Extension talk:LDAPGroups

Jump to navigation Jump to search

About this board

canExist() error after enable the add on

16
Mdc-system (talkcontribs)

Hi,

we have an MediaWiki 1.35 running with ldap log in.

The login itself will work, but as soon the LDAPGroups is activated by "wfLoadExtension( 'LDAPGroups');" the wiki is broken with this error:


[X9tJuJ5NS5lDdVqSAx-0PQAAAIU] /index.php?title=Special:ListUsers Error from line 254 of /usr/share/mediawiki/includes/skins/Skin.php: Call to a member function canExist() on null

Backtrace:

#0 /usr/share/mediawiki/skins/Vector/includes/SkinVector.php(45): Skin->getDefaultModules()

#1 /usr/share/mediawiki/includes/OutputPage.php(2497): SkinVector->getDefaultModules()

#2 /usr/share/mediawiki/includes/OutputPage.php(2604): OutputPage->loadSkinModules(SkinVector)

#3 /usr/share/mediawiki/includes/exception/MWException.php(193): OutputPage->output()

#4 /usr/share/mediawiki/includes/exception/MWException.php(231): MWException->reportHTML()

#5 /usr/share/mediawiki/includes/exception/MWExceptionHandler.php(104): MWException->report()

#6 /usr/share/mediawiki/includes/exception/MWExceptionHandler.php(185): MWExceptionHandler::report(MediaWiki\Extension\LDAPProvider\LDAPNoDomainConfigException)

#7 /usr/share/mediawiki/includes/MediaWiki.php(576): MWExceptionHandler::handleException(MediaWiki\Extension\LDAPProvider\LDAPNoDomainConfigException, string)

#8 /usr/share/mediawiki/index.php(53): MediaWiki->run()

#9 /usr/share/mediawiki/index.php(46): wfIndexMain()

#10 {main}


I don't have set any options for the add on in the ldap json config.

Have anyone an idea what goes wrong?

Thanks

Osnard (talkcontribs)
Platinops (talkcontribs)

I have a similar issue on MW1.35 after activating Extension:LDAPGroups. It does not occur when I log in with an LDAP user. It does occur when I log in with a local user (selecting domain: local in the login screen).

I do not get a "LDAPNoDomainConfigException" error, just below:

[X994JFZHIlX1ePmkDFot@gAAANY] /index.php?title=Main_Page Error from line 254 of /var/www/html/mediawiki_corporate/includes/skins/Skin.php: Call to a member function canExist() on null

Backtrace:

#0 /var/www/html/mediawiki_corporate/skins/Vector/includes/SkinVector.php(45): Skin->getDefaultModules()
#1 /var/www/html/mediawiki_corporate/includes/OutputPage.php(2497): SkinVector->getDefaultModules()
#2 /var/www/html/mediawiki_corporate/includes/OutputPage.php(2604): OutputPage->loadSkinModules()
#3 /var/www/html/mediawiki_corporate/includes/exception/MWException.php(193): OutputPage->output()
#4 /var/www/html/mediawiki_corporate/includes/exception/MWException.php(231): MWException->reportHTML()
#5 /var/www/html/mediawiki_corporate/includes/exception/MWExceptionHandler.php(104): MWException->report()
#6 /var/www/html/mediawiki_corporate/includes/exception/MWExceptionHandler.php(185): MWExceptionHandler::report()
#7 /var/www/html/mediawiki_corporate/includes/MediaWiki.php(576): MWExceptionHandler::handleException()
#8 /var/www/html/mediawiki_corporate/index.php(53): MediaWiki->run()
#9 /var/www/html/mediawiki_corporate/index.php(46): wfIndexMain()
#10 {main}

Any suggestions?

Mdc-system (talkcontribs)

In my case an normal ldap login will work until I enable the LDAPGroups.

After update all ldap modules and the wiki itself to 1.35.1, now the error message is other and it wil occurs only after login. Before the update it will occurs on the indx page:

MediaWiki internal error.


Original exception: [X@BO2F1vg--K0uLMuZC7TQAAAZA] /index.php?title=Main_Page MediaWiki\Extension\LDAPProvider\LDAPNoDomainConfigException from line 61 of /usr/share/mediawiki/extensions/LDAPProvider/src/DomainConfigFactory.php: No configuration available for domain 'invaliddomain'!

Backtrace:

#0 /usr/share/mediawiki/extensions/LDAPProvider/src/ClientFactory.php(61): MediaWiki\Extension\LDAPProvider\DomainConfigFactory->factory(string, string)

#1 /usr/share/mediawiki/extensions/LDAPProvider/src/Hook/UserLoadAfterLoadFromSession.php(145): MediaWiki\Extension\LDAPProvider\ClientFactory->getForDomain(string)

#2 /usr/share/mediawiki/extensions/LDAPProvider/src/Hook/UserLoadAfterLoadFromSession.php(101): MediaWiki\Extension\LDAPProvider\Hook\UserLoadAfterLoadFromSession->createLdapClientForDomain()

#3 /usr/share/mediawiki/extensions/LDAPProvider/src/Hook/UserLoadAfterLoadFromSession.php(90): MediaWiki\Extension\LDAPProvider\Hook\UserLoadAfterLoadFromSession->process()

#4 /usr/share/mediawiki/includes/HookContainer/HookContainer.php(320): MediaWiki\Extension\LDAPProvider\Hook\UserLoadAfterLoadFromSession::callback(User)

#5 /usr/share/mediawiki/includes/HookContainer/HookContainer.php(131): MediaWiki\HookContainer\HookContainer->callLegacyHook(string, array, array, array)

#6 /usr/share/mediawiki/includes/HookContainer/HookRunner.php(4347): MediaWiki\HookContainer\HookContainer->run(string, array)

#7 /usr/share/mediawiki/includes/user/User.php(392): MediaWiki\HookContainer\HookRunner->onUserLoadAfterLoadFromSession(User)

#8 /usr/share/mediawiki/includes/user/User.php(2150): User->load()

#9 /usr/share/mediawiki/includes/MediaWiki.php(590): User->getName()

#10 /usr/share/mediawiki/includes/MediaWiki.php(541): MediaWiki->setDBProfilingAgent()

#11 /usr/share/mediawiki/index.php(53): MediaWiki->run()

#12 /usr/share/mediawiki/index.php(46): wfIndexMain()

#13 {main}


Exception caught inside exception handler: [X@BO2F1vg--K0uLMuZC7TQAAAZA] /index.php?title=Main_Page Error from line 254 of /usr/share/mediawiki/includes/skins/Skin.php: Call to a member function canExist() on null

Backtrace:

#0 /usr/share/mediawiki/skins/Vector/includes/SkinVector.php(45): Skin->getDefaultModules()

#1 /usr/share/mediawiki/includes/OutputPage.php(2497): SkinVector->getDefaultModules()

#2 /usr/share/mediawiki/includes/OutputPage.php(2604): OutputPage->loadSkinModules(SkinVector)

#3 /usr/share/mediawiki/includes/exception/MWException.php(193): OutputPage->output()

#4 /usr/share/mediawiki/includes/exception/MWException.php(231): MWException->reportHTML()

#5 /usr/share/mediawiki/includes/exception/MWExceptionHandler.php(104): MWException->report()

#6 /usr/share/mediawiki/includes/exception/MWExceptionHandler.php(185): MWExceptionHandler::report(MediaWiki\Extension\LDAPProvider\LDAPNoDomainConfigException)

#7 /usr/share/mediawiki/includes/MediaWiki.php(576): MWExceptionHandler::handleException(MediaWiki\Extension\LDAPProvider\LDAPNoDomainConfigException, string)

#8 /usr/share/mediawiki/index.php(53): MediaWiki->run()

#9 /usr/share/mediawiki/index.php(46): wfIndexMain()

#10 {main}


Now I use the following LDAP modules:

LDAPAuthentication2 771b91e

LDAPAuthorization e037664

LDAPProvider ca854c1

PluggableAuth 2a465ae

Osnard (talkcontribs)

@Mdc-system The keyword "invaliddomain" does not come from the extensions code base. It must be defined somewhere in your configuration. Can you share you configuration please? Strip any sesitive information!

@Platinops In you case this is also an Exception that we just do not see properly. Please try to get the exception message, e.g. by adding die( $e->getMessage() ); to includes/exception/MWExceptionHandler.php in line 185. Also see Manual:$wgPropagateErrors.

Mdc-system (talkcontribs)

Hi @Osnard, here the json for the ldap connection:

{"foo.foo": { "connection": { "server": "foo.foo.foo", "user": "cn=mediawiki,ou=functional_accounts,dc=foo,dc=foo","pass":"XXX": "tls","basedn":"dc=foo,dc=foo","groupbasedn":"dc=foo,dc=foo","userbasedn":"dc=foo,dc=foo",

"searchattribute":"samaccountname","searchstring":"USER-NAME@foo.foo.foo","usernameattribute":"samaccountname",

"realnameattribute":"cn","emailattribute":"mail","grouprequest": "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\Configurable::factory",

"groupobjectclass":"group","groupattribute":"member:1.2.840.113556.1.4.1941:"

},"authorization":{"rules":{"groups": {"required":["cn=mediawiki_users_test1,ou=functional_groups,dc=foo,dc=foo"]}}}}

}

Osnard (talkcontribs)

Okay. And the PHP config of the extensions? The "invaliddomain" must come from somewhere...

Mdc-system (talkcontribs)

Here is the output of php -i. I hope, that this is, what you will need :


phpinfo()

PHP Version => 7.3.25

System => Linux XXXX 3.10.0-1160.11.1.el7.x86_64 #1 SMP Fri Dec 18 16:34:56 UTC 2020 x86_64

Build Date => Nov 24 2020 11:10:55

Build System => Red Hat Enterprise Linux Server release 7.9 (Maipo)

Build Provider => Remi's RPM repository <https://rpms.remirepo.net/>

Server API => Command Line Interface

Virtual Directory Support => disabled

Configuration File (php.ini) Path => /etc/opt/remi/php73

Loaded Configuration File => /etc/opt/remi/php73/php.ini

Scan this dir for additional .ini files => /etc/opt/remi/php73/php.d

Additional .ini files parsed => /etc/opt/remi/php73/php.d/10-opcache.ini,

/etc/opt/remi/php73/php.d/20-bz2.ini,

/etc/opt/remi/php73/php.d/20-calendar.ini,

/etc/opt/remi/php73/php.d/20-ctype.ini,

/etc/opt/remi/php73/php.d/20-curl.ini,

/etc/opt/remi/php73/php.d/20-dom.ini,

/etc/opt/remi/php73/php.d/20-exif.ini,

/etc/opt/remi/php73/php.d/20-fileinfo.ini,

/etc/opt/remi/php73/php.d/20-ftp.ini,

/etc/opt/remi/php73/php.d/20-gd.ini,

/etc/opt/remi/php73/php.d/20-gettext.ini,

/etc/opt/remi/php73/php.d/20-iconv.ini,

/etc/opt/remi/php73/php.d/20-intl.ini,

/etc/opt/remi/php73/php.d/20-json.ini,

/etc/opt/remi/php73/php.d/20-ldap.ini,

/etc/opt/remi/php73/php.d/20-mbstring.ini,

/etc/opt/remi/php73/php.d/20-mysqlnd.ini,

/etc/opt/remi/php73/php.d/20-pdo.ini,

/etc/opt/remi/php73/php.d/20-phar.ini,

/etc/opt/remi/php73/php.d/20-simplexml.ini,

/etc/opt/remi/php73/php.d/20-sockets.ini,

/etc/opt/remi/php73/php.d/20-sqlite3.ini,

/etc/opt/remi/php73/php.d/20-tokenizer.ini,

/etc/opt/remi/php73/php.d/20-xml.ini,

/etc/opt/remi/php73/php.d/20-xmlwriter.ini,

/etc/opt/remi/php73/php.d/20-xsl.ini,

/etc/opt/remi/php73/php.d/30-mysqli.ini,

/etc/opt/remi/php73/php.d/30-pdo_mysql.ini,

/etc/opt/remi/php73/php.d/30-pdo_sqlite.ini,

/etc/opt/remi/php73/php.d/30-wddx.ini,

/etc/opt/remi/php73/php.d/30-xmlreader.ini,

/etc/opt/remi/php73/php.d/40-apcu.ini,

/etc/opt/remi/php73/php.d/40-igbinary.ini,

/etc/opt/remi/php73/php.d/40-msgpack.ini,

/etc/opt/remi/php73/php.d/50-apc.ini,

/etc/opt/remi/php73/php.d/50-memcached.ini,

/etc/opt/remi/php73/php.d/mdc_security.ini,

/etc/opt/remi/php73/php.d/mediawiki.ini

PHP API => 20180731

PHP Extension => 20180731

Zend Extension => 320180731

Zend Extension Build => API320180731,NTS

PHP Extension Build => API20180731,NTS

Debug Build => no

Thread Safety => disabled

Zend Signal Handling => enabled

Zend Memory Manager => enabled

Zend Multibyte Support => provided by mbstring

IPv6 Support => enabled

DTrace Support => available, disabled

Registered PHP Streams => https, ftps, compress.zlib, php, file, glob, data, http, ftp, compress.bzip2, phar

