Extension talk:LDAP Authentication/2017

This extension or skin has been archived. This extension or skin has not been maintained for some time, and no longer supports recent releases of MediaWiki. It was archived per T376097. The following other choices are available: LDAPAuthentication2 To see the page before archival, click here.

There's a couple key pieces of info I always need:

1. The MediaWiki version you are using
2. The LdapAuthentication extension version you are using

I very often will need to see two other things when you ask for support, so you should have them prepared:

1. Your configuration, with sensitive stuff snipped out
2. The extension's debug log, with sensitive stuff snipped out

When you are trying to debug an authentication problem, you should always use the most basic configuration possible. For instance, if you don't have basic authentication working yet, you shouldn't have group restrictions or group synchronization enabled yet. I will generally ask you to disable these things when debugging.

Also, $wgLDAPUseLocal is almost never what you want to use. It's a frequent cause of configuration issues, and unless you really know what you are doing, it should not be set (or explicitly set to false, which is the default).

Most importantly of all: ensure you are using the newest version of the extension. From the extension distributor, that's the "master" version. If you are using git, just make sure you use git pull && git reset --hard origin/master. This is one of the more common cause of problems.

If you've found a bug, please submit it here.

• Archive 1
• Archive 2
• Archive 3

Then how do I get them to be used by Mediawiki for sending emails or creating accounts? Mediawiki 1.27.1, Ldap_Authentication REL1_27

Thanks, Pete. Peteolsen (talk) 13:10, 7 January 2017 (UTC)Reply

can someone assist with the below error for 1.28

PHP Fatal error: Uncaught exception 'Exception' with message '/var/www/mediawiki-1.28.0/extensions/LdapAuthentication/extension.json does not exist!' in /var/www/mediawiki-1.28.0/includes/registration/ExtensionRegistry.php:107 74.116.8.41 (talk) 09:40, 10 January 2017 (UTC)Reply

I have a working LDAP user authentication and want to add the user to wikigroup X when the user is a member in ldapgroup XX. The useraccount will be created in the wiki when he first login. I don't want to say to the users 'tell me when you have first login so that I can grant you the rights.' I am using Windows Active Directory. 153.96.112.222 (talk) 14:24, 13 January 2017 (UTC)Reply

I don't know how to do this just using this extension, but I've been working on and using another extension: Extension:LdapGroups

I'd be interested in your feedback. ☠MarkAHershberger☢(talk)☣ 22:07, 13 January 2017 (UTC)Reply

Thanks for your reply. I tried it, but it will not work. I can login (LdapAuthentication Plugin) but the LdapGroups Plugin does not add the user to the correct groups.

After downloading and copying it to the extensions folder I added these lines to the LocalSettings.php

wfLoadExtension( 'LdapGroups' );

$LdapGroupsUseMatchingRuleInChainQuery = true;

$LdapGroupsIniFile = "$IP/extensions/LdapGroups/connection.ini";

$ldapGroupMap = [

"IT Admin" => [ "CN=IT,OU=GROUPS,OU=CAMPUS,DC=company,DC=de" ],

"QA" => [ "CN=QA_Gesamt,OU=QA,OU=ABTEILUNGEN,OU=GROUPS,OU=CAMPUS,DC=company,DC=de" ]

];

My connection.ini file looks like this:

[main]

server = dc-02.company.de

 ; quotes are required to keep php from getting confused about

 ; the extra equals sign

user = 'wiki'

pass = securepass0wrd

basedn = 'OU=CAMPUS,DC=company,DC=de'

Did I miss something? 153.96.112.222 (talk) 16:08, 16 January 2017 (UTC)Reply

I don't think you missed anything, but I do wonder if you used the right user in your connection.ini file. I had to specify the DN for the user I wanted to log in.

Could you set up a debug log file and then let me know if any "In Groups: " lines are in the log file? ☠MarkAHershberger☢(talk)☣ 20:35, 16 January 2017 (UTC)Reply

[cookie] setcookie: "company_wikiUserID", "99", "1499157222", "/", "", "", "1"
[cookie] setcookie: "company_wikiUserName", "Username", "1499157222", "/", "", "", "1"
[cookie] setcookie: "company_wikiToken", "", "1483518822", "/", "", "", "1"
[cookie] setcookie: "company_wikiUserID", "99", "1499157222", "/", "", "", "1"
[cookie] setcookie: "company_wikiUserName", "Username", "1499157222", "/", "", "", "1"
[cookie] setcookie: "company_wikiToken", "", "1483518822", "/", "", "", "1"

[Bug56269] Exception thrown with an uncommited database transaction: [6f314852] /load.php?debug=false&lang=de&modules=site&only=styles&skin=monobook&* DBQueryError from line 1246 of /var/www/mediawiki-1.25.1/includes/db/Database.php: A database error has occurred. Did you forget to run maintenance/update.php after upgrading? See: https://www.mediawiki.org/wiki/Manual:Upgrading#Run_the_update_script

Query: UPDATE `ldap_domains` SET domain = 'domain.local' WHERE user_id = '99'

Function: LdapAuthenticationPlugin::saveDomain

Error: 1213 Deadlock found when trying to get lock; try restarting transaction (localhost)

#0 /var/www/mediawiki-1.25.1/includes/db/Database.php(1205): DatabaseBase->reportQueryError('Deadlock found ...', 1213, 'UPDATE `ldap_d...', 'LdapAuthenticat...', false)
#1 /var/www/mediawiki-1.25.1/includes/db/Database.php(2153): DatabaseBase->query('UPDATE `ldap_d...', 'LdapAuthenticat...')
#2 /var/www/mediawiki-1.25.1/extensions/LdapAuthentication/LdapAuthentication.php(2069): DatabaseBase->update('ldap_domains', Array, Array, 'LdapAuthenticat...')
#3 /var/www/mediawiki-1.25.1/extensions/LdapAuthentication/LdapAuthentication.php(1240): LdapAuthenticationPlugin::saveDomain(Object(User), 'domain.local')
#4 /var/www/mediawiki-1.25.1/extensions/LdapAuthentication/LdapAutoAuthentication.php(63): LdapAuthenticationPlugin->updateUser(Object(User))
#5 [internal function]: LdapAutoAuthentication::Authenticate(Object(User))
#6 /var/www/mediawiki-1.25.1/includes/Hooks.php(209): call_user_func_array('LdapAutoAuthent...', Array)
#7 /var/www/mediawiki-1.25.1/includes/User.php(365): Hooks::run('UserLoadAfterLo...', Array)
#8 /var/www/mediawiki-1.25.1/includes/User.php(2583): User->load()
#9 /var/www/mediawiki-1.25.1/extensions/FormMailer/FormMailer.php(54): User->getRealName()
#10 [internal function]: wfSetupFormMailer()
#11 /var/www/mediawiki-1.25.1/includes/Setup.php(678): call_user_func('wfSetupFormMail...')
#12 /var/www/mediawiki-1.25.1/includes/WebStart.php(138): require_once('/var/www/mediaw...')
#13 /var/www/mediawiki-1.25.1/load.php(30): require('/var/www/mediaw...')
#14 {main}

mediawiki 1.27.1, Extension 2.1

deployed via IIS.

