Extension talk:LDAP Authentication

Jump to: navigation, search

About this board

How to ask for support

There's a couple key pieces of info I always need:

  1. The MediaWiki version you are using
  2. The LdapAuthentication extension version you are using

I very often will need to see two other things when you ask for support, so you should have them prepared:

  1. Your configuration, with sensitive stuff snipped out
  2. The extension's debug log, with sensitive stuff snipped out

When you are trying to debug an authentication problem, you should always use the most basic configuration possible. For instance, if you don't have basic authentication working yet, you shouldn't have group restrictions or group synchronization enabled yet. I will generally ask you to disable these things when debugging.

Also, $wgLDAPUseLocal is almost never what you want to use. It's a frequent cause of configuration issues, and unless you really know what you are doing, it should not be set (or explicitly set to false, which is the default).

Most importantly of all: ensure you are using the newest version of the extension. From the extension distributor, that's the "master" version. If you are using git, just make sure you use git pull && git reset --hard origin/master. This is one of the more common cause of problems.

How to submit a bug

If you've found a bug, please submit it here.

Archives

Login error incorrect password entered. please try again

10
Bernhardsmw (talkcontribs)

Installed:

 

Installed and configured MediaWiki without problems. Then I tried to change the login to LDAP. After hours and the use of the documentation I was not able to login. Is this extension still working? 

Here are my LocalSettings.php config: 

#LDAP Authentication
    require_once( "$IP/extensions/LdapAuthentication/LdapAuthentication.php" );
    $wgAuth = new LdapAuthenticationPlugin();
    
    $wgLDAPProxyAgent = array('EUROPE' => 'cn=mediawiki,dc=EUROPE,dc=LAN');
    $wgLDAPProxyAgentPassword = array('EUROPE' => 'password');
    
    
    $wgLDAPDomainNames = array( "EUROPE.LAN" );
    
    $wgLDAPServerNames = array( "EUROPE.LAN" => "dc1.EUROPE.lan" );
    # I recommend using a Global Catalog server for this.
    
    $wgLDAPSearchStrings = array( "EUROPE.LAN" => "EUROPE.LAN\\USER-NAME" );
    $wgLDAPEncryptionType = array( "EUROPE.LAN" => "tls" );
    $wgLDAPUseLocal = false;
    $wgMinimalPasswordLength = 1;
    
    $wgLDAPBaseDNs = array( "EUROPE.LAN" => "dc=EUROPE,dc=LAN" );
    # Example: If your domain is mydomain.internet.ca then you want to put in "dc=mydomain,dc=internet,dc=ca".
    
    $wgLDAPSearchAttributes = array( "EUROPE.LAN" => "sAMAccountName" );
    
    
    $wgLDAPRetrievePrefs = array( "EUROPE.LAN" => "true" );
    
    $wgLDAPPreferences = array('EUROPE.LAN' => array( 'email' => 'mail','realname' => 'displayname'));
    # This will automatically map the users e-mail address and full name from Active Directory to their account in MediaWiki
    
    $wgLDAPDebug = 3; //for debugging LDAP
    $wgShowExceptionDetails = true; //for debugging MediaWiki
    $wgDebugLogGroups["ldap"] = "/tmp/ldapdebug.log" ;

This is the debug log: 

2015-09-15 12:08:12 MONITOR1 mediawiki: 2.1.0 Setting domain as: EUROPE.LAN
2015-09-15 12:08:12 MONITOR1 mediawiki: 2.1.0 Entering getCanonicalName
2015-09-15 12:08:12 MONITOR1 mediawiki: 2.1.0 Username is: Mediawiki
2015-09-15 12:08:12 MONITOR1 mediawiki: 2.1.0 Entering getDomain
2015-09-15 12:08:12 MONITOR1 mediawiki: 2.1.0 Munged username: Mediawiki
2015-09-15 12:08:12 MONITOR1 mediawiki: 2.1.0 Entering getCanonicalName
2015-09-15 12:08:12 MONITOR1 mediawiki: 2.1.0 Username is an IP, not munging.
2015-09-15 12:08:12 MONITOR1 mediawiki: 2.1.0 Entering getCanonicalName
2015-09-15 12:08:12 MONITOR1 mediawiki: 2.1.0 Username is an IP, not munging.
2015-09-15 12:08:12 MONITOR1 mediawiki: 2.1.0 Entering getDomain
2015-09-15 12:08:12 MONITOR1 mediawiki: 2.1.0 Entering userExists
2015-09-15 12:08:12 MONITOR1 mediawiki: 2.1.0 Entering getDomain
2015-09-15 12:08:12 MONITOR1 mediawiki: 2.1.0 Entering getDomain
2015-09-15 12:08:12 MONITOR1 mediawiki: 2.1.0 Entering authenticate for username Mediawiki
2015-09-15 12:08:12 MONITOR1 mediawiki: 2.1.0 Entering getDomain
2015-09-15 12:08:12 MONITOR1 mediawiki: 2.1.0 Entering getDomain
2015-09-15 12:08:12 MONITOR1 mediawiki: 2.1.0 Entering getDomain
2015-09-15 12:08:12 MONITOR1 mediawiki: 2.1.0 Entering Connect
2015-09-15 12:08:12 MONITOR1 mediawiki: 2.1.0 Entering getDomain
2015-09-15 12:08:12 MONITOR1 mediawiki: 2.1.0 Using TLS or not using encryption.
2015-09-15 12:08:12 MONITOR1 mediawiki: 2.1.0 Entering getDomain
2015-09-15 12:08:12 MONITOR1 mediawiki: 2.1.0 Entering getDomain
2015-09-15 12:08:12 MONITOR1 mediawiki: 2.1.0 Entering getDomain
2015-09-15 12:08:12 MONITOR1 mediawiki: 2.1.0 Using servers:  ldap://dc1.bbveurope.lan:389
2015-09-15 12:08:12 MONITOR1 mediawiki: 2.1.0 Entering getDomain
2015-09-15 12:08:12 MONITOR1 mediawiki: 2.1.0 Using TLS
2015-09-15 12:08:12 MONITOR1 mediawiki: 2.1.0 PHP's LDAP connect method returned true (note, this does not imply it connected to the server).
2015-09-15 12:08:12 MONITOR1 mediawiki: 2.1.0 Entering getSearchString
2015-09-15 12:08:12 MONITOR1 mediawiki: 2.1.0 Entering getDomain
2015-09-15 12:08:12 MONITOR1 mediawiki: 2.1.0 Doing a straight bind
2015-09-15 12:08:12 MONITOR1 mediawiki: 2.1.0 userdn is: EUROPE.LAN\mediawiki
2015-09-15 12:08:12 MONITOR1 mediawiki: 2.1.0 Entering getDomain
2015-09-15 12:08:12 MONITOR1 mediawiki: 2.1.0 Binding as the user
2015-09-15 12:08:12 MONITOR1 mediawiki: 2.1.0 Failed to bind as EUROPE.LAN\mediawiki
2015-09-15 12:08:12 MONITOR1 mediawiki: 2.1.0 Entering allowPasswordChange
2015-09-15 12:08:12 MONITOR1 mediawiki: 2.1.0 Entering getDomain
2015-09-15 12:08:12 MONITOR1 mediawiki: 2.1.0 Entering getDomain
2015-09-15 12:08:12 MONITOR1 mediawiki: 2.1.0 Entering modifyUITemplate
2015-09-15 12:08:12 MONITOR1 mediawiki: 2.1.0 Entering getDomain
2015-09-15 12:08:12 MONITOR1 mediawiki: 2.1.0 Entering getDomain
2015-09-15 12:08:12 MONITOR1 mediawiki: 2.1.0 Entering getDomain

