Extension talk:LDAP Authentication

Jump to: navigation, search

About this board

How to ask for support

There's a couple key pieces of info I always need:

  1. The MediaWiki version you are using
  2. The LdapAuthentication extension version you are using

I very often will need to see two other things when you ask for support, so you should have them prepared:

  1. Your configuration, with sensitive stuff snipped out
  2. The extension's debug log, with sensitive stuff snipped out

When you are trying to debug an authentication problem, you should always use the most basic configuration possible. For instance, if you don't have basic authentication working yet, you shouldn't have group restrictions or group synchronization enabled yet. I will generally ask you to disable these things when debugging.

Also, $wgLDAPUseLocal is almost never what you want to use. It's a frequent cause of configuration issues, and unless you really know what you are doing, it should not be set (or explicitly set to false, which is the default).

Most importantly of all: ensure you are using the newest version of the extension. From the extension distributor, that's the "master" version. If you are using git, just make sure you use git pull && git reset --hard origin/master. This is one of the more common cause of problems.

How to submit a bug

If you've found a bug, please submit it here.

Archives

Compatibility with MediaWiki 1.27?

15
Raj bhaskar (talkcontribs)

Hi, Does anyone know if this extension is affected by the new AuthManager in MediaWiki 1.27? Is it safe to upgrade to the new version of MW?

Thanks, Raj.

65.171.153.4 (talkcontribs)

Would not recommend upgrading at this point.

Authentication was overhauled in 1.27 with AuthPlugin being deprecated, superseded by Manual:SessionManager and AuthManager.

After a quick test users that have not logged in previously will not be able to login (depending on your settings/permissions). The domain selection box also does not appear, although it seems to default to the first domain.

MarkAHershberger (talkcontribs)

This extension should be converted to use PluggableAuth. Using PluggableAuth will probably help maintain compatibility in the future.

Maalab (talkcontribs)

Il have test it a litte bit today after upgrading out test wiki today.

By default, for new account, the auto creation of local account does not work. But it is working well for existing account.

I have made a lot of search and test to overcome this problem. I have found out that a new right exist for auto account creation since 1.26.

I have tried to put this line in my LocalSettings.php file : $wgGroupPermissions['*']['autocreateaccount'] = true;

If i tried to login with a new account, it does not work, but if login with a existing account, logout and then login with a new account it work. Afther that, i have close my web page, restarted the server, try with another browser and if i login with a new account, the account is created each time.

The domain delection box does not appear, but if configure a second domain, the box appear.

2.113.181.87 (talkcontribs)

After updating to mediawiki 1.27 Auto LDAP Authentication no longer worked. Mediawiki showed "database error occurred."

I commented line 1240 in LdapAuthentication.php ( self::saveDomain( $user, $_SESSION['wsDomain'] ); ) and the error went away.

128.104.255.2 (talkcontribs)

What does uncommenting that do, exactly? It removed the error for me, too.

Raj bhaskar (talkcontribs)

Does anyone know who we should contact to try and fix this at source and add proper compatibility for AuthManager? I tried contacting Ryan Lane (marked as the author on the extension homepage), but he said that he's no longer maintaining it.

Ciencia Al Poder (talkcontribs)

I've added the phabricator project to the extension's infobox. You can report the bug there

Raj bhaskar (talkcontribs)

Thanks (although poking around on the Phabricator site, there appear to be no members on the project, and there's a fairly hefty backlog waiting to be looked at).

Mvdboogaard (talkcontribs)
Devsec (talkcontribs)

The updated worked for me for the most part. The line I had to comment out was in the file "/extensions/LdapAuthentication/LdapAuthenticationPlugin.php" and it was on line 1165.

Also, I was still having an error caused by a plugin after authenticating. I had to remove the ToDoTasks plugin and then it worked. :) YEAH!!

198.239.156.250 (talkcontribs)
185.22.192.146 (talkcontribs)

I've hit this problem as well, it only emerged after new users that had not logged into the wiki prior to the upgrade from v1.26, started complaining.