I have configured Group synchronization, and it worked.

Then I added in Automatic Authentication and it stopped.

I have compared the search requests of both with Wireshark and found out:

- on a working group sync the request is for whole subtree with Filter sAMAccountName=USERNAME

- with auto authentication instead it searches for "DOMAIN\USERNAME" baseObject

Why is that and what should i do? 217.6.145.253 (talk) 13:00, 10 February 2017 (UTC)Reply

By "Automatic Authentication" do you mean Extension:Auth remoteuser? Apparently you need to tune up $wgAuthRemoteuserDomain Ciencia Al Poder (talk) 16:44, 10 February 2017 (UTC)Reply

No, I mean LdapAutoAuthentication

If I log in normally (using the login dialog) then my groups are added.

If I activate automatic Authentication, then it actively removes all groups from the logged in user, since it apparently can't find them.

Even though i pretty much copied the config.

Here is my config:

(DOMAIN is the Config I use for normal login, DOMAINSSO is for auto authentication.)

require_once "$IP/extensions/LdapAuthentication/LdapAuthentication.php";

require_once( "$IP/extensions/LdapAuthentication/LdapAutoAuthentication.php" );

#List of available Domains

$wgAuth = new LdapAuthenticationPlugin();

$wgLDAPDomainNames = array(  

'DOMAIN',

'DOMAINSSO',

);

#Mapping domains to domain controllers

$wgLDAPServerNames = array(

'DOMAIN' => 'mydc.domain.com',

'DOMAINSSO' => 'mydc.domain.com',

);

$wgLDAPEncryptionType = array(

'DOMAIN' => 'ssl',

'DOMAINSSO' => 'ssl',

);

#Mapping domain to Samaccountname

$wgLDAPSearchStrings = array(

'DOMAIN' => "DOMAIN\\USER-NAME",

'DOMAINSSO' => "DOMAIN\\USER-NAME",

);

$wgLDAPActiveDirectory = array(

'DOMAIN' => true,

'DOMAINSSO' => true,

);

AutoAuthSetup();

$wgGroupPermissions['*']['createaccount'] = true;

$wgLDAPLowerCaseUsername = array(

'DOMAIN'=>true,

'DOMAINSSO'=>true

);

$wgMinimalPasswordLength     = 1;

#For Group sync

$wgLDAPBaseDNs = array(

'DOMAIN' => 'dc=domain,dc=com',

'DOMAINSSO' => 'dc=domain,dc=com',

);

$wgLDAPGroupUseFullDN = array(

'DOMAIN' => true,

'DOMAINSSO' => true,

);

$wgLDAPGroupsUseMemberOf = array(

'DOMAIN' => true,

'DOMAINSSO' => true,

);

$wgLDAPUseLDAPGroups = array(

'DOMAIN' => true,

'DOMAINSSO' => true,

);

$wgLDAPActiveDirectory = array(

'DOMAIN' => true,

'DOMAINSSO' => true,

);

$wgLDAPGroupObjectclass = array(

"DOMAIN"=>"group",

"DOMAINSSO"=>"group" ,

);

$wgLDAPGroupAttribute = array(

"DOMAIN"=>"member" ,

"DOMAINSSO"=>"member" ,

);

$wgLDAPGroupNameAttribute = array(

"DOMAIN"=>"cn" ,

"DOMAINSSO"=>"cn" ,

);

$wgLDAPGroupSearchNestedGroups = array(

'DOMAIN'=>true ,

'DOMAINSSO'=>true ,

);

#Restrict anonymous users

#$wgGroupPermissions['*' ]['createaccount']     = false;

$wgGroupPermissions['*' ]['read']         = false;

$wgGroupPermissions['*' ]['edit']         = false;

#Remove the domain portion of the displayed username. Example: "DOMAIN\username" to "username"

list($dom,$userid) = explode("\\",$_SERVER['REMOTE_USER']);

#$wgLDAPAutoAuthDomain = "DOMAINSSO";

$wgLDAPAutoAuthDomain = "DOMAINSSO";

$wgLDAPAutoAuthUsername = $userid;

AutoAuthSetup(); 217.6.145.253 (talk) 07:43, 13 February 2017 (UTC)Reply

Ah, ok, I don't know very well this plugin. When you enter your credentials, those credentials are used to connect to the LDAP and retrieve user information, but with automatic login the user gives no credentials and MediaWiki can't authenticate to LDAP. I think you need to set up $wgLDAPProxyAgent and $wgLDAPProxyAgentPassword so those credentials are used to connect to the LDAP and retrieve this information. Ciencia Al Poder (talk) 10:27, 13 February 2017 (UTC)Reply

That was indeed the problem, thank you very much

:D 217.6.145.253 (talk) 12:56, 13 February 2017 (UTC)Reply

Hi, the extension says that autoauth is not supported on MW versions 1.27 and above. I can confirm this is not working for me on version 1.28. I can login using LDAP but the previous ability of not having to enter any username and password no longer works. Jamal22066 (talk) 16:55, 14 September 2017 (UTC)Reply

CentOS 7

Mediawiki 1.27.1

PHP 5.6.27

LDAP Authentication Plugin 2.1.0

I am attempting to get auto login working using the LDAP Authentication plugin. If I comment out the lines for automatic login, I am able to use my username/password and successfully sign into Mediawiki. If I re-enable automatic login,I am not logged in automatically. If I click the login link, I can use my username and password to log in - if I do this, I get an error on the page (Incorrect password entered. Please try again.) and the following error in the debug data:

• [authentication] Login failed in primary authentication by MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider

My LocalSettings.php has the following:

require_once( "$IP/extensions/LdapAuthentication/LdapAutoAuthentication.php" );

require_once( "$IP/extensions/LdapAuthentication/LdapAuthentication.php" );

//$wgAuth = new LdapAuthenticationPlugin(); ## Standard Login

$wgLDAPAutoAuthDomain = "<domain name here>"; ## added for autologin

$wgLDAPDomainNames = array( "<domain name here>" );

$wgLDAPServerNames = array( "<domain name here" => "<domain controller here>" );

//$wgLDAPSearchStrings = array( "<domain name here>" => "DOMAIN\\USER-NAME" ); //standard login

$wgLDAPEncryptionType = array( "<domain name here>" => "clear" );

$wgLDAPDebug = 3; //for debugging LDAP

$wgShowExceptionDetails = true; //for debugging MediaWiki

$wgDebugLogGroups['ldap'] = '/var/www/html/wiki/debug.log';

$wgLogQueries=true;

// $wgLDAPAutoAuthUsername = $_SERVER["REMOTE_USER"];

$wgLDAPAutoAuthUsername = preg_replace( '/@./', '', $_SERVER["REMOTE_USER"] );

$wgGroupPermissions['*']['autocreateaccount']=true;

I added the changes to $wgLDAPAutoAuthUsername based on some posts I found; using either line results in the same error.

