Thread:Extension talk:LDAP Authentication/Nested groups not working

Ryan, I don't know what I would do without this extension; words cannot express. I have it working and updating group memberships with 2003 AD; but it seems it is not attempting to poll for the nested group relationships. We are using the rabcg extension for some of the IT documentation. In AD TNCADMING is a member of Restricted-IT group. but when i log in it checks for it but it never shows up in the list unless i put myself directly into the Restricted-IT group. ie Restricted-IT -> TNCADMING -> user = doesnt work while Restricted-IT -> user = works. In either case i never see a debug line where "Entering searchNestedGroups". ... and $wgLDAPUseLocal = true; just to help transitioning and testing atm.

MediaWiki 1.15.1, PHP 5.3.3 (apache2handler), MySQL 5.1.46-log, LDAP Authentication Plugin (Version 1.2d)

Here is the debug log... 2011-04-06 00:40:11 wikidb: 1.2d Entering validDomain 2011-04-06 00:40:11 wikidb: 1.2d User is not using a valid domain. 2011-04-06 00:40:11 wikidb: 1.2d Setting domain as: invaliddomain 2011-04-06 00:40:11 wikidb: 1.2d Entering allowPasswordChange 2011-04-06 00:40:11 wikidb: 1.2d Entering modifyUITemplate 2011-04-06 00:40:11 wikidb: 1.2d Allowing the local domain, adding it to the list. 2011-04-06 00:40:23 wikidb: 1.2d Entering validDomain 2011-04-06 00:40:23 wikidb: 1.2d User is using a valid domain (AD1). 2011-04-06 00:40:23 wikidb: 1.2d Setting domain as: AD1 2011-04-06 00:40:23 wikidb: 1.2d Entering getCanonicalName 2011-04-06 00:40:23 wikidb: 1.2d Username isn't empty. 2011-04-06 00:40:23 wikidb: 1.2d Munged username: Xxxxxxxr 2011-04-06 00:40:23 wikidb: 1.2d Entering authenticate 2011-04-06 00:40:23 wikidb: 1.2d 2011-04-06 00:40:23 wikidb: 1.2d Entering Connect 2011-04-06 00:40:23 wikidb: 1.2d Using TLS or not using encryption. 2011-04-06 00:40:23 wikidb: 1.2d Using servers:  ldap://172.25.104.23 2011-04-06 00:40:23 wikidb: 1.2d Connected successfully 2011-04-06 00:40:23 wikidb: 1.2d Entering getSearchString 2011-04-06 00:40:23 wikidb: 1.2d Doing a straight bind 2011-04-06 00:40:23 wikidb: 1.2d userdn is: ad1\Xxxxxxxr 2011-04-06 00:40:23 wikidb: 1.2d 2011-04-06 00:40:23 wikidb: 1.2d Binding as the user 2011-04-06 00:40:23 wikidb: 1.2d Bound successfully 2011-04-06 00:40:23 wikidb: 1.2d Entering getUserDN 2011-04-06 00:40:23 wikidb: 1.2d Created a regular filter: (sAMAccountName=Xxxxxxxr) 2011-04-06 00:40:23 wikidb: 1.2d Entering getBaseDN 2011-04-06 00:40:23 wikidb: 1.2d basedn is not set for this type of entry, trying to get the default basedn. 2011-04-06 00:40:23 wikidb: 1.2d Entering getBaseDN 2011-04-06 00:40:23 wikidb: 1.2d basedn is dc=ad1,dc=test,dc=local 2011-04-06 00:40:23 wikidb: 1.2d Using base: dc=ad1,dc=test,dc=local 2011-04-06 00:40:23 wikidb: 1.2d Fetched username is not a string (check your hook code...). This message can be safely ignored if you do not have the SetUsernameAttributeFromLDAP hook defined. 