Thread:Extension talk:LDAP Authentication/Groups Search String not working

Proxy authentication is working. Post-proxy-bind user authentication is working. Once I add the configuration for groups, authentication stops. It looks like the Search string is being munged upon entering groupSearch. MediaWiki 1.18 LdapAuthentication 1.18-r90286

Configuration - require_once( "$IP/extensions/LdapAuthentication/LdapAuthentication.php" ); $wgAuth = new LdapAuthenticationPlugin; $wgLDAPDebug = 9; $wgDebugLogGroups["ldap"] = "/tmp/debug.log" ; $wgLDAPDomainNames = array(	"domain.tld"	); $wgLDAPServerNames = array(	"domain.tld" => "ldap.domain.tld padl.domain.tld" 	); $wgLDAPBaseDNs = array(	"domain.tld" => "dc=ldap,dc=domain,dc=tld"	); $wgLDAPEncryptionType = array(	"domain.tld" => "ssl" 	); $wgLDAPProxyAgent = array(	"domain.ed" => "cn=proxy,dc=bindAccts,dc=ldap,dc=domain,dc=tld"	); $wgLDAPProxyAgentPassword = array(	"domain.tld" => "password"	);
 * 1) For LDAP authentication

$wgLDAPUsersBaseDNs = array(	"domain.tld" => "dc=users,dc=accounts,dc=ldap,dc=domain,dc=tld"	); $wgLDAPSearchAttributes = array(	"domain.tld" => "uid" 	); $wgLDAPSearchStrings = array(	"domain.tld" => "uid=USER-NAME,dc=users,dc=accounts,dc=ldap,dc=domain,dc=tld" 	);
 * 1) LDAP Users

$wgLDAPUseLDAPGroups = array(	"domain.tld" => true 	); $wgLDAPRequiredGroups = array(	"domain.tld" => "cn=technology,dc=groups,dc=accounts,dc=ldap,dc=domain,dc=tld" 	); $wgLDAPGroupUseFullDN = array(	"domain.tld" => true 	); $wgLDAPGroupObjectclass = array(	"domain.tld" => "posixGroup" 	); $wgLDAPGroupAttribute = array(	"domain.tld" => "memberUid" 	); $wgLDAPGroupSearchNestedGroups = array(	"domain.tld" => "true"	); $wgLDAPGroupNameAttribute = array(	"domain.tld" => "cn" 	); $wgLDAPGroupsBaseDNs = array(	"domain.tld" => "dc=accounts,dc=ldap,dc=domain,dc=tld"	); $wgLDAPLowerCaseUsername = array(	"domain.tld" => true 	);
 * 1) LDAP Groups

debug.log - 2012-04-27 16:11:05 wikidb-mediawiki_: Entering validDomain 2012-04-27 16:11:05 wikidb-mediawiki_: User is using a valid domain. 2012-04-27 16:11:05 wikidb-mediawiki_: Setting domain as: domain.tld 2012-04-27 16:11:05 wikidb-mediawiki_: Entering getCanonicalName 2012-04-27 16:11:05 wikidb-mediawiki_: Username isn't empty. 2012-04-27 16:11:05 wikidb-mediawiki_: Munged username: Luser 2012-04-27 16:11:05 wikidb-mediawiki_: Entering authenticate 2012-04-27 16:11:05 wikidb-mediawiki_: 2012-04-27 16:11:05 wikidb-mediawiki_: Entering Connect 2012-04-27 16:11:05 wikidb-mediawiki_: Using SSL 2012-04-27 16:11:05 wikidb-mediawiki_: Using servers:  ldaps://ldap.domain.tld ldaps://padl.domain.tld 2012-04-27 16:11:05 wikidb-mediawiki_: Connected successfully 2012-04-27 16:11:05 wikidb-mediawiki_: Lowercasing the username: Luser 2012-04-27 16:11:05 wikidb-mediawiki_: Entering getSearchString 2012-04-27 16:11:05 wikidb-mediawiki_: Doing a straight bind 2012-04-27 16:11:05 wikidb-mediawiki_: userdn is: uid=luser,dc=users,dc=accounts,dc=ldap,dc=domain,dc=tld 2012-04-27 16:11:05 wikidb-mediawiki_: 2012-04-27 16:11:05 wikidb-mediawiki_: Binding as the user 2012-04-27 16:11:05 wikidb-mediawiki_: Bound successfully 2012-04-27 16:11:05 wikidb-mediawiki_: Entering getGroups 2012-04-27 16:11:05 wikidb-mediawiki_: Retrieving LDAP group membership 2012-04-27 16:11:05 wikidb-mediawiki_: Searching for the groups 2012-04-27 16:11:05 wikidb-mediawiki_: Entering searchGroups 2012-04-27 16:11:05 wikidb-mediawiki_: Entering getBaseDN 2012-04-27 16:11:05 wikidb-mediawiki_: basedn is not set for this type of entry, trying to get the default basedn. 2012-04-27 16:11:05 wikidb-mediawiki_: Entering getBaseDN 2012-04-27 16:11:05 wikidb-mediawiki_: basedn is dc=ldap,dc=domain,dc=tld 2012-04-27 16:11:05 wikidb-mediawiki_: Search string: (&(memberUid=uid=luser,dc=users,dc=accounts,dc=ldap,dc=domain,dc=tld)(objectclass=posixGroup)) 2012-04-27 16:11:05 wikidb-mediawiki_: No entries returned from search. 2012-04-27 16:11:05 wikidb-mediawiki_: Entering searchNestedGroups 2012-04-27 16:11:05 wikidb-mediawiki_: No more groups to search. 2012-04-27 16:11:05 wikidb-mediawiki_: Got the following nested groups: 2012-04-27 16:11:05 wikidb-mediawiki_: Entering checkGroups 2012-04-27 16:11:05 wikidb-mediawiki_: Checking for (new style) group membership 2012-04-27 16:11:05 wikidb-mediawiki_: Required groups: 2012-04-27 16:11:05 wikidb-mediawiki_: Couldn't find the user in any groups. 2012-04-27 16:11:05 wikidb-mediawiki_: Entering strict. 2012-04-27 16:11:05 wikidb-mediawiki_: Returning true in strict. 2012-04-27 16:11:05 wikidb-mediawiki_: Entering allowPasswordChange 2012-04-27 16:11:05 wikidb-mediawiki_: Entering modifyUITemplate