I have skipped posting some parts of LocalSettings.php due to the information contained in the lines; if you have questions about something that may or may not be in the file, please let me know. Again, given that I am able to log in with the "standard login" lines uncommented and no other changes to the file, it leads me to believe that I am having an issue with the new Authentication method used in Mediawiki 1.27 and higher. However, I have not been able to find a solution that works yet.

On a side note - my PHP error logs do not have any errors and I am not able to write to the debug.log listed above. Yes, the file exists. Yes, I have verified the permissions; I even set them to 777 for testing The above error is from turning on debugging within Mediawiki - that is, displaying the debug data on the site itself.

Any assistance you can give me would be greatly appreciated; I have been banging my head over this for a few weeks now. I did find the new RemoteUser plugin and have started floating that as a possible solution; I've been asked to spend some more time on this before we make the switch. 141.160.5.251 (talk) 17:42, 10 February 2017 (UTC)Reply

Hi,

I get this error when I try to connect with a AD account (in a "wikiAdmin" group) here my config :

$wgGroupPermissions['*']['autocreateaccount'] = true;
$wgGroupPermissions['*']['createaccount'] = false;
$wgGroupPermissions['*']['read'] = false;
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['user']['edit'] = false;
$wgGroupPermissions['sysop']['edit'] = true;

$wgWhitelistRead = array ("Special:Userlogin", "MediaWiki:Common.css", "MediaWiki:Common.js", "MediaWiki:Monobook.css", "MediaWiki:Monobook.js");


# $wgLDAPDebug = 3; //for debugging LDAP
$wgShowExceptionDetails = true; //for debugging MediaWiki

########################################################################################################################
 ### LDAP Authentication Plugin
 #
require_once( "extensions/LdapAuthentication/LdapAutoAuthentication.php" );
require_once( "extensions/LdapAuthentication/LdapAuthentication.php" );
$wgAuth = new LdapAuthenticationPlugin();

$wgLDAPDebug = 3; $wgDebugLogGroups["ldap"] = "/volume1/web/jadeo/debug.log" ;
$wgLDAPDomainNames = array('SIEGE_JADEO',);
$wgLDAPServerNames = array('SIEGE_JADEO' => "AD-JADEO.siege.jadeofrance.fr",);
$wgLDAPSearchStrings = array('SIEGE_JADEO' => 'SIEGE_JADEO\\USER-NAME',);
$wgLDAPEncryptionType = array('SIEGE_JADEO' => 'clear',);
$wgLDAPBaseDNs = array('SIEGE_JADEO' => 'ou=Jadeo,dc=siege,dc=jadeofrance,dc=fr');
$wgLDAPSearchAttributes = array('SIEGE_JADEO' => 'sAMAccountName');
#$wgLDAPProxyAgent = array("SIEGE_JADEO"=>"*****");
#$wgLDAPProxyAgentPassword = array("SIEGE_JADEO"=>"*****");
$wgLDAPUpdateLDAP = array("SIEGE_JADEO"=>false);
$wgLDAPAddLDAPUsers = array("SIEGE_JADEO"=>false);
$wgLDAPPreferences = array( 'SIEGE_JADEO' => true );
$wgLDAPGroupSearchNestedGroups = array("SIEGE_JADEO"=>true);
$wgLDAPRequiredGroups = array("SIEGE_JADEO"=>array("CN=wikiAdmin,OU=Jadeo,DC=siege,DC=jadeofrance,DC=fr"));
$wgLDAPGroupUseFullDN = array("SIEGE_JADEO"=>true);
$wgLDAPLowerCaseUsername = array('SIEGE_JADEO' => false);
$wgLDAPGroupObjectclass = array("SIEGE_JADEO"=>'group');
$wgLDAPGroupAttribute = array("SIEGE_JADEO"=>'member');
#$wgLDAPUseLDAPGroups = array( "SIEGE_JADEO"=>true );
$wgLDAPGroupNameAttribute = array( "SIEGE_JADEO"=>"cn" );
$wgLDAPGroupsUseMemberOf = array('SIEGE_JADEO' => true);

This error is write at the top of the page, when I show the source code, it's upper than the <!DOCTYPE html> (maybe a php error)

Warning: array_keys() expects parameter 1 to be array, boolean given in /volume1/web/jadeo/extensions/LdapAuthentication/LdapAuthenticationPlugin.php on line 1422

Warning: Invalid argument supplied for foreach() in /volume1/web/jadeo/extensions/LdapAuthentication/LdapAuthenticationPlugin.php on line 1422

And I get the error :

La création automatique d’un compte local a échoué : La création automatique de compte n’est pas autorisée.

In english :

The automatic creation of local account fail : Automatic account creation is not allowed.

(or something like that, sorry for my bad english)