I'm running a private wiki, with LDAP auth only. Going through the code of AuthManager.php (line 1545 onwards), it became clear that this can either be resolved using the 'createaccount' or 'autocreateaccount' permission. I've tried both options and the 'autocreateaccount' matches my desired behavior. I *think* that the wiki also still is secure/private and no additional users can be created (except when auth from LDAP succeeds).

However I feel it would be better if these permissions would be integrated in the plugin and would not have to be handled separately.

80.242.167.70 (talkcontribs)

THANKS a lot for this solution. For me it works also!

Reply to "Compatibility with MediaWiki 1.27?"

Automatic account creation is not allowed

18
TroySettle (talkcontribs)

extension for mediawiki 1.28

I'm getting closer to figuring this out, but stuck on automatically creating accounts. Here's my current (sanitized) configuration. I can authenticate, but I then get the message:

Auto-creation of a local account failed: Automatic account creation is not allowed.

require_once ("$IP/extensions/LdapAuthentication/LdapAuthentication.php");
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPUseLocal = true;

$wgLDAPDebug = 3;
$wgDebugLogGroups['ldap'] = '/tmp/debug.log';

$wgLDAPDomainNames       = array('LOCAL');
$wgLDAPServerNames       = array('LOCAL' => 'local-dc2.local.domain');
$wgLDAPEncryptionType    = array('LOCAL' => 'clear');
$wgMinimalPasswordLength = 1;
$wgLDAPBaseDNs           = array('LOCAL' => 'ou=Users,ou=LOCAL,dc=domain,dc=local');

$wgLDAPSearchStrings     = array('LOCAL' => 'LOCAL\\USER-NAME');
$wgLDAPSearchAttributes  = array('LOCAL' => 'sAMAccountName' );

$wgLDAPDisableAutoCreate = array('LOCAL' => false);

Any help would be greatly appreciated!

Tz1971 (talkcontribs)

currently I am using Centos 7.3, MySql 5.7 and PHP 7.1 LDAP TLS

LdapAuthentication: REL1_28 2016-11-18T19:08:52 770c89e

in /etc/openldap/ldap.conf

I add

TLS_REQCERT allow    

TLS hard

and LocalSettings.php setting

$wgLDAPEncryptionType  = array('domain.com' => 'tls');

at this point cannot authenticate

so i tweak and change some code in LdapAuthenticationPlugin at line 547

if ( !ldap_start_tls( $this->ldapconn ) ) {

add @

if ( !@ldap_start_tls( $this->ldapconn ) ) {

for autocreation, I stuck at /includes/auth/AuthManager.php between line 1612 and 1626

// Is the IP user able to create accounts?

$anon = new User;

/*

if ( !$anon->isAllowedAny( 'createaccount', 'autocreateaccount' ) ) {

.....

}

*/

comment out this block, now working. (need better solution rather than comment out)

for group permission

# Implicit group for all visitors

$wgGroupPermissions['*']['createaccount'] = false; // ??? not working

$wgGroupPermissions['*']['autocreateaccount'] = false;  // ???

$wgGroupPermissions['*']['read'] = false;

$wgGroupPermissions['*']['edit'] = false;

$wgGroupPermissions['*']['createpage'] = false;

$wgGroupPermissions['*']['createtalk'] = false;

$wgGroupPermissions['*']['writeapi'] = false;

Aarango1 (talkcontribs)

Same here. Any help is appreciated. My config:

require_once( "$IP/extensions/LdapAuthentication/LdapAuthentication.php" );

$wgAuth = new LdapAuthenticationPlugin();

$wgLDAPDomainNames = array("iRedMail");

$wgLDAPServerNames = array("iRedMail" => "192.168.XX.XX");

$wgLDAPPort = array("iRedMail" => 389);

$wgLDAPEncryptionType = array( "iRedMail" => "clear");

$wgLDAPBaseDNs = array( "iRedMail"=>"o=domains,dc=example,dc=com");

$wgLDAPProxyAgent = array("iRedMail"=>"cn=vmail,dc=example,dc=com");