I tried a normal PHP login with this script and it works.  

<?php
// use ldap bind
$ldaprdn  = 'mediawiki'; 
$ldappass = 'mediawiki';

// connect to ldap server
$ldapconn = ldap_connect("EUROPE.LAN")
    or die("No connection to LDAP.");

if ($ldapconn) {

    // bind ldap server
    $ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);

    // test binding
    if ($ldapbind) {
        echo "LDAP bind success...";
    } else {
        echo "LDAP bind failed...";
    }

}

?>

Please help me the problem is really frustrating and I worked on it for hours... 

Bernhardsmw (talkcontribs)

Just for info: "mediawiki" is an existing windows domain user. I tried other users too and it still worked.

Bernhardsmw (talkcontribs)

And most importantly: Why do I need kerberos or slapd as the documentation tells? Is the normal php5-ldap package not enough?

158.145.224.111 (talkcontribs)

try switching to SSL, or clear text. If you are authenticating and the binding is failing (same as mine below) then we might be in the same boat. The extension works. I can vouch for that. If the ldap server you are authenticating to isn't authenticated by a real CA you might have issue. You'll need to add the public key certificate to your CA store.

Bernhardsmw (talkcontribs)

I did the change and this is how my /etc/ldap/ldap.conf looks now

TLS_REQCERT     never

This is the change I did in the /var/lib/mediawiki/LocalSettings.php

$wgLDAPEncryptionType = array( "EUROPE.LAN" => "clear" );

And this the debug file. Still no success...

2015-09-16 07:29:34 MONITOR1 mediawiki: 2.1.0 Entering validDomain

2015-09-16 07:29:34 MONITOR1 mediawiki: 2.1.0 User is using a valid domain (EUROPE.LAN).

2015-09-16 07:29:34 MONITOR1 mediawiki: 2.1.0 Setting domain as: EUROPE.LAN

2015-09-16 07:29:34 MONITOR1 mediawiki: 2.1.0 Entering getCanonicalName

2015-09-16 07:29:34 MONITOR1 mediawiki: 2.1.0 Username is: Mediawiki

2015-09-16 07:29:34 MONITOR1 mediawiki: 2.1.0 Entering getDomain

2015-09-16 07:29:34 MONITOR1 mediawiki: 2.1.0 Munged username: Mediawiki

2015-09-16 07:29:34 MONITOR1 mediawiki: 2.1.0 Entering getCanonicalName

2015-09-16 07:29:34 MONITOR1 mediawiki: 2.1.0 Username is an IP, not munging.

2015-09-16 07:29:34 MONITOR1 mediawiki: 2.1.0 Entering getCanonicalName

2015-09-16 07:29:34 MONITOR1 mediawiki: 2.1.0 Username is an IP, not munging.

2015-09-16 07:29:34 MONITOR1 mediawiki: 2.1.0 Entering getDomain

2015-09-16 07:29:34 MONITOR1 mediawiki: 2.1.0 Entering userExists

2015-09-16 07:29:34 MONITOR1 mediawiki: 2.1.0 Entering getDomain

2015-09-16 07:29:34 MONITOR1 mediawiki: 2.1.0 Entering getDomain

2015-09-16 07:29:34 MONITOR1 mediawiki: 2.1.0 Entering authenticate for username Mediawiki

2015-09-16 07:29:34 MONITOR1 mediawiki: 2.1.0 Entering getDomain

2015-09-16 07:29:34 MONITOR1 mediawiki: 2.1.0 Entering getDomain

2015-09-16 07:29:34 MONITOR1 mediawiki: 2.1.0 Entering getDomain

2015-09-16 07:29:34 MONITOR1 mediawiki: 2.1.0 Entering Connect

2015-09-16 07:29:34 MONITOR1 mediawiki: 2.1.0 Entering getDomain

2015-09-16 07:29:34 MONITOR1 mediawiki: 2.1.0 Using TLS or not using encryption.