2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering strict.
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Returning true in strict().
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering allowPasswordChange
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering modifyUITemplate
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getCanonicalName
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Username is an IP, not munging.
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getCanonicalName
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Username is: A.tarpin
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering validDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 User is using a valid domain (SIEGE_JADEO).
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering Connect
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Using TLS or not using encryption.
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Using servers: ldap://AD-JADEO.siege.jadeofrance.fr:389
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 PHP's LDAP connect method returned true (note, this does not imply it connected to the server).
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getUserDN
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Doing an anonymous bind
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Created a regular filter: (sAMAccountName=A.tarpin)
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getBaseDN
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 basedn is not set for this type of entry, trying to get the default basedn.
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getBaseDN
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Using base: ou=Jadeo,dc=siege,dc=jadeofrance,dc=fr
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Couldn't find an entry
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Fetched username is not a string (check your hook code...). This message can be safely ignored if you do not have the SetUsernameAttributeFromLDAP hook defined.
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Munged username: A.tarpin
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getCanonicalName
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Username is: A.tarpin
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering validDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 User is using a valid domain (SIEGE_JADEO).
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering Connect
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Using TLS or not using encryption.
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Using servers: ldap://AD-JADEO.siege.jadeofrance.fr:389
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 PHP's LDAP connect method returned true (note, this does not imply it connected to the server).
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getUserDN
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Doing an anonymous bind
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Created a regular filter: (sAMAccountName=A.tarpin)
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getBaseDN
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 basedn is not set for this type of entry, trying to get the default basedn.
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getBaseDN
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Using base: ou=Jadeo,dc=siege,dc=jadeofrance,dc=fr
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Couldn't find an entry
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Fetched username is not a string (check your hook code...). This message can be safely ignored if you do not have the SetUsernameAttributeFromLDAP hook defined.
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Munged username: A.tarpin
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getCanonicalName
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Username is: A.tarpin
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering validDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 User is using a valid domain (SIEGE_JADEO).
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering Connect
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Using TLS or not using encryption.
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Using servers: ldap://AD-JADEO.siege.jadeofrance.fr:389
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 PHP's LDAP connect method returned true (note, this does not imply it connected to the server).
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getUserDN
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Doing an anonymous bind
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Created a regular filter: (sAMAccountName=A.tarpin)
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getBaseDN
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 basedn is not set for this type of entry, trying to get the default basedn.
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getBaseDN
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Using base: ou=Jadeo,dc=siege,dc=jadeofrance,dc=fr
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Couldn't find an entry
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Fetched username is not a string (check your hook code...). This message can be safely ignored if you do not have the SetUsernameAttributeFromLDAP hook defined.
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Munged username: A.tarpin
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getCanonicalName
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Username is: A.tarpin
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering validDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 User is using a valid domain (SIEGE_JADEO).
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering Connect
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Using TLS or not using encryption.
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Using servers: ldap://AD-JADEO.siege.jadeofrance.fr:389
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 PHP's LDAP connect method returned true (note, this does not imply it connected to the server).
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getUserDN
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Doing an anonymous bind
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Created a regular filter: (sAMAccountName=A.tarpin)
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getBaseDN
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 basedn is not set for this type of entry, trying to get the default basedn.
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getBaseDN
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Using base: ou=Jadeo,dc=siege,dc=jadeofrance,dc=fr
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Couldn't find an entry
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Fetched username is not a string (check your hook code...). This message can be safely ignored if you do not have the SetUsernameAttributeFromLDAP hook defined.
2017-02-14 11:09:22 Serv-Info JadeoWiki: 2.1.0 Munged username: A.tarpin
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getCanonicalName
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Username is: A.tarpin
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering validDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 User is using a valid domain (SIEGE_JADEO).
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering Connect
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Using TLS or not using encryption.
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Using servers: ldap://AD-JADEO.siege.jadeofrance.fr:389
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 PHP's LDAP connect method returned true (note, this does not imply it connected to the server).
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getUserDN
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Doing an anonymous bind
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Created a regular filter: (sAMAccountName=A.tarpin)
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getBaseDN
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 basedn is not set for this type of entry, trying to get the default basedn.
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getBaseDN
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Using base: ou=Jadeo,dc=siege,dc=jadeofrance,dc=fr
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Couldn't find an entry
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Fetched username is not a string (check your hook code...). This message can be safely ignored if you do not have the SetUsernameAttributeFromLDAP hook defined.
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Munged username: A.tarpin
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getCanonicalName
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Username is: A.tarpin
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering validDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 User is using a valid domain (SIEGE_JADEO).
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering Connect
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Using TLS or not using encryption.
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Using servers: ldap://AD-JADEO.siege.jadeofrance.fr:389
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 PHP's LDAP connect method returned true (note, this does not imply it connected to the server).
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getUserDN
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Doing an anonymous bind
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Created a regular filter: (sAMAccountName=A.tarpin)
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getBaseDN
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 basedn is not set for this type of entry, trying to get the default basedn.
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getBaseDN
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Using base: ou=Jadeo,dc=siege,dc=jadeofrance,dc=fr
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Couldn't find an entry
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Fetched username is not a string (check your hook code...). This message can be safely ignored if you do not have the SetUsernameAttributeFromLDAP hook defined.
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Munged username: A.tarpin
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering validDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 User is using a valid domain (SIEGE_JADEO).
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Setting domain as: SIEGE_JADEO
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getCanonicalName
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Username is: A.tarpin
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering validDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 User is using a valid domain (SIEGE_JADEO).
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering Connect
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Using TLS or not using encryption.
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Using servers: ldap://AD-JADEO.siege.jadeofrance.fr:389
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 PHP's LDAP connect method returned true (note, this does not imply it connected to the server).
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getUserDN
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Doing an anonymous bind
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Created a regular filter: (sAMAccountName=A.tarpin)
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getBaseDN
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 basedn is not set for this type of entry, trying to get the default basedn.
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getBaseDN
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Using base: ou=Jadeo,dc=siege,dc=jadeofrance,dc=fr
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Couldn't find an entry
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Fetched username is not a string (check your hook code...). This message can be safely ignored if you do not have the SetUsernameAttributeFromLDAP hook defined.
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Munged username: A.tarpin
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering userExists
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering authenticate for username A.tarpin
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering Connect
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Using TLS or not using encryption.
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Using servers: ldap://AD-JADEO.siege.jadeofrance.fr:389
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 PHP's LDAP connect method returned true (note, this does not imply it connected to the server).
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getSearchString
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Doing a straight bind
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 userdn is: SIEGE_JADEO\A.tarpin
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Binding as the user
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Bound successfully
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getUserDN
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Created a regular filter: (sAMAccountName=A.tarpin)
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getBaseDN
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 basedn is not set for this type of entry, trying to get the default basedn.
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getBaseDN
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Using base: ou=Jadeo,dc=siege,dc=jadeofrance,dc=fr
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Fetched UserDN: CN=Arno TARPIN,OU=Jadeo,DC=siege,DC=jadeofrance,DC=fr
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getGroups
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Retrieving LDAP group membership
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Using memberOf
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Got the following groups: cn=wikiadmin,ou=jadeo,dc=siege,dc=jadeofrance,dc=fr::cn=wifi,ou=jadeo,dc=siege,dc=jadeofrance,dc=fr::cn=accès devawh,ou=jadeo,dc=siege,dc=jadeofrance,dc=fr::cn=administrateur locaux,ou=jadeo,dc=siege,dc=jadeofrance,dc=fr::cn=groupe informatique,ou=jadeo,dc=siege,dc=jadeofrance,dc=fr::cn=admins du domaine,cn=users,dc=siege,dc=jadeofrance,dc=fr::cn=administrateurs de l’entreprise,cn=users,dc=siege,dc=jadeofrance,dc=fr::cn=administrateurs,cn=builtin,dc=siege,dc=jadeofrance,dc=fr
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering checkGroups
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Checking for (new style) group membership
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Required groups: cn=wikiadmin,ou=jadeo,dc=siege,dc=jadeofrance,dc=fr
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Checking against: cn=wikiadmin,ou=jadeo,dc=siege,dc=jadeofrance,dc=fr
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Found user in a group.
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getPreferences
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Retrieving preferences
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Authentication passed
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getCanonicalName
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Username is: A.tarpin
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering validDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 User is using a valid domain (SIEGE_JADEO).
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering Connect
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Using TLS or not using encryption.
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Using servers: ldap://AD-JADEO.siege.jadeofrance.fr:389
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 PHP's LDAP connect method returned true (note, this does not imply it connected to the server).
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getUserDN
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Doing an anonymous bind
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Created a regular filter: (sAMAccountName=A.tarpin)
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getBaseDN
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 basedn is not set for this type of entry, trying to get the default basedn.
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getBaseDN
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Using base: ou=Jadeo,dc=siege,dc=jadeofrance,dc=fr
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Couldn't find an entry
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Fetched username is not a string (check your hook code...). This message can be safely ignored if you do not have the SetUsernameAttributeFromLDAP hook defined.
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Munged username: A.tarpin
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering allowPasswordChange
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering modifyUITemplate
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain
2017-02-14 11:09:23 Serv-Info JadeoWiki: 2.1.0 Entering getDomain

What should I do ?

