Extension talk:LDAP Authentication

Jump to: navigation, search

About this board

How to ask for support

There's a couple key pieces of info I always need:

  1. The MediaWiki version you are using
  2. The LdapAuthentication extension version you are using

I very often will need to see two other things when you ask for support, so you should have them prepared:

  1. Your configuration, with sensitive stuff snipped out
  2. The extension's debug log, with sensitive stuff snipped out

When you are trying to debug an authentication problem, you should always use the most basic configuration possible. For instance, if you don't have basic authentication working yet, you shouldn't have group restrictions or group synchronization enabled yet. I will generally ask you to disable these things when debugging.

Also, $wgLDAPUseLocal is almost never what you want to use. It's a frequent cause of configuration issues, and unless you really know what you are doing, it should not be set (or explicitly set to false, which is the default).

Most importantly of all: ensure you are using the newest version of the extension. From the extension distributor, that's the "master" version. If you are using git, just make sure you use git pull && git reset --hard origin/master. This is one of the more common cause of problems.

How to submit a bug

If you've found a bug, please submit it here.

Archives

By clicking "Add topic", you agree to our Terms of Use and agree to irrevocably release your text under the CC BY-SA 3.0 License and GFDL

Automatic account creation is not allowed

11
TroySettle (talkcontribs)

extension for mediawiki 1.28

I'm getting closer to figuring this out, but stuck on automatically creating accounts. Here's my current (sanitized) configuration. I can authenticate, but I then get the message:

Auto-creation of a local account failed: Automatic account creation is not allowed.

require_once ("$IP/extensions/LdapAuthentication/LdapAuthentication.php");
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPUseLocal = true;

$wgLDAPDebug = 3;
$wgDebugLogGroups['ldap'] = '/tmp/debug.log';

$wgLDAPDomainNames       = array('LOCAL');
$wgLDAPServerNames       = array('LOCAL' => 'local-dc2.local.domain');
$wgLDAPEncryptionType    = array('LOCAL' => 'clear');
$wgMinimalPasswordLength = 1;
$wgLDAPBaseDNs           = array('LOCAL' => 'ou=Users,ou=LOCAL,dc=domain,dc=local');

$wgLDAPSearchStrings     = array('LOCAL' => 'LOCAL\\USER-NAME');
$wgLDAPSearchAttributes  = array('LOCAL' => 'sAMAccountName' );

$wgLDAPDisableAutoCreate = array('LOCAL' => false);

Any help would be greatly appreciated!

Aarango1 (talkcontribs)

Same here. Any help is appreciated. My config:

require_once( "$IP/extensions/LdapAuthentication/LdapAuthentication.php" );

$wgAuth = new LdapAuthenticationPlugin();

$wgLDAPDomainNames = array("iRedMail");

$wgLDAPServerNames = array("iRedMail" => "192.168.XX.XX");

$wgLDAPPort = array("iRedMail" => 389);

$wgLDAPEncryptionType = array( "iRedMail" => "clear");

$wgLDAPBaseDNs = array( "iRedMail"=>"o=domains,dc=example,dc=com");

$wgLDAPProxyAgent = array("iRedMail"=>"cn=vmail,dc=example,dc=com");

$wgLDAPProxyAgentPassword = array( "iRedMail"=>"*****");

$wgLDAPUserBaseDNs = array( "iRedMail"=>"o=domains,dc=example,dc=com");

$wgLDAPSearchAttributes = array( "iRedMail" => "mail");

$wgLDAPLowerCaseUsername = array( "iRedMail"=>true);

$wgLDAPUseLocal = true;

$wgLDAPDebug = 3;

$wgDebugLogGroups['ldap'] = '/tmp/debug.log';

Legaulph (talkcontribs)

Same issue

TroySettle (talkcontribs)

FWIW, I finally got it working. Not sure what the difference is here... the $wgGroupPermissions item is not listed on the LDAP extension instructions, but I think this is what did it.

require_once ("$IP/extensions/LdapAuthentication/LdapAuthentication.php");
$wgAuth = new LdapAuthenticationPlugin();
#$wgLDAPUseLocal = true;
$wgLDAPDomainNames       = array('LOCAL');
$wgLDAPServerNames       = array('LOCAL' => 'local-dc2.mydomain.local');
$wgLDAPEncryptionType    = array('LOCAL' => 'clear');
$wgMinimalPasswordLength = 1;
$wgLDAPBaseDNs           = array('LOCAL' => 'ou=Users,ou=LOCAL,dc=mydomain,dc=local');
$wgLDAPSearchStrings     = array('LOCAL' => 'LOCAL\\USER-NAME');
$wgLDAPSearchAttributes  = array('LOCAL' => 'sAMAccountName' );
$wgLDAPRetrievePrefs     = array('LOCAL' => true );
$wgGroupPermissions['*']['autocreateaccount'] = true;
Aarango1 (talkcontribs)

I tried with that TroySettle but not luck. I receive same fails, what versions do you have installed? (Mediawiki and LDAP please) Thanks.

Did you create Wiki as Open? private?

NOTE: I solved using wiki 1.23 version.

Legaulph (talkcontribs)

I had to set $wgGroupPermissions['*']['createaccount'] = true;

130.219.8.234 (talkcontribs)

That still did not work for me.

My other anonymous permissions are set to false.

$wgGroupPermissions['*']['edit'] = false; $wgGroupPermissions['*']['read'] = false;

I want this to be a private wiki.

130.219.8.234 (talkcontribs)

It would seem I had to clear all session data and remove cookies from previous logon attempts with my test user as well as comment out self::saveDomain( $user, $_SESSION['wsDomain'] ); from one of the extension's configuration files. It now works.

153.96.128.5 (talkcontribs)

I had this problem, too. In my case, the solution was the one that has already been mentioned above:

1. switch back to local auth in LocalSettings.php; then login with a *local* admin/bureaucrat account (the one you set up when installing the wiki).