$wgLDAPProxyAgentPassword = array( "iRedMail"=>"*****");

$wgLDAPUserBaseDNs = array( "iRedMail"=>"o=domains,dc=example,dc=com");

$wgLDAPSearchAttributes = array( "iRedMail" => "mail");

$wgLDAPLowerCaseUsername = array( "iRedMail"=>true);

$wgLDAPUseLocal = true;

$wgLDAPDebug = 3;

$wgDebugLogGroups['ldap'] = '/tmp/debug.log';

Legaulph (talkcontribs)

Same issue

TroySettle (talkcontribs)

FWIW, I finally got it working. Not sure what the difference is here... the $wgGroupPermissions item is not listed on the LDAP extension instructions, but I think this is what did it.

require_once ("$IP/extensions/LdapAuthentication/LdapAuthentication.php");
$wgAuth = new LdapAuthenticationPlugin();
#$wgLDAPUseLocal = true;
$wgLDAPDomainNames       = array('LOCAL');
$wgLDAPServerNames       = array('LOCAL' => 'local-dc2.mydomain.local');
$wgLDAPEncryptionType    = array('LOCAL' => 'clear');
$wgMinimalPasswordLength = 1;
$wgLDAPBaseDNs           = array('LOCAL' => 'ou=Users,ou=LOCAL,dc=mydomain,dc=local');
$wgLDAPSearchStrings     = array('LOCAL' => 'LOCAL\\USER-NAME');
$wgLDAPSearchAttributes  = array('LOCAL' => 'sAMAccountName' );
$wgLDAPRetrievePrefs     = array('LOCAL' => true );
$wgGroupPermissions['*']['autocreateaccount'] = true;
Aarango1 (talkcontribs)

I tried with that TroySettle but not luck. I receive same fails, what versions do you have installed? (Mediawiki and LDAP please) Thanks.

Did you create Wiki as Open? private?

NOTE: I solved using wiki 1.23 version.

Legaulph (talkcontribs)

I had to set $wgGroupPermissions['*']['createaccount'] = true;

130.219.8.234 (talkcontribs)

That still did not work for me.

My other anonymous permissions are set to false.

$wgGroupPermissions['*']['edit'] = false; $wgGroupPermissions['*']['read'] = false;

I want this to be a private wiki.

130.219.8.234 (talkcontribs)

It would seem I had to clear all session data and remove cookies from previous logon attempts with my test user as well as comment out self::saveDomain( $user, $_SESSION['wsDomain'] ); from one of the extension's configuration files. It now works.

153.96.128.5 (talkcontribs)

I had this problem, too. In my case, the solution was the one that has already been mentioned above:

1. switch back to local auth in LocalSettings.php; then login with a *local* admin/bureaucrat account (the one you set up when installing the wiki).

2. create a local user with the same name as one that exists in LDAP (give him a bullsh*t password, no need to match the LDAP one). Not mandatory, but if you are smart, this user should be a bureaucrat as you need at least one LDAP-based bureaucrat anyways. Lets call this user "Ldapboss".

3. switch again to LDAP auth in LocalSettings.php; then login with the user Ldapboss you just created. Of course you need to use the user's actual LDAP password this time. Btw, your local admin is now locked out of the system (unless you set wgLDAPUseLocal to true). This is why you need an LDAP-based bureaucrat.

From this point on, weirdly enough, auto account creation works. It's like, you need at least one successful login to make it work. Not sure why, doesn't make sense.

Ask a colleague to log on, or alternatively, rename your Ldapboss user to Ldapboss_Trash (Renameuser extension) and logout. Then login again with Ldapboss using again the LDAP credentials. Now, you Ldapboss is auto-created (this time as a simple user, as it should).

Actually, on Ryan D Lane (creator and ex-maintainer of the plugin) has this written on a 2009 blog post --- Quote:

"Before enabling the plugin, you should create a user in the local wiki database that exists in AD, and promote that user to sysop. After the plugin is enabled, you will not be able to log in as any user who does not exist in AD."

