDAP admin.

I want to accomplish the equivalent of this department-member check to authenticate users for MediaWiki:

Or with php 5.2.6:

“username” should be unique so if the check returns any entries at all, “username” should be authorized. (If not our LDAP has a problem.) The “username” should be used both to authenticate and to bind to perform the search for filter "(&(uid=username)(chx=1234))".

I can do simple authentication using LdapAuthentication with the following configuration:

Once I try to search for group (chx=1234) I find myself flailing. What do I need to do to perform the above search with LdapAuthentication, or does it not do this type of search?

I tried adding to the above LdapAuthentication simple bind, the following:

I also hacked LdapAuthentication.php to change in function :

My debug.log returns: 2011-05-17 20:20:44 wikidb-mw_: Entering validDomain 2011-05-17 20:20:44 wikidb-mw_: User is using a valid domain. 2011-05-17 20:20:44 wikidb-mw_: Setting domain as: myLDAP 2011-05-17 20:20:44 wikidb-mw_: Entering getCanonicalName 2011-05-17 20:20:44 wikidb-mw_: Username isn't empty. 2011-05-17 20:20:44 wikidb-mw_: Munged username: Username 2011-05-17 20:20:44 wikidb-mw_: Entering authenticate 2011-05-17 20:20:44 wikidb-mw_: 2011-05-17 20:20:44 wikidb-mw_: Entering Connect 2011-05-17 20:20:44 wikidb-mw_: Using SSL 2011-05-17 20:20:44 wikidb-mw_: Using servers:  ldaps://ldap.domain.com 2011-05-17 20:20:44 wikidb-mw_: Connected successfully 2011-05-17 20:20:44 wikidb-mw_: Lowercasing the username: Username 2011-05-17 20:20:44 wikidb-mw_: Entering getSearchString 2011-05-17 20:20:44 wikidb-mw_: Doing a straight bind 2011-05-17 20:20:44 wikidb-mw_: userdn is: uid=username,ou=authenticate,dc=domain,dc=com 2011-05-17 20:20:44 wikidb-mw_: 2011-05-17 20:20:44 wikidb-mw_: Binding as the user 2011-05-17 20:20:44 wikidb-mw_: Bound successfully 2011-05-17 20:20:44 wikidb-mw_: Entering getGroups 2011-05-17 20:20:44 wikidb-mw_: Retrieving LDAP group membership 2011-05-17 20:20:44 wikidb-mw_: Searching for the groups 2011-05-17 20:20:44 wikidb-mw_: Entering searchGroups 2011-05-17 20:20:44 wikidb-mw_: Entering getBaseDN 2011-05-17 20:20:44 wikidb-mw_: basedn is ou=authorize,dc=domain,dc=com 2011-05-17 20:20:44 wikidb-mw_: Search string: (&(uid=username)(chx=1234)) 2011-05-17 20:20:44 wikidb-mw_: Returned groups: uid=username,ou=authenticate,dc=domain,dc=com 2011-05-17 20:20:44 wikidb-mw_: Entering checkGroups 2011-05-17 20:20:44 wikidb-mw_: Checking for (new style) group membership 2011-05-17 20:20:44 wikidb-mw_: Required groups: 1234 2011-05-17 20:20:44 wikidb-mw_: Checking against: uid=username,ou=authenticate,dc=domain,dc=com 2011-05-17 20:20:44 wikidb-mw_: Couldn't find the user in any groups. 2011-05-17 20:20:44 wikidb-mw_: Entering strict. 2011-05-17 20:20:44 wikidb-mw_: Returning true in strict. 2011-05-17 20:20:44 wikidb-mw_: Entering allowPasswordChange 2011-05-17 20:20:44 wikidb-mw_: Entering modifyUITemplate MediaWiki reports: Login error Incorrect password entered. Please try again.