2. create a local user with the same name as one that exists in LDAP (give him a bullsh*t password, no need to match the LDAP one). Not mandatory, but if you are smart, this user should be a bureaucrat as you need at least one LDAP-based bureaucrat anyways. Lets call this user "Ldapboss".

3. switch again to LDAP auth in LocalSettings.php; then login with the user Ldapboss you just created. Of course you need to use the user's actual LDAP password this time. Btw, your local admin is now locked out of the system (unless you set wgLDAPUseLocal to true). This is why you need an LDAP-based bureaucrat.

From this point on, weirdly enough, auto account creation works. It's like, you need at least one successful login to make it work. Not sure why, doesn't make sense.

Ask a colleague to log on, or alternatively, rename your Ldapboss user to Ldapboss_Trash (Renameuser extension) and logout. Then login again with Ldapboss using again the LDAP credentials. Now, you Ldapboss is auto-created (this time as a simple user, as it should).

Actually, on Ryan D Lane (creator and ex-maintainer of the plugin) has this written on a 2009 blog post --- Quote:

"Before enabling the plugin, you should create a user in the local wiki database that exists in AD, and promote that user to sysop. After the plugin is enabled, you will not be able to log in as any user who does not exist in AD."

Brain wang (talkcontribs)

Hi,

While I executed step 3, then use Ldapboss login with LDAP password, I got the following error:

[WMFhIqwRAAIAABOptNUAAAAG] 2017-03-09 14:05:24: Fatal exception of type "DBQueryError"

Is it normal?

But it looks I have already logged in.

223.166.93.186 (talkcontribs)

Hi,

Any news on Brain Wang's problem? I experience the same issue. The user seems to be logged in, however logging in with an other user from LDAP still fails.

Reply to "Automatic account creation is not allowed"
203.144.93.59 (talkcontribs)

This "LDAP Authentication" plug-in is basically unmaintained. It does not work correctly in MediaWiki 1.27 or newer.

Do not waste your time trying to integrate MediaWiki with enterprise systems. It is not properly supported.

Mainframe98 (talkcontribs)

The fact that it runs successfully on wikitech:Special:Version proves the opposite.

MarkAHershberger (talkcontribs)

The copy on Wikitech is updated by the WMF but much of the functionality has been stripped. Major parts of the extension are un-maintained.

165.225.36.50 (talkcontribs)

These three steps worked for me (on WIMP):

First manually create an account for an AD user as per Ryan Lane's blog. Then login with this account (using LdapAuthenticationPlugin, but not AutoAuthentication)

$wgDisableAuthManager = true; //Disable the newly introduced Mediawiki authentication scheme that is incompatible with AutoAuth. Weird thing is that LdapAuthenticationPlugin without auto-login is unaffected.

Run >php wiki\maintenance\update.php to build ldap tables (after login as manually created AD user)

Reply to "Buyer beware!!"

LDAP Authentication fails with SSL Encryption

5
Dturtill (talkcontribs)

I am trying to configure LDAP Authentication with my AD server if i have the encryption set to clear it works fine however when i change this to ssl it fails to bind

Product Version
MediaWiki 1.28.0
PHP 5.6.30-0+deb8u1 (apache2handler)
MySQL 5.5.54-0+deb8u1
Dturtill (talkcontribs)

config is as below

require_once( “$IP/extensions/LdapAuthentication/LdapAuthentication.php” );

$wgAuth = new LdapAuthenticationPlugin();

$wgLDAPDomainNames = array( “mydomain” );

$wgLDAPServerNames = array( “mydomain”=>”server.mydomain.cmydomainltd.co.uk”  );

$wgLDAPUseLocal = false;

 $wgLDAPSearchStrings = array('mydomain' => 'mydomain\\USER-NAME',);

$wgLDAPEncryptionType = array( “mydomain”=>”clear” );

$wgLDAPBaseDNs = array( “mydomain”=>”ou=mydomain,dc=mydomain,dc=cmydomainltd,dc=co,dc=uk” );

$wgLDAPSearchAttributes = array( “mydomain”=>”sAMAccountName” );

$wgLDAPGroupUseFullDN = array( “mydomain”=>true );

$wgLDAPLowerCaseUsername = array( “mydomain”=>true );

$wgLDAPGroupObjectclass = array( “mydomain”=>”group” );

$wgLDAPGroupAttribute = array( “mydomain”=>”member” );

$wgLDAPGroupNameAttribute = array( “mydomain”=>”cn” );

$wgLDAPGroupBaseDNs = array( “mydomain”=>”ou=Groups,ou=mydomain,dc=mydomain,dc=cmydomainltd,dc=co,dc=uk” );

$wgLDAPUserBaseDNs = array( “mydomain”=>”ou=mydomain,dc=mydomain,dc=cmydomainltd,dc=co,dc=uk” );

$wgLDAPOptions = array("ad"=>array( LDAP_OPT_DEREF, 0 ));

$wgLDAPRequiredGroups = array( “mydomain”=> array(“cn=itwiki,ou=Groups,ou=mydomain,dc=mydomain,dc=cmydomainltd,dc=co,dc=uk”) );

$wgLDAPGroupSearchNestedGroups = array( “mydomain”=>true );

$wgLDAPActiveDirectory = array( "mydomain" => true);

$wgLDAPUpdateLDAP = array("DOMAIN"=>false);

$wgLDAPAddLDAPUsers = array("DOMAIN"=>false);

$wgLDAPDebug = 3;

$wgDebugLogGroups['ldap'] = "/tmp/wiki.ldap.debug-{$wgDBname}.log";

$wgShowExceptionDetails = true;

Dturtill (talkcontribs)

[a8aaa10042fe5e77d2cff1c2] 2017-03-08 10:07:02: Fatal exception of type "DBQueryErroru

Ciencia Al Poder (talkcontribs)

Try looking at the debug log for something relevant. Maybe the SSL cert is not recognized as trusted by the server and thus rejected.