2015-09-16 07:29:34 MONITOR1 mediawiki: 2.1.0 Entering getDomain

2015-09-16 07:29:34 MONITOR1 mediawiki: 2.1.0 Entering getDomain

2015-09-16 07:29:34 MONITOR1 mediawiki: 2.1.0 Entering getDomain

2015-09-16 07:29:34 MONITOR1 mediawiki: 2.1.0 Using servers:  ldap://DC1.EUROPE.LAN:389

2015-09-16 07:29:34 MONITOR1 mediawiki: 2.1.0 Entering getDomain

2015-09-16 07:29:34 MONITOR1 mediawiki: 2.1.0 PHP's LDAP connect method returned true (note, this does not imply it connected to the server).

2015-09-16 07:29:34 MONITOR1 mediawiki: 2.1.0 Entering getSearchString

2015-09-16 07:29:34 MONITOR1 mediawiki: 2.1.0 Entering getDomain

2015-09-16 07:29:34 MONITOR1 mediawiki: 2.1.0 Doing a straight bind

2015-09-16 07:29:34 MONITOR1 mediawiki: 2.1.0 userdn is: EUROPE.LAN\mediawiki

2015-09-16 07:29:34 MONITOR1 mediawiki: 2.1.0 Entering getDomain

2015-09-16 07:29:34 MONITOR1 mediawiki: 2.1.0 Binding as the user

2015-09-16 07:29:34 MONITOR1 mediawiki: 2.1.0 Failed to bind as EUROPE.LAN\mediawiki

2015-09-16 07:29:34 MONITOR1 mediawiki: 2.1.0 Entering allowPasswordChange

2015-09-16 07:29:34 MONITOR1 mediawiki: 2.1.0 Entering getDomain

2015-09-16 07:29:34 MONITOR1 mediawiki: 2.1.0 Entering getDomain

2015-09-16 07:29:34 MONITOR1 mediawiki: 2.1.0 Entering modifyUITemplate

2015-09-16 07:29:34 MONITOR1 mediawiki: 2.1.0 Entering getDomain

2015-09-16 07:29:34 MONITOR1 mediawiki: 2.1.0 Entering getDomain

2015-09-16 07:29:34 MONITOR1 mediawiki: 2.1.0 Entering getDomain



Bernhardsmw (talkcontribs)

As I can see now the time of the Logfile is not correct. The system time is the same as the DC server but the logfile time is 2 hours after it.

Bernhardsmw (talkcontribs)

phpinfo() about SSL config

[openssl]

OpenSSL support enabled
OpenSSL Library Version OpenSSL 1.0.1f 6 Jan 2014
OpenSSL Header Version OpenSSL 1.0.1f 6 Jan 2014
Registered Stream Socket Transports tcp, udp, unix, udg, ssl, sslv3, tls
Bernhardsmw (talkcontribs)

After hours of madness I finally get it working:

You have to install the required packages: Extension:LDAP Authentication#Installation

Then just follow this guide: http://ryandlane.com/blog/2009/03/23/using-the-ldap-authentication-plugin-for-mediawiki-the-basics-part-1/

Forget what configurations are written on the wiki page. If you get after the login a database error: Topic:Sshx994njzy3rs3l

"www.mediawiki.org/wiki/Topic:Sshx994njzy3rs3l" (if the link does not work)

I am a bit mad but happy now. This plugin costs to much time because of the missleading documentation.

86.135.240.141 (talkcontribs)

One of the year and I don't have the Kajus

110.137.41.215 (talkcontribs)

 Incorrect password entered. Please try again.

Reply to "Login error incorrect password entered. please try again"

Support for LDAP Authentication on MW 1.29 (Windows 2012 R2, IIS).

2
198.181.18.22 (talkcontribs)

After spending the better part of two days, I just installed LDAP authentication in my environment, which is made up of:

MediaWiki 1.29

PHP 7.1.8

MySQL 5.7.19

Windows Server 2012 R2

IIS 8.5

Unfortunately, it is not working (in fact, after installing all the pieces and parts, my Wiki site would not load at all)

Is LDAP Authentication supported under this configuration? I have seen conflicting information on this and before I spend a lot of time on this, I need to know if this is even achievable.

198.181.18.24 (talkcontribs)

After tweaking some of the settings in LocalSettings.php, the site now loads when LDAP Authentication is enabled. Unfortunately, LDAP Authentication itself is still not working. In the meantime, I really need to know if this is supported/should work in my environment:

MediaWiki 1.29

PHP 7.1.8

MySQL 5.7.19

Windows Server 2012 R2

IIS 8.5

Reply to "Support for LDAP Authentication on MW 1.29 (Windows 2012 R2, IIS)."
Dturtill (talkcontribs)

Is there anyway that I can configure this so that It will auto create accounts and grant them Specific permissions (read \ Write \ Admin) based on what AD group they are in please

I currently have it enabled so that it will allow you to log in if you are in certain groups but then I need to populate the permissions manually

here is current details

require_once( "$IP/extensions/LdapAuthentication/LdapAuthentication.php" );

