Thread:Extension talk:LDAP Authentication/Cannot restrict editing access for Users group

I cannot restrict a user's ability to edit content on our Wiki. I am able to assign other permissions, such as deleting, but for whatever reason, I cannot restrict the ability of LDAP users to edit. My theory is that there is another permission setting that is overriding the user settings that are applied, but if that is the case, I cannot find it anywhere.

When a member of DWWIKI_USERS logs in, all permissions I have set work fine, except for the edit permission. The log file shows a user logging in and being placed into DWWIKI_USERS. During that same session, I was still able to log in and edit pages. All other permissions were assigned correctly.

Any help is greatly appreciated. My localsettings.php and log file are below.

2013-10-28 16:50:40 mediawiki mediawiki: 2.0d Entering getDomain 2013-10-28 16:50:40 mediawiki mediawiki: 2.0d Pulling domain from session. 2013-10-28 16:50:40 mediawiki mediawiki: 2.0d Setting domain as: DWP 2013-10-28 16:50:40 mediawiki mediawiki: 2.0d Entering allowPasswordChange 2013-10-28 16:50:40 mediawiki mediawiki: 2.0d Entering getDomain 2013-10-28 16:50:40 mediawiki mediawiki: 2.0d Pulling domain from session. 2013-10-28 16:50:40 mediawiki mediawiki: 2.0d Entering getDomain 2013-10-28 16:50:40 mediawiki mediawiki: 2.0d Pulling domain from session. 2013-10-28 16:50:40 mediawiki mediawiki: 2.0d Entering getDomain 2013-10-28 16:50:40 mediawiki mediawiki: 2.0d Pulling domain from session. 2013-10-28 16:50:40 mediawiki mediawiki: 2.0d Entering modifyUITemplate 2013-10-28 16:50:40 mediawiki mediawiki: 2.0d Entering getDomain 2013-10-28 16:50:40 mediawiki mediawiki: 2.0d Pulling domain from session. 2013-10-28 16:50:40 mediawiki mediawiki: 2.0d Entering getDomain 2013-10-28 16:50:40 mediawiki mediawiki: 2.0d Pulling domain from session. 2013-10-28 16:50:40 mediawiki mediawiki: 2.0d Entering getDomain 2013-10-28 16:50:40 mediawiki mediawiki: 2.0d Pulling domain from session. 2013-10-28 16:50:40 mediawiki mediawiki: 2.0d Entering getDomain 2013-10-28 16:50:40 mediawiki mediawiki: 2.0d Pulling domain from session. 2013-10-28 16:50:40 mediawiki mediawiki: 2.0d Entering getDomain 2013-10-28 16:50:40 mediawiki mediawiki: 2.0d Pulling domain from session. 2013-10-28 16:50:43 mediawiki mediawiki: 2.0d Entering validDomain 2013-10-28 16:50:43 mediawiki mediawiki: 2.0d User is using a valid domain (DWP). 2013-10-28 16:50:43 mediawiki mediawiki: 2.0d Setting domain as: DWP 2013-10-28 16:50:43 mediawiki mediawiki: 2.0d Entering getCanonicalName 2013-10-28 16:50:43 mediawiki mediawiki: 2.0d Username is: NameRedacted 2013-10-28 16:50:43 mediawiki mediawiki: 2.0d Entering getDomain 2013-10-28 16:50:43 mediawiki mediawiki: 2.0d Pulling domain from session. 2013-10-28 16:50:43 mediawiki mediawiki: 2.0d Munged username: NameRedacted 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Entering authenticate for username NameRedacted 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Entering getDomain 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Pulling domain from session. 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Entering getDomain 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Pulling domain from session. 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Entering getDomain 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Pulling domain from session. 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Entering Connect 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Entering getDomain 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Pulling domain from session. 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Entering getDomain 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Pulling domain from session. 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Entering getDomain 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Pulling domain from session. 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Entering getDomain 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Pulling domain from session. 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d PHP's LDAP connect method returned true (note, this does not imply it connected to the server). 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Entering getDomain 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Pulling domain from session. 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Entering getSearchString 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Entering getDomain 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Pulling domain from session. 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Doing a straight bind 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Entering getDomain 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Pulling domain from session. 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Entering getDomain 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Pulling domain from session. 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Binding as the user 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Bound successfully 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Entering getDomain 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Pulling domain from session. 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Entering getUserDN 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Entering getDomain 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Pulling domain from session. 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Entering getBaseDN 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Entering getDomain 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Pulling domain from session. 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d basedn is not set for this type of entry, trying to get the default basedn. 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Entering getBaseDN 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Entering getDomain 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Pulling domain from session. 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Fetched UserDN: CN=NameRedacted,CN=Users,DC=DWP,DC=redacted,DC=com 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Entering getDomain 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Pulling domain from session. 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Entering getGroups 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Entering getDomain 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Pulling domain from session. 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Entering getDomain 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Pulling domain from session. 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Retrieving LDAP group membership 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Entering getDomain 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Pulling domain from session. 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Entering getDomain 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Pulling domain from session. 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Using memberOf 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Entering getDomain 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Pulling domain from session. 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Entering checkGroups 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Entering getDomain 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Pulling domain from session. 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Entering getDomain 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Pulling domain from session. 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Entering getPreferences 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Entering getDomain 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Pulling domain from session. 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Authentication passed 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Entering updateUser 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Entering getDomain 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Pulling domain from session. 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Entering getDomain 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Pulling domain from session. 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Setting user groups. 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Entering setGroups. 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Entering getDomain 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Pulling domain from session. 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Entering getDomain 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Pulling domain from session. 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Available groups are: bot::sysop::bureaucrat::DWWIKI_User::DWWIKI_Admin 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Effective groups are: DWWIKI_User::*::user::autoconfirmed 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Checking to see if user is in: bot 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Entering hasLDAPGroup 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Checking to see if user is in: sysop 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Entering hasLDAPGroup 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Checking to see if user is in: bureaucrat 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Entering hasLDAPGroup 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Checking to see if we need to remove user from: DWWIKI_User 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Entering hasLDAPGroup 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Checking to see if user is in: DWWIKI_Admin 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Entering hasLDAPGroup 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d User has a token, setting domain in user options. 2013-10-28 16:50:44 mediawiki mediawiki: 2.0d Saving user settings.