Dturtill (talkcontribs)

With SSL on it just states Failed to Bind as (username)

with Clear on it seems to bind but then gives the Database error

Reply to "LDAP Authentication fails with SSL Encryption"

LDAP Authentication extention to registration not working

1
131.203.91.54 (talkcontribs)

Hi

I am trying to get LdapAuthentication extension work with my upgraded MediaWiki. Our previous setup was

Product Version
MediaWiki 1.24.4
PHP 5.6.30 (apache2handler)
MySQL 5.6.16
Apache 2.4.16
OS Windows Server 2012R2

The LdapAuthentication worked fine with the above version of MediaWiki.

Once we upgraded to the newer version, and I am getting errors below.

MediaWiki 1.28.0
PHP 7.0.15 (apache2handler)
MySQL 5.6.0
Apache 2.4.25
OS Windows Server 2012R2

I am trying to run convertExtensionToRegistration.php on LdapAuthentication and I get the following error:

C:\PHP\php.exe : Error: Global functions cannot be converted to JSON. Please move the handler for LoadExtensionSchemaUpdates inside a class.

At line:1 char:1

This does create an extension file but when I run update.php I get the following error:

C:\PHP\php.exe : [2ede5ca9f218d5e8ed5d0e2a] [no req]   MWException from line 176 of E:\Websites\MediaWiki\includes\Hooks.php: Invalid callback 

efLdapAuthenticationSchemaUpdates in hooks for LoadExtensionSchemaUpdates

At line:1 char:1

+ C:\PHP\php.exe .\maintenance\update.php

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : NotSpecified: ([2ede5ca9f218d5...onSchemaUpdates:String) [], RemoteException

    + FullyQualifiedErrorId : NativeCommandError 

Backtrace:

#0 E:\Websites\MediaWiki\includes\installer\DatabaseUpdater.php(122): Hooks::run(string, array)

#1 E:\Websites\MediaWiki\includes\installer\DatabaseUpdater.php(187): DatabaseUpdater->__construct(DatabaseMysqli, boolean, UpdateMediaWiki)

#2 E:\Websites\MediaWiki\maintenance\update.php(171): DatabaseUpdater::newForDB(DatabaseMysqli, boolean, UpdateMediaWiki)

#3 E:\Websites\MediaWiki\maintenance\doMaintenance.php(111): UpdateMediaWiki->execute()

#4 E:\Websites\MediaWiki\maintenance\update.php(217): require_once(string)

#5 {main}

Can anyone please help with this?

Reply to "LDAP Authentication extention to registration not working"
Summary by Ciencia Al Poder
62.192.2.194 (talkcontribs)

Hi,

I have a mediawiki for internal Company use only. The ldap authentication extension is configured to let anyone automatically login and read the wiki who has got a Domain account. This is working without issues.

Since I activated debug- and db-error logs for the whole wiki for monitoring purporses there is a DB-Error that bothers me. It looks like this and is logged twice each time a user logs in:

[cookie] setcookie: "company_wikiUserID", "99", "1499157222", "/", "", "", "1"
[cookie] setcookie: "company_wikiUserName", "Username", "1499157222", "/", "", "", "1"
[cookie] setcookie: "company_wikiToken", "", "1483518822", "/", "", "", "1"
[cookie] setcookie: "company_wikiUserID", "99", "1499157222", "/", "", "", "1"
[cookie] setcookie: "company_wikiUserName", "Username", "1499157222", "/", "", "", "1"
[cookie] setcookie: "company_wikiToken", "", "1483518822", "/", "", "", "1"

[Bug56269] Exception thrown with an uncommited database transaction: [6f314852] /load.php?debug=false&lang=de&modules=site&only=styles&skin=monobook&* DBQueryError from line 1246 of /var/www/mediawiki-1.25.1/includes/db/Database.php: A database error has occurred. Did you forget to run maintenance/update.php after upgrading? See: https://www.mediawiki.org/wiki/Manual:Upgrading#Run_the_update_script

Query: UPDATE `ldap_domains` SET domain = 'domain.local' WHERE user_id = '99'

Function: LdapAuthenticationPlugin::saveDomain

Error: 1213 Deadlock found when trying to get lock; try restarting transaction (localhost)

#0 /var/www/mediawiki-1.25.1/includes/db/Database.php(1205): DatabaseBase->reportQueryError('Deadlock found ...', 1213, 'UPDATE `ldap_d...', 'LdapAuthenticat...', false)
#1 /var/www/mediawiki-1.25.1/includes/db/Database.php(2153): DatabaseBase->query('UPDATE `ldap_d...', 'LdapAuthenticat...')
#2 /var/www/mediawiki-1.25.1/extensions/LdapAuthentication/LdapAuthentication.php(2069): DatabaseBase->update('ldap_domains', Array, Array, 'LdapAuthenticat...')
#3 /var/www/mediawiki-1.25.1/extensions/LdapAuthentication/LdapAuthentication.php(1240): LdapAuthenticationPlugin::saveDomain(Object(User), 'domain.local')
#4 /var/www/mediawiki-1.25.1/extensions/LdapAuthentication/LdapAutoAuthentication.php(63): LdapAuthenticationPlugin->updateUser(Object(User))
#5 [internal function]: LdapAutoAuthentication::Authenticate(Object(User))
#6 /var/www/mediawiki-1.25.1/includes/Hooks.php(209): call_user_func_array('LdapAutoAuthent...', Array)
#7 /var/www/mediawiki-1.25.1/includes/User.php(365): Hooks::run('UserLoadAfterLo...', Array)
#8 /var/www/mediawiki-1.25.1/includes/User.php(2583): User->load()
#9 /var/www/mediawiki-1.25.1/extensions/FormMailer/FormMailer.php(54): User->getRealName()
#10 [internal function]: wfSetupFormMailer()
#11 /var/www/mediawiki-1.25.1/includes/Setup.php(678): call_user_func('wfSetupFormMail...')
#12 /var/www/mediawiki-1.25.1/includes/WebStart.php(138): require_once('/var/www/mediaw...')
#13 /var/www/mediawiki-1.25.1/load.php(30): require('/var/www/mediaw...')
#14 {main}

My Setup:

  • OS: Debian 8.4
  • Mediawiki: 1.25.1
  • PHP: 5.6.20
  • DBMS: MySQL 5.5.49
  • Web Server: Apache 2.4.10
  • Directory Server: Active Directory (2008 - 2012 R2)

How can I solve that Deadlock Error?