Thanks 77.158.75.132 (talk) 11:46, 14 February 2017 (UTC)Reply

Ok, so without any change it's working now, I just went to lunch and when I come back it work...

Last question : there is a way to allow a specific AD group some privilege ?

I explain : I want to create 2 groups, one standard user with only read right, and one super admin right with read, edit, delete right.

I find this : Extension:LDAP Authentication/User Provided Information#Allow LDAP users to act as SysOps or Bureaucrat based on groups

and this : Manual:$wgAutopromote

and this : Manual talk:$wgAutopromote

But It's not very usefull...

Thanks ! 77.158.75.132 (talk) 15:22, 14 February 2017 (UTC)Reply

Hi, i have been 2 days with this, I start to feel desperate.

Commenting $wgLDAPRequiredGroups all can log in, if i dont, nobody can (even if in the required group)

Using: Latest version (from the web), Windows server 2012R2 with AD

The modified lines in LocalSettings.php

require_once ("extensions/LdapAuthentication/LdapAuthentication.php");

$wgAuth = new LdapAuthenticationPlugin();

$wgLDAPDomainNames = array("domain");

$wgLDAPServerNames = array("ad"=>"servername.ad");

$wgLDAPUseLocal = false;

$wgLDAPEncryptionType = array("ad"=>"clear");

$wgLDAPBaseDNs = array("ad"=> "dc=ad");

$wgLDAPSearchAttributes = array("ad"=>"sAMAccountName");

$wgLDAPRetrievePrefs = array("ad" => true );

$wgLDAPPreferences = array( "ad" => array( "email" => "mail"));

$wgLDAPProxyAgent = array("ad" => "binduser@ad");

$wgLDAPProxyAgentPassword = array("ad" => "password");

$wgLDAPGroupUseFullDN = array( "ad" => true);

$wgLDAPLowerCaseUsername = array("ad" => false);

$wgLDAPGroupObjectclass = array("ad" => "group");

$wgLDAPGroupAttribute = array("ad" => "member");

$wgLDAPGroupNameAttribute = array( "ad" => "cn");

$wgLDAPGroupBaseDNs = array( "ad" => "dc=ad");

$wgLDAPUserBaseDNs = array( "ad" => "dc=ad");

$wgLDAPOptions = array("ad"=>array( LDAP_OPT_DEREF, 0 ));

$wgLDAPLowerCaseUsername = array( "ad"=>true );

$wgLDAPRequiredGroups = array( "ad" => "cn=wiki,cn=users,dc=ad");

$wgLDAPGroupSearchNestedGroups = array("ad" => true);

$wgLDAPActiveDirectory = array( "ad" => true);

$wgLDAPDebug = 3;

$wgDebugLogGroups['ldap'] = "/tmp/wiki.ldap.debug-{$wgDBname}.log";

$wgShowExceptionDetails = true;

The logs show this:

2017-02-15 15:28:28 wiki wikidb: 2.1.0 Checking against: cn=users,cn=builtin,dc=ad

2017-02-15 15:28:28 wiki wikidb: 2.1.0 Checking against: cn=domain users,cn=users,dc=ad

2017-02-15 15:28:28 wiki wikidb: 2.1.0 Checking against: cn=crp,cn=users,dc=ad

2017-02-15 15:28:28 wiki wikidb: 2.1.0 Checking against: cn=wiki,cn=users,dc=ad

2017-02-15 15:28:28 wiki wikidb: 2.1.0 Checking against: cn=projects,cn=users,dc=ad

2017-02-15 15:28:28 wiki wikidb: 2.1.0 Checking against: cn=redmine,cn=users,dc=ad

2017-02-15 15:28:28 wiki wikidb: 2.1.0 Couldn't find the user in any groups.

The user in the group wiki. Originally the group was called WIKI, created wiki and deleted the other one just in case, same result

A bit desperate here, please help!

Thx

Erengard

PS: ad is dc=something,dc=something,dc=something (obviously) 192.36.220.66 (talk) 15:47, 15 February 2017 (UTC)Reply

2 days more and i founded it. For future references...:

Required Groups needs an ARRAY of groups. I was entering the group without array

$wgLDAPRequiredGroups = array( "ad" => array ( "cn=wiki,cn=users,dc=ad"));

For future evolutions, i would change so an string is converted to an array of one element. It seems like it is a normal mistake (i have even seen it like that in 2 manuals, already informed them)

Thx for your help!

Erengard 192.36.220.66 (talk) 09:02, 20 February 2017 (UTC)Reply

Hi

I am trying to get LdapAuthentication extension work with my upgraded MediaWiki. Our previous setup was

The LdapAuthentication worked fine with the above version of MediaWiki.

Once we upgraded to the newer version, and I am getting errors below.

I am trying to run convertExtensionToRegistration.php on LdapAuthentication and I get the following error:

C:\PHP\php.exe : Error: Global functions cannot be converted to JSON. Please move the handler for LoadExtensionSchemaUpdates inside a class.

At line:1 char:1

This does create an extension file but when I run update.php I get the following error:

C:\PHP\php.exe : [2ede5ca9f218d5e8ed5d0e2a] [no req]   MWException from line 176 of E:\Websites\MediaWiki\includes\Hooks.php: Invalid callback 

efLdapAuthenticationSchemaUpdates in hooks for LoadExtensionSchemaUpdates

At line:1 char:1

+ C:\PHP\php.exe .\maintenance\update.php

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : NotSpecified: ([2ede5ca9f218d5...onSchemaUpdates:String) [], RemoteException

    + FullyQualifiedErrorId : NativeCommandError 

Backtrace:

#0 E:\Websites\MediaWiki\includes\installer\DatabaseUpdater.php(122): Hooks::run(string, array)

#1 E:\Websites\MediaWiki\includes\installer\DatabaseUpdater.php(187): DatabaseUpdater->__construct(DatabaseMysqli, boolean, UpdateMediaWiki)

#2 E:\Websites\MediaWiki\maintenance\update.php(171): DatabaseUpdater::newForDB(DatabaseMysqli, boolean, UpdateMediaWiki)

#3 E:\Websites\MediaWiki\maintenance\doMaintenance.php(111): UpdateMediaWiki->execute()

#4 E:\Websites\MediaWiki\maintenance\update.php(217): require_once(string)

#5 {main}

Can anyone please help with this? 131.203.91.54 (talk) 23:43, 1 March 2017 (UTC)Reply

I am also having the same problem on 1.28. Jbrekelbaum (talk) 21:09, 21 June 2017 (UTC)Reply

I just realized that upgrading my PHP version from 5.5 to 7 breaks this extension. When I roll back to 5.5 it starts working again. I am using mediawiki 1.28 Sorvis (talk) 13:00, 19 July 2017 (UTC)Reply

The error

> Error: Global functions cannot be converted to JSON. Please move the handler for LoadExtensionSchemaUpdates inside a class.

means that in LdapAuthentication.php the hook LoadExtensionSchemaUpdates is used. For this hook, function efLdapAuthenticationSchemaUpdates() is called and the problem with this is, that this function is inside LdapAuthentication.php.

