Thread:Extension talk:LDAP Authentication/Trouble with LDAP Group Authentication

When I'm not using AD Groups I can login fine. But when I enable groups I get password not found.

I have a couple of question:

1. Why does it say "user is not using a valid domain" at the beginning of the log, then it seems to be changing it's mind a few lines down. 2. Why does there seem to be so much back and forth in the log between the wiki and AD.

I am using PHP 5.3 and the latest version of Mediawiki on Windows Server 2008 R2

Thanks,

Wade

Configuration

require_once( "$IP/extensions/LdapAuthentication/LdapAuthentication.php" ); $wgAuth = new LdapAuthenticationPlugin; $wgLDAPDomainNames = array( "DOMAIN" ); $wgLDAPServerNames = array( "DOMAIN" => "DOMAIN002212.DOMAIN.com DOMAIN002211.DOMAIN.com" ); $wgLDAPSearchStrings = array( "DOMAIN" => "USER-NAME@DOMAIN" ); $wgLDAPEncryptionType = array( "DOMAIN" => "clear" ); $wgLDAPUserBaseDNs = array("DOMAIN"=>"ou=Groups,ou=Information Technology,dc=DOMAIN,dc=com"); $wgLDAPGroupBaseDNs = array("DOMAIN"=>"ou=Groups,ou=Information Technology,dc=DOMAIN,dc=com"); $wgLDAPGroupNameAttribute = array("DOMAIN"=>"cn"); $wgLDAPGroupUseFullDN = array("DOMAIN"=>true); $wgLDAPSearchAttributes = array( "DOMAIN" => "sAMAccountName" ); $wgLDAPGroupObjectclass = array( "DOMAIN"=>"group" ); $wgLDAPGroupAttribute = array( "DOMAIN"=>"member" ); $wgLDAPRequiredGroups = array("DOMAIN" => array("cn=ADGROUP,ou=Groups,ou=Information Technology,dc=DOMAIN,dc=com")); $wgLDAPDisableAutoCreate = array( "DOMAIN" => true); $wgLDAPDebug = 3; $wgDebugLogFile = "\log.txt"; $wgDebugLogGroups["ldap"] = "c:/tmp/debug.log" ;
 * 1) LDAP/AD Authentication
 * 1) $wgLDAPLowerCaseUsername = array("DOMAIN"=>true);

Log File

2013-10-23 19:34:28  mtsitwiki: 2.0d Entering validDomain 2013-10-23 19:34:28  mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:34:28  mtsitwiki: 2.0d Pulling domain from session. 2013-10-23 19:34:28  mtsitwiki: 2.0d User is not using a valid domain. 2013-10-23 19:34:28  mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:34:28  mtsitwiki: 2.0d Pulling domain from session. 2013-10-23 19:34:28  mtsitwiki: 2.0d Setting domain as: <(OMAIN) 2013-10-23 19:34:29  mtsitwiki: 2.0d Entering allowPasswordChange 2013-10-23 19:34:29  mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:34:29  mtsitwiki: 2.0d Pulling domain from session. 2013-10-23 19:34:29  mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:34:29  mtsitwiki: 2.0d Pulling domain from session. 2013-10-23 19:34:29  mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:34:29  mtsitwiki: 2.0d Pulling domain from session. 2013-10-23 19:34:29  mtsitwiki: 2.0d Entering modifyUITemplate 2013-10-23 19:34:29  mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:34:29 <ServerName> mtsitwiki: 2.0d Pulling domain from session. 2013-10-23 19:34:29 <ServerName> mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:34:29 <ServerName> mtsitwiki: 2.0d Pulling domain from session. 2013-10-23 19:34:29 <ServerName> mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:34:29 <ServerName> mtsitwiki: 2.0d Pulling domain from session. 2013-10-23 19:34:29 <ServerName> mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:34:29 <ServerName> mtsitwiki: 2.0d Pulling domain from session. 2013-10-23 19:34:29 <ServerName> mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:34:29 <ServerName> mtsitwiki: 2.0d Pulling domain from session. 2013-10-23 19:35:38 <ServerName> mtsitwiki: 2.0d Entering validDomain 2013-10-23 19:35:38 <ServerName> mtsitwiki: 2.0d User is using a valid domain (DOMAIN). 2013-10-23 19:35:38 <ServerName> mtsitwiki: 2.0d Setting domain as: DOMAIN 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering getCanonicalName 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Username is: Wade.courtney 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Pulling domain from session. 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Munged username: Wade.courtney 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering authenticate for username Wade.courtney 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Pulling domain from session. 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Pulling domain from session. 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Pulling domain from session. 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering Connect 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Pulling domain from session. 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Using TLS or not using encryption. 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Pulling domain from session. 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Pulling domain from session. 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Pulling domain from session. 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Pulling domain from session. 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Pulling domain from session. 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Using servers: ldap:/<ADSERVER> ldap://<ADSERVER> 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Pulling domain from session. 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d PHP's LDAP connect method returned true (note, this does not imply it connected to the server). 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Pulling domain from session. 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering getSearchString 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Pulling domain from session. 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Doing a straight bind 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d userdn is: Wade.courtney@<DOMAIN> 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Pulling domain from session. 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Pulling domain from session. 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Binding as the user 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Bound successfully 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Pulling domain from session. 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering getUserDN 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Pulling domain from session. 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Created a regular filter: (sAMAccountName=Wade.courtney) 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering getBaseDN 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Pulling domain from session. 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d basedn is not set for this type of entry, trying to get the default basedn. 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering getBaseDN 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Pulling domain from session. 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d basedn is not set. 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Using base: 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Couldn't find an entry 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Fetched UserDN: 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Pulling domain from session. 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering getGroups 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Pulling domain from session. 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Retrieving LDAP group membership 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Pulling domain from session. 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Pulling domain from session. 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Searching for the groups 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering searchGroups 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering getBaseDN 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Pulling domain from session. 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d basedn is not set for this type of entry, trying to get the default basedn. 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering getBaseDN 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Pulling domain from session. 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d basedn is not set. 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Pulling domain from session. 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Pulling domain from session. 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Pulling domain from session. 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Pulling domain from session. 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d User Filter: (&(distinguishedName=)(objectclass=user)) 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Search string: (&(member=)(objectclass=group)) 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d No entries returned from search. 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Pulling domain from session. 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Pulling domain from session. 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering checkGroups 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Pulling domain from session. 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Pulling domain from session. 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Checking for (new style) group membership 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Required groups: cn= ,ou=groups,ou=information technology,dc=<DOMAIN>,dc=com 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Couldn't find the user in any groups. 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering strict. 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Pulling domain from session. 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Pulling domain from session. 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Returning true in strict. 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering allowPasswordChange 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Pulling domain from session. 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Pulling domain from session. 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Pulling domain from session. 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering modifyUITemplate 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Pulling domain from session. 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Pulling domain from session. 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Pulling domain from session. 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Pulling domain from session. 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Entering getDomain 2013-10-23 19:35:39 <ServerName> mtsitwiki: 2.0d Pulling domain from session.