62.192.2.194 (talkcontribs)

Sorry I forgot to mention that LDAP Authentication is Version 2.1.0 REL 1.25.

Ciencia Al Poder (talkcontribs)

I've created a task in phabricator about this: task T157293

62.192.2.194 (talkcontribs)

Hi,

thanks for the reply. I managed to solve the error after the hint to the formmailer extension was given.

The problem was simply put that two variables (via User->getRealName()) were set at the wrong place of the formmailer-script (I edited that script a few months ago). After putting those into an if-clause, the error disappeared.

Another $wgLDAPRequiredGroups problem...

2
192.36.220.66 (talkcontribs)

Hi, i have been 2 days with this, I start to feel desperate.

Commenting $wgLDAPRequiredGroups all can log in, if i dont, nobody can (even if in the required group)

Using: Latest version (from the web), Windows server 2012R2 with AD

The modified lines in LocalSettings.php

require_once ("extensions/LdapAuthentication/LdapAuthentication.php");

$wgAuth = new LdapAuthenticationPlugin();

$wgLDAPDomainNames = array("domain");

$wgLDAPServerNames = array("ad"=>"servername.ad");

$wgLDAPUseLocal = false;

$wgLDAPEncryptionType = array("ad"=>"clear");

$wgLDAPBaseDNs = array("ad"=> "dc=ad");

$wgLDAPSearchAttributes = array("ad"=>"sAMAccountName");

$wgLDAPRetrievePrefs = array("ad" => true );

$wgLDAPPreferences = array( "ad" => array( "email" => "mail"));

$wgLDAPProxyAgent = array("ad" => "binduser@ad");

$wgLDAPProxyAgentPassword = array("ad" => "password");

$wgLDAPGroupUseFullDN = array( "ad" => true);

$wgLDAPLowerCaseUsername = array("ad" => false);

$wgLDAPGroupObjectclass = array("ad" => "group");

$wgLDAPGroupAttribute = array("ad" => "member");

$wgLDAPGroupNameAttribute = array( "ad" => "cn");

$wgLDAPGroupBaseDNs = array( "ad" => "dc=ad");

$wgLDAPUserBaseDNs = array( "ad" => "dc=ad");

$wgLDAPOptions = array("ad"=>array( LDAP_OPT_DEREF, 0 ));

$wgLDAPLowerCaseUsername = array( "ad"=>true );

$wgLDAPRequiredGroups = array( "ad" => "cn=wiki,cn=users,dc=ad");

$wgLDAPGroupSearchNestedGroups = array("ad" => true);

$wgLDAPActiveDirectory = array( "ad" => true);

$wgLDAPDebug = 3;

$wgDebugLogGroups['ldap'] = "/tmp/wiki.ldap.debug-{$wgDBname}.log";

$wgShowExceptionDetails = true;

The logs show this:

2017-02-15 15:28:28 wiki wikidb: 2.1.0 Checking against: cn=users,cn=builtin,dc=ad

2017-02-15 15:28:28 wiki wikidb: 2.1.0 Checking against: cn=domain users,cn=users,dc=ad

2017-02-15 15:28:28 wiki wikidb: 2.1.0 Checking against: cn=crp,cn=users,dc=ad

2017-02-15 15:28:28 wiki wikidb: 2.1.0 Checking against: cn=wiki,cn=users,dc=ad

2017-02-15 15:28:28 wiki wikidb: 2.1.0 Checking against: cn=projects,cn=users,dc=ad

2017-02-15 15:28:28 wiki wikidb: 2.1.0 Checking against: cn=redmine,cn=users,dc=ad

2017-02-15 15:28:28 wiki wikidb: 2.1.0 Couldn't find the user in any groups.

The user in the group wiki. Originally the group was called WIKI, created wiki and deleted the other one just in case, same result

A bit desperate here, please help!

Thx

Erengard

PS: ad is dc=something,dc=something,dc=something (obviously)

192.36.220.66 (talkcontribs)

2 days more and i founded it. For future references...:

Required Groups needs an ARRAY of groups. I was entering the group without array

$wgLDAPRequiredGroups = array( "ad" => array ( "cn=wiki,cn=users,dc=ad"));

For future evolutions, i would change so an string is converted to an array of one element. It seems like it is a normal mistake (i have even seen it like that in 2 manuals, already informed them)

Thx for your help!

Erengard

Reply to "Another $wgLDAPRequiredGroups problem..."

Warning: array_keys() expects parameter 1 to be array, boolean given in [...]extensions/LdapAuthentication/LdapAuthenticationPlugin.php on line 1422

2
77.158.75.132 (talkcontribs)

Hi,

I get this error when I try to connect with a AD account (in a "wikiAdmin" group) here my config :

LocalSettings.php


$wgGroupPermissions['*']['autocreateaccount'] = true;
$wgGroupPermissions['*']['createaccount'] = false;
$wgGroupPermissions['*']['read'] = false;
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['user']['edit'] = false;
$wgGroupPermissions['sysop']['edit'] = true;

$wgWhitelistRead = array ("Special:Userlogin", "MediaWiki:Common.css", "MediaWiki:Common.js", "MediaWiki:Monobook.css", "MediaWiki:Monobook.js");


# $wgLDAPDebug = 3; //for debugging LDAP
$wgShowExceptionDetails = true; //for debugging MediaWiki

########################################################################################################################
 ### LDAP Authentication Plugin
 #
require_once( "extensions/LdapAuthentication/LdapAutoAuthentication.php" );
require_once( "extensions/LdapAuthentication/LdapAuthentication.php" );
$wgAuth = new LdapAuthenticationPlugin();