Registered Stream Socket Transports => tcp, udp, unix, udg, ssl, sslv3, tls, tlsv1.0, tlsv1.1, tlsv1.2

Registered Stream Filters => zlib.*, string.rot13, string.toupper, string.tolower, string.strip_tags, convert.*, consumed, dechunk, bzip2.*, convert.iconv.*

This program makes use of the Zend Scripting Language Engine:

Zend Engine v3.3.25, Copyright (c) 1998-2018 Zend Technologies

with Zend OPcache v7.3.25, Copyright (c) 1999-2018, by Zend Technologies

_______________________________________________________________________

Configuration

apc

APC Compatibility => 1.0.5

apcu

APCu Support => Disabled

Version => 5.1.19

APCu Debugging => Disabled

MMAP Support => Enabled

MMAP File Mask => /tmp/apc.XXXXXX

Serialization Support => Disabled

Build Date => Oct 5 2020 11:29:42

Directive => Local Value => Master Value

apc.coredump_unmap => Off => Off

apc.enable_cli => Off => Off

apc.enabled => On => On

apc.entries_hint => 4096 => 4096

apc.gc_ttl => 3600 => 3600

apc.mmap_file_mask => /tmp/apc.XXXXXX => /tmp/apc.XXXXXX

apc.preload_path => no value => no value

apc.serializer => php => php

apc.shm_segments => 1 => 1

apc.shm_size => 32M => 32M

apc.slam_defense => Off => Off

apc.smart => 0 => 0

apc.ttl => 0 => 0

apc.use_request_time => Off => Off

bz2

BZip2 Support => Enabled

Stream Wrapper support => compress.bzip2://

Stream Filter support => bzip2.decompress, bzip2.compress

BZip2 Version => 1.0.6, 6-Sept-2010

calendar

Calendar support => enabled

Core

PHP Version => 7.3.25

Directive => Local Value => Master Value

allow_url_fopen => On => On

allow_url_include => Off => Off

arg_separator.input => & => &

arg_separator.output => & => &

auto_append_file => no value => no value

auto_globals_jit => On => On

auto_prepend_file => no value => no value

browscap => no value => no value

default_charset => UTF-8 => UTF-8

default_mimetype => text/html => text/html

disable_classes => no value => no value

disable_functions => no value => no value

display_errors => Off => Off

display_startup_errors => Off => Off

doc_root => no value => no value

docref_ext => no value => no value

docref_root => no value => no value

enable_dl => Off => Off

enable_post_data_reading => On => On

error_append_string => no value => no value

error_log => no value => no value

error_prepend_string => no value => no value

error_reporting => 22527 => 22527

expose_php => Off => Off

extension_dir => /opt/remi/php73/root/usr/lib64/php/modules => /opt/remi/php73/root/usr/lib64/php/modules

file_uploads => On => On

hard_timeout => 2 => 2

highlight.comment => <font style="color: #FF8000">#FF8000</font> => <font style="color: #FF8000">#FF8000</font>

highlight.default => <font style="color: #0000BB">#0000BB</font> => <font style="color: #0000BB">#0000BB</font>

highlight.html => <font style="color: #000000">#000000</font> => <font style="color: #000000">#000000</font>

highlight.keyword => <font style="color: #007700">#007700</font> => <font style="color: #007700">#007700</font>

highlight.string => <font style="color: #DD0000">#DD0000</font> => <font style="color: #DD0000">#DD0000</font>

html_errors => Off => Off

ignore_repeated_errors => Off => Off

ignore_repeated_source => Off => Off

ignore_user_abort => Off => Off

implicit_flush => On => On

include_path => .:/opt/remi/php73/root/usr/share/pear:/opt/remi/php73/root/usr/share/php:/usr/share/pear:/usr/share/php => .:/opt/remi/php73/root/usr/share/pear:/opt/remi/php73/root/usr/share/php:/usr/share/pear:/usr/share/php

input_encoding => no value => no value

internal_encoding => no value => no value

log_errors => On => On

log_errors_max_len => 1024 => 1024

mail.add_x_header => Off => Off

mail.force_extra_parameters => no value => no value

mail.log => no value => no value

max_execution_time => 0 => 0

max_file_uploads => 20 => 20

max_input_nesting_level => 64 => 64

max_input_time => -1 => -1

max_input_vars => 1000 => 1000

memory_limit => 128M => 128M

open_basedir => no value => no value

output_buffering => 0 => 0

output_encoding => no value => no value

output_handler => no value => no value

post_max_size => 8M => 8M

precision => 14 => 14

realpath_cache_size => 4096K => 4096K

realpath_cache_ttl => 120 => 120

register_argc_argv => On => On

report_memleaks => On => On

report_zend_debug => Off => Off

request_order => GP => GP

sendmail_from => no value => no value

sendmail_path => /usr/sbin/sendmail -t -i => /usr/sbin/sendmail -t -i

serialize_precision => -1 => -1

short_open_tag => Off => Off

SMTP => localhost => localhost

smtp_port => 25 => 25

sys_temp_dir => no value => no value

syslog.facility => LOG_USER => LOG_USER

syslog.filter => no-ctrl => no-ctrl

syslog.ident => php => php

track_errors => Off => Off

unserialize_callback_func => no value => no value

upload_max_filesize => 2M => 2M

upload_tmp_dir => no value => no value

user_dir => no value => no value

user_ini.cache_ttl => 300 => 300

user_ini.filename => .user.ini => .user.ini

variables_order => GPCS => GPCS

xmlrpc_error_number => 0 => 0

xmlrpc_errors => Off => Off

zend.assertions => -1 => -1

zend.detect_unicode => On => On

zend.enable_gc => On => On

zend.multibyte => Off => Off

zend.script_encoding => no value => no value

zend.signal_check => Off => Off

ctype

ctype functions => enabled

curl

cURL support => enabled

cURL Information => 7.29.0

Age => 3

Features

AsynchDNS => Yes

CharConv => No

Debug => No

GSS-Negotiate => Yes

IDN => Yes

IPv6 => Yes

krb4 => No

Largefile => Yes

libz => Yes

NTLM => Yes

NTLMWB => Yes

SPNEGO => No

SSL => Yes

SSPI => No

TLS-SRP => No

Protocols => dict, file, ftp, ftps, gopher, http, https, imap, imaps, ldap, ldaps, pop3, pop3s, rtsp, scp, sftp, smtp, smtps, telnet, tftp

Host => x86_64-redhat-linux-gnu

SSL Version => NSS/3.53.1

ZLib Version => 1.2.7

libSSH Version => libssh2/1.8.0

Directive => Local Value => Master Value

curl.cainfo => no value => no value

date

date/time support => enabled

timelib version => 2018.04

"Olson" Timezone Database Version => 0.system

Timezone Database => internal

Default timezone => Europe/Berlin

Directive => Local Value => Master Value

date.default_latitude => 31.7667 => 31.7667

date.default_longitude => 35.2333 => 35.2333

date.sunrise_zenith => 90.583333 => 90.583333

date.sunset_zenith => 90.583333 => 90.583333

date.timezone => Europe/Berlin => Europe/Berlin

dom

DOM/XML => enabled

DOM/XML API Version => 20031129

libxml Version => 2.9.1

HTML Support => enabled

XPath Support => enabled

XPointer Support => enabled

Schema Support => enabled

RelaxNG Support => enabled

exif

EXIF Support => enabled

Supported EXIF Version => 0220

Supported filetypes => JPEG, TIFF

Multibyte decoding support using mbstring => enabled

Extended EXIF tag formats => Canon, Casio, Fujifilm, Nikon, Olympus, Samsung, Panasonic, DJI, Sony, Pentax, Minolta, Sigma, Foveon, Kyocera, Ricoh, AGFA, Epson

Directive => Local Value => Master Value

exif.decode_jis_intel => JIS => JIS

exif.decode_jis_motorola => JIS => JIS

exif.decode_unicode_intel => UCS-2LE => UCS-2LE

exif.decode_unicode_motorola => UCS-2BE => UCS-2BE

exif.encode_jis => no value => no value

exif.encode_unicode => ISO-8859-15 => ISO-8859-15

fileinfo

fileinfo support => enabled

libmagic => 533

filter

Input Validation and Filtering => enabled

Directive => Local Value => Master Value

filter.default => unsafe_raw => unsafe_raw

filter.default_flags => no value => no value

ftp

FTP support => enabled

FTPS support => enabled

gd

GD Support => enabled

GD headers Version => 2.3.0

GD library Version => 2.3.0

FreeType Support => enabled

FreeType Linkage => with freetype

FreeType Version => 2.8.0

GIF Read Support => enabled

GIF Create Support => enabled

JPEG Support => enabled

libJPEG Version => 6b

PNG Support => enabled

libPNG Version => 1.5.13

WBMP Support => enabled

XPM Support => enabled

libXpm Version => 30411

XBM Support => enabled

WebP Support => enabled

Directive => Local Value => Master Value

gd.jpeg_ignore_warning => 1 => 1

gettext

GetText Support => enabled

hash

hash support => enabled

Hashing Engines => md2 md4 md5 sha1 sha224 sha256 sha384 sha512/224 sha512/256 sha512 sha3-224 sha3-256 sha3-384 sha3-512 ripemd128 ripemd160 ripemd256 ripemd320 whirlpool tiger128,3 tiger160,3 tiger192,3 tiger128,4 tiger160,4 tiger192,4 snefru snefru256 gost gost-crypto adler32 crc32 crc32b fnv132 fnv1a32 fnv164 fnv1a64 joaat haval128,3 haval160,3 haval192,3 haval224,3 haval256,3 haval128,4 haval160,4 haval192,4 haval224,4 haval256,4 haval128,5 haval160,5 haval192,5 haval224,5 haval256,5

MHASH support => Enabled

MHASH API Version => Emulated Support

iconv

iconv support => enabled

iconv implementation => glibc

iconv library version => 2.17

Directive => Local Value => Master Value

iconv.input_encoding => no value => no value

iconv.internal_encoding => no value => no value

iconv.output_encoding => no value => no value

igbinary

igbinary support => enabled

igbinary version => 3.1.6

igbinary APCu serializer ABI => 0

igbinary session support => yes

Directive => Local Value => Master Value

igbinary.compact_strings => On => On

intl

Internationalization support => enabled

ICU version => 65.1

ICU Data version => 65.1

ICU TZData version => 2019c

ICU Unicode version => 12.1

Directive => Local Value => Master Value

intl.default_locale => no value => no value

intl.error_level => 0 => 0

intl.use_exceptions => 0 => 0

json

json support => enabled

json version => 1.7.0

ldap

LDAP Support => enabled

Total Links => 0/unlimited

API Version => 3001

Vendor Name => OpenLDAP

Vendor Version => 20444

SASL Support => Enabled

Directive => Local Value => Master Value

ldap.max_links => Unlimited => Unlimited

libxml

libXML support => active

libXML Compiled Version => 2.9.1

libXML Loaded Version => 20901

libXML streams => enabled

mbstring

Multibyte Support => enabled

Multibyte string engine => libmbfl

HTTP input encoding translation => disabled

libmbfl version => 1.3.2

oniguruma version => 6.9.6

mbstring extension makes use of "streamable kanji code filter and converter", which is distributed under the GNU Lesser General Public License version 2.1.

