Thread:Extension talk:LDAP Authentication/Some users unable to auth via LDAP some can?

This is a strange issue. Some of my LDAP users are able to authenticate to mediwiki and some are not. "Testuser" had a local user in mediawiki and an LDAP user. I am able to authenticate to "TestDomain" with either password for "Testuser". Other users who did not already have a local account on mediawiki(testuser2) are unable to authenticate at all. I get the following error on the wiki login page when authentication fails "Login error Incorrect password entered. Please try again." I know the password is right as I am the LDAP admin and can reset the password and have. I have also logged into other systems that use an LDAP backend for auth and the password works just fine.

Here is the output from the debug log and my LocalSetttings.php. Any help/suggestions would be appreciated. I am running the current version of MediaWiki and the LDAP extension.

Thanks, Sarah User unable to auth 2010-03-08 21:45:45 wikidb: Entering validDomain 2010-03-08 21:45:45 wikidb: User is using a valid domain. 2010-03-08 21:45:45 wikidb: Setting domain as: TestDomain 2010-03-08 21:45:45 wikidb: Entering getCanonicalName 2010-03-08 21:45:45 wikidb: Username isn't empty. 2010-03-08 21:45:45 wikidb: Munged username: Testuser2 2010-03-08 21:45:45 wikidb: Entering allowPasswordChange 2010-03-08 21:45:45 wikidb: Entering modifyUITemplate 2010-03-08 21:45:45 wikidb: Allowing the local domain, adding it to the list. 2010-03-08 21:45:47 wikidb: Entering validDomain 2010-03-08 21:45:47 wikidb: User is not using a valid domain. 2010-03-08 21:45:47 wikidb: Setting domain as: invaliddomain 2010-03-08 21:45:47 wikidb: Entering allowPasswordChange 2010-03-08 21:45:47 wikidb: Entering modifyUITemplate 2010-03-08 21:45:47 wikidb: Allowing the local domain, adding it to the list. 2010-03-08 21:45:54 wikidb: Entering validDomain 2010-03-08 21:45:54 wikidb: User is using a valid domain. 2010-03-08 21:45:54 wikidb: Setting domain as: BoxNet 2010-03-08 21:45:54 wikidb: Entering getCanonicalName 2010-03-08 21:45:54 wikidb: Username isn't empty. 2010-03-08 21:45:54 wikidb: Munged username: Testuser2 2010-03-08 21:45:54 wikidb: Entering allowPasswordChange 2010-03-08 21:45:54 wikidb: Entering modifyUITemplate 2010-03-08 21:45:54 wikidb: Allowing the local domain, adding it to the list. 2010-03-08 21:45:55 wikidb: Entering validDomain 2010-03-08 21:45:55 wikidb: User is not using a valid domain. 2010-03-08 21:45:55 wikidb: Setting domain as: invaliddomain 2010-03-08 21:45:55 wikidb: Entering allowPasswordChange 2010-03-08 21:45:55 wikidb: Entering modifyUITemplate 2010-03-08 21:45:55 wikidb: Allowing the local domain, adding it to the list.

User that is able to auth 2010-03-08 21:27:11 wikidb: Entering validDomain 2010-03-08 21:27:11 wikidb: User is using a valid domain. 2010-03-08 21:27:11 wikidb: Setting domain as: TestDomain 2010-03-08 21:27:11 wikidb: Entering getCanonicalName 2010-03-08 21:27:11 wikidb: Username isn't empty. 2010-03-08 21:27:11 wikidb: Munged username: FirstNameLastName 2010-03-08 21:27:11 wikidb: Entering authenticate 2010-03-08 21:27:11 wikidb: 2010-03-08 21:27:11 wikidb: Entering Connect 2010-03-08 21:27:11 wikidb: Using TLS or not using encryption. 2010-03-08 21:27:11 wikidb: Using servers:  ldap://server1.domain.tld ldap://server2.domain.tld 2010-03-08 21:27:11 wikidb: Using TLS 2010-03-08 21:27:11 wikidb: Connected successfully 2010-03-08 21:27:11 wikidb: Entering getSearchString 2010-03-08 21:27:11 wikidb: Doing a proxy bind 2010-03-08 21:27:11 wikidb: Entering getUserDN 2010-03-08 21:27:11 wikidb: Created a regular filter: (uid=LastNameFirstName) 2010-03-08 21:27:11 wikidb: Entering getBaseDN 2010-03-08 21:27:11 wikidb: basedn is not set for this type of entry, trying to get the default basedn. 2010-03-08 21:27:11 wikidb: Entering getBaseDN 2010-03-08 21:27:11 wikidb: basedn is dc=domain,dc=tld 2010-03-08 21:27:11 wikidb: Using base: dc=domain,dc=tld 2010-03-08 21:27:11 wikidb: Fetched username is not a string (check your hook code...). This message can be safely ignored if you do not have the SetUsernameAttributeFromLDAP hook defined. 2010-03-08 21:27:11 wikidb: userdn is: cn=FirstName LastName,ou=department,ou=type,dc=domain,dc=tld 2010-03-08 21:27:11 wikidb: 2010-03-08 21:27:11 wikidb: Binding as the user 2010-03-08 21:27:11 wikidb: Bound successfully 2010-03-08 21:27:11 wikidb: Entering getGroups 2010-03-08 21:27:11 wikidb: Entering checkGroups 2010-03-08 21:27:11 wikidb: Entering getPreferences 2010-03-08 21:27:11 wikidb: Entering synchUsername 2010-03-08 21:27:11 wikidb: Authentication passed 2010-03-08 21:27:11 wikidb: Entering updateUser

LocalSettings.php require_once( "extensions/LdapAuthentication/LdapAuthentication.php" ); $wgAuth = new LdapAuthenticationPlugin;

$wgLDAPDomainNames = array( "TestDomain" ); $wgLDAPServerNames = array ( "TestDomain" => "server1.domain.tld server2.domain.tld" ); $wgLDAPSearchAttributes = array( "TestDomain" => "uid" ); $wgLDAPBaseDNs = array( "TestDomain" => "dc=domain,dc=tld" ); $wgLDAPProxyAgent = array( "TestDomain" => "cn=wiki,ou=services,dc=domain,dc=tld" ); $wgLDAPProxyAgentPassword = array( "TestDomain" => "********" );

$wgLDAPUseLocal = true;

$wgLDAPDebug = 3; $wgDebugLogGroups["ldap"] = "/tmp/debug.log" ;