$wgLDAPDebug = 3; $wgDebugLogGroups["ldap"] = "/volume1/web/jadeo/debug.log" ;
$wgLDAPDomainNames = array('SIEGE_JADEO',);
$wgLDAPServerNames = array('SIEGE_JADEO' => "AD-JADEO.siege.jadeofrance.fr",);
$wgLDAPSearchStrings = array('SIEGE_JADEO' => 'SIEGE_JADEO\\USER-NAME',);
$wgLDAPEncryptionType = array('SIEGE_JADEO' => 'clear',);
$wgLDAPBaseDNs = array('SIEGE_JADEO' => 'ou=Jadeo,dc=siege,dc=jadeofrance,dc=fr');
$wgLDAPSearchAttributes = array('SIEGE_JADEO' => 'sAMAccountName');
#$wgLDAPProxyAgent = array("SIEGE_JADEO"=>"*****");
#$wgLDAPProxyAgentPassword = array("SIEGE_JADEO"=>"*****");
$wgLDAPUpdateLDAP = array("SIEGE_JADEO"=>false);
$wgLDAPAddLDAPUsers = array("SIEGE_JADEO"=>false);
$wgLDAPPreferences = array( 'SIEGE_JADEO' => true );
$wgLDAPGroupSearchNestedGroups = array("SIEGE_JADEO"=>true);
$wgLDAPRequiredGroups = array("SIEGE_JADEO"=>array("CN=wikiAdmin,OU=Jadeo,DC=siege,DC=jadeofrance,DC=fr"));
$wgLDAPGroupUseFullDN = array("SIEGE_JADEO"=>true);
$wgLDAPLowerCaseUsername = array('SIEGE_JADEO' => false);
$wgLDAPGroupObjectclass = array("SIEGE_JADEO"=>'group');
$wgLDAPGroupAttribute = array("SIEGE_JADEO"=>'member');
#$wgLDAPUseLDAPGroups = array( "SIEGE_JADEO"=>true );
$wgLDAPGroupNameAttribute = array( "SIEGE_JADEO"=>"cn" );
$wgLDAPGroupsUseMemberOf = array('SIEGE_JADEO' => true);

Error in the web Browser

This error is write at the top of the page, when I show the source code, it's upper than the <!DOCTYPE html> (maybe a php error)


Warning: array_keys() expects parameter 1 to be array, boolean given in /volume1/web/jadeo/extensions/LdapAuthentication/LdapAuthenticationPlugin.php on line 1422

Warning: Invalid argument supplied for foreach() in /volume1/web/jadeo/extensions/LdapAuthentication/LdapAuthenticationPlugin.php on line 1422

And I get the error :

La création automatique d’un compte local a échoué : La création automatique de compte n’est pas autorisée.

In english :

The automatic creation of local account fail : Automatic account creation is not allowed.

(or something like that, sorry for my bad english)

