Extension talk:LDAP Authentication

About this board

About - Requirements - Examples - Configuration Options - Changelog - Roadmap - Suggestions - User provided info - FAQ - Support

How to ask for support

There's a couple key pieces of info I always need:

The MediaWiki version you are using
The LdapAuthentication extension version you are using

I very often will need to see two other things when you ask for support, so you should have them prepared:

Your configuration, with sensitive stuff snipped out
The extension's debug log, with sensitive stuff snipped out

When you are trying to debug an authentication problem, you should always use the most basic configuration possible. For instance, if you don't have basic authentication working yet, you shouldn't have group restrictions or group synchronization enabled yet. I will generally ask you to disable these things when debugging.

Also, $wgLDAPUseLocal is almost never what you want to use. It's a frequent cause of configuration issues, and unless you really know what you are doing, it should not be set (or explicitly set to false, which is the default).

Most importantly of all: ensure you are using the newest version of the extension. From the extension distributor, that's the "master" version. If you are using git, just make sure you use git pull && git reset --hard origin/master. This is one of the more common cause of problems.

How to submit a bug

If you've found a bug, please submit it here.

Compatibility with MediaWiki 1.27?

15 comments • 10:19, 7 May 2018 16 days ago

15

Raj bhaskar (talkcontribs)

Hi, Does anyone know if this extension is affected by the new AuthManager in MediaWiki 1.27? Is it safe to upgrade to the new version of MW?

Thanks, Raj.

Reply 09:17, 29 June 2016 1 year ago

65.171.153.4 (talkcontribs)

Would not recommend upgrading at this point.

Authentication was overhauled in 1.27 with AuthPlugin being deprecated, superseded by Manual:SessionManager and AuthManager.

After a quick test users that have not logged in previously will not be able to login (depending on your settings/permissions). The domain selection box also does not appear, although it seems to default to the first domain.

Reply 16:28, 29 June 2016 1 year ago

MarkAHershberger (talkcontribs)

This extension should be converted to use PluggableAuth. Using PluggableAuth will probably help maintain compatibility in the future.

Reply 17:56, 29 June 2016 1 year ago

Maalab (talkcontribs)

Il have test it a litte bit today after upgrading out test wiki today.

By default, for new account, the auto creation of local account does not work. But it is working well for existing account.

I have made a lot of search and test to overcome this problem. I have found out that a new right exist for auto account creation since 1.26.

I have tried to put this line in my LocalSettings.php file : $wgGroupPermissions['*']['autocreateaccount'] = true;

If i tried to login with a new account, it does not work, but if login with a existing account, logout and then login with a new account it work. Afther that, i have close my web page, restarted the server, try with another browser and if i login with a new account, the account is created each time.

The domain delection box does not appear, but if configure a second domain, the box appear.

Reply 18:53, 29 June 2016 1 year ago

Mvdboogaard (talkcontribs)

This works also for me

Reply 07:42, 21 July 2016 1 year ago

2.113.181.87 (talkcontribs)

After updating to mediawiki 1.27 Auto LDAP Authentication no longer worked. Mediawiki showed "database error occurred."

I commented line 1240 in LdapAuthentication.php ( self::saveDomain( $user, $_SESSION['wsDomain'] ); ) and the error went away.

Reply 14:58, 11 July 2016 1 year ago

128.104.255.2 (talkcontribs)

What does uncommenting that do, exactly? It removed the error for me, too.

Reply 21:43, 11 July 2016 1 year ago

Raj bhaskar (talkcontribs)

Does anyone know who we should contact to try and fix this at source and add proper compatibility for AuthManager? I tried contacting Ryan Lane (marked as the author on the extension homepage), but he said that he's no longer maintaining it.

Reply Edited 19:37, 19 July 2016 1 year ago

Ciencia Al Poder (talkcontribs)

I've added the phabricator project to the extension's infobox. You can report the bug there

Reply 11:47, 20 July 2016 1 year ago

Raj bhaskar (talkcontribs)

Thanks (although poking around on the Phabricator site, there appear to be no members on the project, and there's a fairly hefty backlog waiting to be looked at).

