Extension talk:LDAPGroups

About this board

Edit description

Start a new topic

Problem to get groups from LDAP

3 comments • 13:26, 11 March 2024 1 month ago

3

ElogKevinL (talkcontribs)

Hello,

I've problem about this extension i can find my group with ldapsearch but that doesn't work with this extension :

I've blank return with this command :

php extensions/LDAPProvider/maintenance/ShowUserGroups.php --domain domain.local --username myuser

My ldap config :

{

"domain.local": {

"connection": {

"server": "srv-dc1.domain.local",

"port": "389",

"use-tls": "true",

"user": "CN=Mediawiki,OU=My Accounts,dc=domain,dc=local",

"pass": "password",

"enctype": "clear",

"options": {

"LDAP_OPT_DEREF": 1

},

"basedn": "dc=domain,dc=local",

"groupbasedn": "OU=My Groups,dc=domain,dc=local",

"userbasedn": "OU=My Accounts,dc=domain,dc=local",

"searchattribute": "samaccountname",

"usernameattribute": "samaccountname",

"realnameattribute": "cn",

"emailattribute": "mail",

"grouprequest": "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\UserMemberOf::factory",

"presearchusernamemodifiers": [ "spacestounderscores", "lowercase" ]

},

"userinfo": [],

"authorization": {

"rules": {

"groups": {

"required": [ "CN=Mediawiki_Access,OU=My Groups,dc=domain,dc=local" ]

}

},

"groupsync": {

"mapping": {

"engineering": "CN=Mediawiki_Admins,OU=My Groups,dc=domain,dc=local",

"bureaucrat": "CN=Mediawiki_Admins,OU=My Groups,dc=domain,dc=local",

"interface-admin": "CN=Mediawiki_Admins,OU=My Groups,dc=domain,dc=local",

"sysop": "CN=Mediawiki_Admins,OU=My Groups,dc=domain,dc=local"

}

And i've this error into my apache :

Undefined array key "memberof" in /var/lib/mediawiki/extensions/LDAPProvider/src/UserGroupsRequest/UserMemberOf.php

What can i check ?

Regards,

Kévin.

Reply Edited 15:54, 7 March 2024 1 month ago

Osnard (talkcontribs)

Well, apparently the group information is is not stored in the the memberOf field of the of the "user info". Try to use a different value for grouprequest

"MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\GroupMember::factory"
"MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\GroupUniqueMember::factory"
"MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\UserMemberOf::factory"
"MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\Configurable::factory"
"MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\GroupMemberUid::factory"

Depending on the chosen value, additional configuration may be required. See also Extension:LDAPProvider#Domain_config_settings

Reply 07:28, 11 March 2024 1 month ago

ElogKevinL (talkcontribs)

Hello,

Thank you the value GroupMember work !

Regards,

Kévin.

Reply 13:26, 11 March 2024 1 month ago

Reply to "Problem to get groups from LDAP"

Active Directory groups are mapped only on the first access

2 comments • 14:13, 28 June 2023 9 months ago

2

Possebon (talkcontribs)

Hi all,

I've set up LDAP stack, after some time and effort, I was able to make it authenticate with success and have some group info mapped on MediaWiki.

The first user I tested was not member of any AD Group, I logged in MediaWiki the user were created on MediaWiki database. After some troubleshooting, I found out that the userwas not member of groups so I added to a group.

When I go to Special pages and check the privileges of the user, it has none.

I did another test, created a new user on Active Directory, but this user as member of group, and did a login on MediaWiki. The user logged with success and checking on privileges, the user has the groups mapped as set on LDAPProvider.

This is the way that extension works, I mean, it does not reflect changes on groups after the user is created?

Bes regards,

Reply 10:55, 28 June 2023 9 months ago

Osnard (talkcontribs)

No, it should also revoke group membership. Can you please share the exact settings you have made?

Reply 14:13, 28 June 2023 9 months ago

Reply to "Active Directory groups are mapped only on the first access"

LDAPGroups seems to break LDAPProvider

One comment • 10:23, 13 September 2022 1 year ago

1

Artim1996 (talkcontribs)

I've set up LDAPProvider successfully without any problems. But once I activate LDAPGroups it gives me the error

Original exception: [85942cc925c78b2bb06ab606] /index.php/Hauptseite MediaWiki\Extension\LDAPProvider\LDAPNoDomainConfigException from line 60 of /var/www/mediawiki/extensions/LDAPProvider/src/DomainConfigFactory.php: No configuration available for domain 'domain'!

Now I can replace "LDAP" in the ldapprovider.json with the domain, that's alo actually in the table mediawikildap_domains, but that only changes the error to

[a3278aaca2ec924fb8299178] /index.php/Hauptseite TypeError from line 47 of /var/www/mediawiki/includes/config/HashConfig.php: Argument 1 passed to HashConfig::__construct() must be of the type array, null given, called in /var/www/mediawiki/extensions/LDAPProvider/src/DomainConfigFactory.php on line 74

I already tested if the config added to ldapprovider.json makes any trouble, but everything loads fine as long as LDAPGroups is disabled. Now what am I doing wrong?

excerpt from LocalSettings.php:

# LDAP-Authentifizierung

wfLoadExtension( 'LDAPProvider' );

$LDAPProviderDomainConfigs = "/var/www/mediawiki/ldapprovider.json";

wfLoadExtension( 'PluggableAuth' );

$wgPluggableAuth_EnableLocalLogin = false;

$wgPluggableAuth_ButtonLabel = "Anmelden";

wfLoadExtension( 'LDAPAuthentication2' );

$LDAPAuthentication2UsernameNormalizer = 'strtolower';

wfLoadExtension( 'LDAPGroups' );

excerpt from the ldapprovider.json where I added the config

"groupsync": {

"mechanism": "mappedgroups",

"mapping": {

"sysop": "cn=sudoers,ou=groups,dc=domain,dc=de"

}

Reply 10:23, 13 September 2022 1 year ago

Reply to "LDAPGroups seems to break LDAPProvider"

LDAP Group Sync

2 comments • 12:42, 31 May 2022 1 year ago

2

PKvin (talkcontribs)

Hello, i am newbie in mediawiki and i am setting up ldap. I managed to connect the active directory database with media wiki and it works perfectly. However, I still can't sync AD groups with mediawiki groups.

My goal is that only users from the bureaucrat and sysop groups can edit the wiki. Others can only read.

Do you know how to do it? Here is my ldap.json:

{

"xbeta.local": {

"connection": {

"server": "172.45.0.1",

"port": "3268",

"user": "CN=svc_wiki,OU=Cmpt_Serveurs,DC=xbeta,DC=local",

"pass": "//masked",

"enctype": "clear",

"options": {

"LDAP_OPT_DEREF": 1

},

"basedn": "dc=xbeta,dc=local",

"userbasedn": "dc=xbeta,dc=local",

"groupbasedn": "dc=xbeta,dc=local",

"searchattribute": "samaccountname",

"usernameattribute": "samaccountname",

"realnameattribute": "cn",

"emailattribute": "mail",

"grouprequest": "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\UserMemberOf::factory",

"presearchusernamemodifiers": [ "spacestounderscores", "lowercase" ]

},

"userinfo": [],

"authorization": [],

"groupsync": {

"mapping": {

"sysop": "OU=Architecture,OU=DSI,DC=xbeta,DC=local",

"bureaucrat": "OU=Support,OU=DSI,DC=xbeta,DC=local"

}

And a part of my localsetting.php :

// Create Wiki-Group 'engineering' from default user group

$wgGroupPermissions['engineering'] = $wgGroupPermissions['user'];

// Private Wiki. External LDAP login. Default NS requires login.

$wgEmailConfirmToEdit = false;

$wgGroupPermissions['*']['edit'] = false;

$wgGroupPermissions['*']['read'] = true;

$wgGroupPermissions['*']['createaccount'] = false;

$wgGroupPermissions['sysop']['createaccount'] = false;

$wgGroupPermissions['*']['autocreateaccount'] = true;

$wgBlockDisablesLogin = true;

// Load LDAP Config from JSON

$ldapJsonFile = "$IP/ldap.json";

$ldapConfig = false;

if (is_file($ldapJsonFile) && is_dir("$IP/extensions/LDAPProvider")) {

$testJson = @json_decode(file_get_contents($ldapJsonFile),true);

if (is_array($testJson)) {

$ldapConfig = true;

} else {

error_log("Found invalid JSON in file: $IP/ldap.json");

}

// Activate Extension

if ( $ldapConfig ) {

wfLoadExtension( 'PluggableAuth' );

wfLoadExtension( 'LDAPProvider' );

wfLoadExtension( 'LDAPAuthentication2' );

wfLoadExtension( 'LDAPAuthorization' );

wfLoadExtension( 'LDAPUserInfo' );

wfLoadExtension( 'LDAPGroups' );

$LDAPProviderDomainConfigs = $ldapJsonFile;

$wgPluggableAuth_ButtonLabel = "Log in";

// Force LDAPGroups to sync by choosing a domain ( e.g. first JSON object in ldap.json )

$LDAPProviderDefaultDomain = "xbeta.local";

if ($wikiRequestSafe) { $LDAPAuthentication2AllowLocalLogin = true; }

}

# End of automatically generated settings.

# Add more configuration options below.

Thanks a lot for your help !

Reply 08:05, 31 May 2022 1 year ago

Osnard (talkcontribs)

Looks good in general. Have you checked if the following CLI scripts work properly?

php extensions/LDAPProvider/maintenance/CheckLogin.php --domain xbeta.local --username <someusername>
php extensions/LDAPProvider/maintenance/ShowUserInfo.php --domain xbeta.local --username <someusername>
php extensions/LDAPProvider/maintenance/ShowGroups.php --domain xbeta.local --username <someusername>

Reply 12:42, 31 May 2022 1 year ago

Reply to "LDAP Group Sync"

LDAP AD Group "groupsync mapping" to mediawiki group user / administrators

One comment • 16:19, 24 January 2022 2 years ago

1

Melters2022 (talkcontribs)

Hello!

I setup mediawiki 1.35 LTS with an AD LDAP and it works fine so far.

Now i wanted to specify one AD Group in my wiki with user rights and another AD Group with administrator rights.

In my actual setup both specified AD Groups "standard_wiki_users" and "standard_wiki_admins" have only user rights.

Maybe there is some mistake in my idea of setting up this... As i read every user is as standard in group "user", but how can

in specify an AD group additional to group "administrator"?

in Localsettings i configured:

#Create Wiki-Group 'standard_wiki_users' from default user group

$wgGroupPermissions['standard_wiki_users'] = $wgGroupPermissions['user'];

#Load LDAP Config from JSON

$ldapJsonFile = "$IP/ldap.json";

$ldapConfig = false;

if (is_file($ldapJsonFile) && is_dir("$IP/extensions/LDAPProvider")) {

$testJson = @json_decode(file_get_contents($ldapJsonFile),true);

if (is_array($testJson)) {

$ldapConfig = true;

} else {

error_log("Found invalid JSON in file: $IP/ldap.json");

}

In ldap.json in configured:

...

"authorization": {

"rules": {

"groups": {

"required": [

"cn=standard_wiki_users,ou=xyz,dc=test,dc=test,dc=com",

"cn=admin_wiki_users,ou=xyz,dc=test,dc=test,dc=com"

]

}

},

"groupsync": {

"mapping": {

"user": "CN=standard_wiki_users,ou=xyz,dc=test,dc=test,dc=com",

"administrator": "CN=admin_wiki_users,ou=xyz,dc=test,dc=test,dc=com"

}

Thanks!

Reply 16:19, 24 January 2022 2 years ago

Reply to "LDAP AD Group "groupsync mapping" to mediawiki group user / administrators"

How to add groups in ldapprovider.json ?

2 comments • 16:18, 21 January 2022 2 years ago

2

2A01:E0A:8E2:5080:CC25:FC40:A18:E35 (talkcontribs)

I upgrade my wiki to 1.37.1, and in my previous wiki some content was accessible only if the user was in a ldap group.

I set ldap configuration and it works ffine, but I don't know how to add group.

Any idea please ?

Reply 09:22, 21 January 2022 2 years ago

Osnard (talkcontribs)

Hi!

Please have a look at

Reply 16:18, 21 January 2022 2 years ago

Reply to "How to add groups in ldapprovider.json ?"

Groupsync doesn't sync groups

5 comments • 09:55, 29 September 2021 2 years ago

5

Janduwe (talkcontribs)

Hello, I'm trying to sync user groups from my AD source with local groups in my wiki. I'm on MediaWiki 1.35. When logging in there are no user groups synced.