Debug


2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering strict.
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Returning true in strict().
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering allowPasswordChange
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering modifyUITemplate
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getCanonicalName
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Username is an IP, not munging.
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getCanonicalName
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Username is: A.tarpin
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering validDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 User is using a valid domain (SIEGE_JADEO).
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering Connect
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Using TLS or not using encryption.
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Using servers: ldap://AD-JADEO.siege.jadeofrance.fr:389
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 PHP's LDAP connect method returned true (note, this does not imply it connected to the server).
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getUserDN
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Doing an anonymous bind
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Created a regular filter: (sAMAccountName=A.tarpin)
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getBaseDN
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 basedn is not set for this type of entry, trying to get the default basedn.
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getBaseDN
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Using base: ou=Jadeo,dc=siege,dc=jadeofrance,dc=fr
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Couldn't find an entry
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Fetched username is not a string (check your hook code...). This message can be safely ignored if you do not have the SetUsernameAttributeFromLDAP hook defined.
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Munged username: A.tarpin
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getCanonicalName
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Username is: A.tarpin
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering validDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 User is using a valid domain (SIEGE_JADEO).
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering Connect
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Using TLS or not using encryption.
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Using servers: ldap://AD-JADEO.siege.jadeofrance.fr:389
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 PHP's LDAP connect method returned true (note, this does not imply it connected to the server).
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getUserDN
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Doing an anonymous bind
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Created a regular filter: (sAMAccountName=A.tarpin)
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getBaseDN
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 basedn is not set for this type of entry, trying to get the default basedn.
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getBaseDN
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Using base: ou=Jadeo,dc=siege,dc=jadeofrance,dc=fr
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Couldn't find an entry
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Fetched username is not a string (check your hook code...). This message can be safely ignored if you do not have the SetUsernameAttributeFromLDAP hook defined.
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Munged username: A.tarpin
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getCanonicalName
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Username is: A.tarpin
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering validDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 User is using a valid domain (SIEGE_JADEO).
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering Connect
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Using TLS or not using encryption.
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Using servers: ldap://AD-JADEO.siege.jadeofrance.fr:389
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 PHP's LDAP connect method returned true (note, this does not imply it connected to the server).
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getUserDN
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Doing an anonymous bind
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Created a regular filter: (sAMAccountName=A.tarpin)
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getBaseDN
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 basedn is not set for this type of entry, trying to get the default basedn.
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getBaseDN
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Using base: ou=Jadeo,dc=siege,dc=jadeofrance,dc=fr
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Couldn't find an entry
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Fetched username is not a string (check your hook code...). This message can be safely ignored if you do not have the SetUsernameAttributeFromLDAP hook defined.
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Munged username: A.tarpin
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getCanonicalName
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Username is: A.tarpin
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering validDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 User is using a valid domain (SIEGE_JADEO).
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering Connect
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Using TLS or not using encryption.
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Using servers: ldap://AD-JADEO.siege.jadeofrance.fr:389
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 PHP's LDAP connect method returned true (note, this does not imply it connected to the server).
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getUserDN
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Doing an anonymous bind
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Created a regular filter: (sAMAccountName=A.tarpin)
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getBaseDN
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 basedn is not set for this type of entry, trying to get the default basedn.
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getBaseDN
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Using base: ou=Jadeo,dc=siege,dc=jadeofrance,dc=fr
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Couldn't find an entry
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Fetched username is not a string (check your hook code...). This message can be safely ignored if you do not have the SetUsernameAttributeFromLDAP hook defined.
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Munged username: A.tarpin
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getCanonicalName
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Username is: A.tarpin
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering validDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 User is using a valid domain (SIEGE_JADEO).
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering Connect
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Using TLS or not using encryption.
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Using servers: ldap://AD-JADEO.siege.jadeofrance.fr:389
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 PHP's LDAP connect method returned true (note, this does not imply it connected to the server).
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getUserDN
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Doing an anonymous bind
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Created a regular filter: (sAMAccountName=A.tarpin)
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getBaseDN
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 basedn is not set for this type of entry, trying to get the default basedn.
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getBaseDN
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Using base: ou=Jadeo,dc=siege,dc=jadeofrance,dc=fr
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Couldn't find an entry
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Fetched username is not a string (check your hook code...). This message can be safely ignored if you do not have the SetUsernameAttributeFromLDAP hook defined.
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Munged username: A.tarpin
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getCanonicalName
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Username is: A.tarpin
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering validDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 User is using a valid domain (SIEGE_JADEO).
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering Connect
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Using TLS or not using encryption.
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Using servers: ldap://AD-JADEO.siege.jadeofrance.fr:389
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 PHP's LDAP connect method returned true (note, this does not imply it connected to the server).
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getUserDN
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Doing an anonymous bind
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Created a regular filter: (sAMAccountName=A.tarpin)
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getBaseDN
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 basedn is not set for this type of entry, trying to get the default basedn.
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getBaseDN
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Using base: ou=Jadeo,dc=siege,dc=jadeofrance,dc=fr
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Couldn't find an entry
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Fetched username is not a string (check your hook code...). This message can be safely ignored if you do not have the SetUsernameAttributeFromLDAP hook defined.
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Munged username: A.tarpin
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering validDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 User is using a valid domain (SIEGE_JADEO).
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Setting domain as: SIEGE_JADEO
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getCanonicalName
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Username is: A.tarpin
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering validDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 User is using a valid domain (SIEGE_JADEO).
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering Connect
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Using TLS or not using encryption.
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Using servers: ldap://AD-JADEO.siege.jadeofrance.fr:389
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 PHP's LDAP connect method returned true (note, this does not imply it connected to the server).
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getUserDN
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Doing an anonymous bind
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Created a regular filter: (sAMAccountName=A.tarpin)
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getBaseDN
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 basedn is not set for this type of entry, trying to get the default basedn.
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getBaseDN
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Using base: ou=Jadeo,dc=siege,dc=jadeofrance,dc=fr
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Couldn't find an entry
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Fetched username is not a string (check your hook code...). This message can be safely ignored if you do not have the SetUsernameAttributeFromLDAP hook defined.
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Munged username: A.tarpin
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering userExists
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering authenticate for username A.tarpin
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering Connect
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Using TLS or not using encryption.
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Using servers: ldap://AD-JADEO.siege.jadeofrance.fr:389
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 PHP's LDAP connect method returned true (note, this does not imply it connected to the server).
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getSearchString
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Doing a straight bind
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 userdn is: SIEGE_JADEO\A.tarpin
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Binding as the user
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Bound successfully
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getUserDN
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Created a regular filter: (sAMAccountName=A.tarpin)
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getBaseDN
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 basedn is not set for this type of entry, trying to get the default basedn.
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getBaseDN
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Using base: ou=Jadeo,dc=siege,dc=jadeofrance,dc=fr
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Fetched UserDN: CN=Arno TARPIN,OU=Jadeo,DC=siege,DC=jadeofrance,DC=fr
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getGroups
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Retrieving LDAP group membership
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Using memberOf
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Got the following groups: cn=wikiadmin,ou=jadeo,dc=siege,dc=jadeofrance,dc=fr::cn=wifi,ou=jadeo,dc=siege,dc=jadeofrance,dc=fr::cn=accès devawh,ou=jadeo,dc=siege,dc=jadeofrance,dc=fr::cn=administrateur locaux,ou=jadeo,dc=siege,dc=jadeofrance,dc=fr::cn=groupe informatique,ou=jadeo,dc=siege,dc=jadeofrance,dc=fr::cn=admins du domaine,cn=users,dc=siege,dc=jadeofrance,dc=fr::cn=administrateurs de l’entreprise,cn=users,dc=siege,dc=jadeofrance,dc=fr::cn=administrateurs,cn=builtin,dc=siege,dc=jadeofrance,dc=fr
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering checkGroups
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Checking for (new style) group membership
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Required groups: cn=wikiadmin,ou=jadeo,dc=siege,dc=jadeofrance,dc=fr
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Checking against: cn=wikiadmin,ou=jadeo,dc=siege,dc=jadeofrance,dc=fr
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Found user in a group.
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getPreferences
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Retrieving preferences
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Authentication passed
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getCanonicalName
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Username is: A.tarpin
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering validDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 User is using a valid domain (SIEGE_JADEO).
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering Connect
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Using TLS or not using encryption.
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Using servers: ldap://AD-JADEO.siege.jadeofrance.fr:389
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 PHP's LDAP connect method returned true (note, this does not imply it connected to the server).
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getUserDN
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Doing an anonymous bind
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Created a regular filter: (sAMAccountName=A.tarpin)
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getBaseDN
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 basedn is not set for this type of entry, trying to get the default basedn.
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getBaseDN
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Using base: ou=Jadeo,dc=siege,dc=jadeofrance,dc=fr
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Couldn't find an entry
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Fetched username is not a string (check your hook code...). This message can be safely ignored if you do not have the SetUsernameAttributeFromLDAP hook defined.
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Munged username: A.tarpin
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering allowPasswordChange
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering modifyUITemplate
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain


What should I do ?