Reply 09:22, 21 July 2016 1 year ago

Mvdboogaard (talkcontribs)

I have the same problem with a new installation of mediawiki 1.27

I created a bug: https://phabricator.wikimedia.org/T140972

Reply 07:14, 21 July 2016 1 year ago

Devsec (talkcontribs)

The updated worked for me for the most part. The line I had to comment out was in the file "/extensions/LdapAuthentication/LdapAuthenticationPlugin.php" and it was on line 1165.

Also, I was still having an error caused by a plugin after authenticating. I had to remove the ToDoTasks plugin and then it worked. :) YEAH!!

Reply 17:21, 2 August 2016 1 year ago

198.239.156.250 (talkcontribs)

Use: https://github.com/noris-network/mediawiki-extensions-sessionprovider-remoteuser

Reply 18:37, 17 January 2017 1 year ago

185.22.192.146 (talkcontribs)

I've hit this problem as well, it only emerged after new users that had not logged into the wiki prior to the upgrade from v1.26, started complaining.

I'm running a private wiki, with LDAP auth only. Going through the code of AuthManager.php (line 1545 onwards), it became clear that this can either be resolved using the 'createaccount' or 'autocreateaccount' permission. I've tried both options and the 'autocreateaccount' matches my desired behavior. I *think* that the wiki also still is secure/private and no additional users can be created (except when auth from LDAP succeeds).

However I feel it would be better if these permissions would be integrated in the plugin and would not have to be handled separately.

Reply 08:37, 11 May 2017 1 year ago

80.242.167.70 (talkcontribs)

THANKS a lot for this solution. For me it works also!

Reply 10:19, 7 May 2018 16 days ago

Reply to "Compatibility with MediaWiki 1.27?"

Automatic account creation is not allowed

18 comments • 08:53, 4 May 2018 19 days ago

18

TroySettle (talkcontribs)

extension for mediawiki 1.28

I'm getting closer to figuring this out, but stuck on automatically creating accounts. Here's my current (sanitized) configuration. I can authenticate, but I then get the message:

Auto-creation of a local account failed: Automatic account creation is not allowed.

require_once ("$IP/extensions/LdapAuthentication/LdapAuthentication.php");
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPUseLocal = true;

$wgLDAPDebug = 3;
$wgDebugLogGroups['ldap'] = '/tmp/debug.log';

$wgLDAPDomainNames       = array('LOCAL');
$wgLDAPServerNames       = array('LOCAL' => 'local-dc2.local.domain');
$wgLDAPEncryptionType    = array('LOCAL' => 'clear');
$wgMinimalPasswordLength = 1;
$wgLDAPBaseDNs           = array('LOCAL' => 'ou=Users,ou=LOCAL,dc=domain,dc=local');

$wgLDAPSearchStrings     = array('LOCAL' => 'LOCAL\\USER-NAME');
$wgLDAPSearchAttributes  = array('LOCAL' => 'sAMAccountName' );

$wgLDAPDisableAutoCreate = array('LOCAL' => false);

Any help would be greatly appreciated!

Reply Edited 16:36, 1 December 2016 1 year ago

Tz1971 (talkcontribs)

currently I am using Centos 7.3, MySql 5.7 and PHP 7.1 LDAP TLS

LdapAuthentication: REL1_28 2016-11-18T19:08:52 770c89e

in /etc/openldap/ldap.conf

I add

TLS_REQCERT allow

TLS hard

and LocalSettings.php setting

$wgLDAPEncryptionType = array('domain.com' => 'tls');

at this point cannot authenticate

so i tweak and change some code in LdapAuthenticationPlugin at line 547

if ( !ldap_start_tls( $this->ldapconn ) ) {

add @

if ( !@ldap_start_tls( $this->ldapconn ) ) {

for autocreation, I stuck at /includes/auth/AuthManager.php between line 1612 and 1626

// Is the IP user able to create accounts?

$anon = new User;

/*

if ( !$anon->isAllowedAny( 'createaccount', 'autocreateaccount' ) ) {

.....

