Feel like I'm going crazy. Installed MediaWiki on a brand new CentOS7 VM (iso 1810).
MediaWiki version 1.32.0
PHP version 7.3.5
Got the LDAP extension off this website, created a folder called LdapAuth under /extensions
composer install --no-dev
Added the following settings to my LocalSettings.php (and tried countless variaties on this):
#added by me
wfLoadExtension( 'LdapAuth' );
$wgAuth = new AuthPlugin()
$wgLDAPDomainNames = array('mytest.lan');
$wgLDAPServerNames = array('mytest.lan' => 'ad01.mytest.lan');
$wgLDAPSearchAttributes = array('mytest.lan' => 'sAMAccountName');
$wgLDAPBaseDNs = array('mytest.lan' => 'dc=mytest,dc=lan');
$wgLDAPAuthEncryptionType = array('mytest.lan' => 'false');
$wgLDAPPort = array('mytest.lan' => '389');
$wgLdapAuthIsActiveDirectory = true;
$wgMinimalPasswordLength = 1;
$wgShowExceptionDetails = true;
$wgLDAPDebug = 3
$wgDebugLogGroups[ 'ldap' ] = '/tmp/debug.log';
This and all kinds of variaties but to no success.
- I don't see packets incoming on the domain controller except DNS. DNS-resolving itself works fine and there are no ACL's between the two machines.
- The logging for whatever reason does not work. I turned off SELinux to make sure it isn't blocking anything but no luck. Gave the /tmp/debug.log all access for the time being but still nothing is being written to it.
- Documentation says to make sure /etc/php.d/ldap.ini has the line containing: extension=ldap.so
This is not entirely the case, this OS had: /etc/php.d/20-ldap.ini containing the line extension=ldap (so without the.so, though I changed that as well but it did not help)
- put the following line in /etc/openldap/ldap.conf: TLS_REQCERT never
Ran the maintenance/update.php after pretty much every change as well restarting the httpd (and the server itself at times).
But whenever I try to logon with a domainuser It just tells me "username or password is not correct". Truly at a loss. The same settings work fine on Zabbix => Active Directory authentication.