$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDomainNames = array( "test" );
$wgLDAPServerNames = array( "test"=> "srvadfshqgw.test.test.co.uk srvadfsbrtn.test.test.co.uk"  );
$wgLDAPSearchStrings = array("test" => "test\\USER-NAME",);
$wgLDAPEncryptionType = array( "test"=>"ssl" );
#$wgLDAPUseLocal = false;
$wgMinimalPasswordLength = 1;
$wgLDAPBaseDNs = array( "test"=> "DC=test,DC=test,DC=co,DC=uk" );
$wgLDAPSearchAttributes = array( "test"=>"sAMAccountName" );
$wgLDAPRetrievePrefs = array( "test" => "true" );
$wgLDAPPreferences = array('test' => array( 'email' => 'mail','realname' => 'displayname'));
$wgLDAPDebug = 1; //for debugging LDAP;
$wgDebugLogGroups["ldap"] = "/tmp/wikidebuglog-{$wgDBname}.log";
#$wgLDAPRequiredGroups = array( "test"=> array("cn=Bimtest_Admin,ou=Groups for testing,ou=test,dc=test,dc=test,dc=co,dc=uk","cn=Bimtest_Read,ou=Groups for testing,ou=test,dc=test,dc=test,dc=co,dc=uk") );
$wgLDAPGroupUseFullDN = array( "test"=>true );
$wgLDAPGroupsUseMemberOf = array( "test"=>true );
$wgLDAPGroupObjectclass = array( "test"=>"group" );
$wgLDAPGroupAttribute = array( "test"=>"member" );
$wgLDAPGroupSearchNestedGroups = array( "test"=>true );
$wgLDAPGroupNameAttribute = array( "test"=>"cn" );
$wgLDAPGroupSearchNestedGroups = array( "test"=>true );
$wgLDAPActiveDirectory = array( "test" => true);
#$wgLDAPDisableAutoCreate = array(

  'test' => true;

thanks

Reply to "Auto Create and Grant Access"

AD auth - Automatic account creation is not allowed

3
77.245.199.118 (talkcontribs)

Hello.

I use Debian 9 with Nginx + last mediawiki

when i try to log in i receive: "Auto-creation of a local account failed: Automatic account creation is not allowed."

if i use correct auth name and password, if not - i receive thet user or password wrong. Another word ldap auth ok.

my config:

# The following permissions were set based on your choice in the installer

$wgGroupPermissions['*'    ]['createaccount']   = true;

$wgGroupPermissions['*'    ]['read']            = true;

$wgGroupPermissions['*'    ]['edit']            = true;

$wgGroupPermissions['*'    ]['createpage']      = true;

$wgGroupPermissions['*'    ]['createtalk']      = true;

# AD

require_once ("/usr/share/mediawiki-extensions/ldapauth/LdapAuthentication.php");

$wgAuth = new LdapAuthenticationPlugin();

$wgLDAPDomainNames = array(

  '**addomain**'

);

$wgLDAPServerNames = array(

  '**addomain**' => 'srv-dc2.**addomain**.ru'

);

$wgLDAPSearchStrings = array(

  '**addomain**' => '**addomain**\\USER-NAME'

);

$wgLDAPBaseDNs = array(

  '**addomain**' => 'dc=**addomain**,dc=ru'

);

$wgLDAPSearchAttributes = array(

  '**addomain**' => 'sAMAccountName' );

$wgLDAPPort = array(

  '**addomain**' => 389,

);

$wgLDAPEncryptionType = array(

  '**addomain**' => 'clear'

);

$wgLDAPProxyAgent =  array(

  '**addomain**' => 'CN=ldapwiki,CN=Users,DC=**addomain**,DC=ru'

);

$wgLDAPProxyAgentPassword = array(

  '**addomain**' => '****'

);

$wgLDAPDisableAutoCreate = array(

  '**addomain**' => true

);

$wgLDAPUseLocal = false;

$wgMinimalPasswordLength = 1;

$wgLDAPDebug = 99;

$wgDebugLogGroups['ldap'] = '/tmp/debug.log';

in debug log:

2017-10-27 12:46:17 srv-intranet wiki: 2.0a Using TLS or not using encryption.

2017-10-27 12:46:17 srv-intranet wiki: 2.0a Using non-standard port: 389

2017-10-27 12:46:17 srv-intranet wiki: 2.0a Using servers:  ldap://srv-dc2.**addomain**.ru:389

2017-10-27 12:46:17 srv-intranet wiki: 2.0a PHP's LDAP connect method returned true (note, this does not imply it connected to the server).

2017-10-27 12:46:17 srv-intranet wiki: 2.0a Entering getUserDN

2017-10-27 12:46:17 srv-intranet wiki: 2.0a Doing a proxy bind

2017-10-27 12:46:17 srv-intranet wiki: 2.0a Created a regular filter: (sAMAccountName=UserName)

2017-10-27 12:46:17 srv-intranet wiki: 2.0a Entering getBaseDN

2017-10-27 12:46:17 srv-intranet wiki: 2.0a basedn is not set for this type of entry, trying to get the default basedn.

2017-10-27 12:46:17 srv-intranet wiki: 2.0a Entering getBaseDN

2017-10-27 12:46:17 srv-intranet wiki: 2.0a Using base: dc=**addomain**,dc=ru

2017-10-27 12:46:17 srv-intranet wiki: 2.0a Fetched username is not a string (check your hook code...). This message can be safely ignored if you do not have the SetUsernameAttributeFromLDAP hook defined.

2017-10-27 12:46:17 srv-intranet wiki: 2.0a Munged username: UserName

2017-10-27 12:46:17 srv-intranet wiki: 2.0a Entering getCanonicalName

2017-10-27 12:46:17 srv-intranet wiki: 2.0a Username isn't empty.

2017-10-27 12:46:17 srv-intranet wiki: 2.0a Entering Connect

2017-10-27 12:46:17 srv-intranet wiki: 2.0a Using TLS or not using encryption.