Multibyte (japanese) regex support => enabled

Multibyte regex (oniguruma) version => 6.9.6

Directive => Local Value => Master Value

mbstring.detect_order => no value => no value

mbstring.encoding_translation => Off => Off

mbstring.func_overload => 0 => 0

mbstring.http_input => no value => no value

mbstring.http_output => no value => no value

mbstring.http_output_conv_mimetypes => ^(text/|application/xhtml\+xml) => ^(text/|application/xhtml\+xml)

mbstring.internal_encoding => no value => no value

mbstring.language => neutral => neutral

mbstring.regex_stack_limit => 100000 => 100000

mbstring.strict_detection => Off => Off

mbstring.substitute_character => no value => no value

memcached

memcached support => enabled

Version => 3.1.5

libmemcached version => 1.0.18

SASL support => yes

Session support => yes

igbinary support => yes

json support => yes

msgpack support => yes

Directive => Local Value => Master Value

memcached.compression_factor => 1.3 => 1.3

memcached.compression_threshold => 2000 => 2000

memcached.compression_type => fastlz => fastlz

memcached.default_binary_protocol => Off => Off

memcached.default_connect_timeout => 0 => 0

memcached.default_consistent_hash => Off => Off

memcached.serializer => igbinary => igbinary

memcached.sess_binary_protocol => On => On

memcached.sess_connect_timeout => 0 => 0

memcached.sess_consistent_hash => On => On

memcached.sess_consistent_hash_type => ketama => ketama

memcached.sess_lock_expire => 0 => 0

memcached.sess_lock_max_wait => not set => not set

memcached.sess_lock_retries => 5 => 5

memcached.sess_lock_wait => not set => not set

memcached.sess_lock_wait_max => 150 => 150

memcached.sess_lock_wait_min => 150 => 150

memcached.sess_locking => On => On

memcached.sess_number_of_replicas => 0 => 0

memcached.sess_persistent => Off => Off

memcached.sess_prefix => memc.sess.key. => memc.sess.key.

memcached.sess_randomize_replica_read => Off => Off

memcached.sess_remove_failed_servers => Off => Off

memcached.sess_sasl_password => no value => no value

memcached.sess_sasl_username => no value => no value

memcached.sess_server_failure_limit => 0 => 0

memcached.store_retry_count => 2 => 2

msgpack

MessagePack Support => enabled

Session Support => enabled

extension Version => 2.1.2

header Version => 3.2.0

Directive => Local Value => Master Value

msgpack.error_display => On => On

msgpack.illegal_key_insert => Off => Off

msgpack.php_only => On => On

msgpack.use_str8_serialization => On => On

mysqli

MysqlI Support => enabled

Client API library version => mysqlnd 5.0.12-dev - 20150407 - $Id: 7cc7cc96e675f6d72e5cf0f267f48e167c2abb23 $

Active Persistent Links => 0

Inactive Persistent Links => 0

Active Links => 0

Directive => Local Value => Master Value

mysqli.allow_local_infile => Off => Off

mysqli.allow_persistent => On => On

mysqli.default_host => no value => no value

mysqli.default_port => 3306 => 3306

mysqli.default_pw => no value => no value

mysqli.default_socket => /var/lib/mysql/mysql.sock => /var/lib/mysql/mysql.sock

mysqli.default_user => no value => no value

mysqli.max_links => Unlimited => Unlimited

mysqli.max_persistent => Unlimited => Unlimited

mysqli.reconnect => Off => Off

mysqli.rollback_on_cached_plink => Off => Off

mysqlnd

mysqlnd => enabled

Version => mysqlnd 5.0.12-dev - 20150407 - $Id: 7cc7cc96e675f6d72e5cf0f267f48e167c2abb23 $

Compression => supported

core SSL => supported

extended SSL => supported

Command buffer size => 4096

Read buffer size => 32768

Read timeout => 86400

Collecting statistics => Yes

Collecting memory statistics => No

Tracing => n/a

Loaded plugins => mysqlnd,debug_trace,auth_plugin_mysql_native_password,auth_plugin_mysql_clear_password,auth_plugin_sha256_password

API Extensions => mysqli,pdo_mysql

mysqlnd statistics =>

bytes_sent => 0

bytes_received => 0

packets_sent => 0

packets_received => 0

protocol_overhead_in => 0

protocol_overhead_out => 0

bytes_received_ok_packet => 0

bytes_received_eof_packet => 0

bytes_received_rset_header_packet => 0

bytes_received_rset_field_meta_packet => 0

bytes_received_rset_row_packet => 0

bytes_received_prepare_response_packet => 0

bytes_received_change_user_packet => 0

packets_sent_command => 0

packets_received_ok => 0

packets_received_eof => 0

packets_received_rset_header => 0

packets_received_rset_field_meta => 0

packets_received_rset_row => 0

packets_received_prepare_response => 0

packets_received_change_user => 0

result_set_queries => 0

non_result_set_queries => 0

no_index_used => 0

bad_index_used => 0

slow_queries => 0

buffered_sets => 0

unbuffered_sets => 0

ps_buffered_sets => 0

ps_unbuffered_sets => 0

flushed_normal_sets => 0

flushed_ps_sets => 0

ps_prepared_never_executed => 0

ps_prepared_once_executed => 0

rows_fetched_from_server_normal => 0

rows_fetched_from_server_ps => 0

rows_buffered_from_client_normal => 0

rows_buffered_from_client_ps => 0

rows_fetched_from_client_normal_buffered => 0

rows_fetched_from_client_normal_unbuffered => 0

rows_fetched_from_client_ps_buffered => 0

rows_fetched_from_client_ps_unbuffered => 0

rows_fetched_from_client_ps_cursor => 0

rows_affected_normal => 0

rows_affected_ps => 0

rows_skipped_normal => 0

rows_skipped_ps => 0

copy_on_write_saved => 0

copy_on_write_performed => 0

command_buffer_too_small => 0

connect_success => 0

connect_failure => 0

connection_reused => 0

reconnect => 0

pconnect_success => 0

active_connections => 0

active_persistent_connections => 0

explicit_close => 0

implicit_close => 0

disconnect_close => 0

in_middle_of_command_close => 0

explicit_free_result => 0

implicit_free_result => 0

explicit_stmt_close => 0

implicit_stmt_close => 0

mem_emalloc_count => 0

mem_emalloc_amount => 0

mem_ecalloc_count => 0

mem_ecalloc_amount => 0

mem_erealloc_count => 0

mem_erealloc_amount => 0

mem_efree_count => 0

mem_efree_amount => 0

mem_malloc_count => 0

mem_malloc_amount => 0

mem_calloc_count => 0

mem_calloc_amount => 0

mem_realloc_count => 0

mem_realloc_amount => 0

mem_free_count => 0

mem_free_amount => 0

mem_estrndup_count => 0

mem_strndup_count => 0

mem_estrdup_count => 0

mem_strdup_count => 0

mem_edupl_count => 0

mem_dupl_count => 0

proto_text_fetched_null => 0

proto_text_fetched_bit => 0

proto_text_fetched_tinyint => 0

proto_text_fetched_short => 0

proto_text_fetched_int24 => 0

proto_text_fetched_int => 0

proto_text_fetched_bigint => 0

proto_text_fetched_decimal => 0

proto_text_fetched_float => 0

proto_text_fetched_double => 0

proto_text_fetched_date => 0

proto_text_fetched_year => 0

proto_text_fetched_time => 0

proto_text_fetched_datetime => 0

proto_text_fetched_timestamp => 0

proto_text_fetched_string => 0

proto_text_fetched_blob => 0

proto_text_fetched_enum => 0

proto_text_fetched_set => 0

proto_text_fetched_geometry => 0

proto_text_fetched_other => 0

proto_binary_fetched_null => 0

proto_binary_fetched_bit => 0

proto_binary_fetched_tinyint => 0

proto_binary_fetched_short => 0

proto_binary_fetched_int24 => 0

proto_binary_fetched_int => 0

proto_binary_fetched_bigint => 0

proto_binary_fetched_decimal => 0

proto_binary_fetched_float => 0

proto_binary_fetched_double => 0

proto_binary_fetched_date => 0

proto_binary_fetched_year => 0

proto_binary_fetched_time => 0

proto_binary_fetched_datetime => 0

proto_binary_fetched_timestamp => 0

proto_binary_fetched_string => 0

proto_binary_fetched_json => 0

proto_binary_fetched_blob => 0

proto_binary_fetched_enum => 0

proto_binary_fetched_set => 0

proto_binary_fetched_geometry => 0

proto_binary_fetched_other => 0

init_command_executed_count => 0

init_command_failed_count => 0

com_quit => 0

com_init_db => 0

com_query => 0

com_field_list => 0

com_create_db => 0

com_drop_db => 0

com_refresh => 0

com_shutdown => 0

com_statistics => 0

com_process_info => 0

com_connect => 0

com_process_kill => 0

com_debug => 0

com_ping => 0

com_time => 0

com_delayed_insert => 0

com_change_user => 0

com_binlog_dump => 0

com_table_dump => 0

com_connect_out => 0

com_register_slave => 0

com_stmt_prepare => 0

com_stmt_execute => 0

com_stmt_send_long_data => 0

com_stmt_close => 0

com_stmt_reset => 0

com_stmt_set_option => 0

com_stmt_fetch => 0

com_deamon => 0

bytes_received_real_data_normal => 0

bytes_received_real_data_ps => 0

openssl

OpenSSL support => enabled

OpenSSL Library Version => OpenSSL 1.0.2k-fips 26 Jan 2017

OpenSSL Header Version => OpenSSL 1.0.2k 26 Jan 2017

Openssl default config => /etc/pki/tls/openssl.cnf

Directive => Local Value => Master Value

openssl.cafile => no value => no value

openssl.capath => no value => no value

pcntl

pcntl support => enabled

pcre

PCRE (Perl Compatible Regular Expressions) Support => enabled

PCRE Library Version => 10.32 2018-09-10

PCRE Unicode Version => 11.0.0

PCRE JIT Support => enabled

PCRE JIT Target => x86 64bit (little endian + unaligned)

Directive => Local Value => Master Value

pcre.backtrack_limit => 1000000 => 1000000

pcre.jit => 0 => 0

pcre.recursion_limit => 100000 => 100000

PDO

PDO support => enabled

PDO drivers => mysql, sqlite

pdo_mysql

PDO Driver for MySQL => enabled

Client API version => mysqlnd 5.0.12-dev - 20150407 - $Id: 7cc7cc96e675f6d72e5cf0f267f48e167c2abb23 $

Directive => Local Value => Master Value

pdo_mysql.default_socket => /var/lib/mysql/mysql.sock => /var/lib/mysql/mysql.sock

pdo_sqlite

PDO Driver for SQLite 3.x => enabled

SQLite Library => 3.7.17

Phar

Phar: PHP Archive support => enabled

Phar API version => 1.1.1

Phar-based phar archives => enabled

Tar-based phar archives => enabled

ZIP-based phar archives => enabled

gzip compression => enabled

bzip2 compression => enabled

Native OpenSSL support => enabled

Phar based on pear/PHP_Archive, original concept by Davey Shafik.

Phar fully realized by Gregory Beaver and Marcus Boerger.

Portions of tar implementation Copyright (c) 2003-2009 Tim Kientzle.