After reading several threads in this page, this is my output from ShowUserGroups.php:

Full DNs:

CN=BG Wiki Admins,OU=023 Software und Tools,OU=02 Benutzergruppen,OU=Steinbeiss,DC=stzegs,DC=ads

CN=BG IT Temp,OU=021 Abteilungen,OU=02 Benutzergruppen,OU=Steinbeiss,DC=stzegs,DC=ads

CN=BG California.pro User,OU=023 Software und Tools,OU=02 Benutzergruppen,OU=Steinbeiss,DC=stzegs,DC=ads

CN=FG Passwort-Zugriffsberechtigte,OU=044 Sonstige,OU=04 Freigabegruppen,OU=Steinbeiss,DC=stzegs,DC=ads

CN=Temporäre Mitarbeiter,OU=_Sicherheitsgruppen_löschen_nach_AD_Abschluss,OU=Steinbeiss,DC=stzegs,DC=ads

CN=V Schreiber,OU=LW-V,OU=04 Freigabegruppen,OU=Steinbeiss,DC=stzegs,DC=ads

Short names:

bg wiki admins

bg it temp

bg california.pro user

fg passwort-zugriffsberechtigte

temporäre mitarbeiter

v schreiber

My LocalSettings.php:

wfLoadExtension( 'LDAPProvider' );

wfLoadExtension( 'PluggableAuth' );

wfLoadExtension( 'LDAPAuthentication2' );

wfLoadExtension( 'LDAPGroups' );

$wgGroupPermissions['bg wiki admins']['read'] = true;

#$LDAPAuthentication2AllowLocalLogin = true;

$LDAPProviderDomainConfigProvider = function() {

$config = [

'LDAP' => [

'connection' => [

"server" => "removed",

"user" => "cn=mrbs,ou=012 Servicezugänge, ou=01 Konten,ou=Steinbeiss,dc=stzegs,dc=ads",

"pass" => "removed",

"options" => [

"LDAP_OPT_DEREF" => 1

],

//"basedn" => "ou=011 Benutzer,ou=01 Konten,ou=Steinbeiss,dc=stzegs,dc=ads",

"basedn" => "ou=Steinbeiss,dc=stzegs,dc=ads",

//"basedn" => "ou=",

"grouprequest"=> "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\UserMemberOf::factory",

"groupbasedn" => "ou=023 Software und Tools,ou=02 Benutzergruppen,ou=Steinbeiss,dc=stzegs,dc=ads",

"userbasedn" => "ou=011 Benutzer,ou=01 Konten,ou=Steinbeiss,dc=stzegs,dc=ads",

"searchattribute" => "samaccountname",

"searchstring" => "STZEGS\\USER-NAME",

"usernameattribute" => "samaccountname",

"realnameattribute" => "cn",

"emailattribute" => "mail"

],

'groupsync' => [

"mechanism" => "mappedgroups",

"mapping" => ["bg wiki admins" => "cn=BG Wiki Admins,ou=023 Software und Tools,ou=02 Benutzergruppen,ou=Steinbeiss,dc=stzegs,dc=ads"]

]

];

return new \MediaWiki\Extension\LDAPProvider\DomainConfigProvider\InlinePHPArray( $config );

};

Please tell me if I'm missing something important here.

Kind regards, Jan

Reply 13:48, 17 September 2021 2 years ago

Osnard (talkcontribs)

Looks all good. Have you tried to enable debug logging?

Reply 07:54, 20 September 2021 2 years ago

Janduwe (talkcontribs)

With enabled debug logging like this:

$LDAPProviderCacheType = CACHE_NONE;

$wgDebugLogGroups['PluggableAuth'] = "PluggableAuth.log";

$wgDebugLogGroups['LDAP'] = "LDAP.log";

$wgDebugLogGroups['MediaWiki\\Extension\\LDAPProvider\\Client'] = "LDAPProvider.log";

$wgDebugLogGroups['LDAPGroups'] = "LDAPGroups.log";

$wgDebugLogGroups['LDAPAuthentication2'] = "LDAPAuthentication.log";

No log file for LDAPGroups shows up when I'm logging in or out with my account on the MediaWiki configuration I am using.

However my LDAP.log file shows that my user is within the group from the AD source:

12 => 'usncreated',

'memberof' =>

array (

'count' => 6,

0 => 'CN=BG Wiki Admins,OU=023 Software und Tools,OU=02 Benutzergruppen,OU=Steinbeiss,DC=stzegs,DC=ads',

1 => 'CN=BG IT Temp,OU=021 Abteilungen,OU=02 Benutzergruppen,OU=Steinbeiss,DC=stzegs,DC=ads',

2 => 'CN=BG California.pro User,OU=023 Software und Tools,OU=02 Benutzergruppen,OU=Steinbeiss,DC=stzegs,DC=ads',

3 => 'CN=FG Passwort-Zugriffsberechtigte,OU=044 Sonstige,OU=04 Freigabegruppen,OU=Steinbeiss,DC=stzegs,DC=ads',

4 => 'CN=Temporäre Mitarbeiter,OU=_Sicherheitsgruppen_löschen_nach_AD_Abschluss,OU=Steinbeiss,DC=stzegs,DC=ads',

5 => 'CN=V Schreiber,OU=LW-V,OU=04 Freigabegruppen,OU=Steinbeiss,DC=stzegs,DC=ads',

I also get a logging file from LDAPProvider and PluggableAuth but I could find no errors related to my issue. Is there anything specific I should be looking for?

I have also run update.php multiple times if that matters and logging in/out works just fine.

Reply 11:45, 21 September 2021 2 years ago

Osnard (talkcontribs)

If you don't have entries in `LDAPGroups.log`, this means the code is not even invoked. Can you please try to set `$LDAPProviderDefaultDomain = "LDAP";`?

Reply 14:21, 22 September 2021 2 years ago

Janduwe (talkcontribs)

Sorry for the late reply, this worked.

Thank you very much for your help.

Reply 09:55, 29 September 2021 2 years ago

Reply to "Groupsync doesn't sync groups"

Look up non-DN attribute as synced group name

One comment • 09:50, 24 June 2021 2 years ago

1

DavidPape (talkcontribs)

Hi,

is it possible to use an attribute which is not part of the DN as the name of a group? My group DNs look something like this:

GroupUID=1234,ou=groups,ou=myou,o=myo,dc=de

This results in a short name (as shown by ShowUserGroups.php) of "1234". The attribute which holds the name that I would like to use instead, is cn.

If I use mappedgroups to sync the groups and manually map the names to the DNs, they are correctly added to the wiki. However, if I use allgroups, they're not. As I understand, this is due to the fact that only groups mentioned in e.g. wgGroupPermissions are added. Obviously I use the groups' cns, not the GroupUIDs in those settings. Can this be done?

Our current Wiki which still uses the old LDAP stack, has this setting $wgLDAPGroupNameAttribute = array('ldap1' => "cn"); which works fine.

Here is my current ldapprovider.json:

{

"MyDomain": {

"connection": {

"server": "ldap.mydomain.de",

"port": 389,

"options": {

"LDAP_OPT_DEREF": 1

},

"basedn": "ou=myou,o=myo,dc=de",

"groupbasedn": "ou=groups,ou=myou,o=myo,dc=de",

"userbasedn": "ou=users,ou=myou,o=myo,dc=de",

"searchattribute": "uid",

"usernameattribute": "uid",

"realnameattribute": "displayName",

"emailattribute": "mail",

"grouprequest": "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\Configurable::factory",

"groupobjectclass": "groupOfNames"

},

"groupsync": {

"mechanism": "allgroups"

}

MediaWiki and LDAP stack relatively up to date on the REL1_35 branches.

Thanks in advance!

Update: I tried using the GroupUID in a group permission and that works with the allgroups mechanism. So the question boils down to "How can I use a different attribute as the name of the group?".

Reply Edited 09:50, 24 June 2021 2 years ago

Reply to "Look up non-DN attribute as synced group name"

canExist() error after enable the add on

16 comments • 07:49, 2 March 2021 3 years ago

16

Mdc-system (talkcontribs)

Hi,

we have an MediaWiki 1.35 running with ldap log in.

The login itself will work, but as soon the LDAPGroups is activated by "wfLoadExtension( 'LDAPGroups');" the wiki is broken with this error:

[X9tJuJ5NS5lDdVqSAx-0PQAAAIU] /index.php?title=Special:ListUsers Error from line 254 of /usr/share/mediawiki/includes/skins/Skin.php: Call to a member function canExist() on null

Backtrace:

#0 /usr/share/mediawiki/skins/Vector/includes/SkinVector.php(45): Skin->getDefaultModules()

#1 /usr/share/mediawiki/includes/OutputPage.php(2497): SkinVector->getDefaultModules()

#2 /usr/share/mediawiki/includes/OutputPage.php(2604): OutputPage->loadSkinModules(SkinVector)

#3 /usr/share/mediawiki/includes/exception/MWException.php(193): OutputPage->output()

#4 /usr/share/mediawiki/includes/exception/MWException.php(231): MWException->reportHTML()

#5 /usr/share/mediawiki/includes/exception/MWExceptionHandler.php(104): MWException->report()

#6 /usr/share/mediawiki/includes/exception/MWExceptionHandler.php(185): MWExceptionHandler::report(MediaWiki\Extension\LDAPProvider\LDAPNoDomainConfigException)

#7 /usr/share/mediawiki/includes/MediaWiki.php(576): MWExceptionHandler::handleException(MediaWiki\Extension\LDAPProvider\LDAPNoDomainConfigException, string)

#8 /usr/share/mediawiki/index.php(53): MediaWiki->run()

#9 /usr/share/mediawiki/index.php(46): wfIndexMain()

#10 {main}

I don't have set any options for the add on in the ldap json config.

Have anyone an idea what goes wrong?

Thanks

Reply 12:15, 17 December 2020 3 years ago

Osnard (talkcontribs)

There is a "LDAPNoDomainConfigException" thrown. Have you set up Extension:LDAPProvider properly?

Reply 12:32, 18 December 2020 3 years ago

Platinops (talkcontribs)

I have a similar issue on MW1.35 after activating Extension:LDAPGroups. It does not occur when I log in with an LDAP user. It does occur when I log in with a local user (selecting domain: local in the login screen).

I do not get a "LDAPNoDomainConfigException" error, just below:

[X994JFZHIlX1ePmkDFot@gAAANY] /index.php?title=Main_Page Error from line 254 of /var/www/html/mediawiki_corporate/includes/skins/Skin.php: Call to a member function canExist() on null

Backtrace:

#0 /var/www/html/mediawiki_corporate/skins/Vector/includes/SkinVector.php(45): Skin->getDefaultModules()
#1 /var/www/html/mediawiki_corporate/includes/OutputPage.php(2497): SkinVector->getDefaultModules()
#2 /var/www/html/mediawiki_corporate/includes/OutputPage.php(2604): OutputPage->loadSkinModules()
#3 /var/www/html/mediawiki_corporate/includes/exception/MWException.php(193): OutputPage->output()
#4 /var/www/html/mediawiki_corporate/includes/exception/MWException.php(231): MWException->reportHTML()
#5 /var/www/html/mediawiki_corporate/includes/exception/MWExceptionHandler.php(104): MWException->report()
#6 /var/www/html/mediawiki_corporate/includes/exception/MWExceptionHandler.php(185): MWExceptionHandler::report()
#7 /var/www/html/mediawiki_corporate/includes/MediaWiki.php(576): MWExceptionHandler::handleException()
#8 /var/www/html/mediawiki_corporate/index.php(53): MediaWiki->run()
#9 /var/www/html/mediawiki_corporate/index.php(46): wfIndexMain()
#10 {main}

Any suggestions?

Reply 16:28, 20 December 2020 3 years ago

Mdc-system (talkcontribs)

In my case an normal ldap login will work until I enable the LDAPGroups.

After update all ldap modules and the wiki itself to 1.35.1, now the error message is other and it wil occurs only after login. Before the update it will occurs on the indx page:

MediaWiki internal error.

Original exception: [X@BO2F1vg--K0uLMuZC7TQAAAZA] /index.php?title=Main_Page MediaWiki\Extension\LDAPProvider\LDAPNoDomainConfigException from line 61 of /usr/share/mediawiki/extensions/LDAPProvider/src/DomainConfigFactory.php: No configuration available for domain 'invaliddomain'!