}

*/

comment out this block, now working. (need better solution rather than comment out)

for group permission

# Implicit group for all visitors

$wgGroupPermissions['*']['createaccount'] = false; // ??? not working

$wgGroupPermissions['*']['autocreateaccount'] = false; // ???

$wgGroupPermissions['*']['read'] = false;

$wgGroupPermissions['*']['edit'] = false;

$wgGroupPermissions['*']['createpage'] = false;

$wgGroupPermissions['*']['createtalk'] = false;

$wgGroupPermissions['*']['writeapi'] = false;

Reply 11:22, 5 April 2017 1 year ago

Aarango1 (talkcontribs)

Same here. Any help is appreciated. My config:

require_once( "$IP/extensions/LdapAuthentication/LdapAuthentication.php" );

$wgAuth = new LdapAuthenticationPlugin();

$wgLDAPDomainNames = array("iRedMail");

$wgLDAPServerNames = array("iRedMail" => "192.168.XX.XX");

$wgLDAPPort = array("iRedMail" => 389);

$wgLDAPEncryptionType = array( "iRedMail" => "clear");

$wgLDAPBaseDNs = array( "iRedMail"=>"o=domains,dc=example,dc=com");

$wgLDAPProxyAgent = array("iRedMail"=>"cn=vmail,dc=example,dc=com");

$wgLDAPProxyAgentPassword = array( "iRedMail"=>"*****");

$wgLDAPUserBaseDNs = array( "iRedMail"=>"o=domains,dc=example,dc=com");

$wgLDAPSearchAttributes = array( "iRedMail" => "mail");

$wgLDAPLowerCaseUsername = array( "iRedMail"=>true);

$wgLDAPUseLocal = true;

$wgLDAPDebug = 3;

$wgDebugLogGroups['ldap'] = '/tmp/debug.log';

Reply 09:57, 5 December 2016 1 year ago

Legaulph (talkcontribs)

Same issue

Reply 15:20, 7 December 2016 1 year ago

TroySettle (talkcontribs)

FWIW, I finally got it working. Not sure what the difference is here... the $wgGroupPermissions item is not listed on the LDAP extension instructions, but I think this is what did it.

require_once ("$IP/extensions/LdapAuthentication/LdapAuthentication.php");
$wgAuth = new LdapAuthenticationPlugin();
#$wgLDAPUseLocal = true;
$wgLDAPDomainNames       = array('LOCAL');
$wgLDAPServerNames       = array('LOCAL' => 'local-dc2.mydomain.local');
$wgLDAPEncryptionType    = array('LOCAL' => 'clear');
$wgMinimalPasswordLength = 1;
$wgLDAPBaseDNs           = array('LOCAL' => 'ou=Users,ou=LOCAL,dc=mydomain,dc=local');
$wgLDAPSearchStrings     = array('LOCAL' => 'LOCAL\\USER-NAME');
$wgLDAPSearchAttributes  = array('LOCAL' => 'sAMAccountName' );
$wgLDAPRetrievePrefs     = array('LOCAL' => true );
$wgGroupPermissions['*']['autocreateaccount'] = true;

Reply Edited 13:25, 9 December 2016 1 year ago

Aarango1 (talkcontribs)

I tried with that TroySettle but not luck. I receive same fails, what versions do you have installed? (Mediawiki and LDAP please) Thanks.

Did you create Wiki as Open? private?

NOTE: I solved using wiki 1.23 version.

Reply Edited 13:28, 9 December 2016 1 year ago

Legaulph (talkcontribs)

I had to set $wgGroupPermissions['*']['createaccount'] = true;

Reply 14:29, 13 December 2016 1 year ago

130.219.8.234 (talkcontribs)

That still did not work for me.

My other anonymous permissions are set to false.

$wgGroupPermissions['*']['edit'] = false; $wgGroupPermissions['*']['read'] = false;

I want this to be a private wiki.

Reply 14:56, 13 December 2016 1 year ago

130.219.8.234 (talkcontribs)

It would seem I had to clear all session data and remove cookies from previous logon attempts with my test user as well as comment out self::saveDomain( $user, $_SESSION['wsDomain'] ); from one of the extension's configuration files. It now works.