The fix for this error is this:

• Move this function into a different file and there put it inside a class.
• Then adjust the hook definition so that it is calling the class function. 2003:72:6D2A:9E00:E09F:A580:49D6:2D05 (talk) 08:03, 30 July 2017 (UTC)Reply

Why would you run convertExtensionToRegistration.php? Are you a developer and want to contribute to code base of the extension? Because this script is not meant to be run as part of a setup. It is a development tool to ease code migration.

LdapAuthentication should run with MediaWiki 1.28 even though it does not have an extension.json file. You just need to use the old require_once instead of wfLoadExtension.

When using PHP7, are there any error_log entries that give a hint on what exactly goes wrong? Osnard (talk) 13:58, 4 August 2017 (UTC)Reply

I'm seeing this error as well. I'm getting "Failed to bind" error in the debug for the extension. I'm using php7.0 and mediawiki 1.27. Was working just fine couple weeks ago. I did just update so not sure if a newer version of php7 is breaking something. 96.94.241.41 (talk) 14:15, 4 August 2017 (UTC)Reply

wfLoadExtension() is the new way of loading extensions and plan is to one day remove support for the old require_once() way of doing things. Using convertExtensionToRegistration.php is the recommended way of bringing an extension up to date again. As already note above:

• Move this function into a different file and there put it inside a class.
• Then adjust the hook definition so that it is calling the class function.

That definitely is a step in the right direction and possibly already is enough to get the migration to wfLoadExtension() working for this extension. 2003:72:6D13:B800:9DA1:D2BF:3590:31AE (talk) 18:37, 7 August 2017 (UTC)Reply

That's totally true but makes only sense if this change finds its way back to the upstream. So please, if you successfully migrate to extension.json commit that change to the code review process of the extension. Osnard (talk) 19:56, 7 August 2017 (UTC)Reply

I am trying to configure LDAP Authentication with my AD server if i have the encryption set to clear it works fine however when i change this to ssl it fails to bind

Dturtill (talk) 14:39, 7 March 2017 (UTC)Reply

config is as below

require_once( “$IP/extensions/LdapAuthentication/LdapAuthentication.php” );

$wgAuth = new LdapAuthenticationPlugin();

$wgLDAPDomainNames = array( “mydomain” );

$wgLDAPServerNames = array( “mydomain”=>”server.mydomain.cmydomainltd.co.uk”  );

$wgLDAPUseLocal = false;

 $wgLDAPSearchStrings = array('mydomain' => 'mydomain\\USER-NAME',);

$wgLDAPEncryptionType = array( “mydomain”=>”clear” );

$wgLDAPBaseDNs = array( “mydomain”=>”ou=mydomain,dc=mydomain,dc=cmydomainltd,dc=co,dc=uk” );

$wgLDAPSearchAttributes = array( “mydomain”=>”sAMAccountName” );

$wgLDAPGroupUseFullDN = array( “mydomain”=>true );

$wgLDAPLowerCaseUsername = array( “mydomain”=>true );

$wgLDAPGroupObjectclass = array( “mydomain”=>”group” );

$wgLDAPGroupAttribute = array( “mydomain”=>”member” );

$wgLDAPGroupNameAttribute = array( “mydomain”=>”cn” );

$wgLDAPGroupBaseDNs = array( “mydomain”=>”ou=Groups,ou=mydomain,dc=mydomain,dc=cmydomainltd,dc=co,dc=uk” );

$wgLDAPUserBaseDNs = array( “mydomain”=>”ou=mydomain,dc=mydomain,dc=cmydomainltd,dc=co,dc=uk” );

$wgLDAPOptions = array("ad"=>array( LDAP_OPT_DEREF, 0 ));

$wgLDAPRequiredGroups = array( “mydomain”=> array(“cn=itwiki,ou=Groups,ou=mydomain,dc=mydomain,dc=cmydomainltd,dc=co,dc=uk”) );

$wgLDAPGroupSearchNestedGroups = array( “mydomain”=>true );

$wgLDAPActiveDirectory = array( "mydomain" => true);

$wgLDAPUpdateLDAP = array("DOMAIN"=>false);

$wgLDAPAddLDAPUsers = array("DOMAIN"=>false);

$wgLDAPDebug = 3;

$wgDebugLogGroups['ldap'] = "/tmp/wiki.ldap.debug-{$wgDBname}.log";

$wgShowExceptionDetails = true; Dturtill (talk) 14:41, 7 March 2017 (UTC)Reply

[a8aaa10042fe5e77d2cff1c2] 2017-03-08 10:07:02: Fatal exception of type "DBQueryErroru Dturtill (talk) 10:08, 8 March 2017 (UTC)Reply

Try looking at the debug log for something relevant. Maybe the SSL cert is not recognized as trusted by the server and thus rejected. Ciencia Al Poder (talk) 10:24, 8 March 2017 (UTC)Reply

With SSL on it just states Failed to Bind as (username)

with Clear on it seems to bind but then gives the Database error Dturtill (talk) 11:14, 8 March 2017 (UTC)Reply

This "LDAP Authentication" plug-in is basically unmaintained. It does not work correctly in MediaWiki 1.27 or newer.

Do not waste your time trying to integrate MediaWiki with enterprise systems. It is not properly supported. 203.144.93.59 (talk) 04:46, 10 March 2017 (UTC)Reply

The fact that it runs successfully on wikitech:Special:Version proves the opposite. —Mainframe98 _talk 05:24, 10 March 2017 (UTC)Reply

The copy on Wikitech is updated by the WMF but much of the functionality has been stripped. Major parts of the extension are un-maintained. ☠MarkAHershberger☢(talk)☣ 20:50, 11 March 2017 (UTC)Reply

These three steps worked for me (on WIMP):

First manually create an account for an AD user as per Ryan Lane's blog. Then login with this account (using LdapAuthenticationPlugin, but not AutoAuthentication)

$wgDisableAuthManager = true; //Disable the newly introduced Mediawiki authentication scheme that is incompatible with AutoAuth. Weird thing is that LdapAuthenticationPlugin without auto-login is unaffected.

