Thread:Extension talk:LDAP Authentication/Trouble with Group Restricted Login

I found the recent thread on this, but trying the suggested methods in there didn't help me out, so I'm still missing something. I can login without group based restriction turned on with no problems, so it's got to be something in the setup of the groups.

I'm getting the following output: Entering validDomain User is using a valid domain. Setting domain as: OURDOMAIN Entering getCanonicalName Username isn't empty. Munged username: Cburton Entering authenticate

Entering Connect Using TLS or not using encryption. Using servers: ldap://dc01.ourdomain.com Connected successfully Lowercasing the username: Cburton Entering getSearchString Doing a straight bind userdn is: OURDOMAIN\cburton

Binding as the user Bound successfully Entering getUserDN Created a regular filter: (=cburton) Entering getBaseDN basedn is ou=Employees,dc=ourdomain,dc=com Using base: ou=Employees,dc=trellisware,dc=com Couldn't find an entry Pulled the user's DN: Checking for (new style) group membership Entering isMemberOfRequiredLdapGroup Required groups:cn=eng,ou=security groups,dc=ourdomain,dc=com Entering getUserGroups Entering getGroups Entering getBaseDN basedn is ou=Security Groups,dc=ourdomain,dc=com Search string: (&(=)(objectclass=)) No entries returned from search. Couldn't find the user in any groups (1). Entering strict. Returning true in strict. Entering allowPasswordChange Entering modifyUITemplate

This is my config. I switched out our actual domain for OURDOMAIN and ourdomain where applicable, just in case. $wgAuth = new LdapAuthenticationPlugin; $wgLDAPDomainNames = array('OURDOMAIN'); $wgLDAPServerNames = array('OURDOMAIN' => 'dc01.ourdomain.com'); $wgLDAPSearchStrings = array('OURDOMAIN' => 'OURDOMAIN\\USER-NAME'); $wgLDAPEncryptionType = array('OURDOMAIN' => 'clear'); $wgLDAPLowerCaseUsername = array("OURDOMAIN"=>true); $wgLDAPGroupNameAttribute = array("OURDOMAIN"=>"cn"); $wgLDAPBaseDNs = array("OURDOMAIN"=>"dc=ourdomain,dc=com"); $wgLDAPGroupBaseDNs = array("OURDOMAIN"=>"ou=Security Groups,dc=ourdomain,dc=com"); $wgLDAPUserBaseDNs = array("OURDOMAIN"=>"ou=Employees,dc=ourdomain,dc=com"); $wgLDAPRequiredGroups = array("OURDOMAIN"=>array("CN=Eng,OU=Security Groups,DC=ourdomain,DC=com")); $wgLDAPGroupUseFullDN = array("OURDOMAIN"=>true); $wgLDAPDebug = 3;
 * 1) LDAP Authentication Configuration