2017-10-27 12:46:17 srv-intranet wiki: 2.0a Using non-standard port: 389

2017-10-27 12:46:17 srv-intranet wiki: 2.0a Using servers:  ldap://srv-dc2.**addomain**.ru:389

2017-10-27 12:46:17 srv-intranet wiki: 2.0a PHP's LDAP connect method returned true (note, this does not imply it connected to the server).

2017-10-27 12:46:17 srv-intranet wiki: 2.0a Entering getUserDN

2017-10-27 12:46:17 srv-intranet wiki: 2.0a Doing a proxy bind

2017-10-27 12:46:17 srv-intranet wiki: 2.0a Created a regular filter: (sAMAccountName=UserName)

2017-10-27 12:46:17 srv-intranet wiki: 2.0a Entering getBaseDN

2017-10-27 12:46:17 srv-intranet wiki: 2.0a basedn is not set for this type of entry, trying to get the default basedn.

2017-10-27 12:46:17 srv-intranet wiki: 2.0a Entering getBaseDN

2017-10-27 12:46:17 srv-intranet wiki: 2.0a Using base: dc=**addomain**,dc=ru

206.55.83.201 (talkcontribs)

$wgLDAPDisableAutoCreate = array(

  '**addomain**' => false );

2003:CC:ABE0:EF00:CDBF:F0FF:9AD0:DA37 (talkcontribs)

Right, $wgLDAPDisableAutoCreate needs t be set to false for the domain for auto creation to be allowed.

I had the same problem, but it had a different reason:

Automatic account creation needs one or both of the user rights "createaccount" and "autocreateaccount" to be granted to anonymous users. And these user rights need to be defined before the extension is included and configured.

In my case, the problem disappeared when I put the line

$wgGroupPermissions['*']['autocreateaccount'] = true;

before any line of the LdapAuthentication extension.

Reply to "AD auth - Automatic account creation is not allowed"

Mediawiki 1.28 with php5.6 v. php7.0 & LdapAuthentication issues

1
96.91.174.60 (talkcontribs)

Hi,

with mediawiki 1.28 and php5.6 I can authenticate to my openldap servers, however when I enable php7.0 and disable php5.6 (Debian 9) it stops working.

Can anyone point me to posts similar to this if this has been brought up already?

Thanks

Reply to "Mediawiki 1.28 with php5.6 v. php7.0 & LdapAuthentication issues"
Aschroet (talkcontribs)

Currently we configure the allowed users for our MW by wgLDAPRequiredGroups. Is there a way to explicitely allow certains LDAP users to authenticate indepently from their groups?

Reply to "Autheniticate single users"
Xavi (talkcontribs)

I am describing a situation where LDAP Authentication wrongly seems to log in a user through the LDAP domain.

Initial setup:

  • One local user: user1 (who has logged in at least once in the wiki)
  • Two ldap users: user1 and user2
  • $wgMainCacheType = CACHE_ACCEL
  • Local user1 and ldap user1 have the same password

After installing LDAP Authentication with $wgLDAPUseLocal = true; and before running maintenance/update.php (or creating /*_*/ldap_domains manually):

  1. Access the wiki: Error: 1146 Table 'wiki_db_name.wiki_db_prefix_ldap_domains' doesn't exist
  2. Change $wgMainCacheType = CACHE_NONE
  3. Access the wiki: Wiki is displayed with no error message
  4. Log in with user1 in local domain: Error: 1146 Table 'wiki_db_name.wiki_db_prefix_ldap_domains' doesn't exist but the user is logged in
  5. Log out
  6. Log in with user1 in ldap domain: The user is logged in with no error message
  7. Log out
  8. Log in with user2 in ldap domain: Wrong credential message, the is not logged in
Reply to "LDAP "fake" log in"

Use of $_SESSION['wsDomain'] in LdapAuthentication.php causes problems

3
HermannSchwärzler (talkcontribs)

In my setup the direct use of $_SESSION['wsDomain'] at line 1237 of LdapAuthentication.php causes problems: Im my case there sometimes is a token but the wsDomain-member of the $_SESSION array is not (yet) set.

Looking through the code I came up with this solution:

diff --git a/LdapAuthentication.php b/LdapAuthentication.php
index 44e47d4..462f9c9 100644
--- a/LdapAuthentication.php
+++ b/LdapAuthentication.php
@@ -1234,7 +1234,7 @@ class LdapAuthenticationPlugin extends AuthPlugin {
                # We must set a user option if we want token based logins to work
                if ( $user->getToken( false ) ) {
                        $this->printDebug( "User has a token, setting domain in user options.", NONSENSITIVE );
-                       self::saveDomain( $user, $_SESSION['wsDomain'] );
+                       self::saveDomain( $user, $this->getDomain() );
                }
 
                # Let other extensions update the user

I think this is the correct way of doing it especially after reading the comments in getDomain(). :-)

What do you think?

62.143.213.59 (talkcontribs)

Hi Hermann, You are 100% right - I totally agree with your saying. The $_SESSION['wsDomain'] cannot be use at that moment. It is better to use $this->getDomain()

By doing so the extensions works as expected.

- Michael

206.55.83.201 (talkcontribs)

thanks Michel. It works for me.

Reply to "Use of $_SESSION['wsDomain'] in LdapAuthentication.php causes problems"
Hasechris (talkcontribs)

Hello,

i keep getting Errors on login with ldap user from Active Directory. Generally the login always works aka i have the User Preference etc buttons on the upper right. But the second and ongoing login from a ldap User will generate DB Query Errors.