Directive => Local Value => Master Value

phar.cache_list => no value => no value

phar.readonly => On => On

phar.require_hash => On => On

readline

Readline Support => enabled

Readline library => EditLine wrapper

Directive => Local Value => Master Value

cli.pager => no value => no value

cli.prompt => \b \> => \b \>

Reflection

Reflection => enabled

session

Session Support => enabled

Registered save handlers => files user memcached

Registered serializer handlers => php_serialize php php_binary wddx igbinary msgpack

Directive => Local Value => Master Value

session.auto_start => Off => Off

session.cache_expire => 180 => 180

session.cache_limiter => nocache => nocache

session.cookie_domain => no value => no value

session.cookie_httponly => 1 => 1

session.cookie_lifetime => 0 => 0

session.cookie_path => / => /

session.cookie_samesite => no value => no value

session.cookie_secure => 1 => 1

session.gc_divisor => 1000 => 1000

session.gc_maxlifetime => 1440 => 1440

session.gc_probability => 1 => 1

session.lazy_write => On => On

session.name => PHPSESSID => PHPSESSID

session.referer_check => no value => no value

session.save_handler => files => files

session.save_path => no value => no value

session.serialize_handler => php => php

session.sid_bits_per_character => 5 => 5

session.sid_length => 26 => 26

session.upload_progress.cleanup => On => On

session.upload_progress.enabled => On => On

session.upload_progress.freq => 1% => 1%

session.upload_progress.min_freq => 1 => 1

session.upload_progress.name => PHP_SESSION_UPLOAD_PROGRESS => PHP_SESSION_UPLOAD_PROGRESS

session.upload_progress.prefix => upload_progress_ => upload_progress_

session.use_cookies => 1 => 1

session.use_only_cookies => 1 => 1

session.use_strict_mode => 0 => 0

session.use_trans_sid => 0 => 0

SimpleXML

SimpleXML support => enabled

Schema support => enabled

sockets

Sockets Support => enabled

SPL

SPL support => enabled

Interfaces => OuterIterator, RecursiveIterator, SeekableIterator, SplObserver, SplSubject

Classes => AppendIterator, ArrayIterator, ArrayObject, BadFunctionCallException, BadMethodCallException, CachingIterator, CallbackFilterIterator, DirectoryIterator, DomainException, EmptyIterator, FilesystemIterator, FilterIterator, GlobIterator, InfiniteIterator, InvalidArgumentException, IteratorIterator, LengthException, LimitIterator, LogicException, MultipleIterator, NoRewindIterator, OutOfBoundsException, OutOfRangeException, OverflowException, ParentIterator, RangeException, RecursiveArrayIterator, RecursiveCachingIterator, RecursiveCallbackFilterIterator, RecursiveDirectoryIterator, RecursiveFilterIterator, RecursiveIteratorIterator, RecursiveRegexIterator, RecursiveTreeIterator, RegexIterator, RuntimeException, SplDoublyLinkedList, SplFileInfo, SplFileObject, SplFixedArray, SplHeap, SplMinHeap, SplMaxHeap, SplObjectStorage, SplPriorityQueue, SplQueue, SplStack, SplTempFileObject, UnderflowException, UnexpectedValueException

sqlite3

SQLite3 support => enabled

SQLite Library => 3.7.17

Directive => Local Value => Master Value

sqlite3.extension_dir => no value => no value

standard

Dynamic Library Support => enabled

Path to sendmail => /usr/sbin/sendmail -t -i

Directive => Local Value => Master Value

assert.active => 1 => 1

assert.bail => 0 => 0

assert.callback => no value => no value

assert.exception => 0 => 0

assert.quiet_eval => 0 => 0

assert.warning => 1 => 1

auto_detect_line_endings => 0 => 0

default_socket_timeout => 60 => 60

from => no value => no value

session.trans_sid_hosts => no value => no value

session.trans_sid_tags => a=href,area=href,frame=src,form= => a=href,area=href,frame=src,form=

url_rewriter.hosts => no value => no value

url_rewriter.tags => form= => form=

user_agent => no value => no value

tokenizer

Tokenizer Support => enabled

wddx

WDDX Support => enabled

WDDX Session Serializer => enabled

xml

XML Support => active

XML Namespace Support => active

libxml2 Version => 2.9.1

xmlreader

XMLReader => enabled

xmlwriter

XMLWriter => enabled

xsl

XSL => enabled

libxslt Version => 1.1.28

libxslt compiled against libxml Version => 2.9.1

EXSLT => enabled

libexslt Version => 1.1.28

Zend OPcache

Opcode Caching => Disabled

Optimization => Disabled

SHM Cache => Enabled

File Cache => Disabled

Startup Failed => Opcode Caching is disabled for CLI

Directive => Local Value => Master Value

opcache.blacklist_filename => /etc/opt/remi/php73/php.d/opcache*.blacklist => /etc/opt/remi/php73/php.d/opcache*.blacklist

opcache.consistency_checks => 0 => 0

opcache.dups_fix => Off => Off

opcache.enable => On => On

opcache.enable_cli => Off => Off

opcache.enable_file_override => Off => Off

opcache.error_log => no value => no value

opcache.file_cache => no value => no value

opcache.file_cache_consistency_checks => On => On

opcache.file_cache_only => Off => Off

opcache.file_update_protection => 2 => 2

opcache.force_restart_timeout => 180 => 180

opcache.huge_code_pages => Off => Off

opcache.interned_strings_buffer => 8 => 8

opcache.lockfile_path => /tmp => /tmp

opcache.log_verbosity_level => 1 => 1

opcache.max_accelerated_files => 4000 => 4000

opcache.max_file_size => 0 => 0

opcache.max_wasted_percentage => 5 => 5

opcache.memory_consumption => 128 => 128

opcache.opt_debug_level => 0 => 0

opcache.optimization_level => 0x7FFEBFFF => 0x7FFEBFFF

opcache.preferred_memory_model => no value => no value

opcache.protect_memory => Off => Off

opcache.restrict_api => no value => no value

opcache.revalidate_freq => 2 => 2

opcache.revalidate_path => Off => Off

opcache.save_comments => On => On

opcache.use_cwd => On => On

opcache.validate_permission => Off => Off

opcache.validate_root => Off => Off

opcache.validate_timestamps => On => On

zlib

ZLib Support => enabled

Stream Wrapper => compress.zlib://

Stream Filter => zlib.inflate, zlib.deflate

Compiled Version => 1.2.7

Linked Version => 1.2.7

Directive => Local Value => Master Value

zlib.output_compression => Off => Off

zlib.output_compression_level => -1 => -1

zlib.output_handler => no value => no value

Additional Modules

Module Name

Environment

Variable => Value

MANPATH => /opt/remi/php73/root/usr/share/man::/opt/puppetlabs/puppet/share/man

XDG_SESSION_ID => 23

HOSTNAME => XXXX

SHELL => /bin/bash

TERM => xterm-256color

HISTSIZE => 1000

X_SCLS => php73

USER => root

LD_LIBRARY_PATH => /opt/remi/php73/root/usr/lib64

LS_COLORS => rs=0:di=38;5;27:ln=38;5;51:mh=44;38;5;15:pi=40;38;5;11:so=38;5;13:do=38;5;5:bd=48;5;232;38;5;11:cd=48;5;232;38;5;3:or=48;5;232;38;5;9:mi=05;48;5;232;38;5;15:su=48;5;196;38;5;15:sg=48;5;11;38;5;16:ca=48;5;196;38;5;226:tw=48;5;10;38;5;16:ow=48;5;10;38;5;21:st=48;5;21;38;5;15:ex=38;5;34:*.tar=38;5;9:*.tgz=38;5;9:*.arc=38;5;9:*.arj=38;5;9:*.taz=38;5;9:*.lha=38;5;9:*.lz4=38;5;9:*.lzh=38;5;9:*.lzma=38;5;9:*.tlz=38;5;9:*.txz=38;5;9:*.tzo=38;5;9:*.t7z=38;5;9:*.zip=38;5;9:*.z=38;5;9:*.Z=38;5;9:*.dz=38;5;9:*.gz=38;5;9:*.lrz=38;5;9:*.lz=38;5;9:*.lzo=38;5;9:*.xz=38;5;9:*.bz2=38;5;9:*.bz=38;5;9:*.tbz=38;5;9:*.tbz2=38;5;9:*.tz=38;5;9:*.deb=38;5;9:*.rpm=38;5;9:*.jar=38;5;9:*.war=38;5;9:*.ear=38;5;9:*.sar=38;5;9:*.rar=38;5;9:*.alz=38;5;9:*.ace=38;5;9:*.zoo=38;5;9:*.cpio=38;5;9:*.7z=38;5;9:*.rz=38;5;9:*.cab=38;5;9:*.jpg=38;5;13:*.jpeg=38;5;13:*.gif=38;5;13:*.bmp=38;5;13:*.pbm=38;5;13:*.pgm=38;5;13:*.ppm=38;5;13:*.tga=38;5;13:*.xbm=38;5;13:*.xpm=38;5;13:*.tif=38;5;13:*.tiff=38;5;13:*.png=38;5;13:*.svg=38;5;13:*.svgz=38;5;13:*.mng=38;5;13:*.pcx=38;5;13:*.mov=38;5;13:*.mpg=38;5;13:*.mpeg=38;5;13:*.m2v=38;5;13:*.mkv=38;5;13:*.webm=38;5;13:*.ogm=38;5;13:*.mp4=38;5;13:*.m4v=38;5;13:*.mp4v=38;5;13:*.vob=38;5;13:*.qt=38;5;13:*.nuv=38;5;13:*.wmv=38;5;13:*.asf=38;5;13:*.rm=38;5;13:*.rmvb=38;5;13:*.flc=38;5;13:*.avi=38;5;13:*.fli=38;5;13:*.flv=38;5;13:*.gl=38;5;13:*.dl=38;5;13:*.xcf=38;5;13:*.xwd=38;5;13:*.yuv=38;5;13:*.cgm=38;5;13:*.emf=38;5;13:*.axv=38;5;13:*.anx=38;5;13:*.ogv=38;5;13:*.ogx=38;5;13:*.aac=38;5;45:*.au=38;5;45:*.flac=38;5;45:*.mid=38;5;45:*.midi=38;5;45:*.mka=38;5;45:*.mp3=38;5;45:*.mpc=38;5;45:*.ogg=38;5;45:*.ra=38;5;45:*.wav=38;5;45:*.axa=38;5;45:*.oga=38;5;45:*.spx=38;5;45:*.xspf=38;5;45:

COBBLER_SERVER => 141.80.172.222

MAIL => /var/spool/mail/root

PATH => /opt/remi/php73/root/usr/bin:/opt/remi/php73/root/usr/sbin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/opt/puppetlabs/bin:/root/bin

PWD => /tmp

LANG => en_US.UTF-8

MODULEPATH => /usr/share/Modules/modulefiles:/etc/modulefiles

LOADEDMODULES =>

HISTCONTROL => ignoredups

SHLVL => 3

HOME => /root

LOGNAME => root

MODULESHOME => /usr/share/Modules

LESSOPEN => ||/usr/bin/lesspipe.sh %s

BASH_FUNC_module() => () { eval `/usr/bin/modulecmd bash $*`

}

_ => /opt/remi/php73/root/usr/bin/php

PHP Variables

Variable => Value

$_SERVER['MANPATH'] => /opt/remi/php73/root/usr/share/man::/opt/puppetlabs/puppet/share/man

$_SERVER['XDG_SESSION_ID'] => 23

$_SERVER['HOSTNAME'] => XXXX

$_SERVER['SHELL'] => /bin/bash

$_SERVER['TERM'] => xterm-256color

$_SERVER['HISTSIZE'] => 1000

$_SERVER['X_SCLS'] => php73

$_SERVER['USER'] => root

$_SERVER['LD_LIBRARY_PATH'] => /opt/remi/php73/root/usr/lib64

$_SERVER['LS_COLORS'] => rs=0:di=38;5;27:ln=38;5;51:mh=44;38;5;15:pi=40;38;5;11:so=38;5;13:do=38;5;5:bd=48;5;232;38;5;11:cd=48;5;232;38;5;3:or=48;5;232;38;5;9:mi=05;48;5;232;38;5;15:su=48;5;196;38;5;15:sg=48;5;11;38;5;16:ca=48;5;196;38;5;226:tw=48;5;10;38;5;16:ow=48;5;10;38;5;21:st=48;5;21;38;5;15:ex=38;5;34:*.tar=38;5;9:*.tgz=38;5;9:*.arc=38;5;9:*.arj=38;5;9:*.taz=38;5;9:*.lha=38;5;9:*.lz4=38;5;9:*.lzh=38;5;9:*.lzma=38;5;9:*.tlz=38;5;9:*.txz=38;5;9:*.tzo=38;5;9:*.t7z=38;5;9:*.zip=38;5;9:*.z=38;5;9:*.Z=38;5;9:*.dz=38;5;9:*.gz=38;5;9:*.lrz=38;5;9:*.lz=38;5;9:*.lzo=38;5;9:*.xz=38;5;9:*.bz2=38;5;9:*.bz=38;5;9:*.tbz=38;5;9:*.tbz2=38;5;9:*.tz=38;5;9:*.deb=38;5;9:*.rpm=38;5;9:*.jar=38;5;9:*.war=38;5;9:*.ear=38;5;9:*.sar=38;5;9:*.rar=38;5;9:*.alz=38;5;9:*.ace=38;5;9:*.zoo=38;5;9:*.cpio=38;5;9:*.7z=38;5;9:*.rz=38;5;9:*.cab=38;5;9:*.jpg=38;5;13:*.jpeg=38;5;13:*.gif=38;5;13:*.bmp=38;5;13:*.pbm=38;5;13:*.pgm=38;5;13:*.ppm=38;5;13:*.tga=38;5;13:*.xbm=38;5;13:*.xpm=38;5;13:*.tif=38;5;13:*.tiff=38;5;13:*.png=38;5;13:*.svg=38;5;13:*.svgz=38;5;13:*.mng=38;5;13:*.pcx=38;5;13:*.mov=38;5;13:*.mpg=38;5;13:*.mpeg=38;5;13:*.m2v=38;5;13:*.mkv=38;5;13:*.webm=38;5;13:*.ogm=38;5;13:*.mp4=38;5;13:*.m4v=38;5;13:*.mp4v=38;5;13:*.vob=38;5;13:*.qt=38;5;13:*.nuv=38;5;13:*.wmv=38;5;13:*.asf=38;5;13:*.rm=38;5;13:*.rmvb=38;5;13:*.flc=38;5;13:*.avi=38;5;13:*.fli=38;5;13:*.flv=38;5;13:*.gl=38;5;13:*.dl=38;5;13:*.xcf=38;5;13:*.xwd=38;5;13:*.yuv=38;5;13:*.cgm=38;5;13:*.emf=38;5;13:*.axv=38;5;13:*.anx=38;5;13:*.ogv=38;5;13:*.ogx=38;5;13:*.aac=38;5;45:*.au=38;5;45:*.flac=38;5;45:*.mid=38;5;45:*.midi=38;5;45:*.mka=38;5;45:*.mp3=38;5;45:*.mpc=38;5;45:*.ogg=38;5;45:*.ra=38;5;45:*.wav=38;5;45:*.axa=38;5;45:*.oga=38;5;45:*.spx=38;5;45:*.xspf=38;5;45:

