Thread:Extension talk:LDAP Authentication/Issue with groups and preferences

Hi, I'm running mediawiki 1.23 with Ldap Authentication 2.1.0.

I'm having issue with the group mapping and user preference. I've been trying a bunch of different configurations and I can't get it to work. I just updated everything and the issue persist. I can't figure out what's wrong with my configuration but I have a feeling the LDAP search returns nothing even if my user is authenticated properly.

Here's my configuration:

require_once( "$IP/extensions/LdapAuthentication/LdapAuthentication.php" );

$wgAuth = new LdapAuthenticationPlugin;

$wgLDAPGroupUseFullDN = array( "my.domain.parent.local"=>true );

$wgLDAPGroupObjectclass = array( "my.domain.parent.local"=>"group" );

$wgLDAPGroupAttribute = array( "my.domain.parent.local"=>"member" );

$wgLDAPGroupSearchNestedGroups = array( "my.domain.parent.local"=>true );

$wgLDAPGroupNameAttribute = array( "my.domain.parent.local"=>"cn" );

$wgLDAPDomainNames = array( "my.domain.parent.local" );

$wgLDAPServerNames = array( "my.domain.parent.local" => "domainDC0001.my.domain.parent.local domainDC0002.my.domain.parent.local" );

$wgLDAPSearchStrings = array( "my.domain.parent.local" => "USER-NAME@my.domain.parent.local" );

$wgLDAPEncryptionType = array( "my.domain.parent.local" => "ssl" );

$wgLDAPBaseDNs = array( "my.domain.parent.local" => "DC=my,DC=domain,DC=parent,DC=local,my.domain.parent.local" );

$wgLDAPUserBaseDNs = array( "my.domain.parent.local" => "ou=end-users,ou=users,ou=MyOU,DC=my,DC=domain,DC=parent,DC=local");

$wgLDAPGroupBaseDNs = array("my.domain.parent.local"=>"OU=General,OU=Groups,OU=MyOU,DC=my,DC=domain,DC=parent,DC=local,my.domain.parent.local");

$wgLDAPLowerCaseUsername = array("my.domain.parent.local"=>true );

$wgLDAPGroupUseRetrievedUsername = array("my.domain.parent.local"=>true );

$wgLDAPSearchAttributes = array( "" => "SamAccountName" );

$wgLDAPRetrievePrefs = array( "" => "true" );

$wgLDAPPreferences = array("my.domain.parent.local"=>array( "email"=>"mail","realname"=>"cn","nickname"=>"sAMAccountName"));

$wgLDAPUseLDAPGroups = array( "my.domain.parent.local"=>true );

$wgLDAPGroupNameAttribute = array( ""=>"cn" );

$wgLDAPRequiredGroups = array( ""=>array("CN=WIKI R,OU=General,OU=Groups,OU=MyOU,DC=my,DC=domain,DC=parent,DC=local") );

$wgGroupPermissions['*']['read'] = false;

$wgGroupPermissions['WIKI r']['read'] = true;

$wgWhitelistRead = array ("Special:Userlogin");

$wgGroupPermissions['*']['edit'] = false;

$wgGroupPermissions['WIKI rw']['edit'] = true;

$wgLDAPDebug = 3 ;

$wgDebugLogGroups["ldap"] = "/tmp/ldapdebug.log" ;

And here is the log:

2014-06-24 14:16:52 WIKI my_wiki: 2.1.0 Binding as the user

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Bound successfully

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Entering getDomain

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Entering getUserDN

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Entering getDomain

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Created a regular filter: (=MYUSERNAME)

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Entering getBaseDN

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Entering getDomain

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 basedn is ou=end-users,ou=users,ou=my,dc=domain,dc=parent,dc=local

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Using base: ou=end-users,ou=users,ou=my,dc=domain,dc=parent,dc=local

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Couldn't find an entry

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Fetched UserDN:

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Entering getDomain

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Entering getGroups

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Entering getDomain

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Entering getDomain

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Retrieving LDAP group membership

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Entering getDomain

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Entering getDomain

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Searching for the groups

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Entering searchGroups

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Entering getBaseDN

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Entering getDomain

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 basedn is OU=General,OU=Groups,ou=my,dc=domain,dc=parent,dc=local,my.domain.parent.local

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Entering getDomain

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Entering getDomain

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Entering getDomain

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Entering getDomain

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Entering getDomain

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Search string: (&(member=)(objectclass=group))

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 No entries returned from search.

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Entering getDomain

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Entering searchNestedGroups

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 No more groups to search.

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Got the following nested groups:

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Entering getDomain

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Entering checkGroups

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Entering getDomain

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Entering getDomain

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Entering getPreferences

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Entering getDomain

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Retrieving preferences

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Authentication passed

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Entering updateUser

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Entering getDomain

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Setting user preferences.

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Entering getDomain

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Setting user groups.

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Entering setGroups.

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Entering getDomain

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Entering getDomain

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Locally managed groups is unset, using defaults: bot::sysop::bureaucrat

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Available groups are: bot::sysop::bureaucrat::WIKI r::WIKI rw

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Effective groups are: *::user::autoconfirmed

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Checking to see if user is in: bot

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Entering hasLDAPGroup

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Checking to see if user is in: sysop

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Entering hasLDAPGroup

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Checking to see if user is in: bureaucrat

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Entering hasLDAPGroup

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Checking to see if user is in: WIKI r

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Entering hasLDAPGroup

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Checking to see if user is in: WIKI rw

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Entering hasLDAPGroup

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 User has a token, setting domain in user options.

2014-06-24 14:16:57 WIKI my_wiki: 2.1.0 Saving user settings.

2014-06-24 14:24:33 WIKI my_wiki: 2.1.0 Entering allowPasswordChange

2014-06-24 14:24:33 WIKI my_wiki: 2.1.0 Entering getDomain

I guess the problem is this: "No entries returned from search.". Somehow my user isn't found under the DN?

I've pulled the DN from Active Directory Explorer.

I tried looking up the UserPrincipalName and SamAccountName.

The OU has 9700+ users. Could it time out?

Is there a way to do the query using the command line to see what php-ldap gets?

Thanks