The interesting part is in the attached debug_data.txt:

    Query: INSERT INTO `comwiki-ldap_domains` (domain,user_id) VALUES (NULL,'4')

On the first Login this Query will be run towards my DB. Then the value of domain is empty; the next login will produce the attached Error.

Version:

LDAP Authentication Plugin 2.1.0 (4c9bdab)16:24, 21. Apr. 2017
Software Version
MediaWiki 1.29.0 (8b5beb3)
PHP 5.5.14 (apache2handler)
MySQL 5.6.24-log
ICU 52.1

Greeting from Germany

Thanks in advance

Christian Hase

This comment was hidden by Hasechris (history)
Hasechris (talkcontribs)

Debug output:

    [cookie] already deleted setcookie: "forceHTTPS", "", "1477383977", "/", "", "", "1" 
    [DBQuery] wikidb REPLACE /* SqlBagOStuff::setMulti */ INTO `comwiki-objectcache` (keyname,value,exptime) VALUES ('wikidb-comwiki-:MWSession:ltl8srq3pkcr4la1hhb7hkh9a5mgc3bb'','20171025092617')
    [error] [9a4104b9e8f72ce750b716bf] /index.php?title=Special:UserLogin&returnto=Main+Page ErrorException from line 1168 of /srv/www/htdocs/extensions/LdapAuthentication/LdapAuthenticationPlugin.php: PHP Notice: Undefined index: wsDomain
    [DBQuery] wikidb SELECT /* LdapAuthenticationPlugin::loadDomain 10.155.65.56 */ domain FROM `comwiki-ldap_domains` WHERE user_id = '4' LIMIT 1
    [DBQuery] wikidb INSERT /* LdapAuthenticationPlugin::saveDomain 10.155.65.56 */ INTO `comwiki-ldap_domains` (domain,user_id) VALUES (NULL,'4')
    [DBQuery] LdapAuthenticationPlugin::saveDomain	<hostname> (edited)	1048	Column 'domain' cannot be null (<hostname> (edited))	INSERT INTO `comwiki-ldap_domains` (domain,user_id) VALUES (NULL,'4') 
    [DBQuery] SQL ERROR: Column 'domain' cannot be null (<hostname> (edited)) 
    [session] SessionBackend "ltl8srq3pkcr4la1hhb7hkh9a5mgc3bb" data dirty due to dirty(): AuthManagerSpecialPage->performAuthenticationStep/MediaWiki\Auth\AuthManager->beginAuthentication/MediaWiki\Auth\AuthManager->continueAuthentication/MediaWiki\Session\Session->remove/MediaWiki\Session\SessionBackend->dirty
    [DBQuery] wikidb ROLLBACK /* MWExceptionHandler::rollbackMasterChangesAndLog 10.155.65.56 */ 
    [exception] [9a4104b9e8f72ce750b716bf] /index.php?title=Special:UserLogin&returnto=Main+Page Wikimedia\Rdbms\DBQueryError from line 1075 of /srv/www/htdocs/includes/libs/rdbms/database/Database.php: A database query error has occurred. Did you forget to run your application's database schema updater after upgrading? 
    Query: INSERT INTO `comwiki-ldap_domains` (domain,user_id) VALUES (NULL,'4') Function: LdapAuthenticationPlugin::saveDomain
    Error: 1048 Column 'domain' cannot be null (<hostname> (edited))
    [DBQuery] wikidb BEGIN /* Wikimedia\Rdbms\Database::query (LCStoreDB::get) 10.155.65.56 */
Hasechris (talkcontribs)

The Error dump:

   [9a4104b9e8f72ce750b716bf] /index.php?title=Special:UserLogin&returnto=Main+Page Wikimedia\Rdbms\DBQueryError from line 1075 of /srv/www/htdocs/includes/libs/rdbms/database/Database.php: A database query error has occurred. Did you forget to run your application's database schema updater after upgrading? 
   Query: INSERT INTO `comwiki-ldap_domains` (domain,user_id) VALUES (NULL,'4')
   Function: LdapAuthenticationPlugin::saveDomain
   Error: 1048 Column 'domain' cannot be null (mgtcom012.a41mgt.local)
   Backtrace:
   