Backtrace:

#0 /usr/share/mediawiki/extensions/LDAPProvider/src/ClientFactory.php(61): MediaWiki\Extension\LDAPProvider\DomainConfigFactory->factory(string, string)

#1 /usr/share/mediawiki/extensions/LDAPProvider/src/Hook/UserLoadAfterLoadFromSession.php(145): MediaWiki\Extension\LDAPProvider\ClientFactory->getForDomain(string)

#2 /usr/share/mediawiki/extensions/LDAPProvider/src/Hook/UserLoadAfterLoadFromSession.php(101): MediaWiki\Extension\LDAPProvider\Hook\UserLoadAfterLoadFromSession->createLdapClientForDomain()

#3 /usr/share/mediawiki/extensions/LDAPProvider/src/Hook/UserLoadAfterLoadFromSession.php(90): MediaWiki\Extension\LDAPProvider\Hook\UserLoadAfterLoadFromSession->process()

#4 /usr/share/mediawiki/includes/HookContainer/HookContainer.php(320): MediaWiki\Extension\LDAPProvider\Hook\UserLoadAfterLoadFromSession::callback(User)

#5 /usr/share/mediawiki/includes/HookContainer/HookContainer.php(131): MediaWiki\HookContainer\HookContainer->callLegacyHook(string, array, array, array)

#6 /usr/share/mediawiki/includes/HookContainer/HookRunner.php(4347): MediaWiki\HookContainer\HookContainer->run(string, array)

#7 /usr/share/mediawiki/includes/user/User.php(392): MediaWiki\HookContainer\HookRunner->onUserLoadAfterLoadFromSession(User)

#8 /usr/share/mediawiki/includes/user/User.php(2150): User->load()

#9 /usr/share/mediawiki/includes/MediaWiki.php(590): User->getName()

#10 /usr/share/mediawiki/includes/MediaWiki.php(541): MediaWiki->setDBProfilingAgent()

#11 /usr/share/mediawiki/index.php(53): MediaWiki->run()

#12 /usr/share/mediawiki/index.php(46): wfIndexMain()

#13 {main}

Exception caught inside exception handler: [X@BO2F1vg--K0uLMuZC7TQAAAZA] /index.php?title=Main_Page Error from line 254 of /usr/share/mediawiki/includes/skins/Skin.php: Call to a member function canExist() on null

Backtrace:

#0 /usr/share/mediawiki/skins/Vector/includes/SkinVector.php(45): Skin->getDefaultModules()

#1 /usr/share/mediawiki/includes/OutputPage.php(2497): SkinVector->getDefaultModules()

#2 /usr/share/mediawiki/includes/OutputPage.php(2604): OutputPage->loadSkinModules(SkinVector)

#3 /usr/share/mediawiki/includes/exception/MWException.php(193): OutputPage->output()

#4 /usr/share/mediawiki/includes/exception/MWException.php(231): MWException->reportHTML()

#5 /usr/share/mediawiki/includes/exception/MWExceptionHandler.php(104): MWException->report()

#6 /usr/share/mediawiki/includes/exception/MWExceptionHandler.php(185): MWExceptionHandler::report(MediaWiki\Extension\LDAPProvider\LDAPNoDomainConfigException)

#7 /usr/share/mediawiki/includes/MediaWiki.php(576): MWExceptionHandler::handleException(MediaWiki\Extension\LDAPProvider\LDAPNoDomainConfigException, string)

#8 /usr/share/mediawiki/index.php(53): MediaWiki->run()

#9 /usr/share/mediawiki/index.php(46): wfIndexMain()

#10 {main}

Now I use the following LDAP modules:

LDAPAuthentication2 771b91e

LDAPAuthorization e037664

LDAPProvider ca854c1

PluggableAuth 2a465ae

Reply 07:35, 21 December 2020 3 years ago

Osnard (talkcontribs)

@Mdc-system The keyword "invaliddomain" does not come from the extensions code base. It must be defined somewhere in your configuration. Can you share you configuration please? Strip any sesitive information!

@Platinops In you case this is also an Exception that we just do not see properly. Please try to get the exception message, e.g. by adding die( $e->getMessage() ); to includes/exception/MWExceptionHandler.php in line 185. Also see Manual:$wgPropagateErrors.

Reply 14:04, 21 December 2020 3 years ago

Mdc-system (talkcontribs)

Hi @Osnard, here the json for the ldap connection:

{"foo.foo": { "connection": { "server": "foo.foo.foo", "user": "cn=mediawiki,ou=functional_accounts,dc=foo,dc=foo","pass":"XXX": "tls","basedn":"dc=foo,dc=foo","groupbasedn":"dc=foo,dc=foo","userbasedn":"dc=foo,dc=foo",

"searchattribute":"samaccountname","searchstring":"USER-NAME@foo.foo.foo","usernameattribute":"samaccountname",

"realnameattribute":"cn","emailattribute":"mail","grouprequest": "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\Configurable::factory",

"groupobjectclass":"group","groupattribute":"member:1.2.840.113556.1.4.1941:"

},"authorization":{"rules":{"groups": {"required":["cn=mediawiki_users_test1,ou=functional_groups,dc=foo,dc=foo"]}}}}

}

Reply 06:09, 22 December 2020 3 years ago

Osnard (talkcontribs)

Okay. And the PHP config of the extensions? The "invaliddomain" must come from somewhere...

Reply 08:49, 22 December 2020 3 years ago

Mdc-system (talkcontribs)

Here is the output of php -i. I hope, that this is, what you will need :

phpinfo()

PHP Version => 7.3.25

System => Linux XXXX 3.10.0-1160.11.1.el7.x86_64 #1 SMP Fri Dec 18 16:34:56 UTC 2020 x86_64

Build Date => Nov 24 2020 11:10:55

Build System => Red Hat Enterprise Linux Server release 7.9 (Maipo)

Build Provider => Remi's RPM repository <https://rpms.remirepo.net/>

Server API => Command Line Interface

Virtual Directory Support => disabled

Configuration File (php.ini) Path => /etc/opt/remi/php73

Loaded Configuration File => /etc/opt/remi/php73/php.ini

Scan this dir for additional .ini files => /etc/opt/remi/php73/php.d

Additional .ini files parsed => /etc/opt/remi/php73/php.d/10-opcache.ini,

/etc/opt/remi/php73/php.d/20-bz2.ini,

/etc/opt/remi/php73/php.d/20-calendar.ini,

/etc/opt/remi/php73/php.d/20-ctype.ini,

/etc/opt/remi/php73/php.d/20-curl.ini,

/etc/opt/remi/php73/php.d/20-dom.ini,

/etc/opt/remi/php73/php.d/20-exif.ini,

/etc/opt/remi/php73/php.d/20-fileinfo.ini,

/etc/opt/remi/php73/php.d/20-ftp.ini,

/etc/opt/remi/php73/php.d/20-gd.ini,

/etc/opt/remi/php73/php.d/20-gettext.ini,

/etc/opt/remi/php73/php.d/20-iconv.ini,

/etc/opt/remi/php73/php.d/20-intl.ini,

/etc/opt/remi/php73/php.d/20-json.ini,

/etc/opt/remi/php73/php.d/20-ldap.ini,

/etc/opt/remi/php73/php.d/20-mbstring.ini,

/etc/opt/remi/php73/php.d/20-mysqlnd.ini,

/etc/opt/remi/php73/php.d/20-pdo.ini,

/etc/opt/remi/php73/php.d/20-phar.ini,

/etc/opt/remi/php73/php.d/20-simplexml.ini,

/etc/opt/remi/php73/php.d/20-sockets.ini,

/etc/opt/remi/php73/php.d/20-sqlite3.ini,

/etc/opt/remi/php73/php.d/20-tokenizer.ini,

/etc/opt/remi/php73/php.d/20-xml.ini,

/etc/opt/remi/php73/php.d/20-xmlwriter.ini,

/etc/opt/remi/php73/php.d/20-xsl.ini,

/etc/opt/remi/php73/php.d/30-mysqli.ini,

/etc/opt/remi/php73/php.d/30-pdo_mysql.ini,

/etc/opt/remi/php73/php.d/30-pdo_sqlite.ini,

/etc/opt/remi/php73/php.d/30-wddx.ini,

/etc/opt/remi/php73/php.d/30-xmlreader.ini,

/etc/opt/remi/php73/php.d/40-apcu.ini,

/etc/opt/remi/php73/php.d/40-igbinary.ini,

/etc/opt/remi/php73/php.d/40-msgpack.ini,

/etc/opt/remi/php73/php.d/50-apc.ini,

/etc/opt/remi/php73/php.d/50-memcached.ini,

/etc/opt/remi/php73/php.d/mdc_security.ini,

/etc/opt/remi/php73/php.d/mediawiki.ini

PHP API => 20180731

PHP Extension => 20180731

Zend Extension => 320180731

Zend Extension Build => API320180731,NTS

PHP Extension Build => API20180731,NTS

Debug Build => no

Thread Safety => disabled

Zend Signal Handling => enabled

Zend Memory Manager => enabled

Zend Multibyte Support => provided by mbstring

IPv6 Support => enabled

DTrace Support => available, disabled

Registered PHP Streams => https, ftps, compress.zlib, php, file, glob, data, http, ftp, compress.bzip2, phar

Registered Stream Socket Transports => tcp, udp, unix, udg, ssl, sslv3, tls, tlsv1.0, tlsv1.1, tlsv1.2

Registered Stream Filters => zlib.*, string.rot13, string.toupper, string.tolower, string.strip_tags, convert.*, consumed, dechunk, bzip2.*, convert.iconv.*

This program makes use of the Zend Scripting Language Engine:

_______________________________________________________________________

Configuration

apc

APC Compatibility => 1.0.5

apcu

APCu Support => Disabled

Version => 5.1.19

APCu Debugging => Disabled

MMAP Support => Enabled

MMAP File Mask => /tmp/apc.XXXXXX

Serialization Support => Disabled

Build Date => Oct 5 2020 11:29:42

Directive => Local Value => Master Value

apc.coredump_unmap => Off => Off

apc.enable_cli => Off => Off

apc.enabled => On => On

apc.entries_hint => 4096 => 4096

apc.gc_ttl => 3600 => 3600

apc.mmap_file_mask => /tmp/apc.XXXXXX => /tmp/apc.XXXXXX

apc.preload_path => no value => no value

apc.serializer => php => php

apc.shm_segments => 1 => 1

apc.shm_size => 32M => 32M

apc.slam_defense => Off => Off

apc.smart => 0 => 0

apc.ttl => 0 => 0

apc.use_request_time => Off => Off

bz2

BZip2 Support => Enabled

Stream Wrapper support => compress.bzip2://

Stream Filter support => bzip2.decompress, bzip2.compress

BZip2 Version => 1.0.6, 6-Sept-2010

calendar

Calendar support => enabled

Core

PHP Version => 7.3.25

Directive => Local Value => Master Value

allow_url_fopen => On => On

allow_url_include => Off => Off

arg_separator.input => & => &

arg_separator.output => & => &

auto_append_file => no value => no value

auto_globals_jit => On => On

auto_prepend_file => no value => no value

browscap => no value => no value

default_charset => UTF-8 => UTF-8

default_mimetype => text/html => text/html

disable_classes => no value => no value

disable_functions => no value => no value

display_errors => Off => Off

display_startup_errors => Off => Off

doc_root => no value => no value

docref_ext => no value => no value

docref_root => no value => no value

enable_dl => Off => Off

enable_post_data_reading => On => On

error_append_string => no value => no value

error_log => no value => no value

error_prepend_string => no value => no value

error_reporting => 22527 => 22527

expose_php => Off => Off

extension_dir => /opt/remi/php73/root/usr/lib64/php/modules => /opt/remi/php73/root/usr/lib64/php/modules

file_uploads => On => On

hard_timeout => 2 => 2

highlight.comment => #FF8000 => #FF8000

highlight.default => #0000BB => #0000BB

highlight.html => #000000 => #000000

highlight.keyword => #007700 => #007700

highlight.string => #DD0000 => #DD0000

html_errors => Off => Off

ignore_repeated_errors => Off => Off

ignore_repeated_source => Off => Off

ignore_user_abort => Off => Off

implicit_flush => On => On

include_path => .:/opt/remi/php73/root/usr/share/pear:/opt/remi/php73/root/usr/share/php:/usr/share/pear:/usr/share/php => .:/opt/remi/php73/root/usr/share/pear:/opt/remi/php73/root/usr/share/php:/usr/share/pear:/usr/share/php