Reply 19:29, 13 December 2016 1 year ago

153.96.128.5 (talkcontribs)

I had this problem, too. In my case, the solution was the one that has already been mentioned above:

1. switch back to local auth in LocalSettings.php; then login with a *local* admin/bureaucrat account (the one you set up when installing the wiki).

2. create a local user with the same name as one that exists in LDAP (give him a bullsh*t password, no need to match the LDAP one). Not mandatory, but if you are smart, this user should be a bureaucrat as you need at least one LDAP-based bureaucrat anyways. Lets call this user "Ldapboss".

3. switch again to LDAP auth in LocalSettings.php; then login with the user Ldapboss you just created. Of course you need to use the user's actual LDAP password this time. Btw, your local admin is now locked out of the system (unless you set wgLDAPUseLocal to true). This is why you need an LDAP-based bureaucrat.

From this point on, weirdly enough, auto account creation works. It's like, you need at least one successful login to make it work. Not sure why, doesn't make sense.

Ask a colleague to log on, or alternatively, rename your Ldapboss user to Ldapboss_Trash (Renameuser extension) and logout. Then login again with Ldapboss using again the LDAP credentials. Now, you Ldapboss is auto-created (this time as a simple user, as it should).

Actually, on Ryan D Lane (creator and ex-maintainer of the plugin) has this written on a 2009 blog post --- Quote:

"Before enabling the plugin, you should create a user in the local wiki database that exists in AD, and promote that user to sysop. After the plugin is enabled, you will not be able to log in as any user who does not exist in AD."

Reply 23:16, 7 February 2017 1 year ago

Brain wang (talkcontribs)

Hi,

While I executed step 3, then use Ldapboss login with LDAP password, I got the following error:

[WMFhIqwRAAIAABOptNUAAAAG] 2017-03-09 14:05:24: Fatal exception of type "DBQueryError"

Is it normal?

But it looks I have already logged in.

Reply 14:10, 9 March 2017 1 year ago

223.166.93.186 (talkcontribs)

Hi,

Any news on Brain Wang's problem? I experience the same issue. The user seems to be logged in, however logging in with an other user from LDAP still fails.

Reply 09:47, 21 March 2017 1 year ago

195.212.29.162 (talkcontribs)

Today I ran into the same issue, and found that the LDAP plugin does not have the right to autocreate users, despite the allowed autocreateaccount Group Permission setting. Then I found that the referred table (ldap_domains) did not exist in the database (and thus throwing the authmanager-autocreate-noperm errors). Creating the table in the right database based on the extensions/LdapAuthentication/schema/ldap-mysql.sql seems to fixed the issue:

# mysql -u root -p

Enter password:

mysql> use my_wiki

Reading table information for completion of table and column names

You can turn off this feature to get a quicker startup with -A

Database changed

mysql> CREATE TABLE ldap_domains (domain_id int not null primary key auto_increment,domain varchar(255) binary not null,user_id int not null);

Query OK, 0 rows affected (0.00 sec)

Reply 16:54, 27 March 2017 1 year ago

85.220.204.126 (talkcontribs)

This worked for me. Thanks

Reply 15:30, 5 April 2017 1 year ago

145.109.211.76 (talkcontribs)

I am running a private Wiki

$wgGroupPermissions['*']['autocreateaccount'] = true;

fixed it for me. If you read the changelog of 1.27:

* MediaWiki will now auto-create users as necessary, removing the need for

extensions to do so. An 'autocreateaccount' right is added to allow

auto-creation when 'createaccount' is not granted to all users.

Reply 07:17, 31 May 2017 11 months ago

31.221.114.66 (talkcontribs)

I resolved the problem by setting the $wgGroupPermissions['*']['autocreateaccount'] = true but also assigning CHMOD permissions to all .php files in /mediawiki to 777 for the local account I was using.

Reply 14:25, 3 August 2017 9 months ago

70.67.200.45 (talkcontribs)

For anyone else with this error:

Do set $wgGroupPermissions['*']['autocreateaccount'] = true;

Then delete your session cookie and reload the page to get a new session before trying again. Your session gets added to an account auto-creation blacklist when it fails the first time, which happens to give the exact same error message.