Thanks

77.158.75.132 (talkcontribs)

Ok, so without any change it's working now, I just went to lunch and when I come back it work...

Last question : there is a way to allow a specific AD group some privilege ?

I explain : I want to create 2 groups, one standard user with only read right, and one super admin right with read, edit, delete right.

I find this : Extension:LDAP Authentication/User Provided Information#Allow LDAP users to act as SysOps or Bureaucrat based on groups

and this : Manual:$wgAutopromote

and this : Manual talk:$wgAutopromote

But It's not very usefull...

Thanks !

Reply to "Warning: array_keys() expects parameter 1 to be array, boolean given in [...]extensions/LdapAuthentication/LdapAuthenticationPlugin.php on line 1422"

Automatic Authentication and Group sync mutually exclusive

5
217.6.145.253 (talkcontribs)

mediawiki 1.27.1, Extension 2.1

deployed via IIS.

I have configured Group synchronization, and it worked.

Then I added in Automatic Authentication and it stopped.

I have compared the search requests of both with Wireshark and found out:

- on a working group sync the request is for whole subtree with Filter sAMAccountName=USERNAME

- with auto authentication instead it searches for "DOMAIN\USERNAME" baseObject

Why is that and what should i do?

Ciencia Al Poder (talkcontribs)

By "Automatic Authentication" do you mean Extension:Auth remoteuser? Apparently you need to tune up $wgAuthRemoteuserDomain

217.6.145.253 (talkcontribs)

No, I mean LdapAutoAuthentication

If I log in normally (using the login dialog) then my groups are added.

If I activate automatic Authentication, then it actively removes all groups from the logged in user, since it apparently can't find them.

Even though i pretty much copied the config.

Here is my config:

(DOMAIN is the Config I use for normal login, DOMAINSSO is for auto authentication.)

require_once "$IP/extensions/LdapAuthentication/LdapAuthentication.php";

require_once( "$IP/extensions/LdapAuthentication/LdapAutoAuthentication.php" );

#List of available Domains

$wgAuth = new LdapAuthenticationPlugin();

$wgLDAPDomainNames = array(  

'DOMAIN',

'DOMAINSSO',

);

#Mapping domains to domain controllers

$wgLDAPServerNames = array(

'DOMAIN' => 'mydc.domain.com',

'DOMAINSSO' => 'mydc.domain.com',

);

$wgLDAPEncryptionType = array(

'DOMAIN' => 'ssl',

'DOMAINSSO' => 'ssl',

);

#Mapping domain to Samaccountname

$wgLDAPSearchStrings = array(

'DOMAIN' => "DOMAIN\\USER-NAME",

'DOMAINSSO' => "DOMAIN\\USER-NAME",

);

$wgLDAPActiveDirectory = array(

'DOMAIN' => true,

'DOMAINSSO' => true,

);

AutoAuthSetup();

$wgGroupPermissions['*']['createaccount'] = true;

$wgLDAPLowerCaseUsername = array(

'DOMAIN'=>true,

'DOMAINSSO'=>true

);

$wgMinimalPasswordLength     = 1;

#For Group sync

$wgLDAPBaseDNs = array(

'DOMAIN' => 'dc=domain,dc=com',

'DOMAINSSO' => 'dc=domain,dc=com',

);

$wgLDAPGroupUseFullDN = array(

'DOMAIN' => true,

'DOMAINSSO' => true,

);

$wgLDAPGroupsUseMemberOf = array(

'DOMAIN' => true,

'DOMAINSSO' => true,

);

$wgLDAPUseLDAPGroups = array(

'DOMAIN' => true,

'DOMAINSSO' => true,

);

$wgLDAPActiveDirectory = array(

'DOMAIN' => true,

'DOMAINSSO' => true,

);

$wgLDAPGroupObjectclass = array(

"DOMAIN"=>"group",

"DOMAINSSO"=>"group" ,

);

$wgLDAPGroupAttribute = array(

"DOMAIN"=>"member" ,

"DOMAINSSO"=>"member" ,

);

$wgLDAPGroupNameAttribute = array(

"DOMAIN"=>"cn" ,

"DOMAINSSO"=>"cn" ,

);

$wgLDAPGroupSearchNestedGroups = array(

'DOMAIN'=>true ,

'DOMAINSSO'=>true ,

);

#Restrict anonymous users

#$wgGroupPermissions['*' ]['createaccount']     = false;

$wgGroupPermissions['*' ]['read']         = false;

$wgGroupPermissions['*' ]['edit']         = false;

#Remove the domain portion of the displayed username. Example: "DOMAIN\username" to "username"

list($dom,$userid) = explode("\\",$_SERVER['REMOTE_USER']);

#$wgLDAPAutoAuthDomain = "DOMAINSSO";

$wgLDAPAutoAuthDomain = "DOMAINSSO";

$wgLDAPAutoAuthUsername = $userid;

AutoAuthSetup();

Ciencia Al Poder (talkcontribs)

Ah, ok, I don't know very well this plugin. When you enter your credentials, those credentials are used to connect to the LDAP and retrieve user information, but with automatic login the user gives no credentials and MediaWiki can't authenticate to LDAP. I think you need to set up $wgLDAPProxyAgent and $wgLDAPProxyAgentPassword so those credentials are used to connect to the LDAP and retrieve this information.

