Thread:Extension talk:LDAP Authentication/Failed to bind as/reply (9)

Hello there,

I'm trying to setup for my organization LDAP authentication on a MediWiki site by using your plugin but I'm getting some problems on my attempts. Here is my configuration:

require_once( "$IP/extensions/LdapAuthentication/LdapAuthentication.php" );

$wgAuth = new LdapAuthenticationPlugin;

$wgLDAPUseLocal = false;

$wgLDAPDomainNames = array('organization.com');

$wgLDAPServerNames = array('organization.com' => 'ldapserver.organization.com');

$wgLDAPSearchStrings = array('organization.com' => 'sAMAccountName=USER-NAME,OU=Users,OU=Div,OU=ORGANIZATION,OU=AD,DC=organization,DC=com');

$wgLDAPBaseDNs = array('organization.com' => 'OU=Users,OU=Div,OU=ORGANIZATION,OU=AD,DC=organization,DC=com' );

$wgLDAPEncryptionType = array('organization.com' => 'clear');

$wgLDAPRetrievePrefs = array('organization.com' => false );

$wgMinimalPasswordLength = 1;

//FOR DEBUGGING ONLY

$wgLDAPDebug = 8; //for debugging

$wgShowExceptionDetails = true; //for debugging MediaWiki

$wgDebugLogGroups["ldap"] = '/tmp/mediawiki_ldap_debug.log';

And here are my log entries:

2012-01-27 19:18:31 wiki: 1.2e Entering Connect

2012-01-27 19:18:31 wiki: 1.2e Using TLS or not using encryption.

2012-01-27 19:18:31 wiki: 1.2e Using servers:  ldap://ldapserver.organization.com

2012-01-27 19:18:31 wiki: 1.2e Connected successfully

2012-01-27 19:18:31 wiki: 1.2e Entering getSearchString

2012-01-27 19:18:31 wiki: 1.2e Doing a straight bind

2012-01-27 19:18:31 wiki: 1.2e userdn is: sAMAccountName=hugo,OU=Users,OU=Div,OU=ORGANIZATION,OU=AD,DC=organization,DC=com

2012-01-27 19:18:31 wiki: 1.2e

2012-01-27 19:18:31 wiki: 1.2e Binding as the user

2012-01-27 19:18:31 wiki: 1.2e trying to bind calling:

2012-01-27 19:18:31 wiki: 1.2e       ldap_bind( conn_handle=Resource id #60, userdn=sAMAccountName=Hugo,OU=Users,OU=Div,OU=ORGANIZATION,OU=AD,DC=organization,DC=com, password=***password*** )..

2012-01-27 19:18:31 wiki: 1.2e       ldap_bind(...) failed.

2012-01-27 19:18:31 wiki: 1.2e       LDAP_Error Code	    : 49

2012-01-27 19:18:31 wiki: 1.2e       LDAP Error Msg	    : Invalid credentials

2012-01-27 19:18:31 wiki: 1.2e       LDAP Extended ErrorMsg: 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1772

2012-01-27 19:18:31 wiki: 1.2e Failed to bind as sAMAccountName=Hugo,OU=Users,OU=Div,OU=ORGANIZATION,OU=AD,DC=organization,DC=com

2012-01-27 19:18:31 wiki: 1.2e with password: ***password***!

2012-01-27 19:18:31 wiki: 1.2e Entering allowPasswordChange

2012-01-27 19:18:31 wiki: 1.2e Entering modifyUITemplate

By checking the LDAP error code 49 it appears the user 'hugo' was not found on the AD server (Bind DN is not correct???). Could be because of the upper-case at the beginning of the username? I'm sure I'm using the correct credentials to get access into my AD account as well as the entered DN information as I use the same to get access from the command line.

Thanks in advance for any appreciated help!

Best,

-Hugo

MediWiki (1.1.18) is running on SL6.1, Apache 2.2.21 and PHP 5.3.9