input_encoding => no value => no value

internal_encoding => no value => no value

log_errors => On => On

log_errors_max_len => 1024 => 1024

mail.add_x_header => Off => Off

mail.force_extra_parameters => no value => no value

mail.log => no value => no value

max_execution_time => 0 => 0

max_file_uploads => 20 => 20

max_input_nesting_level => 64 => 64

max_input_time => -1 => -1

max_input_vars => 1000 => 1000

memory_limit => 128M => 128M

open_basedir => no value => no value

output_buffering => 0 => 0

output_encoding => no value => no value

output_handler => no value => no value

post_max_size => 8M => 8M

precision => 14 => 14

realpath_cache_size => 4096K => 4096K

realpath_cache_ttl => 120 => 120

register_argc_argv => On => On

report_memleaks => On => On

report_zend_debug => Off => Off

request_order => GP => GP

sendmail_from => no value => no value

sendmail_path => /usr/sbin/sendmail -t -i => /usr/sbin/sendmail -t -i

serialize_precision => -1 => -1

short_open_tag => Off => Off

SMTP => localhost => localhost

smtp_port => 25 => 25

sys_temp_dir => no value => no value

syslog.facility => LOG_USER => LOG_USER

syslog.filter => no-ctrl => no-ctrl

syslog.ident => php => php

track_errors => Off => Off

unserialize_callback_func => no value => no value

upload_max_filesize => 2M => 2M

upload_tmp_dir => no value => no value

user_dir => no value => no value

user_ini.cache_ttl => 300 => 300

user_ini.filename => .user.ini => .user.ini

variables_order => GPCS => GPCS

xmlrpc_error_number => 0 => 0

xmlrpc_errors => Off => Off

zend.assertions => -1 => -1

zend.detect_unicode => On => On

zend.enable_gc => On => On

zend.multibyte => Off => Off

zend.script_encoding => no value => no value

zend.signal_check => Off => Off

ctype

ctype functions => enabled

curl

cURL support => enabled

cURL Information => 7.29.0

Age => 3

Features

AsynchDNS => Yes

CharConv => No

Debug => No

GSS-Negotiate => Yes

IDN => Yes

IPv6 => Yes

krb4 => No

Largefile => Yes

libz => Yes

NTLM => Yes

NTLMWB => Yes

SPNEGO => No

SSL => Yes

SSPI => No

TLS-SRP => No

Protocols => dict, file, ftp, ftps, gopher, http, https, imap, imaps, ldap, ldaps, pop3, pop3s, rtsp, scp, sftp, smtp, smtps, telnet, tftp

Host => x86_64-redhat-linux-gnu

SSL Version => NSS/3.53.1

ZLib Version => 1.2.7

libSSH Version => libssh2/1.8.0

Directive => Local Value => Master Value

curl.cainfo => no value => no value

date

date/time support => enabled

timelib version => 2018.04

"Olson" Timezone Database Version => 0.system

Timezone Database => internal

Default timezone => Europe/Berlin

Directive => Local Value => Master Value

date.default_latitude => 31.7667 => 31.7667

date.default_longitude => 35.2333 => 35.2333

date.sunrise_zenith => 90.583333 => 90.583333

date.sunset_zenith => 90.583333 => 90.583333

date.timezone => Europe/Berlin => Europe/Berlin

dom

DOM/XML => enabled

DOM/XML API Version => 20031129

libxml Version => 2.9.1

HTML Support => enabled

XPath Support => enabled

XPointer Support => enabled

Schema Support => enabled

RelaxNG Support => enabled

exif

EXIF Support => enabled

Supported EXIF Version => 0220

Supported filetypes => JPEG, TIFF

Multibyte decoding support using mbstring => enabled

Extended EXIF tag formats => Canon, Casio, Fujifilm, Nikon, Olympus, Samsung, Panasonic, DJI, Sony, Pentax, Minolta, Sigma, Foveon, Kyocera, Ricoh, AGFA, Epson

Directive => Local Value => Master Value

exif.decode_jis_intel => JIS => JIS

exif.decode_jis_motorola => JIS => JIS

exif.decode_unicode_intel => UCS-2LE => UCS-2LE

exif.decode_unicode_motorola => UCS-2BE => UCS-2BE

exif.encode_jis => no value => no value

exif.encode_unicode => ISO-8859-15 => ISO-8859-15

fileinfo

fileinfo support => enabled

libmagic => 533

filter

Input Validation and Filtering => enabled

Directive => Local Value => Master Value

filter.default => unsafe_raw => unsafe_raw

filter.default_flags => no value => no value

ftp

FTP support => enabled

FTPS support => enabled

gd

GD Support => enabled

GD headers Version => 2.3.0

GD library Version => 2.3.0

FreeType Support => enabled

FreeType Linkage => with freetype

FreeType Version => 2.8.0

GIF Read Support => enabled

GIF Create Support => enabled

JPEG Support => enabled

libJPEG Version => 6b

PNG Support => enabled

libPNG Version => 1.5.13

WBMP Support => enabled

XPM Support => enabled

libXpm Version => 30411

XBM Support => enabled

WebP Support => enabled

Directive => Local Value => Master Value

gd.jpeg_ignore_warning => 1 => 1

gettext

GetText Support => enabled

hash

hash support => enabled

Hashing Engines => md2 md4 md5 sha1 sha224 sha256 sha384 sha512/224 sha512/256 sha512 sha3-224 sha3-256 sha3-384 sha3-512 ripemd128 ripemd160 ripemd256 ripemd320 whirlpool tiger128,3 tiger160,3 tiger192,3 tiger128,4 tiger160,4 tiger192,4 snefru snefru256 gost gost-crypto adler32 crc32 crc32b fnv132 fnv1a32 fnv164 fnv1a64 joaat haval128,3 haval160,3 haval192,3 haval224,3 haval256,3 haval128,4 haval160,4 haval192,4 haval224,4 haval256,4 haval128,5 haval160,5 haval192,5 haval224,5 haval256,5

MHASH support => Enabled

MHASH API Version => Emulated Support

iconv

iconv support => enabled

iconv implementation => glibc

iconv library version => 2.17

Directive => Local Value => Master Value

iconv.input_encoding => no value => no value

iconv.internal_encoding => no value => no value

iconv.output_encoding => no value => no value

igbinary

igbinary support => enabled

igbinary version => 3.1.6

igbinary APCu serializer ABI => 0

igbinary session support => yes

Directive => Local Value => Master Value

igbinary.compact_strings => On => On

intl

Internationalization support => enabled

ICU version => 65.1

ICU Data version => 65.1

ICU TZData version => 2019c

ICU Unicode version => 12.1

Directive => Local Value => Master Value

intl.default_locale => no value => no value

intl.error_level => 0 => 0

intl.use_exceptions => 0 => 0

json

json support => enabled

json version => 1.7.0

ldap

LDAP Support => enabled

Total Links => 0/unlimited

API Version => 3001

Vendor Name => OpenLDAP

Vendor Version => 20444

SASL Support => Enabled

Directive => Local Value => Master Value

ldap.max_links => Unlimited => Unlimited

libxml

libXML support => active

libXML Compiled Version => 2.9.1

libXML Loaded Version => 20901

libXML streams => enabled

mbstring

Multibyte Support => enabled

Multibyte string engine => libmbfl

HTTP input encoding translation => disabled

libmbfl version => 1.3.2

oniguruma version => 6.9.6

mbstring extension makes use of "streamable kanji code filter and converter", which is distributed under the GNU Lesser General Public License version 2.1.

Multibyte (japanese) regex support => enabled

Multibyte regex (oniguruma) version => 6.9.6

Directive => Local Value => Master Value

mbstring.detect_order => no value => no value

mbstring.encoding_translation => Off => Off

mbstring.func_overload => 0 => 0

mbstring.http_input => no value => no value

mbstring.http_output => no value => no value

mbstring.http_output_conv_mimetypes => ^(text/|application/xhtml\+xml) => ^(text/|application/xhtml\+xml)

mbstring.internal_encoding => no value => no value

mbstring.language => neutral => neutral

mbstring.regex_stack_limit => 100000 => 100000

mbstring.strict_detection => Off => Off

mbstring.substitute_character => no value => no value

memcached

memcached support => enabled

Version => 3.1.5

libmemcached version => 1.0.18

SASL support => yes

Session support => yes

igbinary support => yes

json support => yes

msgpack support => yes

Directive => Local Value => Master Value

memcached.compression_factor => 1.3 => 1.3

memcached.compression_threshold => 2000 => 2000

memcached.compression_type => fastlz => fastlz

memcached.default_binary_protocol => Off => Off

memcached.default_connect_timeout => 0 => 0

memcached.default_consistent_hash => Off => Off

memcached.serializer => igbinary => igbinary

memcached.sess_binary_protocol => On => On

memcached.sess_connect_timeout => 0 => 0

memcached.sess_consistent_hash => On => On

memcached.sess_consistent_hash_type => ketama => ketama

memcached.sess_lock_expire => 0 => 0

memcached.sess_lock_max_wait => not set => not set

memcached.sess_lock_retries => 5 => 5

memcached.sess_lock_wait => not set => not set

memcached.sess_lock_wait_max => 150 => 150

memcached.sess_lock_wait_min => 150 => 150

memcached.sess_locking => On => On

memcached.sess_number_of_replicas => 0 => 0

memcached.sess_persistent => Off => Off

memcached.sess_prefix => memc.sess.key. => memc.sess.key.

memcached.sess_randomize_replica_read => Off => Off

memcached.sess_remove_failed_servers => Off => Off

memcached.sess_sasl_password => no value => no value

memcached.sess_sasl_username => no value => no value

memcached.sess_server_failure_limit => 0 => 0

memcached.store_retry_count => 2 => 2

msgpack

MessagePack Support => enabled

Session Support => enabled

extension Version => 2.1.2

header Version => 3.2.0

Directive => Local Value => Master Value

msgpack.error_display => On => On

msgpack.illegal_key_insert => Off => Off

msgpack.php_only => On => On

msgpack.use_str8_serialization => On => On

mysqli

MysqlI Support => enabled

Client API library version => mysqlnd 5.0.12-dev - 20150407 - $Id: 7cc7cc96e675f6d72e5cf0f267f48e167c2abb23 $

Active Persistent Links => 0

Inactive Persistent Links => 0

Active Links => 0

Directive => Local Value => Master Value

mysqli.allow_local_infile => Off => Off

mysqli.allow_persistent => On => On

mysqli.default_host => no value => no value

mysqli.default_port => 3306 => 3306

mysqli.default_pw => no value => no value

mysqli.default_socket => /var/lib/mysql/mysql.sock => /var/lib/mysql/mysql.sock

mysqli.default_user => no value => no value

mysqli.max_links => Unlimited => Unlimited

mysqli.max_persistent => Unlimited => Unlimited

mysqli.reconnect => Off => Off

mysqli.rollback_on_cached_plink => Off => Off

mysqlnd

mysqlnd => enabled

Version => mysqlnd 5.0.12-dev - 20150407 - $Id: 7cc7cc96e675f6d72e5cf0f267f48e167c2abb23 $

Compression => supported

core SSL => supported

extended SSL => supported

Command buffer size => 4096

Read buffer size => 32768

Read timeout => 86400

Collecting statistics => Yes

Collecting memory statistics => No

Tracing => n/a

Loaded plugins => mysqlnd,debug_trace,auth_plugin_mysql_native_password,auth_plugin_mysql_clear_password,auth_plugin_sha256_password