$_SERVER['COBBLER_SERVER'] => 141.80.172.222

$_SERVER['MAIL'] => /var/spool/mail/root

$_SERVER['PATH'] => /opt/remi/php73/root/usr/bin:/opt/remi/php73/root/usr/sbin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/opt/puppetlabs/bin:/root/bin

$_SERVER['PWD'] => /tmp

$_SERVER['LANG'] => en_US.UTF-8

$_SERVER['MODULEPATH'] => /usr/share/Modules/modulefiles:/etc/modulefiles

$_SERVER['LOADEDMODULES'] =>

$_SERVER['HISTCONTROL'] => ignoredups

$_SERVER['SHLVL'] => 3

$_SERVER['HOME'] => /root

$_SERVER['LOGNAME'] => root

$_SERVER['MODULESHOME'] => /usr/share/Modules

$_SERVER['LESSOPEN'] => ||/usr/bin/lesspipe.sh %s

$_SERVER['BASH_FUNC_module()'] => () { eval `/usr/bin/modulecmd bash $*`

}

$_SERVER['_'] => /opt/remi/php73/root/usr/bin/php

$_SERVER['PHP_SELF'] =>

$_SERVER['SCRIPT_NAME'] =>

$_SERVER['SCRIPT_FILENAME'] =>

$_SERVER['PATH_TRANSLATED'] =>

$_SERVER['DOCUMENT_ROOT'] =>

$_SERVER['REQUEST_TIME_FLOAT'] => 1608634298.5898

$_SERVER['REQUEST_TIME'] => 1608634298

$_SERVER['argv'] => Array

(

)

$_SERVER['argc'] => 0

PHP License

This program is free software; you can redistribute it and/or modify

it under the terms of the PHP License as published by the PHP Group

and included in the distribution in the file: LICENSE

This program is distributed in the hope that it will be useful,

but WITHOUT ANY WARRANTY; without even the implied warranty of

MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

If you did not receive a copy of the PHP license, or have any

questions about PHP licensing, please contact license@php.net.

Osnard (talkcontribs)

No, sorry, I meant the parts of your `LocalSettings.php` file where you configure the extensions (e.g. next to the `wfLoadExtension` calls)

Mdc-system (talkcontribs)

ok, her it comes:

wfLoadExtension('CiteThisPage');

wfLoadExtension('Cite');

wfLoadExtension('CodeEditor');

wfLoadExtension('ImageMap');

wfLoadExtension('Math');

wfLoadExtension('MultimediaViewer');

wfLoadExtension('ParserFunctions');

wfLoadExtension('PdfHandler');

wfLoadExtension('SyntaxHighlight_GeSHi');

wfLoadExtension('VisualEditor');

wfLoadExtension('WikiEditor');

$wgMinimalPasswordLength = 1;

wfLoadExtension( 'LDAPProvider' );

wfLoadExtension( 'PluggableAuth' );

wfLoadExtension( 'LDAPAuthorization' );

wfLoadExtension( 'LDAPAuthentication2' );

wfLoadExtension( 'LDAPGroups' );

$LDAPProviderDomainConfigs = "$IP/ldapprovider.json";

$LDAPProviderCacheTime = 10; //only 10 seconds cache

$LDAPAuthentication2UsernameNormalizer = "strtolower";

$LDAPAuthentication2AllowLocalLogin = true;

I hope it will help.

Osnard (talkcontribs)

Hmmm... there is no hint of "invaliddomain". As this is not part of the codebase I can not tell the root cause.

Platinops (talkcontribs)

Hi Osnard,

I modified includes/exception/MWExceptionHandler.php as you suggested and now get a similar error: No configuration available for domain ''!. Looks like an error from LDAPProvider, but since I saw you reacting to this thread as well and it only shows when enabling LDAPGroups, I thought to continue here anyway.

Note that I only get this message when using in with a local user. I have no issues when logging in with an LDAP user, and groups seem to sync fine.

My configuration is as follows:

wfLoadExtension( 'LDAPProvider' );
$LDAPProviderCacheType = CACHE_DB;
$LDAPProviderDefaultDomain = "mycompany.com";

wfLoadExtension( 'LDAPAuthentication2' );
$LDAPAuthentication2AllowLocalLogin = true;

wfLoadExtension( 'LDAPAuthorization' );

wfLoadExtension( 'LDAPGroups' ); 

$LDAPProviderDomainConfigProvider = function() {
  global $cmpLdapUser;
  global $cmpLdapPass;
  $config = [
    "mycompany.com" => [
      'connection' => [
        "server" => "ldap.mycompany.com",
        "port" => "636",
        "enctype" => "ssl",
        "user" => $cmpLdapUser,
        "pass" => $cmpLdapPass,
        "options" => [ // https://www.php.net/function.ldap-set-option
          "LDAP_OPT_DEREF" => 1
        ],
        "basedn" => "dc=mycompany,dc=com",
        "groupbasedn" => "dc=mycompany,dc=com",
        "userbasedn" => "dc=mycompany,dc=com",
        "searchattribute" => "samaccountname",
        "searchstring" => "MY_COMPANY_NETWORK\\USER-NAME",
        "usernameattribute" => "samaccountname",
        "realnameattribute" => "cn",
        "emailattribute" => "mail",
        "grouprequest" => "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\UserMemberOf::factory"
      ],
      "authorization" =>
      [
        "rules" =>
        [
          "groups" =>
          [
            "required" =>
             [
               "CN=cmp_GAP_WIKI_CORP,OU=LAP_GAP_UAP,OU=GROUPS,OU=_CORP,DC=mycompany,DC=com"
             ]
          ]
        ]
      ],
      "groupsync" =>
      [
        "mechanism" => "mappedgroups",
        "mapping" =>
        [
          "groupx" => "CN=GROUPX,OU=LDP_GDP_UDP,OU=GROUPS,OU=_CORP,DC=mycompany,DC=com"
        ]
      ],
      "userinfo" =>
      [
        "email" => "mail",
        "realname" => "cn",
        "nickname" => "mailNickname"
      ]
    ]
  ];

  return new \MediaWiki\Extension\LDAPProvider\DomainConfigProvider\InlinePHPArray( $config );
};

Thanks in advance for any assistance on this matter.

83.87.68.239 (talkcontribs)

Hello,


I encountered the the same problem - at first I thought it was an issue with the skin but clearly - once you setup the LDAP stack with $LDAPAuthentication2AllowLocalLogin = true; is seems the be impossible to log in as a local user - LDAP goes just fine - and when I omit loading the LDAP plugins logging in locally also works fine.. When the ldap-plugins are active it DOES NOT UNDERSTAND when someone wants to log in with a local account

[YAf6f-pJgpj5Yk8lRA@qywAAAAg] /mediawiki/ Error from line 254 of ./mediawiki/mediawiki-1.35.0/includes/skins/Skin.php: Call to a member function canExist() on null

Backtrace:

#0 ./mediawiki/mediawiki-1.35.0/skins/Vector/includes/SkinVector.php(45): Skin->getDefaultModules()

#1 ./mediawiki/mediawiki-1.35.0/includes/OutputPage.php(2497): SkinVector->getDefaultModules()

#2 ./mediawiki/mediawiki-1.35.0/includes/OutputPage.php(2604): OutputPage->loadSkinModules(SkinVector)

#3 ./mediawiki/mediawiki-1.35.0/includes/exception/MWException.php(193): OutputPage->output()

#4 ./mediawiki/mediawiki-1.35.0/includes/exception/MWException.php(231): MWException->reportHTML()

#5 ./mediawiki/mediawiki-1.35.0/includes/exception/MWExceptionHandler.php(104): MWException->report()

#6 ./mediawiki/mediawiki-1.35.0/includes/exception/MWExceptionHandler.php(185): MWExceptionHandler::report(MediaWiki\Extension\LDAPProvider\LDAPNoDomainConfigException)

#7 ./mediawiki/mediawiki-1.35.0/includes/MediaWiki.php(576): MWExceptionHandler::handleException(MediaWiki\Extension\LDAPProvider\LDAPNoDomainConfigException, string)

#8 ./mediawiki/mediawiki-1.35.0/index.php(53): MediaWiki->run()

#9 ./mediawiki/mediawiki-1.35.0/index.php(46): wfIndexMain()

#10 {main}


Line #7 is where the error starts and has nothing to do with LDAP but the extension things there is no domain configured - obvious since its a local user.. The ldapextensions are still trying to authentication against the domain when selected "Local" I think this is a bug or something is not pointed out in documentation..According to the configuration documentation adding $LDAPAuthentication2AllowLocalLogin = true; should be enough - Right ?


Some help would really be appreciated on this..

Sjoerd72 (talkcontribs)

Hello @Osnard,

Any chance to look into this problem?

Regards

Sjoerd

Osnard (talkcontribs)

Sorry, I didn't have time to look into this. I still do not know where "invaliddomain" comes from. But This might be related to another topic: If there is a "authorization.rules.groups.required" set local accounts are also checked by this. See https://www.mediawiki.org/wiki/Topic:W1z3ujemht3iqxhj

Sjoerd72 (talkcontribs)

@Osnard I will look into it - Quick check on that link: It looks like the issue in that link is exactly what is happening at my place..

Reply to "canExist() error after enable the add on"

Problem with getting groups from LDAP

23
Summary by Bozhob

Everything is working properly

Bozhob (talkcontribs)

Hi

I try to get groups in which user is a member from LDAP serwer.

We use Open LDAP witj GOSA, probably the different schema is the cause of the problem.

extensions/LDAPProvider/maintenance/ShowUserGroups.php can't read the groups.

First at all the the search attribute is memberUid, not uid, but after setting "searchattribute" => "memberUid", ShowUserInfo.php stops to work, and I am not aware, how to use different attributes for searching users and groups.


"searchattribute" => "memberUid" also don't resolves the problem with the groups.