Brain wang (talkcontribs)

Hi,

While I executed step 3, then use Ldapboss login with LDAP password, I got the following error:

[WMFhIqwRAAIAABOptNUAAAAG] 2017-03-09 14:05:24: Fatal exception of type "DBQueryError"

Is it normal?

But it looks I have already logged in.

223.166.93.186 (talkcontribs)

Hi,

Any news on Brain Wang's problem? I experience the same issue. The user seems to be logged in, however logging in with an other user from LDAP still fails.

195.212.29.162 (talkcontribs)

Today I ran into the same issue, and found that the LDAP plugin does not have the right to autocreate users, despite the allowed autocreateaccount Group Permission setting. Then I found that the referred table (ldap_domains) did not exist in the database (and thus throwing the authmanager-autocreate-noperm errors). Creating the table in the right database based on the extensions/LdapAuthentication/schema/ldap-mysql.sql seems to fixed the issue:

# mysql -u root -p

Enter password:

mysql> use my_wiki

Reading table information for completion of table and column names

You can turn off this feature to get a quicker startup with -A

Database changed

mysql> CREATE TABLE ldap_domains (domain_id int not null primary key auto_increment,domain varchar(255) binary not null,user_id int not null);

Query OK, 0 rows affected (0.00 sec)

85.220.204.126 (talkcontribs)

This worked for me. Thanks

145.109.211.76 (talkcontribs)

I am running a private Wiki

$wgGroupPermissions['*']['autocreateaccount'] = true;

fixed it for me. If you read the changelog of 1.27:

* MediaWiki will now auto-create users as necessary, removing the need for

  extensions to do so. An 'autocreateaccount' right is added to allow

  auto-creation when 'createaccount' is not granted to all users.

31.221.114.66 (talkcontribs)

I resolved the problem by setting the $wgGroupPermissions['*']['autocreateaccount'] = true but also assigning CHMOD permissions to all .php files in /mediawiki to 777 for the local account I was using.

70.67.200.45 (talkcontribs)

For anyone else with this error:

Do set $wgGroupPermissions['*']['autocreateaccount'] = true;

Then delete your session cookie and reload the page to get a new session before trying again. Your session gets added to an account auto-creation blacklist when it fails the first time, which happens to give the exact same error message.

213.33.64.46 (talkcontribs)

This exact method worked for me too, thanks! Removing the session-cookie was the one thing I missed after unsuccessfully adding the configuration-option

Reply to "Automatic account creation is not allowed"

Error authenticating on 1.30 with AD

3
Summary by Nicovell3

Now the problem is solved and encrypted authentication works without issues.

Nicovell3 (talkcontribs)

Hi, I've got a problem while configuring an encrypted authentication with mediawiki 1.30 in CentOS 7.

Here is the part of my LocalSettings.php which configures the AD:

# Use ADDOMAIN AD
require_once( "$IP/extensions/LdapAuthentication/LdapAuthentication.php" );
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDomainNames = array( "ADDOMAIN" );
$wgLDAPServerNames = array( "ADDOMAIN" => "dc.ADDOMAIN.local" );
$wgLDAPSearchStrings = array( "ADDOMAIN" => "ADDOMAIN\\USER-NAME" );
$wgLDAPEncryptionType = array( "ADDOMAIN" => "ssl" );
$wgLDAPUseLocal = false;
$wgMinimalPasswordLength = 8;
$wgLDAPBaseDNs = array( "ADDOMAIN" => "ou=people,dc=ADDOMAIN,dc=local" );
$wgLDAPSearchAttributes = array( "ADDOMAIN" => "sAMAccountName" );
$wgLDAPRetrievePrefs = array( "ADDOMAIN" => "true" );
$wgLDAPPreferences = array( 'ADDOMAIN' => array( 'email' => 'mail','realname' => 'displayname') );
$wgLDAPLowerCaseUsername = array( "ADDOMAIN" => "true" );
$wgLDAPDebug = 2;
$wgDebugLogGroups["ldap"] = "/var/www/mediawiki/debug.log" ;
$wgShowExceptionDetails = true;