API Extensions => mysqli,pdo_mysql

mysqlnd statistics =>

bytes_sent => 0

bytes_received => 0

packets_sent => 0

packets_received => 0

protocol_overhead_in => 0

protocol_overhead_out => 0

bytes_received_ok_packet => 0

bytes_received_eof_packet => 0

bytes_received_rset_header_packet => 0

bytes_received_rset_field_meta_packet => 0

bytes_received_rset_row_packet => 0

bytes_received_prepare_response_packet => 0

bytes_received_change_user_packet => 0

packets_sent_command => 0

packets_received_ok => 0

packets_received_eof => 0

packets_received_rset_header => 0

packets_received_rset_field_meta => 0

packets_received_rset_row => 0

packets_received_prepare_response => 0

packets_received_change_user => 0

result_set_queries => 0

non_result_set_queries => 0

no_index_used => 0

bad_index_used => 0

slow_queries => 0

buffered_sets => 0

unbuffered_sets => 0

ps_buffered_sets => 0

ps_unbuffered_sets => 0

flushed_normal_sets => 0

flushed_ps_sets => 0

ps_prepared_never_executed => 0

ps_prepared_once_executed => 0

rows_fetched_from_server_normal => 0

rows_fetched_from_server_ps => 0

rows_buffered_from_client_normal => 0

rows_buffered_from_client_ps => 0

rows_fetched_from_client_normal_buffered => 0

rows_fetched_from_client_normal_unbuffered => 0

rows_fetched_from_client_ps_buffered => 0

rows_fetched_from_client_ps_unbuffered => 0

rows_fetched_from_client_ps_cursor => 0

rows_affected_normal => 0

rows_affected_ps => 0

rows_skipped_normal => 0

rows_skipped_ps => 0

copy_on_write_saved => 0

copy_on_write_performed => 0

command_buffer_too_small => 0

connect_success => 0

connect_failure => 0

connection_reused => 0

reconnect => 0

pconnect_success => 0

active_connections => 0

active_persistent_connections => 0

explicit_close => 0

implicit_close => 0

disconnect_close => 0

in_middle_of_command_close => 0

explicit_free_result => 0

implicit_free_result => 0

explicit_stmt_close => 0

implicit_stmt_close => 0

mem_emalloc_count => 0

mem_emalloc_amount => 0

mem_ecalloc_count => 0

mem_ecalloc_amount => 0

mem_erealloc_count => 0

mem_erealloc_amount => 0

mem_efree_count => 0

mem_efree_amount => 0

mem_malloc_count => 0

mem_malloc_amount => 0

mem_calloc_count => 0

mem_calloc_amount => 0

mem_realloc_count => 0

mem_realloc_amount => 0

mem_free_count => 0

mem_free_amount => 0

mem_estrndup_count => 0

mem_strndup_count => 0

mem_estrdup_count => 0

mem_strdup_count => 0

mem_edupl_count => 0

mem_dupl_count => 0

proto_text_fetched_null => 0

proto_text_fetched_bit => 0

proto_text_fetched_tinyint => 0

proto_text_fetched_short => 0

proto_text_fetched_int24 => 0

proto_text_fetched_int => 0

proto_text_fetched_bigint => 0

proto_text_fetched_decimal => 0

proto_text_fetched_float => 0

proto_text_fetched_double => 0

proto_text_fetched_date => 0

proto_text_fetched_year => 0

proto_text_fetched_time => 0

proto_text_fetched_datetime => 0

proto_text_fetched_timestamp => 0

proto_text_fetched_string => 0

proto_text_fetched_blob => 0

proto_text_fetched_enum => 0

proto_text_fetched_set => 0

proto_text_fetched_geometry => 0

proto_text_fetched_other => 0

proto_binary_fetched_null => 0

proto_binary_fetched_bit => 0

proto_binary_fetched_tinyint => 0

proto_binary_fetched_short => 0

proto_binary_fetched_int24 => 0

proto_binary_fetched_int => 0

proto_binary_fetched_bigint => 0

proto_binary_fetched_decimal => 0

proto_binary_fetched_float => 0

proto_binary_fetched_double => 0

proto_binary_fetched_date => 0

proto_binary_fetched_year => 0

proto_binary_fetched_time => 0

proto_binary_fetched_datetime => 0

proto_binary_fetched_timestamp => 0

proto_binary_fetched_string => 0

proto_binary_fetched_json => 0

proto_binary_fetched_blob => 0

proto_binary_fetched_enum => 0

proto_binary_fetched_set => 0

proto_binary_fetched_geometry => 0

proto_binary_fetched_other => 0

init_command_executed_count => 0

init_command_failed_count => 0

com_quit => 0

com_init_db => 0

com_query => 0

com_field_list => 0

com_create_db => 0

com_drop_db => 0

com_refresh => 0

com_shutdown => 0

com_statistics => 0

com_process_info => 0

com_connect => 0

com_process_kill => 0

com_debug => 0

com_ping => 0

com_time => 0

com_delayed_insert => 0

com_change_user => 0

com_binlog_dump => 0

com_table_dump => 0

com_connect_out => 0

com_register_slave => 0

com_stmt_prepare => 0

com_stmt_execute => 0

com_stmt_send_long_data => 0

com_stmt_close => 0

com_stmt_reset => 0

com_stmt_set_option => 0

com_stmt_fetch => 0

com_deamon => 0

bytes_received_real_data_normal => 0

bytes_received_real_data_ps => 0

openssl

OpenSSL support => enabled

OpenSSL Library Version => OpenSSL 1.0.2k-fips 26 Jan 2017

OpenSSL Header Version => OpenSSL 1.0.2k 26 Jan 2017

Openssl default config => /etc/pki/tls/openssl.cnf

Directive => Local Value => Master Value

openssl.cafile => no value => no value

openssl.capath => no value => no value

pcntl

pcntl support => enabled

pcre

PCRE (Perl Compatible Regular Expressions) Support => enabled

PCRE Library Version => 10.32 2018-09-10

PCRE Unicode Version => 11.0.0

PCRE JIT Support => enabled

PCRE JIT Target => x86 64bit (little endian + unaligned)

Directive => Local Value => Master Value

pcre.backtrack_limit => 1000000 => 1000000

pcre.jit => 0 => 0

pcre.recursion_limit => 100000 => 100000

PDO

PDO support => enabled

PDO drivers => mysql, sqlite

pdo_mysql

PDO Driver for MySQL => enabled

Client API version => mysqlnd 5.0.12-dev - 20150407 - $Id: 7cc7cc96e675f6d72e5cf0f267f48e167c2abb23 $

Directive => Local Value => Master Value

pdo_mysql.default_socket => /var/lib/mysql/mysql.sock => /var/lib/mysql/mysql.sock

pdo_sqlite

PDO Driver for SQLite 3.x => enabled

SQLite Library => 3.7.17

Phar

Phar: PHP Archive support => enabled

Phar API version => 1.1.1

Phar-based phar archives => enabled

Tar-based phar archives => enabled

ZIP-based phar archives => enabled

gzip compression => enabled

bzip2 compression => enabled

Native OpenSSL support => enabled

Phar based on pear/PHP_Archive, original concept by Davey Shafik.

Phar fully realized by Gregory Beaver and Marcus Boerger.

Directive => Local Value => Master Value

phar.cache_list => no value => no value

phar.readonly => On => On

phar.require_hash => On => On

readline

Readline Support => enabled

Readline library => EditLine wrapper

Directive => Local Value => Master Value

cli.pager => no value => no value

cli.prompt => \b \> => \b \>

Reflection

Reflection => enabled

session

Session Support => enabled

Registered save handlers => files user memcached

Registered serializer handlers => php_serialize php php_binary wddx igbinary msgpack

Directive => Local Value => Master Value

session.auto_start => Off => Off

session.cache_expire => 180 => 180

session.cache_limiter => nocache => nocache

session.cookie_domain => no value => no value

session.cookie_httponly => 1 => 1

session.cookie_lifetime => 0 => 0

session.cookie_path => / => /

session.cookie_samesite => no value => no value

session.cookie_secure => 1 => 1

session.gc_divisor => 1000 => 1000

session.gc_maxlifetime => 1440 => 1440

session.gc_probability => 1 => 1

session.lazy_write => On => On

session.name => PHPSESSID => PHPSESSID

session.referer_check => no value => no value

session.save_handler => files => files

session.save_path => no value => no value

session.serialize_handler => php => php

session.sid_bits_per_character => 5 => 5

session.sid_length => 26 => 26

session.upload_progress.cleanup => On => On

session.upload_progress.enabled => On => On

session.upload_progress.freq => 1% => 1%

session.upload_progress.min_freq => 1 => 1

session.upload_progress.name => PHP_SESSION_UPLOAD_PROGRESS => PHP_SESSION_UPLOAD_PROGRESS

session.upload_progress.prefix => upload_progress_ => upload_progress_

session.use_cookies => 1 => 1

session.use_only_cookies => 1 => 1

session.use_strict_mode => 0 => 0

session.use_trans_sid => 0 => 0

SimpleXML

SimpleXML support => enabled

Schema support => enabled

sockets

Sockets Support => enabled

SPL

SPL support => enabled

Interfaces => OuterIterator, RecursiveIterator, SeekableIterator, SplObserver, SplSubject

Classes => AppendIterator, ArrayIterator, ArrayObject, BadFunctionCallException, BadMethodCallException, CachingIterator, CallbackFilterIterator, DirectoryIterator, DomainException, EmptyIterator, FilesystemIterator, FilterIterator, GlobIterator, InfiniteIterator, InvalidArgumentException, IteratorIterator, LengthException, LimitIterator, LogicException, MultipleIterator, NoRewindIterator, OutOfBoundsException, OutOfRangeException, OverflowException, ParentIterator, RangeException, RecursiveArrayIterator, RecursiveCachingIterator, RecursiveCallbackFilterIterator, RecursiveDirectoryIterator, RecursiveFilterIterator, RecursiveIteratorIterator, RecursiveRegexIterator, RecursiveTreeIterator, RegexIterator, RuntimeException, SplDoublyLinkedList, SplFileInfo, SplFileObject, SplFixedArray, SplHeap, SplMinHeap, SplMaxHeap, SplObjectStorage, SplPriorityQueue, SplQueue, SplStack, SplTempFileObject, UnderflowException, UnexpectedValueException

sqlite3

SQLite3 support => enabled

SQLite Library => 3.7.17

Directive => Local Value => Master Value

sqlite3.extension_dir => no value => no value

standard

Dynamic Library Support => enabled

Path to sendmail => /usr/sbin/sendmail -t -i

Directive => Local Value => Master Value

assert.active => 1 => 1

assert.bail => 0 => 0

assert.callback => no value => no value

assert.exception => 0 => 0

assert.quiet_eval => 0 => 0

assert.warning => 1 => 1

auto_detect_line_endings => 0 => 0

default_socket_timeout => 60 => 60

from => no value => no value

session.trans_sid_hosts => no value => no value

session.trans_sid_tags => a=href,area=href,frame=src,form= => a=href,area=href,frame=src,form=

url_rewriter.hosts => no value => no value

url_rewriter.tags => form= => form=

user_agent => no value => no value

tokenizer

Tokenizer Support => enabled

wddx

WDDX Support => enabled

WDDX Session Serializer => enabled

xml

XML Support => active

XML Namespace Support => active

libxml2 Version => 2.9.1

xmlreader

XMLReader => enabled

xmlwriter

XMLWriter => enabled

xsl

XSL => enabled

libxslt Version => 1.1.28

libxslt compiled against libxml Version => 2.9.1

EXSLT => enabled

libexslt Version => 1.1.28

Zend OPcache

Opcode Caching => Disabled

Optimization => Disabled

SHM Cache => Enabled

File Cache => Disabled

Startup Failed => Opcode Caching is disabled for CLI

Directive => Local Value => Master Value

opcache.blacklist_filename => /etc/opt/remi/php73/php.d/opcache*.blacklist => /etc/opt/remi/php73/php.d/opcache*.blacklist