217.6.145.253 (talkcontribs)

That was indeed the problem, thank you very much

:D

Reply to "Automatic Authentication and Group sync mutually exclusive"

LDAP Authentication and Mediawiki 1.27.1 - Login failed in primary authentication

1
141.160.5.251 (talkcontribs)

CentOS 7

Mediawiki 1.27.1

PHP 5.6.27

LDAP Authentication Plugin 2.1.0

I am attempting to get auto login working using the LDAP Authentication plugin. If I comment out the lines for automatic login, I am able to use my username/password and successfully sign into Mediawiki. If I re-enable automatic login,I am not logged in automatically. If I click the login link, I can use my username and password to log in - if I do this, I get an error on the page (Incorrect password entered. Please try again.) and the following error in the debug data:

  • [authentication] Login failed in primary authentication by MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider

My LocalSettings.php has the following:

require_once( "$IP/extensions/LdapAuthentication/LdapAutoAuthentication.php" );

require_once( "$IP/extensions/LdapAuthentication/LdapAuthentication.php" );

//$wgAuth = new LdapAuthenticationPlugin(); ## Standard Login

$wgLDAPAutoAuthDomain = "<domain name here>"; ## added for autologin

$wgLDAPDomainNames = array( "<domain name here>" );

$wgLDAPServerNames = array( "<domain name here" => "<domain controller here>" );

//$wgLDAPSearchStrings = array( "<domain name here>" => "DOMAIN\\USER-NAME" ); //standard login

$wgLDAPEncryptionType = array( "<domain name here>" => "clear" );

$wgLDAPDebug = 3; //for debugging LDAP

$wgShowExceptionDetails = true; //for debugging MediaWiki

$wgDebugLogGroups['ldap'] = '/var/www/html/wiki/debug.log';

$wgLogQueries=true;

// $wgLDAPAutoAuthUsername = $_SERVER["REMOTE_USER"];

$wgLDAPAutoAuthUsername = preg_replace( '/@./', '', $_SERVER["REMOTE_USER"] );

$wgGroupPermissions['*']['autocreateaccount']=true;

I added the changes to $wgLDAPAutoAuthUsername based on some posts I found; using either line results in the same error.

I have skipped posting some parts of LocalSettings.php due to the information contained in the lines; if you have questions about something that may or may not be in the file, please let me know. Again, given that I am able to log in with the "standard login" lines uncommented and no other changes to the file, it leads me to believe that I am having an issue with the new Authentication method used in Mediawiki 1.27 and higher. However, I have not been able to find a solution that works yet.

On a side note - my PHP error logs do not have any errors and I am not able to write to the debug.log listed above. Yes, the file exists. Yes, I have verified the permissions; I even set them to 777 for testing The above error is from turning on debugging within Mediawiki - that is, displaying the debug data on the site itself.

Any assistance you can give me would be greatly appreciated; I have been banging my head over this for a few weeks now. I did find the new RemoteUser plugin and have started floating that as a possible solution; I've been asked to spend some more time on this before we make the switch.

Reply to "LDAP Authentication and Mediawiki 1.27.1 - Login failed in primary authentication"
192.55.208.10 (talkcontribs)

I'm trying to configure the LDAP plugin, and my problems can probably be solved by reading the debug file, but I can't find it in the expected location /tmp/debug.log. Is that the default? I'm using version 1.2b (alpha) of the plugin and MediaWiki 1.16beta3. Here are the LocalSettings.php lines I added -- most are commented out:

# LDAP
require_once("$IP/extensions/LdapAuthentication/LdapAuthentication.php");
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDebug = 4;
$wgDebugLogGroups["ldap"] = "/tmp/debug.log"
#$wgLDAPDomainNaves = array("STJUDE");
#$wgLDAPServerNames = array("STJUDE"=>"[redacted]");
#$wgUseLocal = false;
#$wgLDAPEncryptionType = array("STJUDE"=>"clear");
#$wgLDAPProxyAgent = array("STJUDE"=>"[redacted]");
#$wgLDAPProxyAgentPassword = array("STJUDE"=>"[redacted]");

John Obenauer

192.55.208.10 (talkcontribs)

Although I'd still like to know where the log file goes for future reference, I got around it by adding lines after every "printDebug" call to print the same message to a text file I specified. It was tedious, but it showed me where the errors were, and now LDAP authentication is working in my environment. Here are the parameters that worked for me, in case it helps others:

# LDAP
require_once("$IP/extensions/LdapAuthentication/LdapAuthentication.php");
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDomainNames = array("STJUDE");
$wgLDAPServerNames = array("STJUDE"=>"[redacted]");
$wgUseLocal = false;
$wgLDAPEncryptionType = array("STJUDE"=>"clear");
$wgLDAPProxyAgent = array("STJUDE"=>"cn=[redacted],ou=[redacted],ou=[redacted],DC=[redacted],DC=[redacted],DC=[redacted]");
$wgLDAPProxyAgentPassword = array("STJUDE"=>"[redacted]");
$wgLDAPBaseDNs = array("OU=[redacted],OU=[redacted],dc=[redacted],dc=[redacted],dc=[redacted]");
$wgLDAPSearchAttributes = array("STJUDE"=>"sAMAccountName");
$wgLDAPSearchStrings = array("STJUDE"=>"USER-NAME@STJUDE");
Ryan lane (talkcontribs)

You can specify the output file to anything you want. There is no default. Notice that the debug method just prints information to the specified file.

217.196.8.10 (talkcontribs)

You can make the Debug file appear in your C:\ by applying the following line;

$wgLDAPDebug = 3;
$wgDebugLogGroups["ldap"] = "\debug.log" ;
64.238.228.2 (talkcontribs)

>You can specify the output file to anything you want

That would work - if it worked. Even if you specify the file name, like OP in his first example, it does not work. He states his configuration, and then informs that the log does not populate.

>You can make the Debug file appear in your C:\ by applying the following line

Except John here is using Linux.

199.46.249.148 (talkcontribs)

I had the same problem, eventually read this (Extension:LDAP Authentication/FAQ#The extension won.27t write a debug log), and it shows how the files don't end up in /tmp exactly, because of systemd.

155.70.23.45 (talkcontribs)

Do you have SELinux enabled? If you have SELinux enabled, it's not going to allow it to write to that debug file.

Reply to "Debug log file location"