Run >php wiki\maintenance\update.php to build ldap tables (after login as manually created AD user) 165.225.36.50 (talk) 14:12, 13 March 2017 (UTC)Reply

Is there any way to mass import all users from AD using this extension? 65.87.238.103 (talk) 18:33, 24 March 2017 (UTC)Reply

dn: uid=doe,ou=Staff,ou=People,dc=my-university,dc=org
cn: Doe John
uid: doe
mail: john.doe@my-university.org
ou: MainBuilding

require_once( "extensions/LdapAuthentication/LdapAuthentication.php" );
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDomainNames = array('univLDAPdomain');
$wgLDAPServerNames = array('univLDAPdomain' => 'ldap.my-university.org',);
$wgLDAPEncryptionType = array('univLDAPdomain' => 'tls');
$wgLDAPSearchStrings = array(
    'univLDAPdomain' => 'uid=USER-NAME,ou=Staff,ou=people,dc=my-university,dc=org',
   );

hello

here is my config

require_once( "$IP/extensions/LdapAuthentication/LdapAuthentication.php" );
require_once ('includes/AuthPlugin.php');

$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDomainNames = array( 'ldap' );
$wgLDAPServerNames = array( 'ldap' => 'my.ldapserver.com' );
$wgLDAPUseLocal = false;
$wgLDAPEncryptionType = array( 'ldap' => 'clear' );
$wgLDAPPort = array( 'ldap' => 389 );
$wgLDAPDebug = 3;
$wgDebugLogGroups['ldap'] = '/tmp/ldap.log';

2017-04-07 01:13:21 (none) wikiDB: 2.1.0 Entering strict.
2017-04-07 01:13:21 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:21 (none) wikiDB: 2.1.0 Returning true in strict().
2017-04-07 01:13:21 (none) wikiDB: 2.1.0 Entering strict.
2017-04-07 01:13:21 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:21 (none) wikiDB: 2.1.0 Returning true in strict().
2017-04-07 01:13:22 (none) wikiDB: 2.1.0 Entering strict.
2017-04-07 01:13:22 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:22 (none) wikiDB: 2.1.0 Returning true in strict().
2017-04-07 01:13:22 (none) wikiDB: 2.1.0 Entering strict.
2017-04-07 01:13:22 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:22 (none) wikiDB: 2.1.0 Returning true in strict().
2017-04-07 01:13:22 (none) wikiDB: 2.1.0 Entering strict.
2017-04-07 01:13:22 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:22 (none) wikiDB: 2.1.0 Returning true in strict().
2017-04-07 01:13:26 (none) wikiDB: 2.1.0 Entering strict.
2017-04-07 01:13:26 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:26 (none) wikiDB: 2.1.0 Returning true in strict().
2017-04-07 01:13:26 (none) wikiDB: 2.1.0 Entering getCanonicalName
2017-04-07 01:13:26 (none) wikiDB: 2.1.0 Username is: myadmin
2017-04-07 01:13:26 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:26 (none) wikiDB: 2.1.0 Munged username: myadmin
2017-04-07 01:13:27 (none) wikiDB: 2.1.0 Entering getCanonicalName
2017-04-07 01:13:27 (none) wikiDB: 2.1.0 Username is: myadmin
2017-04-07 01:13:27 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:27 (none) wikiDB: 2.1.0 Munged username: myadmin
2017-04-07 01:13:27 (none) wikiDB: 2.1.0 Entering allowPasswordChange
2017-04-07 01:13:27 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:27 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:27 (none) wikiDB: 2.1.0 Entering modifyUITemplate
2017-04-07 01:13:27 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:27 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:27 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:27 (none) wikiDB: 2.1.0 Entering getCanonicalName
2017-04-07 01:13:27 (none) wikiDB: 2.1.0 Username is an IP, not munging.
2017-04-07 01:13:27 (none) wikiDB: 2.1.0 Entering getCanonicalName
2017-04-07 01:13:27 (none) wikiDB: 2.1.0 Username is: myadmin
2017-04-07 01:13:27 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:27 (none) wikiDB: 2.1.0 Munged username: myadmin
2017-04-07 01:13:27 (none) wikiDB: 2.1.0 Entering strict.
2017-04-07 01:13:27 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:27 (none) wikiDB: 2.1.0 Returning true in strict().
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering strict.
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Returning true in strict().
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getCanonicalName
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Username is: myadmin
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Munged username: myadmin
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getCanonicalName
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Username is: myadmin
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Munged username: myadmin
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering allowPasswordChange
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering modifyUITemplate
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getCanonicalName
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Username is an IP, not munging.
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getCanonicalName
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Username is: myadmin
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Munged username: myadmin
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getCanonicalName
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Username is: myadmin
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Munged username: myadmin
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getCanonicalName
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Username is: myadmin
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Munged username: myadmin
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getCanonicalName
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Username is: myadmin
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Munged username: myadmin
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getCanonicalName
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Username is: myadmin
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Munged username: myadmin
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getCanonicalName
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Username is: myadmin
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Munged username: myadmin
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getCanonicalName
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Username is: myadmin
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Munged username: myadmin
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getCanonicalName
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Username is: myadmin
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Munged username: myadmin
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getCanonicalName
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Username is: myadmin
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Munged username: myadmin
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering validDomain
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 User is using a valid domain (ldap).
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Setting domain as: ldap
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getCanonicalName
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Username is: myadmin
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Munged username: myadmin
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering userExists
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering authenticate for username myadmin
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering Connect
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Using TLS or not using encryption.
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Using non-standard port: 389
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Using servers: ldap://my.ldapserver.com:389
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 PHP's LDAP connect method returned true (note, this does not imply it connected to the server).
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getSearchString
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getUserDN
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Doing an anonymous bind
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Created a regular filter: (=myadmin)
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getBaseDN
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 basedn is not set for this type of entry, trying to get the default basedn.
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getBaseDN
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 basedn is not set.
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Using base:
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Couldn't find an entry
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 userdn is:
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 User DN is blank
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering strict.
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Returning true in strict().
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getCanonicalName
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Username is: myadmin
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Munged username: myadmin
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getCanonicalName
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Username is: myadmin
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Munged username: myadmin
2017-04-07 01:13:34 (none) wikiDB: 2.1.0 Entering getCanonicalName
2017-04-07 01:13:34 (none) wikiDB: 2.1.0 Username is: myadmin
2017-04-07 01:13:34 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:34 (none) wikiDB: 2.1.0 Munged username: myadmin
2017-04-07 01:13:34 (none) wikiDB: 2.1.0 Entering getCanonicalName
2017-04-07 01:13:34 (none) wikiDB: 2.1.0 Username is: myadmin
2017-04-07 01:13:34 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:34 (none) wikiDB: 2.1.0 Munged username: myadmin
2017-04-07 01:13:34 (none) wikiDB: 2.1.0 Entering allowPasswordChange
2017-04-07 01:13:34 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:34 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:34 (none) wikiDB: 2.1.0 Entering modifyUITemplate
2017-04-07 01:13:34 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:34 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:34 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:34 (none) wikiDB: 2.1.0 Entering getCanonicalName
2017-04-07 01:13:34 (none) wikiDB: 2.1.0 Username is: myadmin
2017-04-07 01:13:34 (none) wikiDB: 2.1.0 Entering getDomain

I just try to log in one time but created log 170 lines.