2011-04-06 00:40:23 wikidb: 1.2d Pulled the user's DN: CN=Xxxxxxx Rxx,OU=TNC-Users,OU=TNC,OU=SITES,dc=ad1,dc=test,dc=local 2011-04-06 00:40:23 wikidb: 1.2d Entering getGroups 2011-04-06 00:40:23 wikidb: 1.2d Retrieving LDAP group membership 2011-04-06 00:40:23 wikidb: 1.2d Using memberOf 2011-04-06 00:40:23 wikidb: 1.2d Got the following groups: cn=reviewer,ou=tncwiki,ou=groups,ou=tnc,ou=sites,dc=ad1,dc=test,dc=local::cn=restricted-it,ou=tncwiki,ou=groups,ou=tnc,ou=sites,dc=ad1,dc=test,dc=local::cn=intranet-tnc,ou=intranet,dc=ad1,dc=test,dc=local::cn=tnc-access-otrs-user,ou=groups,ou=tnc,ou=sites,dc=ad1,dc=test,dc=local::cn=tnc_map_personal_stncfps01,ou=map-drive,ou=groups,ou=tnc,ou=sites,dc=ad1,dc=test,dc=local::cn=tnc-access-fas,ou=groups,ou=tnc,ou=sites,dc=ad1,dc=test,dc=local::cn=fremont.5s,ou=groups,ou=tnc,ou=sites,dc=ad1,dc=test,dc=local::cn=vpn-ssl,ou=owa,ou=vpn-ssl,dc=test,dc=local::cn=tcnc,ou=groups,ou=tnc,ou=sites,dc=ad1,dc=test,dc=local::cn=citrix users list,ou=mix groups,ou=corporate services,dc=ad1,dc=test,dc=local::cn=all-tech,ou=distribution list,ou=groups,ou=stc (corp),ou=sites,dc=test,dc=local::cn=tnc-citrix-mfgprdus,ou=groups,ou=tnc,ou=sites,dc=ad1,dc=test,dc=local::cn=wsus reporters,cn=users,dc=ad1,dc=test,dc=local::cn=tnc,ou=newspaper print,ou=information products,ou=websense,dc=ad1,dc=test,dc=local::cn=fremont.it,ou=groups,ou=tnc,ou=sites,dc=ad1,dc=test,dc=local::cn=tnc.t.adm,ou=groups,ou=tnc,ou=sites,dc=ad1,dc=test,dc=local::cn=tncadming,ou=groups,ou=tnc,ou=sites,dc=ad1,dc=test,dc=local 2011-04-06 00:40:23 wikidb: 1.2d Entering checkGroups 2011-04-06 00:40:23 wikidb: 1.2d Entering getPreferences 2011-04-06 00:40:23 wikidb: 1.2d Retrieving preferences 2011-04-06 00:40:23 wikidb: 1.2d $wgLDAPRetrievePrefs is a DEPRECATED option, please use $wgLDAPPreferences. 2011-04-06 00:40:23 wikidb: 1.2d Retrieved: rxxxx@xxx.xxx, En, Xxxx Rxx, Xxxx Rxx 2011-04-06 00:40:23 wikidb: 1.2d Entering synchUsername 2011-04-06 00:40:23 wikidb: 1.2d Authentication passed 2011-04-06 00:40:23 wikidb: 1.2d Entering updateUser 2011-04-06 00:40:23 wikidb: 1.2d Setting user preferences. 2011-04-06 00:40:23 wikidb: 1.2d Setting language. 2011-04-06 00:40:23 wikidb: 1.2d Setting nickname. 2011-04-06 00:40:23 wikidb: 1.2d Setting realname. 2011-04-06 00:40:23 wikidb: 1.2d Setting email. 2011-04-06 00:40:23 wikidb: 1.2d Setting user groups. 2011-04-06 00:40:23 wikidb: 1.2d Entering setGroups. 2011-04-06 00:40:23 wikidb: 1.2d Locally managed groups is unset, using defaults:  bot::sysop::bureaucrat 2011-04-06 00:40:23 wikidb: 1.2d Available groups are:  bot::sysop::bureaucrat::TNCADMING::Restricted-IT 2011-04-06 00:40:23 wikidb: 1.2d Effective groups are:  Fremont.IT::Restricted-IT::TNCADMING::bureaucrat::reviewer::sysop::tncadming::*::user::autoconfirmed 2011-04-06 00:40:23 wikidb: 1.2d Checking to see if user is in: bot 2011-04-06 00:40:23 wikidb: 1.2d Entering hasLDAPGroup 2011-04-06 00:40:23 wikidb: 1.2d Checking to see if we need to remove user from: sysop 2011-04-06 00:40:23 wikidb: 1.2d Entering hasLDAPGroup 2011-04-06 00:40:23 wikidb: 1.2d Checking to see if we need to remove user from: bureaucrat 2011-04-06 00:40:23 wikidb: 1.2d Entering hasLDAPGroup 2011-04-06 00:40:23 wikidb: 1.2d Checking to see if we need to remove user from: TNCADMING 2011-04-06 00:40:23 wikidb: 1.2d Entering hasLDAPGroup 2011-04-06 00:40:23 wikidb: 1.2d Checking to see if we need to remove user from: Restricted-IT 2011-04-06 00:40:23 wikidb: 1.2d Entering hasLDAPGroup 2011-04-06 00:40:23 wikidb: 1.2d Saving user settings.