I've already configured my CA certificate at /etc/openldap/ldap.conf:

TLS_CACERTDIR   /etc/pki/tls/mediawiki/
TLS_CACERTFILE  /etc/pki/tls/mediawiki/ca.crt
TLS_CACERT      /etc/pki/tls/mediawiki/ca.crt

But when I try to authenticate, this is the output produced:

2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering strict.
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Returning true in strict().
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering allowPasswordChange
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering modifyUITemplate
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is an IP, not munging.
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering validDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 User is using a valid domain (ADDOMAIN).
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Setting domain as: ADDOMAIN
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering userExists
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering authenticate for username aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering Connect
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Using SSL
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Using servers: ldaps://dc.ADDOMAIN.local:636
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 PHP's LDAP connect method returned true (note, this does not imply it connected to the server).
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getSearchString
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Doing a straight bind
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 userdn is: ADDOMAIN\aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Binding as the user
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Failed to bind as ADDOMAIN\aduser  <- I think problem is here
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering strict.
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Returning true in strict().
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering allowPasswordChange
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering modifyUITemplate
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering strict.
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Returning true in strict().
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering strict.
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Returning true in strict().

As can be seen, the problem seems to be that the user can't be binded. At the web interface, the server says the password is not correct. But if I change the following line at LocalSettings.php:

$wgLDAPEncryptionType = array( "ADDOMAIN" => "clear" );

Then, the authentication completes successfully with this log file:

2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering strict.
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Returning true in strict().
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering allowPasswordChange
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering modifyUITemplate
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Username is an IP, not munging.
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering validDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 User is using a valid domain (ADDOMAIN).
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Setting domain as: ADDOMAIN
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering userExists
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering authenticate for username aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering Connect
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Using TLS or not using encryption.
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Using servers: ldap://dc.ADDOMAIN.local:389
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 PHP's LDAP connect method returned true (note, this does not imply it connected to the server).
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getSearchString
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Doing a straight bind
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 userdn is: ADDOMAIN\aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Binding as the user
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Bound successfully
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getUserDN
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Created a regular filter: (sAMAccountName=aduser)
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getBaseDN
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 basedn is not set for this type of entry, trying to get the default basedn.
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getBaseDN
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Using base: ou=people,dc=ADDOMAIN,dc=local
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Fetched UserDN: CN=RealName AD user,OU=people,DC=ADDOMAIN,DC=local
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getGroups
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering checkGroups
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getPreferences
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Retrieving preferences
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Retrieved email (aduser@ADDOMAIN.com) using attribute (mail)
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Retrieved realname (RealName AD user) using attribute (displayname)
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Authentication passed
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering updateUser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Setting user preferences.
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Setting realname.
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Setting email.
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 User has a token, setting domain in user options.
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Saving user settings.
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering updateExternalDB
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Either the user is using a local domain, or the wiki isn't allowing updates
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering strict.
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Returning true in strict().
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Entering strict.
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Returning true in strict().
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Returning true in strict().
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Entering strict.
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Returning true in strict().
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Entering strict.
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Returning true in strict().

Could someone help me please? I don't want to send my users passwords in plaintext.

Thanks in advance.

Nicovell3 (talkcontribs)

Oh, and I forgot to append my LdapAuthentication extension version:

# cat /var/www/mediawiki/extensions/LdapAuthentication/version
LdapAuthentication: REL1_30
2017-09-21T22:10:51

907953e
Nicovell3 (talkcontribs)

Finally I got this working. All I had to do was add this line to the /etc/openldap/ldap.conf file and restart the web server:

TLS_REQCERT allow
Brandoncw (talkcontribs)

I'm having trouble getting functionality to work with the latest version of the plugin and media wiki 1.30 running on RHES with PHP 7.1

Is it officially compatible yet or is it still in development?

Ciencia Al Poder (talkcontribs)

From Manual:Installation requirements: PHP 7 is generally supported, but PHP 7.1 causes various warnings for MediaWiki 1.28 when some extensions are enabled, see task T153505.