Reply 17:24, 13 September 2017 8 months ago

213.33.64.46 (talkcontribs)

This exact method worked for me too, thanks! Removing the session-cookie was the one thing I missed after unsuccessfully adding the configuration-option

Reply 08:53, 4 May 2018 19 days ago

Reply to "Automatic account creation is not allowed"

Error authenticating on 1.30 with AD

3 comments • 15:18, 3 May 2018 19 days ago

3

Summary by Nicovell3

Now the problem is solved and encrypted authentication works without issues.

Nicovell3 (talkcontribs)

Hi, I've got a problem while configuring an encrypted authentication with mediawiki 1.30 in CentOS 7.

Here is the part of my LocalSettings.php which configures the AD:

# Use ADDOMAIN AD
require_once( "$IP/extensions/LdapAuthentication/LdapAuthentication.php" );
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDomainNames = array( "ADDOMAIN" );
$wgLDAPServerNames = array( "ADDOMAIN" => "dc.ADDOMAIN.local" );
$wgLDAPSearchStrings = array( "ADDOMAIN" => "ADDOMAIN\\USER-NAME" );
$wgLDAPEncryptionType = array( "ADDOMAIN" => "ssl" );
$wgLDAPUseLocal = false;
$wgMinimalPasswordLength = 8;
$wgLDAPBaseDNs = array( "ADDOMAIN" => "ou=people,dc=ADDOMAIN,dc=local" );
$wgLDAPSearchAttributes = array( "ADDOMAIN" => "sAMAccountName" );
$wgLDAPRetrievePrefs = array( "ADDOMAIN" => "true" );
$wgLDAPPreferences = array( 'ADDOMAIN' => array( 'email' => 'mail','realname' => 'displayname') );
$wgLDAPLowerCaseUsername = array( "ADDOMAIN" => "true" );
$wgLDAPDebug = 2;
$wgDebugLogGroups["ldap"] = "/var/www/mediawiki/debug.log" ;
$wgShowExceptionDetails = true;

I've already configured my CA certificate at /etc/openldap/ldap.conf:

TLS_CACERTDIR   /etc/pki/tls/mediawiki/
TLS_CACERTFILE  /etc/pki/tls/mediawiki/ca.crt
TLS_CACERT      /etc/pki/tls/mediawiki/ca.crt

But when I try to authenticate, this is the output produced:

2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering strict.
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Returning true in strict().
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering allowPasswordChange
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering modifyUITemplate
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is an IP, not munging.
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering validDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 User is using a valid domain (ADDOMAIN).
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Setting domain as: ADDOMAIN
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering userExists
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering authenticate for username aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering Connect
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Using SSL
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Using servers: ldaps://dc.ADDOMAIN.local:636
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 PHP's LDAP connect method returned true (note, this does not imply it connected to the server).
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getSearchString
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Doing a straight bind
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 userdn is: ADDOMAIN\aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Binding as the user
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Failed to bind as ADDOMAIN\aduser  <- I think problem is here
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering strict.
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Returning true in strict().
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering allowPasswordChange
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering modifyUITemplate
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering strict.
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Returning true in strict().
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering strict.
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Returning true in strict().

As can be seen, the problem seems to be that the user can't be binded. At the web interface, the server says the password is not correct. But if I change the following line at LocalSettings.php:

$wgLDAPEncryptionType = array( "ADDOMAIN" => "clear" );

Then, the authentication completes successfully with this log file:

2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering strict.
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Returning true in strict().
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering allowPasswordChange
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering modifyUITemplate
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Username is an IP, not munging.
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering validDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 User is using a valid domain (ADDOMAIN).
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Setting domain as: ADDOMAIN
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering userExists
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering authenticate for username aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering Connect
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Using TLS or not using encryption.
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Using servers: ldap://dc.ADDOMAIN.local:389
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 PHP's LDAP connect method returned true (note, this does not imply it connected to the server).
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getSearchString
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Doing a straight bind
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 userdn is: ADDOMAIN\aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Binding as the user
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Bound successfully
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getUserDN
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Created a regular filter: (sAMAccountName=aduser)
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getBaseDN
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 basedn is not set for this type of entry, trying to get the default basedn.
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getBaseDN
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Using base: ou=people,dc=ADDOMAIN,dc=local
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Fetched UserDN: CN=RealName AD user,OU=people,DC=ADDOMAIN,DC=local
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getGroups
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering checkGroups
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getPreferences
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Retrieving preferences
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Retrieved email (aduser@ADDOMAIN.com) using attribute (mail)
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Retrieved realname (RealName AD user) using attribute (displayname)
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Authentication passed
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering updateUser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Setting user preferences.
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Setting realname.
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Setting email.
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 User has a token, setting domain in user options.
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Saving user settings.
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering updateExternalDB
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Either the user is using a local domain, or the wiki isn't allowing updates
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering strict.
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Returning true in strict().
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Entering strict.
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Returning true in strict().
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Returning true in strict().
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Entering strict.
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Returning true in strict().
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Entering strict.
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Returning true in strict().

Could someone help me please? I don't want to send my users passwords in plaintext.

Thanks in advance.

Edited 15:38, 2 May 2018 20 days ago

Nicovell3 (talkcontribs)

Oh, and I forgot to append my LdapAuthentication extension version:

# cat /var/www/mediawiki/extensions/LdapAuthentication/version
LdapAuthentication: REL1_30
2017-09-21T22:10:51

907953e

15:36, 2 May 2018 20 days ago

Nicovell3 (talkcontribs)

Finally I got this working. All I had to do was add this line to the /etc/openldap/ldap.conf file and restart the web server:

TLS_REQCERT allow

15:18, 3 May 2018 19 days ago

Version 1.30 compatability + PHP 7.1

2 comments • 09:19, 9 April 2018 1 month ago

2

Brandoncw (talkcontribs)

I'm having trouble getting functionality to work with the latest version of the plugin and media wiki 1.30 running on RHES with PHP 7.1

Is it officially compatible yet or is it still in development?

Reply 23:21, 8 April 2018 1 month ago

Ciencia Al Poder (talkcontribs)

From Manual:Installation requirements: PHP 7 is generally supported, but PHP 7.1 causes various warnings for MediaWiki 1.28 when some extensions are enabled, see task T153505.

I'm not sure how accurate is this for the latest MediaWiki version and this extension, though.

Reply Edited 09:19, 9 April 2018 1 month ago

Reply to "Version 1.30 compatability + PHP 7.1"

Authentication with Windows Server 2016, IIS.

One comment • 20:38, 26 March 2018 1 month ago

1

192.198.63.22 (talkcontribs)

I'm trying to get LDAP to function on my media wiki running on Windows Server 2016. This is in my local settings file. Is the correct?

require_once( "$IP/extensions/LdapAuthentication/LdapAuthentication.php" );

$wgAuth = new LdapAuthenticationPlugin();

$wgLDAPDomainNames = array( "ad" );

$wgLDAPServerNames = array( "ad" => "ad-09.ad.jacks.com ad-08.ad.jacks.com" );

$wgLDAPSearchStrings = array( "ad" => "JCK\USER-NAME" );

$wgLDAPEncryptionType = array( "ad" => "ssl" );

Reply 20:38, 26 March 2018 1 month ago

Reply to "Authentication with Windows Server 2016, IIS."

LDap on server 2016

One comment • 19:23, 26 March 2018 1 month ago

1

192.198.63.22 (talkcontribs)

Does Ldap work on windows server 2016 with MediaWiki?

Reply 19:23, 26 March 2018 1 month ago

Reply to "LDap on server 2016"

Support for LDAP Authentication on MW 1.29 (Windows 2012 R2, IIS).

4 comments • 22:29, 14 March 2018 2 months ago

4

198.181.18.22 (talkcontribs)

After spending the better part of two days, I just installed LDAP authentication in my environment, which is made up of:

MediaWiki 1.29

PHP 7.1.8

MySQL 5.7.19

Windows Server 2012 R2

IIS 8.5

Unfortunately, it is not working (in fact, after installing all the pieces and parts, my Wiki site would not load at all)

Is LDAP Authentication supported under this configuration? I have seen conflicting information on this and before I spend a lot of time on this, I need to know if this is even achievable.