opcache.consistency_checks => 0 => 0

opcache.dups_fix => Off => Off

opcache.enable => On => On

opcache.enable_cli => Off => Off

opcache.enable_file_override => Off => Off

opcache.error_log => no value => no value

opcache.file_cache => no value => no value

opcache.file_cache_consistency_checks => On => On

opcache.file_cache_only => Off => Off

opcache.file_update_protection => 2 => 2

opcache.force_restart_timeout => 180 => 180

opcache.huge_code_pages => Off => Off

opcache.interned_strings_buffer => 8 => 8

opcache.lockfile_path => /tmp => /tmp

opcache.log_verbosity_level => 1 => 1

opcache.max_accelerated_files => 4000 => 4000

opcache.max_file_size => 0 => 0

opcache.max_wasted_percentage => 5 => 5

opcache.memory_consumption => 128 => 128

opcache.opt_debug_level => 0 => 0

opcache.optimization_level => 0x7FFEBFFF => 0x7FFEBFFF

opcache.preferred_memory_model => no value => no value

opcache.protect_memory => Off => Off

opcache.restrict_api => no value => no value

opcache.revalidate_freq => 2 => 2

opcache.revalidate_path => Off => Off

opcache.save_comments => On => On

opcache.use_cwd => On => On

opcache.validate_permission => Off => Off

opcache.validate_root => Off => Off

opcache.validate_timestamps => On => On

zlib

ZLib Support => enabled

Stream Wrapper => compress.zlib://

Stream Filter => zlib.inflate, zlib.deflate

Compiled Version => 1.2.7

Linked Version => 1.2.7

Directive => Local Value => Master Value

zlib.output_compression => Off => Off

zlib.output_compression_level => -1 => -1

zlib.output_handler => no value => no value

Additional Modules

Module Name

Environment

Variable => Value

MANPATH => /opt/remi/php73/root/usr/share/man::/opt/puppetlabs/puppet/share/man

XDG_SESSION_ID => 23

HOSTNAME => XXXX

SHELL => /bin/bash

TERM => xterm-256color

HISTSIZE => 1000

X_SCLS => php73

USER => root

LD_LIBRARY_PATH => /opt/remi/php73/root/usr/lib64

LS_COLORS => rs=0:di=38;5;27:ln=38;5;51:mh=44;38;5;15:pi=40;38;5;11:so=38;5;13:do=38;5;5:bd=48;5;232;38;5;11:cd=48;5;232;38;5;3:or=48;5;232;38;5;9:mi=05;48;5;232;38;5;15:su=48;5;196;38;5;15:sg=48;5;11;38;5;16:ca=48;5;196;38;5;226:tw=48;5;10;38;5;16:ow=48;5;10;38;5;21:st=48;5;21;38;5;15:ex=38;5;34:*.tar=38;5;9:*.tgz=38;5;9:*.arc=38;5;9:*.arj=38;5;9:*.taz=38;5;9:*.lha=38;5;9:*.lz4=38;5;9:*.lzh=38;5;9:*.lzma=38;5;9:*.tlz=38;5;9:*.txz=38;5;9:*.tzo=38;5;9:*.t7z=38;5;9:*.zip=38;5;9:*.z=38;5;9:*.Z=38;5;9:*.dz=38;5;9:*.gz=38;5;9:*.lrz=38;5;9:*.lz=38;5;9:*.lzo=38;5;9:*.xz=38;5;9:*.bz2=38;5;9:*.bz=38;5;9:*.tbz=38;5;9:*.tbz2=38;5;9:*.tz=38;5;9:*.deb=38;5;9:*.rpm=38;5;9:*.jar=38;5;9:*.war=38;5;9:*.ear=38;5;9:*.sar=38;5;9:*.rar=38;5;9:*.alz=38;5;9:*.ace=38;5;9:*.zoo=38;5;9:*.cpio=38;5;9:*.7z=38;5;9:*.rz=38;5;9:*.cab=38;5;9:*.jpg=38;5;13:*.jpeg=38;5;13:*.gif=38;5;13:*.bmp=38;5;13:*.pbm=38;5;13:*.pgm=38;5;13:*.ppm=38;5;13:*.tga=38;5;13:*.xbm=38;5;13:*.xpm=38;5;13:*.tif=38;5;13:*.tiff=38;5;13:*.png=38;5;13:*.svg=38;5;13:*.svgz=38;5;13:*.mng=38;5;13:*.pcx=38;5;13:*.mov=38;5;13:*.mpg=38;5;13:*.mpeg=38;5;13:*.m2v=38;5;13:*.mkv=38;5;13:*.webm=38;5;13:*.ogm=38;5;13:*.mp4=38;5;13:*.m4v=38;5;13:*.mp4v=38;5;13:*.vob=38;5;13:*.qt=38;5;13:*.nuv=38;5;13:*.wmv=38;5;13:*.asf=38;5;13:*.rm=38;5;13:*.rmvb=38;5;13:*.flc=38;5;13:*.avi=38;5;13:*.fli=38;5;13:*.flv=38;5;13:*.gl=38;5;13:*.dl=38;5;13:*.xcf=38;5;13:*.xwd=38;5;13:*.yuv=38;5;13:*.cgm=38;5;13:*.emf=38;5;13:*.axv=38;5;13:*.anx=38;5;13:*.ogv=38;5;13:*.ogx=38;5;13:*.aac=38;5;45:*.au=38;5;45:*.flac=38;5;45:*.mid=38;5;45:*.midi=38;5;45:*.mka=38;5;45:*.mp3=38;5;45:*.mpc=38;5;45:*.ogg=38;5;45:*.ra=38;5;45:*.wav=38;5;45:*.axa=38;5;45:*.oga=38;5;45:*.spx=38;5;45:*.xspf=38;5;45:

COBBLER_SERVER => 141.80.172.222

MAIL => /var/spool/mail/root

PATH => /opt/remi/php73/root/usr/bin:/opt/remi/php73/root/usr/sbin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/opt/puppetlabs/bin:/root/bin

PWD => /tmp

LANG => en_US.UTF-8

MODULEPATH => /usr/share/Modules/modulefiles:/etc/modulefiles

LOADEDMODULES =>

HISTCONTROL => ignoredups

SHLVL => 3

HOME => /root

LOGNAME => root

MODULESHOME => /usr/share/Modules

LESSOPEN => ||/usr/bin/lesspipe.sh %s

BASH_FUNC_module() => () { eval `/usr/bin/modulecmd bash $*`

}

_ => /opt/remi/php73/root/usr/bin/php

PHP Variables

Variable => Value

$_SERVER['MANPATH'] => /opt/remi/php73/root/usr/share/man::/opt/puppetlabs/puppet/share/man

$_SERVER['XDG_SESSION_ID'] => 23

$_SERVER['HOSTNAME'] => XXXX

$_SERVER['SHELL'] => /bin/bash

$_SERVER['TERM'] => xterm-256color

$_SERVER['HISTSIZE'] => 1000

$_SERVER['X_SCLS'] => php73

$_SERVER['USER'] => root

$_SERVER['LD_LIBRARY_PATH'] => /opt/remi/php73/root/usr/lib64

$_SERVER['LS_COLORS'] => rs=0:di=38;5;27:ln=38;5;51:mh=44;38;5;15:pi=40;38;5;11:so=38;5;13:do=38;5;5:bd=48;5;232;38;5;11:cd=48;5;232;38;5;3:or=48;5;232;38;5;9:mi=05;48;5;232;38;5;15:su=48;5;196;38;5;15:sg=48;5;11;38;5;16:ca=48;5;196;38;5;226:tw=48;5;10;38;5;16:ow=48;5;10;38;5;21:st=48;5;21;38;5;15:ex=38;5;34:*.tar=38;5;9:*.tgz=38;5;9:*.arc=38;5;9:*.arj=38;5;9:*.taz=38;5;9:*.lha=38;5;9:*.lz4=38;5;9:*.lzh=38;5;9:*.lzma=38;5;9:*.tlz=38;5;9:*.txz=38;5;9:*.tzo=38;5;9:*.t7z=38;5;9:*.zip=38;5;9:*.z=38;5;9:*.Z=38;5;9:*.dz=38;5;9:*.gz=38;5;9:*.lrz=38;5;9:*.lz=38;5;9:*.lzo=38;5;9:*.xz=38;5;9:*.bz2=38;5;9:*.bz=38;5;9:*.tbz=38;5;9:*.tbz2=38;5;9:*.tz=38;5;9:*.deb=38;5;9:*.rpm=38;5;9:*.jar=38;5;9:*.war=38;5;9:*.ear=38;5;9:*.sar=38;5;9:*.rar=38;5;9:*.alz=38;5;9:*.ace=38;5;9:*.zoo=38;5;9:*.cpio=38;5;9:*.7z=38;5;9:*.rz=38;5;9:*.cab=38;5;9:*.jpg=38;5;13:*.jpeg=38;5;13:*.gif=38;5;13:*.bmp=38;5;13:*.pbm=38;5;13:*.pgm=38;5;13:*.ppm=38;5;13:*.tga=38;5;13:*.xbm=38;5;13:*.xpm=38;5;13:*.tif=38;5;13:*.tiff=38;5;13:*.png=38;5;13:*.svg=38;5;13:*.svgz=38;5;13:*.mng=38;5;13:*.pcx=38;5;13:*.mov=38;5;13:*.mpg=38;5;13:*.mpeg=38;5;13:*.m2v=38;5;13:*.mkv=38;5;13:*.webm=38;5;13:*.ogm=38;5;13:*.mp4=38;5;13:*.m4v=38;5;13:*.mp4v=38;5;13:*.vob=38;5;13:*.qt=38;5;13:*.nuv=38;5;13:*.wmv=38;5;13:*.asf=38;5;13:*.rm=38;5;13:*.rmvb=38;5;13:*.flc=38;5;13:*.avi=38;5;13:*.fli=38;5;13:*.flv=38;5;13:*.gl=38;5;13:*.dl=38;5;13:*.xcf=38;5;13:*.xwd=38;5;13:*.yuv=38;5;13:*.cgm=38;5;13:*.emf=38;5;13:*.axv=38;5;13:*.anx=38;5;13:*.ogv=38;5;13:*.ogx=38;5;13:*.aac=38;5;45:*.au=38;5;45:*.flac=38;5;45:*.mid=38;5;45:*.midi=38;5;45:*.mka=38;5;45:*.mp3=38;5;45:*.mpc=38;5;45:*.ogg=38;5;45:*.ra=38;5;45:*.wav=38;5;45:*.axa=38;5;45:*.oga=38;5;45:*.spx=38;5;45:*.xspf=38;5;45:

$_SERVER['COBBLER_SERVER'] => 141.80.172.222

$_SERVER['MAIL'] => /var/spool/mail/root

$_SERVER['PATH'] => /opt/remi/php73/root/usr/bin:/opt/remi/php73/root/usr/sbin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/opt/puppetlabs/bin:/root/bin

$_SERVER['PWD'] => /tmp

$_SERVER['LANG'] => en_US.UTF-8

$_SERVER['MODULEPATH'] => /usr/share/Modules/modulefiles:/etc/modulefiles

$_SERVER['LOADEDMODULES'] =>

$_SERVER['HISTCONTROL'] => ignoredups

$_SERVER['SHLVL'] => 3

$_SERVER['HOME'] => /root

$_SERVER['LOGNAME'] => root

$_SERVER['MODULESHOME'] => /usr/share/Modules

$_SERVER['LESSOPEN'] => ||/usr/bin/lesspipe.sh %s

$_SERVER['BASH_FUNC_module()'] => () { eval `/usr/bin/modulecmd bash $*`

}

$_SERVER['_'] => /opt/remi/php73/root/usr/bin/php

$_SERVER['PHP_SELF'] =>

$_SERVER['SCRIPT_NAME'] =>

$_SERVER['SCRIPT_FILENAME'] =>

$_SERVER['PATH_TRANSLATED'] =>

$_SERVER['DOCUMENT_ROOT'] =>

$_SERVER['REQUEST_TIME_FLOAT'] => 1608634298.5898

$_SERVER['REQUEST_TIME'] => 1608634298

$_SERVER['argv'] => Array

(

)

$_SERVER['argc'] => 0

PHP License

This program is free software; you can redistribute it and/or modify

it under the terms of the PHP License as published by the PHP Group

and included in the distribution in the file: LICENSE

This program is distributed in the hope that it will be useful,

but WITHOUT ANY WARRANTY; without even the implied warranty of

MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

If you did not receive a copy of the PHP license, or have any

questions about PHP licensing, please contact license@php.net.

Reply 10:57, 22 December 2020 3 years ago

Osnard (talkcontribs)

No, sorry, I meant the parts of your `LocalSettings.php` file where you configure the extensions (e.g. next to the `wfLoadExtension` calls)

Reply 14:18, 22 December 2020 3 years ago

Mdc-system (talkcontribs)

ok, her it comes:

wfLoadExtension('CiteThisPage');

wfLoadExtension('Cite');

wfLoadExtension('CodeEditor');

wfLoadExtension('ImageMap');

wfLoadExtension('Math');

wfLoadExtension('MultimediaViewer');

wfLoadExtension('ParserFunctions');

wfLoadExtension('PdfHandler');

wfLoadExtension('SyntaxHighlight_GeSHi');

wfLoadExtension('VisualEditor');

wfLoadExtension('WikiEditor');

$wgMinimalPasswordLength = 1;

wfLoadExtension( 'LDAPProvider' );

wfLoadExtension( 'PluggableAuth' );

wfLoadExtension( 'LDAPAuthorization' );

wfLoadExtension( 'LDAPAuthentication2' );

wfLoadExtension( 'LDAPGroups' );

$LDAPProviderDomainConfigs = "$IP/ldapprovider.json";

$LDAPProviderCacheTime = 10; //only 10 seconds cache

$LDAPAuthentication2UsernameNormalizer = "strtolower";

$LDAPAuthentication2AllowLocalLogin = true;

I hope it will help.

Reply 06:05, 23 December 2020 3 years ago

Osnard (talkcontribs)

Hmmm... there is no hint of "invaliddomain". As this is not part of the codebase I can not tell the root cause.

Reply 07:23, 23 December 2020 3 years ago

Platinops (talkcontribs)

Hi Osnard,

I modified includes/exception/MWExceptionHandler.php as you suggested and now get a similar error: No configuration available for domain ''!. Looks like an error from LDAPProvider, but since I saw you reacting to this thread as well and it only shows when enabling LDAPGroups, I thought to continue here anyway.

Note that I only get this message when using in with a local user. I have no issues when logging in with an LDAP user, and groups seem to sync fine.