Here is part of my LocalSettings.php

<code>

wfLoadExtension( 'PluggableAuth' );

wfLoadExtension( 'LDAPProvider' );

wfLoadExtension( 'LDAPAuthentication2' );

wfLoadExtension( 'LDAPAuthorization' );

wfLoadExtension( 'LDAPUserInfo' );

wfLoadExtension( 'LDAPGroups' );


$LDAPProviderDomainConfigProvider = function()

{

   $config =

   [

"example.bg" =>

[

   "connection" =>

   [

"server" => "ldap.example.bg",

"port" => "389",

"enctype" => "clear",

"user" => "cn=admin,dc=example,dc=bg",

"pass" => "****",

"options" => [

//                "LDAP_OPT_DEREF" => 1,

"LDAP_DEREF_ALWAYS" => 1

               ],

               "basedn" => "dc=example,dc=bg",

"userbasedn" => "dc=example,dc=bg",

"searchattribute" => "memberUid",

"emailattribute" => "mail",

"groupobjectclass" => "posixGroup",

"groupattribute" => "",

"groupbasedn" => "dc=example,dc=bg",

//"grouprequest" => "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\GroupMember::factory"

"grouprequest" => "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\Configurable::factory",

   ],

   "authorization" =>

   [

           [

"rules" =>

[

   "groups" =>

   [

   ]

]

   ],

   "groupsync" =>

   [

"mechanism" => "allgroups",

   "locally-managed" => [ "local", "wiki", "group", "names" ]

]

   ],

   "userinfo" =>

   [

   ]

   ];

   return new \MediaWiki\Extension\LDAPProvider\DomainConfigProvider\InlinePHPArray( $config );

};

</code>


This non works and in the log file I see:

<code>

Jun 11 16:24:10 gosa slapd[12258]: conn=357601 fd=44 ACCEPT from IP=100.100.10.1:48104 (IP=0.0.0.0:389)

Jun 11 16:24:10 gosa slapd[12258]: conn=357601 op=0 BIND dn="cn=admin,dc=example,dc=bg" method=128

Jun 11 16:24:10 gosa slapd[12258]: conn=357601 op=0 BIND dn="cn=admin,dc=example,dc=bg" mech=SIMPLE ssf=0

Jun 11 16:24:10 gosa slapd[12258]: conn=357601 op=0 RESULT tag=97 err=0 text=

Jun 11 16:24:10 gosa slapd[12258]: conn=357601 op=1 SRCH base="dc=example,dc=bg" scope=2 deref=0 filter="(memberUid=bozhotest)"

Jun 11 16:24:10 gosa slapd[12258]: conn=357601 op=1 SRCH attr=* memberof

Jun 11 16:24:10 gosa slapd[12258]: <= bdb_equality_candidates: (memberUid) not indexed

Jun 11 16:24:10 gosa slapd[12258]: conn=357601 op=1 SEARCH RESULT tag=101 err=0 nentries=5 text=

Jun 11 16:24:10 gosa slapd[12258]: conn=357601 op=2 SRCH base="dc=example,dc=bg" scope=2 deref=0 filter="(&(objectClass=*)(cn=cn=calgroup_example,ou=groups,dc=example,dc=bg))"

Jun 11 16:24:10 gosa slapd[12258]: conn=357601 op=2 SRCH attr=dn

Jun 11 16:24:10 gosa slapd[12258]: <= bdb_equality_candidates: (cn) not indexed

Jun 11 16:24:10 gosa slapd[12258]: conn=357601 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text=

Jun 11 16:24:10 gosa slapd[12258]: conn=357601 op=3 UNBIND

Jun 11 16:24:10 gosa slapd[12258]: conn=357601 fd=44 closed

</code>


With ldapsearch:

ldapsearch -x -a always   -b "dc=example,dc=bg"  "(memberUid=bozhotest)"

returns the groups and the record in the log file is:


<code>

Jun 11 12:12:07 gosa slapd[12258]: conn=354613 fd=268 ACCEPT from IP=127.0.0.1:59392 (IP=0.0.0.0:389)

Jun 11 12:12:07 gosa slapd[12258]: conn=354613 op=0 BIND dn="cn=admin,dc=example,dc=bg" method=128

Jun 11 12:12:07 gosa slapd[12258]: conn=354613 op=0 BIND dn="cn=admin,dc=example,dc=bg" mech=SIMPLE ssf=0

Jun 11 12:12:07 gosa slapd[12258]: conn=354613 op=0 RESULT tag=97 err=0 text=

Jun 11 12:12:07 gosa slapd[12258]: conn=354613 op=1 SRCH base="dc=example,dc=bg" scope=2 deref=3 filter="(memberUid=bozhotest)"

Jun 11 12:12:07 gosa slapd[12258]: conn=354613 op=1 SRCH attr=cn sn uid postalAddress telephoneNumber

Jun 11 12:12:07 gosa slapd[12258]: <= bdb_equality_candidates: (memberUid) not indexed

Jun 11 12:12:07 gosa slapd[12258]: conn=354613 op=1 SEARCH RESULT tag=101 err=0 nentries=5 text=

Jun 11 12:12:07 gosa slapd[12258]: conn=354613 op=2 SRCH base="cn=calgroup_example,ou=groups,dc=example,dc=bg" scope=0 deref=0 filter="(&(objectClass=*))"

Jun 11 12:12:07 gosa slapd[12258]: conn=354613 op=2 SRCH attr=* +

Jun 11 12:12:07 gosa slapd[12258]: conn=354613 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=

Jun 11 12:12:07 gosa slapd[12258]: conn=354613 op=3 SRCH base="cn=calgroup_zastrahovateli,ou=groups,dc=example,dc=bg" scope=0 deref=0 filter="(&(objectClass=*))"

Jun 11 12:12:07 gosa slapd[12258]: conn=354613 op=3 SRCH attr=* +

etc.

</code>

The main differences in the two logs, as I can see are:

Jun 11 16:24:10 gosa slapd[12258]: conn=357601 op=2 SRCH base="dc=example,dc=bg" scope=2 deref=0 filter="(&(objectClass=*)(cn=cn=calgroup_example,ou=groups,dc=example,dc=bg))"


and

Jun 11 12:12:07 gosa slapd[12258]: conn=354613 op=2 SRCH base="cn=calgroup_example,ou=groups,dc=example,dc=bg" scope=0 deref=0 filter="(&(objectClass=*))"


Aslo probably this:

SRCH attr=* memberof

and

SRCH attr=* +


Which parameters have I to change, to achive both searches to work?


Thank you in advacne

Bozho

Osnard (talkcontribs)
Bozhob (talkcontribs)

I set

"grouprequest" => "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\UserMemberOf::factory",

but I receive

PHP Notice:  Undefined index: memberof in LDAPProvider/src/UserGroupsRequest/UserMemberOf.php on line 19

what other have I to add to the config?

Bozhob (talkcontribs)

Actually I think, that this case is very complicated. In given LDAP schema there are no any attribute for a user, pointing in which groups he\she is member. Instead in the groups users are listed. Example:

cn=wikiadmins,ou=groups,l=wikiusers,dc=example,dc=bg?memberUid?sub?(objectClass=posixGroup)

memberUid - an array containg UIDs of group members


So the problem seems too difficult to resolve.

Using "searchattribute" => "memberUid"


In log file I can see response from the LDAP - there actually are listed all the groups user is member in with full list of attributes:

...snip...

4 =>

  array (

   'cn' =>

   array (

     'count' => 1,

     0 => 'wikiadmins',

   ),

   0 => 'cn',

   'gidnumber' =>

   array (

     'count' => 1,

     0 => '1027',

   ),

   1 => 'gidnumber',

   'memberuid' =>

   array (

     'count' => 3,

     0 => 'test1',

     1 => 'test2',

     2 => 'bozhotest',

   ),

   2 => 'memberuid',

   'labeleduri' =>

   array (

     'count' => 1,

     0 => 'ldap:///cn=wikiadmins,ou=groups,l=wikiusers,dc=example,dc=bg?memberUid?sub?(objectClass=posixGroup)',

   ),

   3 => 'labeleduri',

   'objectclass' =>

   array (

     'count' => 3,

     0 => 'top',

     1 => 'posixGroup',

     2 => 'labeledURIObject',

   ),

   4 => 'objectclass',

   'count' => 5,

   'dn' => 'cn=wikiadmins,ou=groups,l=wikiusers,dc=example,dc=bg',

  ),

May be I have to try to modify extensions/LDAPProvider/src/UserGroupsRequest/UserMemberOf.php 

instead of return new GroupList( $res['memberof'] ); to set a loop foreach to get 'cn' values


Osnard (talkcontribs)

Yes, you will probably need to implement a new `UserGroupsRequest`. Could you please share your solution so I can add it to the extension?

Bozhob (talkcontribs)

Hi Robert

I have achieved some success, but I need a bit of help.

Of course, I will post all the code I wrote, but there are many things to tune.

I wrote a new file UserGosaMember.php and class UserGosaMember, and now the result from

php extensions/LDAPProvider/maintenance/ShowUserGroups.php --domain  example.bg --username bozhotest

is a list of the names of the groups, having the user as a member:


Full DNs:

   

   calgroup_test1

   calgroup_zastrahovateli

   calgroup_klienti

   wikiadmins

Short names:

But I suppose this is not the proper output. I have not opportunity to test with another kind of LDAP to see the proper results.

According to the log above, this group names should be in the section Short names I suppose.

My question is, how the other functions which use the result from the 'UserGroupsRequest' functions expect to "see" the result.

Which is the proper format?

Bozhob (talkcontribs)

Hi

I have some progress

The result now is

php extensions/LDAPProvider/maintenance/ShowUserGroups.php --domain   example.bg --username bozhotest

Full DNs:


   cn=calgroup_example,ou=groups,dc=example,dc=bg

   cn=calgroup_zastrahovateli,ou=groups,dc=example,dc=bg

   cn=calgroup_klienti,ou=groups,dc=example,dc=bg

   cn=wikiadmins,ou=groups,l=wikiusers,dc=example,dc=bg

Short names:

   calgroup_test1

   calgroup_zastrahovateli

   calgroup_klienti

   wikiadmins


This blank line after Full DNs: looks suspicious, but I suppose this is the right format I need to achieve.

But from the wiki page still groups are not visible.

Bozhob (talkcontribs)

Here I put the code I wrote

First, I found out that function getUserDN from /extensions/LDAPProvider/src/Client.php returns all information about the groups which have the user as a member, if searchattr is set to memberUid. So I copied getUserDN to a new a member function in Client.php where I added $searchattr = "memberUid"; in the begging and instead of return $userdn I set return $this->userInfo;

I know there is wiser ways to do the same, but being in a hurry I leave it at that for now.

So I wrote a class UserGosaMember in extensions/LDAPProvider/src/UserGroupsRequest/UserGosaMember.php -

"grouprequest" => "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\UserGosaMember::factory", should be used in Localsettings.php

namespace MediaWiki\Extension\LDAPProvider\UserGroupsRequest;

use MediaWiki\Extension\LDAPProvider\ClientConfig; use MediaWiki\Extension\LDAPProvider\EscapedString; use MediaWiki\Extension\LDAPProvider\GroupList; use MediaWiki\Extension\LDAPProvider\UserGroupsRequest; use MWException;


class UserGosaMember extends UserGroupsRequest {

             /**
              * @param string $username to get the groups for
              * @return GroupList
              */
             public function getUserGroups( $username ) {
             $userInfo =  $this->ldapClient->getGosaGroups( $username ) ;
                           $baseDN = $this->config->get( ClientConfig::GROUP_BASE_DN );
                           $dn = 'dn';
                           if ( $baseDN ===  ) {
                                         $baseDN = null;
                           }
 $ret = [];
 foreach ($userInfo as $res){
    $ret[] = $res['dn'];
 }
  return new GroupList( $ret );
} //getUserGroups;


}//class

The $userInfo variable contains an array:

array(6) {</nowiki>

 ["count"]=>
 int(5)
 [0]=>
 array(12) {
   ["gidnumber"]=>
   array(2) {
     ["count"]=>
     int(1)
     [0]=>
     string(4) "2010"
   }
   [0]=>
   string(9) "gidnumber"
   ["description"]=>
   array(2) {
     ["count"]=>
     int(1)
     [0]=>
     string(47) "Comment"
   }
   [1]=>
   string(11) "description"
   ["cn"]=>
   array(2) {
     ["count"]=>
     int(1)
     [0]=>
     string(18) "calgroup_test"
   }
   [2]=>
   string(2) "cn"
   ["memberuid"]=>
   array(414) {
     ["count"]=>
     int(413)
     [0]=>
     string(5) "test1"
     [1]=>
     string(5) "test2"

................

     [412]=>
     string(13) "wiki-readonly"
   }
   [3]=>
   string(9) "memberuid"
   ["objectclass"]=>
   array(3) {
     ["count"]=>
     int(2)
     [0]=>
     string(3) "top"
     [1]=>
     string(10) "posixGroup"
   }
   [4]=>
   string(11) "objectclass"
   ["count"]=>
   int(5)
   ["dn"]=>
   string(50) "cn=calgroup_test1,ou=groups,dc=example,dc=bg"
 }
 [1]=>
 array(12) {
   ["cn"]=>
   array(2) {
     ["count"]=>
     int(1)
     [0]=>
     string(23) "calgroup_zastrahovateli"
   }

.......

Bozhob (talkcontribs)

A step further. I added "presearchusernamemodifiers" => ["lowercase"]

in Localsettings.php

and in the debug info in apache log file now I can see the groups listed. But still synchronization doesn't work. When I try to check is Special pages-> User rights, or Settings, LDAP groups are missing.

Osnard (talkcontribs)

First of all, thank you for sharing the code! I will try to incorporate this into the extension, but can not give any timeframe for it.