Reply 18:47, 29 November 2017 5 months ago

198.181.18.24 (talkcontribs)

After tweaking some of the settings in LocalSettings.php, the site now loads when LDAP Authentication is enabled. Unfortunately, LDAP Authentication itself is still not working. In the meantime, I really need to know if this is supported/should work in my environment:

MediaWiki 1.29

PHP 7.1.8

MySQL 5.7.19

Windows Server 2012 R2

IIS 8.5

Reply 16:19, 30 November 2017 5 months ago

198.181.18.23 (talkcontribs)

Still trying to find out if this configuration is supported ..... can anyone verify yes or no for me?

Reply 21:46, 12 February 2018 3 months ago

188.2.105.99 (talkcontribs)

Any progress?

Reply 22:29, 14 March 2018 2 months ago

Reply to "Support for LDAP Authentication on MW 1.29 (Windows 2012 R2, IIS)."

Support for LDAP Authentication on MW 1.23

2 comments • 06:52, 28 February 2018 2 months ago

2

210.162.177.129 (talkcontribs)

MediaWiki 1.23

PHP 5.4.45

MySQL 5.5

LDAP setting is in progress. The following error message is output. Can you see the cause?

PHP Parse error: syntax error, unexpected 'class' (T_CLASS), expecting identifier (T_STRING) or variable (T_VARIABLE) or '{' or '$' in /var/www/html/mwiki/extensions/LdapAuthentication/LdapAuthentication.php on line 140

Reply 12:11, 27 February 2018 2 months ago

210.162.177.129 (talkcontribs)

i resolve.fix below

// if ( class_exists( MediaWiki\Auth\AuthManager::class ) && empty( $wgDisableAuthManager ) ) {

if ( class_exists( 'MediaWiki\\Auth\\AuthManager' ) && empty( $wgDisableAuthManager ) ) {

Reply 06:52, 28 February 2018 2 months ago

Reply to "Support for LDAP Authentication on MW 1.23"

RHEL6 - MW 1.21.1 - httpd.x86_64 2.2.15-60.el6_9.5 - php.x86_64 5.3.3-49.el6

2 comments • 10:31, 24 January 2018 3 months ago

2

2620:107:9000:2200:0:0:0:110 (talkcontribs)

[Tue Jan 23 11:57:26 2018] [error] [client 10.x.x.x PHP Parse error: syntax error, unexpected '[' in /var/www/wiki/mywiki/extensions/LdapAuthentication/LdapAuthentication.php on line 39

On this page Extension:LDAP Authentication it says that this version of the extension should be compatible with this version of php and mediawiki. Please advise

Reply 17:01, 23 January 2018 3 months ago

Ciencia Al Poder (talkcontribs)

MediaWiki 1.21 is unsupported. If you want to still using it despite the security risks, you should download the extension for the MediaWiki 1.21, not a recent version.

Reply 10:31, 24 January 2018 3 months ago

Reply to "RHEL6 - MW 1.21.1 - httpd.x86_64 2.2.15-60.el6_9.5 - php.x86_64 5.3.3-49.el6"

Incorrect password entered error - yet password is correct

2 comments • 10:53, 20 December 2017 5 months ago

2

MintSauce~mediawikiwiki (talkcontribs)

Hi,

I'm using MediaWiki 1.16.5 and the latest LdapAuthentication extensions from svn trunk on an Ubuntu server that already uses LDAP successfully with a Plone CMS and phpBB.

I've added the configuration below and as you can see from the logs, it seems to connect to LDAP fine (indeed, removing the config results in non-LDAP users being told their username doesn't exist), however, no user can login successfully, all are presented with the error: "Incorrect password entered. Please try again.". I've triple checked against the ldap db that the passwords are correct.

The only thing I can see that might be wrong in the logs is the capitalisation of the first letter of the uid.

Any ideas?