My configuration is as follows:

wfLoadExtension( 'LDAPProvider' );
$LDAPProviderCacheType = CACHE_DB;
$LDAPProviderDefaultDomain = "mycompany.com";

wfLoadExtension( 'LDAPAuthentication2' );
$LDAPAuthentication2AllowLocalLogin = true;

wfLoadExtension( 'LDAPAuthorization' );

wfLoadExtension( 'LDAPGroups' ); 

$LDAPProviderDomainConfigProvider = function() {
  global $cmpLdapUser;
  global $cmpLdapPass;
  $config = [
    "mycompany.com" => [
      'connection' => [
        "server" => "ldap.mycompany.com",
        "port" => "636",
        "enctype" => "ssl",
        "user" => $cmpLdapUser,
        "pass" => $cmpLdapPass,
        "options" => [ // https://www.php.net/function.ldap-set-option
          "LDAP_OPT_DEREF" => 1
        ],
        "basedn" => "dc=mycompany,dc=com",
        "groupbasedn" => "dc=mycompany,dc=com",
        "userbasedn" => "dc=mycompany,dc=com",
        "searchattribute" => "samaccountname",
        "searchstring" => "MY_COMPANY_NETWORK\\USER-NAME",
        "usernameattribute" => "samaccountname",
        "realnameattribute" => "cn",
        "emailattribute" => "mail",
        "grouprequest" => "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\UserMemberOf::factory"
      ],
      "authorization" =>
      [
        "rules" =>
        [
          "groups" =>
          [
            "required" =>
             [
               "CN=cmp_GAP_WIKI_CORP,OU=LAP_GAP_UAP,OU=GROUPS,OU=_CORP,DC=mycompany,DC=com"
             ]
          ]
        ]
      ],
      "groupsync" =>
      [
        "mechanism" => "mappedgroups",
        "mapping" =>
        [
          "groupx" => "CN=GROUPX,OU=LDP_GDP_UDP,OU=GROUPS,OU=_CORP,DC=mycompany,DC=com"
        ]
      ],
      "userinfo" =>
      [
        "email" => "mail",
        "realname" => "cn",
        "nickname" => "mailNickname"
      ]
    ]
  ];

  return new \MediaWiki\Extension\LDAPProvider\DomainConfigProvider\InlinePHPArray( $config );
};

Thanks in advance for any assistance on this matter.

Reply 14:52, 25 December 2020 3 years ago

83.87.68.239 (talkcontribs)

Hello,

I encountered the the same problem - at first I thought it was an issue with the skin but clearly - once you setup the LDAP stack with $LDAPAuthentication2AllowLocalLogin = true; is seems the be impossible to log in as a local user - LDAP goes just fine - and when I omit loading the LDAP plugins logging in locally also works fine.. When the ldap-plugins are active it DOES NOT UNDERSTAND when someone wants to log in with a local account

[YAf6f-pJgpj5Yk8lRA@qywAAAAg] /mediawiki/ Error from line 254 of ./mediawiki/mediawiki-1.35.0/includes/skins/Skin.php: Call to a member function canExist() on null

Backtrace:

#0 ./mediawiki/mediawiki-1.35.0/skins/Vector/includes/SkinVector.php(45): Skin->getDefaultModules()

#1 ./mediawiki/mediawiki-1.35.0/includes/OutputPage.php(2497): SkinVector->getDefaultModules()

#2 ./mediawiki/mediawiki-1.35.0/includes/OutputPage.php(2604): OutputPage->loadSkinModules(SkinVector)

#3 ./mediawiki/mediawiki-1.35.0/includes/exception/MWException.php(193): OutputPage->output()

#4 ./mediawiki/mediawiki-1.35.0/includes/exception/MWException.php(231): MWException->reportHTML()

#5 ./mediawiki/mediawiki-1.35.0/includes/exception/MWExceptionHandler.php(104): MWException->report()

#6 ./mediawiki/mediawiki-1.35.0/includes/exception/MWExceptionHandler.php(185): MWExceptionHandler::report(MediaWiki\Extension\LDAPProvider\LDAPNoDomainConfigException)

#7 ./mediawiki/mediawiki-1.35.0/includes/MediaWiki.php(576): MWExceptionHandler::handleException(MediaWiki\Extension\LDAPProvider\LDAPNoDomainConfigException, string)

#8 ./mediawiki/mediawiki-1.35.0/index.php(53): MediaWiki->run()

#9 ./mediawiki/mediawiki-1.35.0/index.php(46): wfIndexMain()

#10 {main}

Line #7 is where the error starts and has nothing to do with LDAP but the extension things there is no domain configured - obvious since its a local user.. The ldapextensions are still trying to authentication against the domain when selected "Local" I think this is a bug or something is not pointed out in documentation..According to the configuration documentation adding $LDAPAuthentication2AllowLocalLogin = true; should be enough - Right ?

Some help would really be appreciated on this..

Reply 09:49, 20 January 2021 3 years ago

Sjoerd72 (talkcontribs)

Hello @Osnard,

Any chance to look into this problem?

Regards

Sjoerd

Reply 08:11, 9 February 2021 3 years ago

Osnard (talkcontribs)

Sorry, I didn't have time to look into this. I still do not know where "invaliddomain" comes from. But This might be related to another topic: If there is a "authorization.rules.groups.required" set local accounts are also checked by this. See https://www.mediawiki.org/wiki/Topic:W1z3ujemht3iqxhj

Reply Edited 07:50, 18 February 2021 3 years ago

Sjoerd72 (talkcontribs)

@Osnard I will look into it - Quick check on that link: It looks like the issue in that link is exactly what is happening at my place..

Reply Edited 07:49, 2 March 2021 3 years ago

Reply to "canExist() error after enable the add on"

Problem with getting groups from LDAP

23 comments • 09:21, 19 February 2021 3 years ago

23

Summary by Bozhob

Everything is working properly

Bozhob (talkcontribs)

Hi

I try to get groups in which user is a member from LDAP serwer.

We use Open LDAP witj GOSA, probably the different schema is the cause of the problem.

extensions/LDAPProvider/maintenance/ShowUserGroups.php can't read the groups.

First at all the the search attribute is memberUid, not uid, but after setting "searchattribute" => "memberUid", ShowUserInfo.php stops to work, and I am not aware, how to use different attributes for searching users and groups.

"searchattribute" => "memberUid" also don't resolves the problem with the groups.

Here is part of my LocalSettings.php

<code>

wfLoadExtension( 'PluggableAuth' );

wfLoadExtension( 'LDAPProvider' );

wfLoadExtension( 'LDAPAuthentication2' );

wfLoadExtension( 'LDAPAuthorization' );

wfLoadExtension( 'LDAPUserInfo' );

wfLoadExtension( 'LDAPGroups' );

$LDAPProviderDomainConfigProvider = function()

{

$config =

[

"example.bg" =>

[

"connection" =>

[

"server" => "ldap.example.bg",

"port" => "389",

"enctype" => "clear",

"user" => "cn=admin,dc=example,dc=bg",

"pass" => "****",

"options" => [

// "LDAP_OPT_DEREF" => 1,

"LDAP_DEREF_ALWAYS" => 1

],

"basedn" => "dc=example,dc=bg",

"userbasedn" => "dc=example,dc=bg",

"searchattribute" => "memberUid",

"emailattribute" => "mail",

"groupobjectclass" => "posixGroup",

"groupattribute" => "",

"groupbasedn" => "dc=example,dc=bg",

//"grouprequest" => "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\GroupMember::factory"

"grouprequest" => "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\Configurable::factory",

],

"authorization" =>

[

"rules" =>

[

"groups" =>

[

]

],

"groupsync" =>

[

"mechanism" => "allgroups",

"locally-managed" => [ "local", "wiki", "group", "names" ]

]

],

"userinfo" =>

[

]

];

return new \MediaWiki\Extension\LDAPProvider\DomainConfigProvider\InlinePHPArray( $config );

};

</code>

This non works and in the log file I see:

<code>

Jun 11 16:24:10 gosa slapd[12258]: conn=357601 fd=44 ACCEPT from IP=100.100.10.1:48104 (IP=0.0.0.0:389)

Jun 11 16:24:10 gosa slapd[12258]: conn=357601 op=0 BIND dn="cn=admin,dc=example,dc=bg" method=128

Jun 11 16:24:10 gosa slapd[12258]: conn=357601 op=0 BIND dn="cn=admin,dc=example,dc=bg" mech=SIMPLE ssf=0

Jun 11 16:24:10 gosa slapd[12258]: conn=357601 op=0 RESULT tag=97 err=0 text=

Jun 11 16:24:10 gosa slapd[12258]: conn=357601 op=1 SRCH base="dc=example,dc=bg" scope=2 deref=0 filter="(memberUid=bozhotest)"

Jun 11 16:24:10 gosa slapd[12258]: conn=357601 op=1 SRCH attr=* memberof

Jun 11 16:24:10 gosa slapd[12258]: <= bdb_equality_candidates: (memberUid) not indexed

Jun 11 16:24:10 gosa slapd[12258]: conn=357601 op=1 SEARCH RESULT tag=101 err=0 nentries=5 text=

Jun 11 16:24:10 gosa slapd[12258]: conn=357601 op=2 SRCH base="dc=example,dc=bg" scope=2 deref=0 filter="(&(objectClass=*)(cn=cn=calgroup_example,ou=groups,dc=example,dc=bg))"

Jun 11 16:24:10 gosa slapd[12258]: conn=357601 op=2 SRCH attr=dn

Jun 11 16:24:10 gosa slapd[12258]: <= bdb_equality_candidates: (cn) not indexed

Jun 11 16:24:10 gosa slapd[12258]: conn=357601 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text=

Jun 11 16:24:10 gosa slapd[12258]: conn=357601 op=3 UNBIND

Jun 11 16:24:10 gosa slapd[12258]: conn=357601 fd=44 closed

</code>

With ldapsearch:

ldapsearch -x -a always -b "dc=example,dc=bg" "(memberUid=bozhotest)"

returns the groups and the record in the log file is:

<code>

Jun 11 12:12:07 gosa slapd[12258]: conn=354613 fd=268 ACCEPT from IP=127.0.0.1:59392 (IP=0.0.0.0:389)

Jun 11 12:12:07 gosa slapd[12258]: conn=354613 op=0 BIND dn="cn=admin,dc=example,dc=bg" method=128

Jun 11 12:12:07 gosa slapd[12258]: conn=354613 op=0 BIND dn="cn=admin,dc=example,dc=bg" mech=SIMPLE ssf=0

Jun 11 12:12:07 gosa slapd[12258]: conn=354613 op=0 RESULT tag=97 err=0 text=

Jun 11 12:12:07 gosa slapd[12258]: conn=354613 op=1 SRCH base="dc=example,dc=bg" scope=2 deref=3 filter="(memberUid=bozhotest)"

Jun 11 12:12:07 gosa slapd[12258]: conn=354613 op=1 SRCH attr=cn sn uid postalAddress telephoneNumber

Jun 11 12:12:07 gosa slapd[12258]: <= bdb_equality_candidates: (memberUid) not indexed

Jun 11 12:12:07 gosa slapd[12258]: conn=354613 op=1 SEARCH RESULT tag=101 err=0 nentries=5 text=

Jun 11 12:12:07 gosa slapd[12258]: conn=354613 op=2 SRCH base="cn=calgroup_example,ou=groups,dc=example,dc=bg" scope=0 deref=0 filter="(&(objectClass=*))"

Jun 11 12:12:07 gosa slapd[12258]: conn=354613 op=2 SRCH attr=* +

Jun 11 12:12:07 gosa slapd[12258]: conn=354613 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=

Jun 11 12:12:07 gosa slapd[12258]: conn=354613 op=3 SRCH base="cn=calgroup_zastrahovateli,ou=groups,dc=example,dc=bg" scope=0 deref=0 filter="(&(objectClass=*))"

Jun 11 12:12:07 gosa slapd[12258]: conn=354613 op=3 SRCH attr=* +

etc.

</code>

The main differences in the two logs, as I can see are:

Jun 11 16:24:10 gosa slapd[12258]: conn=357601 op=2 SRCH base="dc=example,dc=bg" scope=2 deref=0 filter="(&(objectClass=*)(cn=cn=calgroup_example,ou=groups,dc=example,dc=bg))"

and

Jun 11 12:12:07 gosa slapd[12258]: conn=354613 op=2 SRCH base="cn=calgroup_example,ou=groups,dc=example,dc=bg" scope=0 deref=0 filter="(&(objectClass=*))"

Aslo probably this:

SRCH attr=* memberof

and

SRCH attr=* +

Which parameters have I to change, to achive both searches to work?

Thank you in advacne

Bozho

14:46, 11 June 2020 3 years ago

Osnard (talkcontribs)

Have you tried setting different values for `connection.grouprequest`? I believe "UserMemberOf" may work. See Extension:LDAPProvider#Domain_config_settings for details.

06:55, 12 June 2020 3 years ago

Bozhob (talkcontribs)

I set

"grouprequest" => "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\UserMemberOf::factory",

but I receive

PHP Notice: Undefined index: memberof in LDAPProvider/src/UserGroupsRequest/UserMemberOf.php on line 19

what other have I to add to the config?