If "ShowUserGroups.php" properly lists the groups already, then we are almost there. I can see that you are using the "allgroups" mechanism. Please be aware that the groups will only be synced if they are actually available (somewhere configured by `wgGroupPermissions`) in the wiki. Otherwise syncing will not work.

Bozhob (talkcontribs)

Yes, I know that. I have set $wgGroupPermissions['wikiadmins']['edit'] = true; $wgGroupPermissions['wikiadmins']['read'] = true;

and similar for the other groups, that have to be synchronized. I tried to use

 "mechanism" => "mappedgroups",
 "mapping" => [
        "wbaseaccess" => "cn=wbaseaccess,ou=groups,l=wikiusers,dc=example,dc=bg",
        "wexperts"    => "cn=wexperts,ou=groups,l=wikiusers,dc=example,dc=bg",
        "wikiadmins"  => "cn=wikiadmins,ou=groups,l=wikiusers,dc=example,dc=bg",
        "wstaff"      => "cn=wstaff,ou=groups,l=wikiusers,dc=example,dc=bg"
  ]

instead of all groups. Now I receive "Member of: mapping" which confuses me.

Osnard (talkcontribs)

Where do you receive "Member of: mapping"? Can you please share a debug-log of when you log into the wiki?

This post was hidden by Bozhob (history)
This post was hidden by Bozhob (history)
Bozhob (talkcontribs)

Sorry This was my mistake! When I switched to "mechanism" => "mappedgroups", I have doubled "mapping" => [ declaration. Now things seem are OK. I'll will make some tests, before mark the case as solved. This variant satisfied me. I'll try to investigate why "allgroups" still doesn't work, probably because another mistake I have made. But I thing that the wiki is now completely usable. Thnak you for your help!

Bozhob (talkcontribs)

Everything looks good. So I consider the case is solved. For further questions I will open new post. Thank you very much again!

Bozhob (talkcontribs)

Hi Osnard, Sorry that I opened this discussion again. I found that, if a LDAP(OGSA) user logs in for the firs time in the wiki everything with the groups goes OK, but if the user had logged before the software does not check LDAP groups. I tried, if I delete the user from the MYSQL database and he login again, the groups are properly loaded from LDAP. How is it posible to force wiki to check for LDAP groups every time when user logs. Probably I missed a config parameter, but I can't find which one.

Osnard (talkcontribs)

Usually group sync is done on every log in and once an hour during a running user session. Can you please set up debug logging just for the LDAPGroupSync extension and check what is being reported over time?

Bozhob (talkcontribs)

In my LocalSettings.php I set: $wgDebugLogGroups = array(

  'PluggableAuth' => '/tmp/pa.log',
  'LDAP' => '/tmp/LDAP.log',
  'LDAPAuthentication2' => '/tmp/auth2.log',
  'LDAPAuthorization' => '/tmp/authz.log',
  'MediaWiki\\Extension\\LDAPProvider\\Client' => '/tmp/client.log',
   'LDAPGroups' => '/tmp/grp.log',
  'LDAPUserInfo' => '/tmp/user.log',

);

I tried also

 'MediaWiki\\Extension\\LDAPGroups\\GroupSyncProcess' => '/tmp/grp.log',

in '/tmp/grp.log' appears information only when a user is logged for a first time:

2020-12-15 15:54:58 wikibrokerins wikidb-mw_: Adding 'wiki-admins' to 'Bozhotest'.
2020-12-15 18:14:15 wikibrokerins wikidb-mw_: Adding 'wiki-staff' to 'Wiki-limited'.
2020-12-15 18:24:21 wikibrokerins wikidb-mw_: Adding 'wiki-baseaccess' to 'Wiki-readonly'.

Osnard (talkcontribs)
Bozhob (talkcontribs)

Seems that this solved the problem! I will test some days, but I mean that everything is OK now. Thank you. I'd wish ask you, if a user is removed from a group in LDAP, he remains in wiki data base in the same group and should be removed from the sql. Perhaps there is no such function in LdapProvider, or I missed something?

Osnard (talkcontribs)

Good to hear! A user disabled in LDAP will not be removed from the wiki DB automatically. Have a look at the extension LDAPSyncAll [1]. It will query the LDAP regularly and disable unauthorized or removed users on the wiki DB. But be aware, this extension is quite new and hat no documentation yet.

[1] https://www.github.com/wikimedia/mediawiki-extensions-LDAPSyncAll

Bozhob (talkcontribs)

Thank you again!

Dimassc (talkcontribs)

I'm trying to migrate from the old LdapAuthentication to the new LDAP Hub extensions. Now I can login to the LDAP and restrict groups but I can't get LDAPGroups to sync with local groups. In the old installation I use $wgGroupPermissions to change permissions depending on LDAP groups, I'd like to do the same.


When I login I can't see any groups in Special:Preferences page, only "Users" and "Authenticated users".


In my LDAP schema all the groups have an attribute memberUid with all the users of this group (not full dn, only the uid).


php wikiutic/extensions/LDAPProvider/maintenance/ShowUserInfo.php --domain LDAP --username 40447118p

homedirectory => /home/h416udim

sambasid => S-1-5-21-4066546031-2994049288-1383288855-21844

uid => 40447118P

uidnumber => 10422

loginshell => /bin/bash

sambahomepath => \\svrfit\usuaris\h416udim

employeenumber => 40447118

mobile => a41c0a76a958ae045ed19cda402e9fef

objectclass =>

  0 => top

  1 => person

  2 => posixAccount

  3 => sambaSamAccount

  4 => inetOrgPerson

  sambapwdcanchange => 2074348956

  sambapwdmustchange => 0

  sambantpassword => 2DA051AD5B1EF7B4864929ABC47C5DB9

  sambapasswordhistory => 0000000000000000000000000000000000000000000000000000000000000000

  userpassword => {password}

  sambapwdlastset => 2581923686

  sambaprimarygroupsid => S-1-5-21-4066546031-2994049288-1383288855-21181

  gecos => Joan Test Name

  gidnumber => 10090

  sambalogonscript => scripts\logon.bat

  carlicense => 11709000

  telephonenumber => 1234

  mail => jtest.girona.ics@gencat.cat

  givenname => Joan

  description => Test

  sn => Test Name

  cn => Joan Test Name

  displayname => Joan Test Name

  departmentnumber => P40447118

  destinationindicator => uid=40447118P,ou=Users,dc=htrueta,dc=intranet

  sambaacctflags => [U]

  dn => uid=40447118P,ou=Users,dc=htrueta,dc=intranet


LocalSettings.php

# Autenticació LDAP

wfLoadExtensions( [

   'PluggableAuth', // Autenticació base

   'LDAPProvider', // Autenticació base

   'LDAPAuthentication2', // Autenticació base

   'LDAPAuthorization', // Per restringir accés per grups

   'LDAPGroups' // Per sincronitzar grups ldap amb locals

] );

// $wgPluggableAuth_EnableAutoLogin = true; /* Si activem desactiva la opció de fer logout */

$wgPluggableAuth_EnableLocalLogin = false;

$wgPluggableAuth_ButtonLabel = "Inicia sessió";

$LDAPAuthentication2UsernameNormalizer = 'strtoupper'; // strtolower no funciona

$LDAPAuthentication2AllowLocalLogin = true;

$wgLDAPUseLocal = false; // Permetre autentificació local wiki. Mirar que no estigui sobreescrit a LdapAuthentication.php

$LDAPProviderDomainConfigProvider = function() {

   $config = [

       'LDAP' => [

           'connection' => [

               "server" => "golum.trueta.intranet",

               "enctype" => 'clear',

               "basedn" => "dc=htrueta,dc=intranet",

               "userbasedn" => "dc=htrueta,dc=intranet", // u=Users,dc=htrueta,dc=intranet

               "searchstring" => "uid=USER-NAME,ou=Users,dc=htrueta,dc=intranet",

               "searchattribute" => "uid",

               "usernameattribute" => "uid",

               "realnameattribute" => "cn",

               "emailattribute" => "mail",

               "groupbasedn" => "dc=htrueta,dc=intranet", // ou=Groups,dc=htrueta,dc=intranet

               "groupattribute" => "memberuid",

               "groupobjectclass" => "posixgroup",

               "grouprequest" => "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\Configurable::factory"

           ],

           'authorization' => [

               'rules' => [

                   'groups' => [

                       'required' => [ "cn=Domain Admins,ou=Groups,dc=htrueta,dc=intranet",

                                       "cn=s103,ou=Groups,dc=htrueta,dc=intranet",

                                       "cn=wikiUtic,ou=Groups,dc=htrueta,dc=intranet",

                                       "cn=wikiUticLectura,ou=Groups,dc=htrueta,dc=intranet",

                                       "cn=lt2b,ou=Groups,dc=htrueta,dc=intranet",

                                       "cn=lt1,ou=Groups,dc=htrueta,dc=intranet",

                                       "cn=lt15,ou=Groups,dc=htrueta,dc=intranet"]

                   ]

               ]

           ],

           'groupsync' => [

               "mechanism" => "allgroups",

               "mapping" => [

                   "s103" => "cn=s103,ou=Groups,dc=htrueta,dc=intranet",

                   "Domain admins" => "cn=Domain Admins,ou=Groups,dc=htrueta,dc=intranet"

               ],

               "locally-managed" => [ "local", "wiki", "group", "names" ]

           ]

       ]

   ];

   return new \MediaWiki\Extension\LDAPProvider\DomainConfigProvider\InlinePHPArray( $config );

};

Osnard (talkcontribs)

Please check what php wikiutic/extensions/LDAPProvider/maintenance/ShowUserGroups.php --domain LDAP --username 40447118p returns. Be aware that "mechanism" => "allgroups" will not evaluate "mapping". You may need to use "mechanism" => "mapping"

Users are loosing their groups in media wiki after approximately one hour

2
Calebgcooper (talkcontribs)

After updating from Mediawiki 1.34.0 to 1.34.2 and more importantly updating to the latest version of LDAP stack for Mediawiki 1.31 we noticed users were being removed from their groups after about an hour. Enabled Debug logs for the LDAP stack it was observed that the pre search modifier are not being utilized by groupsync after the cache expires (500 seconds by default)


I found out that manually running the groupsync maintenance script also removes the users from their groups. So created a new wiki and used this for troubleshooting.


After reinstalling a brand new test wiki and loging in for the first time we observe:

2020-08-25 16:47:58 testwiki.wiki.internal wikis: MediaWiki\Extension\LDAPProvider\Client::getUserDN: search with array (
  'base' => 'dc=acme,dc=com',
  'filter' => '(samaccountname=caleb_cooper)',
  'attributes' =>
  array (
    0 => '*',
    1 => 'memberof',
  ),
)
2020-08-25 16:47:58 testwiki.wiki.internal wikis: ldap_search( $linkID, $baseDN = 'dc=acme,dc=com', $filter = '(samaccountname=caleb_cooper)', $attributes = [ '*', 'memberof' ], $attrsonly = , $sizelimit = , $tim
elimit = , $deref =  );


Note the search string for my samaccount name is caleb_cooper converting to lower case and replacing spaces with underscores. As per pre search modifier configuration in ldap,json. At this point group sync can be run many times manually and successfully, until 500 seconds passes, and the cache expires:

bash-5.0# php extensions/LDAPGroups/maintenance/SyncGroups.php --user Caleb_Cooper
Syncing groups for 'Caleb Cooper' (ID:3) ...

Old groups:
* bureaucrat
* editor
* interface-admin
* sysop
* tech-L2

New groups:
* bureaucrat
* editor
* interface-admin
* sysop
* tech-L2


After 500 seconds this is the response from groupsync:

bash-5.0# php extensions/LDAPGroups/maintenance/SyncGroups.php --user Caleb_Cooper
Syncing groups for 'Caleb Cooper' (ID:3) ...

Old groups:
* bureaucrat
* editor
* interface-admin
* sysop
* tech-L2

New groups:
* bureaucrat
* editor


And this is noticed in the debug logs:

2020-08-25 16:56:39 testwiki.wiki.internal wikis: Ran LDAP search for '(samaccountname=Caleb Cooper)' in 0.010628938674927 seconds.