I'm not sure how accurate is this for the latest MediaWiki version and this extension, though.

Reply to "Version 1.30 compatability + PHP 7.1"

Authentication with Windows Server 2016, IIS.

1
192.198.63.22 (talkcontribs)

I'm trying to get LDAP to function on my media wiki running on Windows Server 2016. This is in my local settings file. Is the correct?

require_once( "$IP/extensions/LdapAuthentication/LdapAuthentication.php" );

$wgAuth = new LdapAuthenticationPlugin();

$wgLDAPDomainNames = array( "ad" );

$wgLDAPServerNames = array( "ad" => "ad-09.ad.jacks.com ad-08.ad.jacks.com" );

$wgLDAPSearchStrings = array( "ad" => "JCK\USER-NAME" );

$wgLDAPEncryptionType = array( "ad" => "ssl" );

Reply to "Authentication with Windows Server 2016, IIS."
192.198.63.22 (talkcontribs)

Does Ldap work on windows server 2016 with MediaWiki?

Reply to "LDap on server 2016"

Support for LDAP Authentication on MW 1.29 (Windows 2012 R2, IIS).

4
198.181.18.22 (talkcontribs)

After spending the better part of two days, I just installed LDAP authentication in my environment, which is made up of:

MediaWiki 1.29

PHP 7.1.8

MySQL 5.7.19

Windows Server 2012 R2

IIS 8.5

Unfortunately, it is not working (in fact, after installing all the pieces and parts, my Wiki site would not load at all)

Is LDAP Authentication supported under this configuration? I have seen conflicting information on this and before I spend a lot of time on this, I need to know if this is even achievable.

198.181.18.24 (talkcontribs)

After tweaking some of the settings in LocalSettings.php, the site now loads when LDAP Authentication is enabled. Unfortunately, LDAP Authentication itself is still not working. In the meantime, I really need to know if this is supported/should work in my environment:

MediaWiki 1.29

PHP 7.1.8

MySQL 5.7.19

Windows Server 2012 R2

IIS 8.5

198.181.18.23 (talkcontribs)

Still trying to find out if this configuration is supported ..... can anyone verify yes or no for me?

188.2.105.99 (talkcontribs)

Any progress?

Reply to "Support for LDAP Authentication on MW 1.29 (Windows 2012 R2, IIS)."

Support for LDAP Authentication on MW 1.23

2
210.162.177.129 (talkcontribs)

MediaWiki 1.23

PHP 5.4.45

MySQL 5.5

LDAP setting is in progress. The following error message is output. Can you see the cause?

PHP Parse error:  syntax error, unexpected 'class' (T_CLASS), expecting identifier (T_STRING) or variable (T_VARIABLE) or '{' or '$' in /var/www/html/mwiki/extensions/LdapAuthentication/LdapAuthentication.php on line 140

210.162.177.129 (talkcontribs)

i resolve.fix below

//      if ( class_exists( MediaWiki\Auth\AuthManager::class ) && empty( $wgDisableAuthManager ) ) {

         if ( class_exists( 'MediaWiki\\Auth\\AuthManager' ) && empty( $wgDisableAuthManager ) ) {

Reply to "Support for LDAP Authentication on MW 1.23"

RHEL6 - MW 1.21.1 - httpd.x86_64 2.2.15-60.el6_9.5 - php.x86_64 5.3.3-49.el6

2
2620:107:9000:2200:0:0:0:110 (talkcontribs)

[Tue Jan 23 11:57:26 2018] [error] [client 10.x.x.x PHP Parse error:  syntax error, unexpected '[' in /var/www/wiki/mywiki/extensions/LdapAuthentication/LdapAuthentication.php on line 39

On this page Extension:LDAP Authentication it says that this version of the extension should be compatible with this version of php and mediawiki. Please advise

Ciencia Al Poder (talkcontribs)

MediaWiki 1.21 is unsupported. If you want to still using it despite the security risks, you should download the extension for the MediaWiki 1.21, not a recent version.

