Thread:Extension talk:LDAP Authentication/LDAPv3 with Kerberos Authentication

Hi, We are using Mediawiki 1.26wmf1 with LdapAuthentication 1.24. Centos 6.2. We are trying to authenticate against a Kerberos realm, pulling users from a LDAP v3 directory. Server apache Kerberos setup is OK. PHP bind to LDAP server works too tested separately. Configuration /debug follows. The wiki will not authenticate. It appears that adding the AutoAuthDomain bit removes the domain chooser. Can't make it work either way. Must be missing something. Any help appreciated. FYI have tried other encryption types. Best regards, Tim.

require_once "$IP/extensions/LdapAuthentication/LdapAutoAuthentication.php"; require_once "$IP/extensions/LdapAuthentication/LdapAuthentication.php"; $wgLDAPDomainNames = array( "rushesfx" ); $wgLDAPServerNames = array( "rushesfx" => "ldap0.rushesfx.co.uk", "rushesfx-kerberos" => "kerberos0.rushesfx.co.uk" ); $wgLDAPEncryptionType = array( "rushesfx" => "clear" ); $wgLDAPSearchStrings = array( "rushesfx" => "uid=USER-NAME,ou=people,dc=rushesfx,dc=co,dc=uk" ); $wgLDAPLowerCaseUsername = array( "rushesfx" => true ); $wgLDAPAutoAuthDomain = "rushesfx-kerberos"; $wgLDAPSearchAttributes = array( "rushesfx" => "uid", "rushesfx-kerberos" => "samaccountname" ); $wgLDAPBaseDNs = array( "rushesfx" => "dc=rushesfx,dc=co,dc=uk", "rushesfx-kerberos" => "dc=rushesfx,dc=co,dc=uk" ); $wgLDAPUseLocal = false; AutoAuthSetup;

2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 User is not using a valid domain. 2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Entering getDomain 2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Setting domain as: rushesfx 2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Entering getCanonicalName 2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Username is: Twharton 2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Entering getDomain 2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Munged username: Twharton 2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Entering getCanonicalName 2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Username is an IP, not munging. 2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Entering getCanonicalName 2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Username is an IP, not munging. 2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Entering getDomain 2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Entering userExists 2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Entering getDomain 2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Entering getDomain 2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Entering authenticate for username Twharton 2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Entering getDomain 2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Entering getDomain 2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Entering getDomain 2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Entering Connect 2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Entering getDomain 2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Using TLS or not using encryption. 2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Entering getDomain 2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Entering getDomain 2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Entering getDomain 2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Using servers: ldap://ldap0.rushesfx.co.uk:389 2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Entering getDomain 2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 PHP's LDAP connect method returned true (note, this does not imply it connected to the server). 2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Entering getSearchString 2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Entering getDomain 2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Doing a straight bind 2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 userdn is: uid=twharton,ou=people,dc=rushesfx,dc=co,dc=uk 2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Entering getDomain 2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Binding as the user 2015-04-10 17:19:16 mediawiki.rushesfx.co.uk mediawiki: 2.1.0 Failed to bind as uid=twharton,ou=people,dc=rushesfx,dc=co,dc=uk