LocalSettings.php:

require_once($IP."/extensions/LdapAuthentication/LdapAuthentication.php");
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDomainNames = array(
  'anonymous-coward'
);
$wgLDAPServerNames = array(
  'anonymous-coward' => '127.0.0.1'
);
$wgLDAPSearchStrings = array(
  'anonymous-coward' => 'uid=USER-NAME,ou=people,dc=anonymous-coward,dc=org'
);
$wgLDAPEncryptionType = array(
  "'anonymous-coward'"=>"clear"
  );
$wgLDAPDebug = 3;
$wgDebugLogGroups["ldap"] = "/tmp/ldapdebug.log" ;

Debug file:

2011-07-27 20:00:36  wikidb: 1.2e Entering validDomain
2011-07-27 20:00:36  wikidb: 1.2e User is using a valid domain (anonymous-coward).
2011-07-27 20:00:36  wikidb: 1.2e Setting domain as: anonymous-coward
2011-07-27 20:00:36  wikidb: 1.2e Entering getCanonicalName
2011-07-27 20:00:36  wikidb: 1.2e Username isn't empty.
2011-07-27 20:00:36  wikidb: 1.2e Munged username: Jbloggs
2011-07-27 20:00:36  wikidb: 1.2e Entering userExists
2011-07-27 20:00:36  wikidb: 1.2e
2011-07-27 20:00:36  wikidb: 1.2e Entering authenticate
2011-07-27 20:00:36  wikidb: 1.2e
2011-07-27 20:00:36  wikidb: 1.2e Entering Connect
2011-07-27 20:00:36  wikidb: 1.2e Using TLS or not using encryption.
2011-07-27 20:00:36  wikidb: 1.2e Using servers:  ldap://127.0.0.1
2011-07-27 20:00:36  wikidb: 1.2e Using TLS
2011-07-27 20:00:36  wikidb: 1.2e Failed to start TLS.
2011-07-27 20:00:36  wikidb: 1.2e Connected successfully
2011-07-27 20:00:36  wikidb: 1.2e Entering getSearchString
2011-07-27 20:00:36  wikidb: 1.2e Doing a straight bind
2011-07-27 20:00:36  wikidb: 1.2e userdn is: uid=Jbloggs,ou=people,dc=anonymous-coward,dc=org
2011-07-27 20:00:36  wikidb: 1.2e
2011-07-27 20:00:36  wikidb: 1.2e Binding as the user
2011-07-27 20:00:36  wikidb: 1.2e Failed to bind as uid=Jbloggs,ou=people,dc=anonymous-coward,dc=org
2011-07-27 20:00:36  wikidb: 1.2e with password: xxxxxx
2011-07-27 20:00:36  wikidb: 1.2e Entering allowPasswordChange
2011-07-27 20:00:36  wikidb: 1.2e Entering modifyUITemplate

This post was posted by MintSauce~mediawikiwiki, but signed as MintSauce.

Reply Edited by Flow talk page manager 02:28, 10 July 2015 2 years ago

Ryan lane (talkcontribs)

Well, this is obviously wrong:

$wgLDAPEncryptionType = array(
  "'anonymous-coward'"=>"clear"
  );

It should be:

$wgLDAPEncryptionType = array(
  "anonymous-coward"=>"clear"
  );

Reply 22:22, 22 August 2011 6 years ago

Reply to "Incorrect password entered error - yet password is correct"

Extension talk:LDAP Authentication

About this board

How to ask for support

How to submit a bug

Archives

Compatibility with MediaWiki 1.27?

Automatic account creation is not allowed

Error authenticating on 1.30 with AD

Version 1.30 compatability + PHP 7.1

Authentication with Windows Server 2016, IIS.

LDap on server 2016

Support for LDAP Authentication on MW 1.29 (Windows 2012 R2, IIS).

Support for LDAP Authentication on MW 1.23

RHEL6 - MW 1.21.1 - httpd.x86_64 2.2.15-60.el6_9.5 - php.x86_64 5.3.3-49.el6

Incorrect password entered error - yet password is correct

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Support

Development

MediaWiki.org

Print/export

Tools