   #0 /srv/www/htdocs/includes/libs/rdbms/database/Database.php(933): Wikimedia\Rdbms\Database->reportQueryError(string, integer, string, string, boolean)
   #1 /srv/www/htdocs/includes/libs/rdbms/database/Database.php(1515): Wikimedia\Rdbms\Database->query(string, string)
   #2 /srv/www/htdocs/extensions/LdapAuthentication/LdapAuthenticationPlugin.php(2003): Wikimedia\Rdbms\Database->insert(string, array, string)
   #3 /srv/www/htdocs/extensions/LdapAuthentication/LdapAuthenticationPlugin.php(1168): LdapAuthenticationPlugin::saveDomain(User, NULL)
   #4 /srv/www/htdocs/includes/auth/AuthPluginPrimaryAuthenticationProvider.php(145): LdapAuthenticationPlugin->updateUser(User)
   #5 [internal function]: MediaWiki\Auth\AuthPluginPrimaryAuthenticationProvider->onUserLoggedIn(User)
   #6 /srv/www/htdocs/includes/Hooks.php(186): call_user_func_array(array, array)
   #7 /srv/www/htdocs/includes/auth/AuthManager.php(2388): Hooks::run(string, array)
   #8 /srv/www/htdocs/includes/auth/AuthManager.php(690): MediaWiki\Auth\AuthManager->setSessionDataForUser(User, boolean)
   #9 /srv/www/htdocs/includes/auth/AuthManager.php(382): MediaWiki\Auth\AuthManager->continueAuthentication(array)
   #10 /srv/www/htdocs/includes/specialpage/AuthManagerSpecialPage.php(353): MediaWiki\Auth\AuthManager->beginAuthentication(array, string)
   #11 /srv/www/htdocs/includes/specialpage/AuthManagerSpecialPage.php(482): AuthManagerSpecialPage->performAuthenticationStep(string, array)
   #12 [internal function]: AuthManagerSpecialPage->handleFormSubmit(array, VFormHTMLForm)
   #13 /srv/www/htdocs/includes/htmlform/HTMLForm.php(663): call_user_func(array, array, VFormHTMLForm)
   #14 /srv/www/htdocs/includes/specialpage/AuthManagerSpecialPage.php(416): HTMLForm->trySubmit()
   #15 /srv/www/htdocs/includes/specialpage/LoginSignupSpecialPage.php(305): AuthManagerSpecialPage->trySubmit()
   #16 /srv/www/htdocs/includes/specialpage/SpecialPage.php(522): LoginSignupSpecialPage->execute(NULL)
   #17 /srv/www/htdocs/includes/specialpage/SpecialPageFactory.php(578): SpecialPage->run(NULL)
   #18 /srv/www/htdocs/includes/MediaWiki.php(287): SpecialPageFactory::executePath(Title, RequestContext)
   #19 /srv/www/htdocs/includes/MediaWiki.php(862): MediaWiki->performRequest()
   #20 /srv/www/htdocs/includes/MediaWiki.php(523): MediaWiki->main()
   #21 /srv/www/htdocs/index.php(43): MediaWiki->run()
   #22 {main}
206.55.83.201 (talkcontribs)

check php logs :

PHP Notice:  Undefined index: wsDomain in /wikimedia/wiki/extensions/LdapAuthentication/LdapAuthenticationPlugin.php on line 1165

edit /wikimedia/extensions/LdapAuthentication/LdapAuthenticationPlugin.php at line 1165

# We must set a user option if we want token based logins to work

                if ( $user->getToken( false ) ) {

                        $this->printDebug( "User has a token, setting domain in user options.", NONSENSITIVE );

                #       self::saveDomain( $user, $_SESSION['wsDomain'] );

                        self::saveDomain( $user, $this->getDomain() );

                }

(lien: https://www.mediawiki.org/wiki/Topic:Syi70fsge0l1lhq3)

It woks for me.

Reply to "DB Query Errors on second login"
Deep case (talkcontribs)

Hi,

I`m using:

MediaWiki: 1.29.1

PHP: 5.6.30-0+deb8u1 (apache2handler)

MySQL: 5.5.58-0+deb8u1

Lua: 5.1.5

LdapAuthentication: REL1_29

uname -a

Linux MediaWiKi 4.10.15-1-pve #1 SMP PVE 4.10.15-15 (Fri, 23 Jun 2017 08:57:55 +0200) x86_64 GNU/Linux

Immediately I apologize for the big log...

Situation: Authorization is configured in the AD (USER-NAME).

The user with the name ddt comes in. User with deep_case nickname - wrote error "The password you entered is incorrect. Try again.". Login/password is 100% correct.

As I understand it - the problem is in symbol _

LocalSettings.php:

require_once( "$IP/extensions/LdapAuthentication/LdapAuthentication.php" );

$wgAuth = new LdapAuthenticationPlugin();

$wgLDAPDomainNames = array('test.td.com');

$wgLDAPServerNames = array('test.td.com' => 'dc1.test.td.com dc2.test.td.com');

$wgLDAPEncryptionType = array('test.td.com' => 'clear');

$wgLDAPBaseDNs = array('test.td.com' => 'DC=test,DC=td,DC=com');

$wgLDAPProxyAgent =  array('test.td.com' => 'CN=user_wiki,DC=test,DC=td,DC=com');

$wgLDAPProxyAgentPassword = array('test.td.com' => 'megapassword');

$wgLDAPLowerCaseUsername = array('test.td.com' => true);

$wgMinimalPasswordLength = 1;

$wgLDAPUseLocal = false;

$wgLDAPSearchStrings = array('test.td.com' => "TEST\\USER-NAME");

Debug file:

2017-11-07 13:54:24 MediaWiKi wiki-_wiki: 2.1.0 Entering strict.

2017-11-07 13:54:24 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:24 MediaWiKi wiki-_wiki: 2.1.0 Returning true in strict().

2017-11-07 13:54:24 MediaWiKi wiki-_wiki: 2.1.0 Entering strict.

2017-11-07 13:54:24 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:24 MediaWiKi wiki-_wiki: 2.1.0 Returning true in strict().

2017-11-07 13:54:26 MediaWiKi wiki-_wiki: 2.1.0 Entering strict.

2017-11-07 13:54:26 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:26 MediaWiKi wiki-_wiki: 2.1.0 Returning true in strict().

2017-11-07 13:54:26 MediaWiKi wiki-_wiki: 2.1.0 Entering allowPasswordChange

2017-11-07 13:54:26 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:26 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:26 MediaWiKi wiki-_wiki: 2.1.0 Entering modifyUITemplate

2017-11-07 13:54:26 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:26 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:26 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:26 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:26 MediaWiKi wiki-_wiki: 2.1.0 Username is an IP, not munging.

2017-11-07 13:54:26 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:26 MediaWiKi wiki-_wiki: 2.1.0 Username is: Ddt

2017-11-07 13:54:26 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:26 MediaWiKi wiki-_wiki: 2.1.0 Munged username: Ddt

2017-11-07 13:54:26 MediaWiKi wiki-_wiki: 2.1.0 Entering strict.

2017-11-07 13:54:26 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:26 MediaWiKi wiki-_wiki: 2.1.0 Returning true in strict().

