Thread:Extension talk:LDAP Authentication/Trouble with Group Restricted Login/reply (2)

I had added the $wgLDAPLowerCaseUsername since all our usernams are lowercase and I saw that the script was putting the first letter capital. Figured it couldn't hurt to try it, though it isn't working with or without it and it seems to not matter. With your changes above, it is successfully pulling my DN info, but still not finding me in the group. I commented out the GroupBaseDNs and UserBaseDNs settinsg since without them I actually seem to get closer to what I need. I also turned on $wgLDAPGroupSearchNestedGroups in case the group I am needing is buried under something else, though with the current set up it doesn't seem to make a differend. Here is where I am at now:

Debug output now: Entering validDomain User is using a valid domain. Setting domain as: OURDOMAIN Entering getCanonicalName Username isn't empty. Munged username: Cburton Entering authenticate

Entering Connect Using TLS or not using encryption. Using servers: ldap://dc01.ourdomain.com Connected successfully Entering getSearchString Doing a straight bind userdn is: OURDOMAIN\Cburton

Binding as the user Bound successfully Entering getUserDN Created a regular filter: (sAMAccountName=Cburton) Entering getBaseDN basedn is not set for this type of entry, trying to get the default basedn. Entering getBaseDN basedn is dc=ourdomain,dc=com Using base: dc=ourdomain,dc=com Fetched username is not a string (check your hook code...). This message can be safely ignored if you do not have the SetUsernameAttributeFromLDAP hook defined. Pulled the user's DN: CN=Colin Burton,OU=Employees,OU=Accounts,DC=ourdomain,DC=com Checking for (new style) group membership Entering isMemberOfRequiredLdapGroup Required groups:cn=eng,ou=security groups,dc=ourdomain,dc=com Entering getUserGroups Entering getGroups Entering getBaseDN basedn is not set for this type of entry, trying to get the default basedn. Entering getBaseDN basedn is dc=ourdomain,dc=com Search string: (&(member=CN=Colin Burton,OU=Employees,OU=Accounts,DC=ourdomain,DC=com)(objectclass=Eng)) Returned groups: Returned groups: Couldn't find the user in any groups (1). Entering strict. Returning true in strict. Entering allowPasswordChange Entering modifyUITemplate

And here are my settings: $wgAuth = new LdapAuthenticationPlugin; $wgLDAPDomainNames = array('OURDOMAIN'); $wgLDAPServerNames = array('OURDOMAIN' => 'dc01.ourdomain.com'); $wgLDAPSearchStrings = array('OURDOMAIN' => 'OURDOMAIN\\USER-NAME'); $wgLDAPEncryptionType = array('OURDOMAIN' => 'clear'); $wgLDAPGroupNameAttribute = array("OURDOMAIN"=>"cn"); $wgLDAPBaseDNs = array("OURDOMAIN"=>"dc=ourdomain,dc=com"); $wgLDAPGroupSearchNestedGroups = array("OURDOMAIN"=>true); $wgLDAPRequiredGroups = array("OURDOMAIN"=>array("CN=Eng,OU=Security Groups,DC=ourdomain,DC=com")); $wgLDAPGroupUseFullDN = array("OURDOMAIN"=>true); $wgLDAPSearchAttributes = array("OURDOMAIN" => 'sAMAccountName'); $wgLDAPGroupObjectclass = array("OURDOMAIN"=>'Eng'); $wgLDAPGroupAttribute = array("OURDOMAIN"=>'member'); $wgLDAPDebug = 3;
 * 1) LDAP Authentication Configuration
 * 1) $wgLDAPLowerCaseUsername = array("OURDOMAIN"=>true);
 * 1) $wgLDAPGroupBaseDNs = array("OURDOMAIN"=>"ou=Security Groups,dc=ourdomain,dc=com");
 * 2) $wgLDAPUserBaseDNs = array("OURDOMAIN"=>"ou=Employees,dc=ourdomain,dc=com");

Is there a way to use you script to spit out all the groups I am a part of, maybe I've just got the naming structure wrong? I'm pulling the groups and info I get from another AD PHP script I use internally.