Reply to "RHEL6 - MW 1.21.1 - httpd.x86_64 2.2.15-60.el6_9.5 - php.x86_64 5.3.3-49.el6"

Incorrect password entered error - yet password is correct

2
MintSauce~mediawikiwiki (talkcontribs)

Hi,

I'm using MediaWiki 1.16.5 and the latest LdapAuthentication extensions from svn trunk on an Ubuntu server that already uses LDAP successfully with a Plone CMS and phpBB.

I've added the configuration below and as you can see from the logs, it seems to connect to LDAP fine (indeed, removing the config results in non-LDAP users being told their username doesn't exist), however, no user can login successfully, all are presented with the error: "Incorrect password entered. Please try again.". I've triple checked against the ldap db that the passwords are correct.

The only thing I can see that might be wrong in the logs is the capitalisation of the first letter of the uid.

Any ideas?

LocalSettings.php:

require_once($IP."/extensions/LdapAuthentication/LdapAuthentication.php");
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDomainNames = array(
  'anonymous-coward'
);
$wgLDAPServerNames = array(
  'anonymous-coward' => '127.0.0.1'
);
$wgLDAPSearchStrings = array(
  'anonymous-coward' => 'uid=USER-NAME,ou=people,dc=anonymous-coward,dc=org'
);
$wgLDAPEncryptionType = array(
  "'anonymous-coward'"=>"clear"
  );
$wgLDAPDebug = 3;
$wgDebugLogGroups["ldap"] = "/tmp/ldapdebug.log" ;

Debug file:

2011-07-27 20:00:36  wikidb: 1.2e Entering validDomain
2011-07-27 20:00:36  wikidb: 1.2e User is using a valid domain (anonymous-coward).
2011-07-27 20:00:36  wikidb: 1.2e Setting domain as: anonymous-coward
2011-07-27 20:00:36  wikidb: 1.2e Entering getCanonicalName
2011-07-27 20:00:36  wikidb: 1.2e Username isn't empty.
2011-07-27 20:00:36  wikidb: 1.2e Munged username: Jbloggs
2011-07-27 20:00:36  wikidb: 1.2e Entering userExists
2011-07-27 20:00:36  wikidb: 1.2e
2011-07-27 20:00:36  wikidb: 1.2e Entering authenticate
2011-07-27 20:00:36  wikidb: 1.2e
2011-07-27 20:00:36  wikidb: 1.2e Entering Connect
2011-07-27 20:00:36  wikidb: 1.2e Using TLS or not using encryption.
2011-07-27 20:00:36  wikidb: 1.2e Using servers:  ldap://127.0.0.1
2011-07-27 20:00:36  wikidb: 1.2e Using TLS
2011-07-27 20:00:36  wikidb: 1.2e Failed to start TLS.
2011-07-27 20:00:36  wikidb: 1.2e Connected successfully
2011-07-27 20:00:36  wikidb: 1.2e Entering getSearchString
2011-07-27 20:00:36  wikidb: 1.2e Doing a straight bind
2011-07-27 20:00:36  wikidb: 1.2e userdn is: uid=Jbloggs,ou=people,dc=anonymous-coward,dc=org
2011-07-27 20:00:36  wikidb: 1.2e
2011-07-27 20:00:36  wikidb: 1.2e Binding as the user
2011-07-27 20:00:36  wikidb: 1.2e Failed to bind as uid=Jbloggs,ou=people,dc=anonymous-coward,dc=org
2011-07-27 20:00:36  wikidb: 1.2e with password: xxxxxx
2011-07-27 20:00:36  wikidb: 1.2e Entering allowPasswordChange
2011-07-27 20:00:36  wikidb: 1.2e Entering modifyUITemplate

This post was posted by MintSauce~mediawikiwiki, but signed as MintSauce.

Ryan lane (talkcontribs)

Well, this is obviously wrong:

$wgLDAPEncryptionType = array(
  "'anonymous-coward'"=>"clear"
  );

It should be:

$wgLDAPEncryptionType = array(
  "anonymous-coward"=>"clear"
  );
Reply to "Incorrect password entered error - yet password is correct"