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering strict.

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Returning true in strict().

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering allowPasswordChange

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering modifyUITemplate

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Username is an IP, not munging.

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Username is: Ddt

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Munged username: Ddt

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Username is: Ddt

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Munged username: Ddt

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Username is: Ddt

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Munged username: Ddt

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Username is: Ddt

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Munged username: Ddt

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Username is: Ddt

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Munged username: Ddt

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Username is: Ddt

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Munged username: Ddt

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Username is: Ddt

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Munged username: Ddt

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Username is: Ddt

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Munged username: Ddt

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering validDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 User is using a valid domain (test.td.com).

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Setting domain as: test.td.com

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Username is: Ddt

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Munged username: Ddt

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering userExists

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering authenticate for username Ddt

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering Connect

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Using TLS or not using encryption.

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Using servers: ldap://dc1.test.td.com:389 ldap://dc2.test.td.com:389

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 PHP's LDAP connect method returned true (note, this does not imply it connected to the server).

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getSearchString

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Doing a straight bind

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 userdn is: TEST\ddt

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Binding as the user

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Bound successfully

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getUserDN

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Created a regular filter: (=ddt)

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getBaseDN

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 basedn is not set for this type of entry, trying to get the default basedn.

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getBaseDN

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Using base: DC=test,DC=td,DC=com

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Couldn't find an entry

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Fetched UserDN:

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getGroups

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering checkGroups

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getPreferences

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Authentication passed

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Username is: Ddt

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Munged username: Ddt

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering updateUser

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 User has a token, setting domain in user options.

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Saving user settings.

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering updateExternalDB

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Either the user is using a local domain, or the wiki isn't allowing updates

2017-11-07 13:54:39 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:39 MediaWiKi wiki-_wiki: 2.1.0 Username is: Ddt

2017-11-07 13:54:39 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:39 MediaWiKi wiki-_wiki: 2.1.0 Munged username: Ddt

2017-11-07 13:54:39 MediaWiKi wiki-_wiki: 2.1.0 Entering strict.

2017-11-07 13:54:39 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:39 MediaWiKi wiki-_wiki: 2.1.0 Returning true in strict().

2017-11-07 13:54:39 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:39 MediaWiKi wiki-_wiki: 2.1.0 Username is: Ddt

2017-11-07 13:54:39 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:39 MediaWiKi wiki-_wiki: 2.1.0 Munged username: Ddt

2017-11-07 13:54:39 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:39 MediaWiKi wiki-_wiki: 2.1.0 Username is: Ddt

2017-11-07 13:54:39 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:39 MediaWiKi wiki-_wiki: 2.1.0 Munged username: Ddt

2017-11-07 13:54:43 MediaWiKi wiki-_wiki: 2.1.0 Entering strict.

2017-11-07 13:54:43 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:43 MediaWiKi wiki-_wiki: 2.1.0 Returning true in strict().

2017-11-07 13:54:45 MediaWiKi wiki-_wiki: 2.1.0 Entering strict.

2017-11-07 13:54:45 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:45 MediaWiKi wiki-_wiki: 2.1.0 Returning true in strict().

2017-11-07 13:54:46 MediaWiKi wiki-_wiki: 2.1.0 Entering allowPasswordChange

2017-11-07 13:54:46 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:46 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:46 MediaWiKi wiki-_wiki: 2.1.0 Entering modifyUITemplate

2017-11-07 13:54:46 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:46 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:46 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:46 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:46 MediaWiKi wiki-_wiki: 2.1.0 Username is an IP, not munging.

2017-11-07 13:54:46 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:46 MediaWiKi wiki-_wiki: 2.1.0 Username is: Ddt

2017-11-07 13:54:46 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:46 MediaWiKi wiki-_wiki: 2.1.0 Munged username: Ddt

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Entering strict.

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Returning true in strict().

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Entering allowPasswordChange

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Entering modifyUITemplate

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Username is an IP, not munging.

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Username is: Ddt

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Munged username: Ddt

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Username is: Deep case

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Munged username: Deep case

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Username is: Deep case

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Munged username: Deep case

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Username is: Deep case

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Munged username: Deep case

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Username is: Deep case

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Munged username: Deep case

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Username is: Deep case

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Munged username: Deep case

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Username is: Deep case

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Munged username: Deep case

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Username is: Deep case

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Munged username: Deep case

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering validDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 User is using a valid domain (test.td.com).

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Setting domain as: test.td.com

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Username is: Deep case

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Munged username: Deep case

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering userExists

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering authenticate for username Deep case

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering Connect

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Using TLS or not using encryption.

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Using servers: ldap://dc1.test.td.com:389 ldap://dc2.test.td.com:389

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 PHP's LDAP connect method returned true (note, this does not imply it connected to the server).

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getSearchString

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Doing a straight bind

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 userdn is: TEST\deep case

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Binding as the user

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Failed to bind as TEST\deep case

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering strict.

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Returning true in strict().

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Username is: Deep case

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Munged username: Deep case

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering allowPasswordChange

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering modifyUITemplate

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Username is: Ddt

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Munged username: Ddt

2017-11-07 13:55:21 MediaWiKi wiki-_wiki: 2.1.0 Entering strict.

2017-11-07 13:55:21 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:55:21 MediaWiKi wiki-_wiki: 2.1.0 Returning true in strict().

2017-11-07 13:55:24 MediaWiKi wiki-_wiki: 2.1.0 Entering strict.

2017-11-07 13:55:24 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:55:24 MediaWiKi wiki-_wiki: 2.1.0 Returning true in strict().

Reply to "separation of the nickname"