11:59, 12 June 2020 3 years ago

Bozhob (talkcontribs)

Actually I think, that this case is very complicated. In given LDAP schema there are no any attribute for a user, pointing in which groups he\she is member. Instead in the groups users are listed. Example:

cn=wikiadmins,ou=groups,l=wikiusers,dc=example,dc=bg?memberUid?sub?(objectClass=posixGroup)

memberUid - an array containg UIDs of group members

So the problem seems too difficult to resolve.

Using "searchattribute" => "memberUid"

In log file I can see response from the LDAP - there actually are listed all the groups user is member in with full list of attributes:

...snip...

4 =>

array (

'cn' =>

array (

'count' => 1,

0 => 'wikiadmins',

),

0 => 'cn',

'gidnumber' =>

array (

'count' => 1,

0 => '1027',

),

1 => 'gidnumber',

'memberuid' =>

array (

'count' => 3,

0 => 'test1',

1 => 'test2',

2 => 'bozhotest',

),

2 => 'memberuid',

'labeleduri' =>

array (

'count' => 1,

0 => 'ldap:///cn=wikiadmins,ou=groups,l=wikiusers,dc=example,dc=bg?memberUid?sub?(objectClass=posixGroup)',

),

3 => 'labeleduri',

'objectclass' =>

array (

'count' => 3,

0 => 'top',

1 => 'posixGroup',

2 => 'labeledURIObject',

),

4 => 'objectclass',

'count' => 5,

'dn' => 'cn=wikiadmins,ou=groups,l=wikiusers,dc=example,dc=bg',

),

May be I have to try to modify extensions/LDAPProvider/src/UserGroupsRequest/UserMemberOf.php

instead of return new GroupList( $res['memberof'] ); to set a loop foreach to get 'cn' values

17:34, 12 June 2020 3 years ago

Osnard (talkcontribs)

Yes, you will probably need to implement a new `UserGroupsRequest`. Could you please share your solution so I can add it to the extension?

08:57, 15 June 2020 3 years ago

Bozhob (talkcontribs)

Hi Robert

I have achieved some success, but I need a bit of help.

Of course, I will post all the code I wrote, but there are many things to tune.

I wrote a new file UserGosaMember.php and class UserGosaMember, and now the result from

php extensions/LDAPProvider/maintenance/ShowUserGroups.php --domain example.bg --username bozhotest

is a list of the names of the groups, having the user as a member:

Full DNs:

calgroup_test1

calgroup_zastrahovateli

calgroup_klienti

wikiadmins

Short names:

But I suppose this is not the proper output. I have not opportunity to test with another kind of LDAP to see the proper results.

According to the log above, this group names should be in the section Short names I suppose.

My question is, how the other functions which use the result from the 'UserGroupsRequest' functions expect to "see" the result.

Which is the proper format?

14:37, 16 June 2020 3 years ago

Bozhob (talkcontribs)

Hi

I have some progress

The result now is

php extensions/LDAPProvider/maintenance/ShowUserGroups.php --domain example.bg --username bozhotest

Full DNs:

cn=calgroup_example,ou=groups,dc=example,dc=bg

cn=calgroup_zastrahovateli,ou=groups,dc=example,dc=bg

cn=calgroup_klienti,ou=groups,dc=example,dc=bg

cn=wikiadmins,ou=groups,l=wikiusers,dc=example,dc=bg

Short names:

calgroup_test1

calgroup_zastrahovateli

calgroup_klienti

wikiadmins

This blank line after Full DNs: looks suspicious, but I suppose this is the right format I need to achieve.

But from the wiki page still groups are not visible.

10:16, 17 June 2020 3 years ago

Bozhob (talkcontribs)

Here I put the code I wrote

First, I found out that function getUserDN from /extensions/LDAPProvider/src/Client.php returns all information about the groups which have the user as a member, if searchattr is set to memberUid. So I copied getUserDN to a new a member function in Client.php where I added $searchattr = "memberUid"; in the begging and instead of return $userdn I set return $this->userInfo;

I know there is wiser ways to do the same, but being in a hurry I leave it at that for now.

So I wrote a class UserGosaMember in extensions/LDAPProvider/src/UserGroupsRequest/UserGosaMember.php -

"grouprequest" => "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\UserGosaMember::factory", should be used in Localsettings.php

namespace MediaWiki\Extension\LDAPProvider\UserGroupsRequest;



use MediaWiki\Extension\LDAPProvider\ClientConfig;
use MediaWiki\Extension\LDAPProvider\EscapedString;
use MediaWiki\Extension\LDAPProvider\GroupList;
use MediaWiki\Extension\LDAPProvider\UserGroupsRequest;
use MWException;



class UserGosaMember extends UserGroupsRequest {

             /**
              * @param string $username to get the groups for
              * @return GroupList
              */
             public function getUserGroups( $username ) {

             $userInfo =  $this->ldapClient->getGosaGroups( $username ) ;
                           $baseDN = $this->config->get( ClientConfig::GROUP_BASE_DN );
                           $dn = 'dn';
                           if ( $baseDN ===  ) {
                                         $baseDN = null;
                           }

 $ret = [];
 foreach ($userInfo as $res){
    $ret[] = $res['dn'];
 }

  return new GroupList( $ret );

} //getUserGroups;

}//class

The $userInfo variable contains an array:

array(6) {</nowiki>

 ["count"]=>
 int(5)
 [0]=>
 array(12) {
   ["gidnumber"]=>
   array(2) {
     ["count"]=>
     int(1)
     [0]=>
     string(4) "2010"
   }
   [0]=>
   string(9) "gidnumber"
   ["description"]=>
   array(2) {
     ["count"]=>
     int(1)
     [0]=>
     string(47) "Comment"
   }
   [1]=>
   string(11) "description"
   ["cn"]=>
   array(2) {
     ["count"]=>
     int(1)
     [0]=>
     string(18) "calgroup_test"
   }
   [2]=>
   string(2) "cn"
   ["memberuid"]=>
   array(414) {
     ["count"]=>
     int(413)
     [0]=>
     string(5) "test1"
     [1]=>
     string(5) "test2"

................

     [412]=>
     string(13) "wiki-readonly"
   }
   [3]=>
   string(9) "memberuid"
   ["objectclass"]=>
   array(3) {
     ["count"]=>
     int(2)
     [0]=>
     string(3) "top"
     [1]=>
     string(10) "posixGroup"
   }
   [4]=>
   string(11) "objectclass"
   ["count"]=>
   int(5)
   ["dn"]=>
   string(50) "cn=calgroup_test1,ou=groups,dc=example,dc=bg"
 }
 [1]=>
 array(12) {
   ["cn"]=>
   array(2) {
     ["count"]=>
     int(1)
     [0]=>
     string(23) "calgroup_zastrahovateli"
   }

.......

Edited 12:45, 17 June 2020 3 years ago

Bozhob (talkcontribs)

A step further. I added "presearchusernamemodifiers" => ["lowercase"]

in Localsettings.php

and in the debug info in apache log file now I can see the groups listed. But still synchronization doesn't work. When I try to check is Special pages-> User rights, or Settings, LDAP groups are missing.

15:12, 18 June 2020 3 years ago

Osnard (talkcontribs)

First of all, thank you for sharing the code! I will try to incorporate this into the extension, but can not give any timeframe for it.

If "ShowUserGroups.php" properly lists the groups already, then we are almost there. I can see that you are using the "allgroups" mechanism. Please be aware that the groups will only be synced if they are actually available (somewhere configured by `wgGroupPermissions`) in the wiki. Otherwise syncing will not work.

Edited 07:37, 19 June 2020 3 years ago

Bozhob (talkcontribs)

Yes, I know that. I have set $wgGroupPermissions['wikiadmins']['edit'] = true; $wgGroupPermissions['wikiadmins']['read'] = true;

and similar for the other groups, that have to be synchronized. I tried to use

 "mechanism" => "mappedgroups",
 "mapping" => [
        "wbaseaccess" => "cn=wbaseaccess,ou=groups,l=wikiusers,dc=example,dc=bg",
        "wexperts"    => "cn=wexperts,ou=groups,l=wikiusers,dc=example,dc=bg",
        "wikiadmins"  => "cn=wikiadmins,ou=groups,l=wikiusers,dc=example,dc=bg",
        "wstaff"      => "cn=wstaff,ou=groups,l=wikiusers,dc=example,dc=bg"
  ]

instead of all groups. Now I receive "Member of: mapping" which confuses me.

Edited by Osnard 07:38, 19 June 2020 3 years ago

Osnard (talkcontribs)

Where do you receive "Member of: mapping"? Can you please share a debug-log of when you log into the wiki?

Edited 07:43, 19 June 2020 3 years ago

This post was hidden by Bozhob (history)

Bozhob (talkcontribs)

Sorry This was my mistake! When I switched to "mechanism" => "mappedgroups", I have doubled "mapping" => [ declaration. Now things seem are OK. I'll will make some tests, before mark the case as solved. This variant satisfied me. I'll try to investigate why "allgroups" still doesn't work, probably because another mistake I have made. But I thing that the wiki is now completely usable. Thnak you for your help!

10:15, 19 June 2020 3 years ago

Bozhob (talkcontribs)

Everything looks good. So I consider the case is solved. For further questions I will open new post. Thank you very much again!

12:05, 19 June 2020 3 years ago

Bozhob (talkcontribs)

Hi Osnard, Sorry that I opened this discussion again. I found that, if a LDAP(OGSA) user logs in for the firs time in the wiki everything with the groups goes OK, but if the user had logged before the software does not check LDAP groups. I tried, if I delete the user from the MYSQL database and he login again, the groups are properly loaded from LDAP. How is it posible to force wiki to check for LDAP groups every time when user logs. Probably I missed a config parameter, but I can't find which one.

Edited 08:50, 16 December 2020 3 years ago

Osnard (talkcontribs)

Usually group sync is done on every log in and once an hour during a running user session. Can you please set up debug logging just for the LDAPGroupSync extension and check what is being reported over time?

07:22, 16 December 2020 3 years ago

Bozhob (talkcontribs)

In my LocalSettings.php I set: $wgDebugLogGroups = array(

  'PluggableAuth' => '/tmp/pa.log',

  'LDAP' => '/tmp/LDAP.log',

  'LDAPAuthentication2' => '/tmp/auth2.log',

  'LDAPAuthorization' => '/tmp/authz.log',

  'MediaWiki\\Extension\\LDAPProvider\\Client' => '/tmp/client.log',

   'LDAPGroups' => '/tmp/grp.log',

  'LDAPUserInfo' => '/tmp/user.log',

);

I tried also

 'MediaWiki\\Extension\\LDAPGroups\\GroupSyncProcess' => '/tmp/grp.log',

in '/tmp/grp.log' appears information only when a user is logged for a first time:

2020-12-15 15:54:58 wikibrokerins wikidb-mw_: Adding 'wiki-admins' to 'Bozhotest'.
2020-12-15 18:14:15 wikibrokerins wikidb-mw_: Adding 'wiki-staff' to 'Wiki-limited'.
2020-12-15 18:24:21 wikibrokerins wikidb-mw_: Adding 'wiki-baseaccess' to 'Wiki-readonly'.

Edited 08:55, 16 December 2020 3 years ago

Osnard (talkcontribs)

The issue could be, that it can not find the proper domain [1] for the user. Try setting $LDAPProviderDefaultDomain = "<domain-as-configured-in-ldapprovider-settings>"

[1] https://github.com/wikimedia/mediawiki-extensions-LDAPProvider/blob/1.0.4/src/Hook/UserLoadAfterLoadFromSession.php#L98-L100

Edited 16:34, 16 December 2020 3 years ago

Bozhob (talkcontribs)

Seems that this solved the problem! I will test some days, but I mean that everything is OK now. Thank you. I'd wish ask you, if a user is removed from a group in LDAP, he remains in wiki data base in the same group and should be removed from the sql. Perhaps there is no such function in LdapProvider, or I missed something?

Edited 17:26, 16 December 2020 3 years ago

Osnard (talkcontribs)

Good to hear! A user disabled in LDAP will not be removed from the wiki DB automatically. Have a look at the extension LDAPSyncAll [1]. It will query the LDAP regularly and disable unauthorized or removed users on the wiki DB. But be aware, this extension is quite new and hat no documentation yet.

[1] https://www.github.com/wikimedia/mediawiki-extensions-LDAPSyncAll

07:21, 17 December 2020 3 years ago

Bozhob (talkcontribs)

Thank you again!

07:24, 17 December 2020 3 years ago