2020-08-25 16:56:39 testwiki.wiki.internal wikis: Removing 'bureaucrat' from 'Caleb Cooper'.
2020-08-25 16:56:39 testwiki.wiki.internal wikis: Removing 'editor' from 'Caleb Cooper'.
2020-08-25 16:56:39 testwiki.wiki.internal wikis: Removing 'interface-admin' from 'Caleb Cooper'.
2020-08-25 16:56:39 testwiki.wiki.internal wikis: Removing 'sysop' from 'Caleb Cooper'.
2020-08-25 16:56:39 testwiki.wiki.internal wikis: Removing 'tech-L2' from 'Caleb Cooper'.


Note the search string for my samaccount name is Caleb Cooper and is not obeying the pre search modifiers in ldap.json shown below:

{
  "acme.com": {
    "connection": {
      "server": "10.24.27.5",
      "port": "3268",
      "user": "CN=Servicets-ola-dev,OU=Service Accounts,DC=emea,DC=acme,DC=com",
      "pass": "-oV~;j87NXa0IKg5mUw3r?b:",
      "enctype": "clear",
      "options": {
        "LDAP_OPT_DEREF": 1
      },
      "basedn": "dc=acme,dc=com",
      "userbasedn": "dc=acme,dc=com",
      "groupbasedn": "dc=acme,dc=com",
      "searchattribute": "samaccountname",
      "usernameattribute": "samaccountname",
      "realnameattribute": "cn",
      "emailattribute": "mail",
      "grouprequest": "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\UserMemberOf::factory",
      "presearchusernamemodifiers": [ "spacestounderscores", "lowercase" ],
      "cachetime": "60"
    },
    "userinfo": [],
    "authorization": [],
    "groupsync": {
      "mapping": {
        "editor": "CN=Wiki_L2,OU=Groups,DC=emea,DC=acme,DC=com",
        "tech-L2": "CN=Wiki_L2,OU=Groups,DC=emea,DC=acme,DC=com",
        "reviewer": "CN=Wiki_L3,OU=Groups,DC=emea,DC=acme,DC=com",
        "tech-L3": "CN=Wiki_L3,OU=Groups,DC=emea,DC=acme,DC=com",
        "sysop": "CN=Support_Wikis_Admins,OU=Groups,DC=emea,DC=acme,DC=com",
        "bureaucrat": "CN=Support_Wikis_Admins,OU=Groups,DC=emea,DC=acme,DC=com",
        "interface-admin": "CN=Support_Wikis_Admins,OU=Groups,DC=emea,DC=acme,DC=com"
      }
    }
  }
}

I have bugged this here:

https://phabricator.wikimedia.org/T261231

Osnard (talkcontribs)
Reply to "Users are loosing their groups in media wiki after approximately one hour"

ShowUserGroups.php Invalid argument line 60

8
Seanvin (talkcontribs)

Hi

I am running MediaWiki on Windows Server 2016 and have configured Active Directory Integration although users can log in they are not joined to any MedaWiki groups.

CheckLogin.php and ShowUserInfo.php run OK, however when I run ShowUserGroups.php I get the following errors.

Full DNs:
PHP Warning: Invalid argument supplied for foreach() in C:\inetpub\wwwroot\mediawiki\extensions\LDAPProvider\maintenance\ShowUserGroups.php on line 60
Warning: Invalid argument supplied for foreach() in C:\inetpub\wwwroot\mediawiki\extensions\LDAPProvider\maintenance\ShowUserGroups.php on line 60
Short names:
PHP Warning: Invalid argument supplied for foreach() in C:\inetpub\wwwroot\mediawiki\extensions\LDAPProvider\src\GroupList.php on line 52
Warning: Invalid argument supplied for foreach() in C:\inetpub\wwwroot\mediawiki\extensions\LDAPProvider\src\GroupList.php on line 52

My ldap.json is below. Any help would be much appreciated.

{

   "ad.xxx.xx.xx": {

       "connection": {

           "server": "xxx-xxxx-xx",

           "port": "389",

           "user": "CN=xxx,OU=xxx,DC=ad,DC=xxx,DC=xx,DC=xx",

           "pass": "xxxxxxxxxxxxxxxxxx",

           "enctype": "clear",

           "options": {

               "LDAP_OPT_DEREF": 1

           },

           "basedn": "dc=ad,dc=xxx,dc=xx,dc=xx",

           "userbasedn": "dc=ad,dc=xxx,dc=xx,dc=xx",

           "groupbasedn": "OU=Groups,OU=WiKi,OU=xxxx,OU=xxx,OU=xxx,DC=ad,DC=xxx,DC=xx,DC=xx",

           "searchattribute": "samaccountname",

           "usernameattribute": "samaccountname",

           "realnameattribute": "cn",

           "emailattribute": "mail",

           "grouprequest": "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\UserMemberOf::factory",

           "presearchusernamemodifiers": [  "spacestounderscores", "lowercase" ]

       },

       "userinfo": [],

       "authorization": [],

       "groupsync": {

           "mapping": {

               "sdadmins": "CN=xxxx,OU=Groups,OU=WiKi,OU=xxxx,OU=xxx,OU=xxx,DC=ad,DC=xxx,DC=xx,DC=xx",

               "ictonly": "CN=xxxx,OU=Groups,OU=WiKi,OU=xxx,OU=xxx,OU=xxx,DC=ad,DC=xxx,DC=xx,DC=xx"             

           }

       }

   }

}
Osnard (talkcontribs)

Does "ShowUserInfo.php" list a field "memberof"? If not you may need to set a different "grouprequest".

Seanvin (talkcontribs)

Hi Osnard.

Many thanks for taking the trouble to respond. ShowUsrInfo.php does list memberof

memberof => CN=xxxx,OU=Groups,OU=WiKi,OU=Services,OU=xxx,OU=xxx,DC=ad,DC=xxx,DC=xx,DC=xx

which is the group for "ictonly" as expected.

Regards

Sean

Osnard (talkcontribs)
Seanvin (talkcontribs)

Thank you, Applying the patch worked.

I can also confirm that if I put the user into two groups, ShowUserGroups.php works without the patch. However if the user is in two groups and UserMemebrof.php has the patch I get an 'array to string conversion' error in ShowUsergroups.php (You are probably already be aware of this).

But not worry, I now understand the problem, and have solutions I can work with. I really appreciate you taking the time to help. Many thanks

Osnard (talkcontribs)

Awesome! Can you please share all of you modifications? maybe I can add them to the codebase.

Seanvin (talkcontribs)

In order to handle users being a member of one or multiple groups, I added a check, 'is_array( $res['memberof'] )' to UserMemberOf.php.

/** * @param string $username to get the groups for
*@return GroupList
*/
Public function getUserGroups( $username ) {
 $userInfoRequest = new UserInfoRequest( $this->ldapClient, $this->config );
 $res = $userInfoRequest->getUserInfo( $username );
 if ( is_array( $res['memberof'] ) )
    {
     return new GroupList(  $res['memberof']  );
    }
 else
   {   
    return new GroupList( [ $res['memberof'] ] );
   }
}
Osnard (talkcontribs)
Reply to "ShowUserGroups.php Invalid argument line 60"
68.111.178.77 (talkcontribs)

Hi all,

I am running MediaWiki 1.33 + LDAP Stack 1.33 on WIMP. Getting a TypeError for certain user accounts at login,


[3028ab2b8a2be600918b0b51] /acmepedia/index.php?title=Special:UserLogin TypeError from line 29 of C:\inetpub\wwwroot\acmepedia\extensions\LDAPGroups\src\Hook.php: Argument 1 passed to LdapGroups\Hook::populateGroups() must be an instance of LdapGroups\User, instance of User given, called in C:\inetpub\wwwroot\acmepedia\includes\Hooks.php on line 174


Here is my ldap.json,

{

"ca.acme.com": {

"connection": {

"server": "dc1.ca.acme.com",

"port": "3268",

"user": "CN=SD.WIKI.SVC,CN=Managed Service Accounts,DC=ca,DC=acme,DC=com",

"pass": "password",

"enctype": "clear",

"options": {

"LDAP_OPT_DEREF": 1

},

"basedn": "dc=ca,dc=acme,dc=com",

"userbasedn": "dc=ca,dc=acme,dc=com",

"groupbasedn": "dc=ca,dc=acme,dc=com",

"searchattribute": "samaccountname",

"usernameattribute": "samaccountname",

"realnameattribute": "displayname",

"emailattribute": "mail",

"grouprequest": "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\UserMemberOf::factory"

},

"userinfo": [],

"authorization": [],

"groupsync": {

"mapping": {

"Analysts": "CN=SDAnalysts,OU=Groups,OU=acmeSD,DC=ca,DC=acme,DC=com",

"Developers": "CN=SDDevelopers,OU=Groups,OU=acmeSD,DC=ca,DC=acme,DC=com",

"Uncleared Users": "OU=Uncleared Users,OU=UsersSD,OU=acmeSD,DC=ca,DC=acme,DC=com",

"sysop": "CN=Cybersecurity Team,CN=Users,DC=acme,DC=com",

"SrDevelopers": "CN=Lead Developers,OU=Groups,OU=acmeSD,DC=ca,DC=acme,DC=com",

"SrAnalysts": "CN=SD_SrAnalysts,OU=DistributionLists,OU=Groups,OU=acmeSD,DC=ca,DC=acme,DC=com",

"OfficeAdmins": "CN=SD-Admin,OU=Groups,OU=acmeSD,DC=ca,DC=acme,DC=com"

}

}

}

}


No error when a member of Cybersecurity Team (mapped to sysop) logs in, but everyone else gets the error.

Thanks!

Osnard (talkcontribs)

Looks like you are using an outdated version of "Extension:LdapGroups", Please try to update.

Reply to "TypeError for certain users"

User stays in Mediawiki group after deletion from LDAP group

10
80.245.147.81 (talkcontribs)

Hi,

I have a problem with syncing of LDAP (Microsoft AD) group memberships to local wiki groups.

Mediawiki version: 1.34

LDAPGroups version:

LDAPGroups: master

2020-03-02T07:11:00

c76e11b

I have this user, let's call him Example-user, that has been in both groups wiki-read and wiki-write for a while.

Now our AD team has removed this guy from the corresponding AD group Wiki_ReadWrite but somehow, he still pops up as a member of wiki-write on Special:ListUsers and, even worse, still has the permission to edit and save pages.

Special:Listgrouprights has wiki-read with only one permission (read) and wiki-write with three permissions (read, edit and delete).

Permissions of the group "users" have been trimmed to only read and editmyusercss.

I suspect, there is an error with syncing the groups of this user for some reason.

Output of maintenance script ShowUserGroups.php shows his correct groups:

root# php extensions/LDAPProvider/maintenance/ShowUserGroups.php --username Example-user --domain mydomain.net

Full DNs:

<some omitted>

        CN=Wiki_ReadOnly,OU=Groups,DC=mydomain,DC=net

Short names:

<some omitted>

        wiki_readonly

Notice the explicitly missing group of Wiki_ReadWrite!


When running the maintenance script SyncUserGroups.php of LDAPGroups extension, I get the following output:

root# php extensions/LDAPGroups/maintenance/SyncGroups.php --user Example-user

PHP Notice:  Undefined property: MediaWiki\Extension\LDAPGroups\Maintenance\SyncGroups::$config in /opt/rh/httpd24/root/var/www/html/wiki/extensions/LDAPGroups/maintenance/SyncGroups.php on line 77

Syncing groups for 'Example-user' (ID:11) ...

Old groups:

* wiki-read

* wiki-write

ConfigException from line 53 of /opt/rh/httpd24/root/var/www/html/wiki/includes/config/GlobalVarConfig.php: GlobalVarConfig::get: undefined option: 'LDAPGroupsSyncMechanismRegistry'

#0 /opt/rh/httpd24/root/var/www/html/wiki/extensions/LDAPGroups/maintenance/SyncGroups.php(61): GlobalVarConfig->get('LDAPGroupsSyncM...')

#1 /opt/rh/httpd24/root/var/www/html/wiki/maintenance/doMaintenance.php(99): MediaWiki\Extension\LDAPGroups\Maintenance\SyncGroups->execute()

#2 /opt/rh/httpd24/root/var/www/html/wiki/extensions/LDAPGroups/maintenance/SyncGroups.php(87): require_once('/opt/rh/httpd24...')

#3 {main}

So it correctly grasps the old groups the user was in, but doesn't seem to be able to sync the current groups correctly.


Here's my ldap.json:

ldap.json

{

        "mydomain.net": {

                "connection": {

                        "server": "dc.mydomain.net",

                        "port": "389",

                        "user": "CN=MyBindUser,OU=Users,DC=mydomain,DC=net",

                        "pass": "omittedPassword",

                        "enctype": "clear",