I don't know where is the problem..

I think

2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Created a regular filter: (=myadmin)
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getBaseDN
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 basedn is not set for this type of entry, trying to get the default basedn.
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getBaseDN
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 basedn is not set.
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Using base:
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Couldn't find an entry
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 userdn is:
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 User DN is blank
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering strict.
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Entering getDomain
2017-04-07 01:13:33 (none) wikiDB: 2.1.0 Returning true in strict().

here or many attempt to Entering ~~ is the problem

help me... 125.140.111.101 (talk) 01:35, 7 April 2017 (UTC)Reply

Just looking over your logs (and not knowing a lot about this plugin): have you tried setting $wgLDAPBaseDNs ?

// If you are using AD style binding (TDOMAIN\\USER-NAME or USER-NAME@TDOMAIN) and
// want to be able to use group syncing, preference pulling, etc., you'll need to set
// $wgLDAPBaseDNs and $wgLDAPSearchAttributes for the domain.

☠MarkAHershberger☢(talk)☣ 19:13, 7 April 2017 (UTC)Reply

## Logging Debug-Information for LDAP
$wgLDAPDebug = 3;
$wgDebugLogGroups["ldap"] = "/var/log/nginx/wiki_ldap.log";

Versions: Mediawiki 1.27.1, LDAPAuth 2.1.0 (Translate: MLEB 2017.01)

Problem:

I want to use this Extension and Extension:Translate, but: I cant publish Translations as long as LDAP_Authentication is active. This seems to be because LDAP_Authentication prevents the use of Translates Fuzzybot according to the php error log:

 UnexpectedValueException from line 273 of [base]\includes\auth\AuthPluginPrimaryAuthenticationProvider.php: AuthPlugin failed to reset password for Fuzzybot in the following domains: [all Domains]

According to Extension talk:LDAP Authentication/2016#h-LDAPAuthentication_with_Mediawiki_1.27.1-2016-11-22T18:37:00.000Z this should work, but it doesn't:

$wgAuthManagerAutoConfig['primaryauth'] += [

    LdapPrimaryAuthenticationProvider::class => [

    'class' => LdapPrimaryAuthenticationProvider::class,

    'args' => [ ['authoritative' => true, ] ],

    'sort' => 50,    ],

];

What can I do? 217.6.145.253 (talk) 12:33, 5 May 2017 (UTC)Reply

Did you ever find a solution? I'm stuck in the exact same place. Lsilverman (talk) 13:07, 22 June 2017 (UTC)Reply

I'm currently thinking about setting up a parallell wiki (accessing the same Database) without LDAP for Translators.

But that sucks because i'm pretty sure that would lead to some sort of conflict eventually... 217.6.145.253 (talk) 06:18, 30 June 2017 (UTC)Reply

I abandoned LDAP_Authentication. Instead I migrated to PluggableAuth+OpenId extensions married to Google Auth, which our organization also uses. Much better and easier configuration than LdapAuth. Now users are auto-logged in just by visiting our private wiki. Lsilverman (talk) 15:28, 6 July 2017 (UTC)Reply

I have the same issue with LDAP-authentication on Mediawiki 1.31 and GraphViz. To solve it I commented out almost everything in the function providerRevokeAccessFor User:

      

public function providerRevokeAccessForUser( $username ) {

               # function commented out due to an issue with LDAP-authentication and newer versions of Mediawiki, preventing for example GraphViz from fucntioning properly

               # seems to be similiar to the issue described here: https://www.mediawiki.org/wiki/Extension%20talk%3ALDAP%20Authentication/2017#h-Conflict_with_Extension%3ATranslate-2017-05-05T12%3A33%3A00.000Z

               return;

               /*$username = User::getCanonicalName( $username, 'usable' );

               if ( $username === false ) {

                       return;

               }

               $user = User::newFromName( $username );

               if ( $user ) {

                       // Reset the password on every domain.

                       $curDomain = $this->auth->getDomain();

                       $domains = $this->auth->domainList() ?: [ '' ];

                       $failed = [];

                       foreach ( $domains as $domain ) {

                               $this->auth->setDomain( $domain );

                               if ( $this->testUserCanAuthenticateInternal( $user ) &&

                                       !$this->auth->setPassword( $user, null )

                               ) {

                                       $failed[] = $domain === '' ? '(default)' : $domain;

                               }

                       }

                       $this->auth->setDomain( $curDomain );

                       if ( $failed ) {

                               throw new \UnexpectedValueException(

                                       "AuthPlugin failed to reset password for $username in the following domains: "

                                               . implode( ' ', $failed )

                               );

                       }

               }*/

       }

Would be really cool if MediaWiki or the LDAP-auth peeps will make an update that will help this kind of extensions work. LDAP is very useful and would be a bummer to give up. Oleg.blecher (talk) 07:05, 18 July 2018 (UTC)Reply

I am able to log in using my AD account so I know that part is working. What I don't understand is what i need to do for permissions and groups.

Is there a way that I can use local groups in MediaWiki and just add AD users to that group, or do I HAVE to use AD groups and configure them in LocalSettings.php?

Here's my current config if that helps:

#LDAP Authentication Extension
require_once( "$IP/extensions/LdapAuthentication/LdapAuthentication.php" );
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDomainNames = array( "MYDOMAIN" );
$wgLDAPServerNames = array( "MYDOMAIN" => "my.ad.domain.com" );
$wgLDAPSearchStrings = array( "MYDOMAIN" => "USER-NAME@MYDOMAIN" );
$wgLDAPEncryptionType = array( "MYDOMAIN" => "clear" );
$wgLDAPBaseDNs = array( "MYDOMAIN" => "OU=MyOu,DC=MyDC,DC=MyDC2,DC=MyDC3" );
$wgMinimalPasswordLength = 15;

Mattseaboard (talk) 21:40, 8 May 2017 (UTC)Reply

Hello.

Our company added some code and now it is possible to configure LDAP groups and LDAP users (via uid) who are allowed to login into a wiki.

Is there a way that I can send the code to the developers of the extension?

Regards

Max Max.mueller (talk) 11:05, 24 May 2017 (UTC)Reply

The author is User:Ryan lane

I really want to see how your company fix it :) MathieuRobe (talk) 12:44, 24 May 2017 (UTC)Reply

You can also submit a patch to gerrit yourself. Read How to become a MediaWiki hacker Ciencia Al Poder (talk) 19:37, 24 May 2017 (UTC)Reply

Note that we had a meeting about this extension at the Vienna hackathon and I'll be working with others to improve it. ☠MarkAHershberger☢(talk)☣ 15:53, 31 May 2017 (UTC)Reply

keep us posted :) MathieuRobe (talk) 12:39, 2 June 2017 (UTC)Reply

Whenever I try to login, it displays a message, "Incorrect password entered. Please try again.".

I am using PHP 5.5.38 and upgraded to Mediawiki 1.28.0 version. 204.114.196.21 (talk) 10:14, 7 June 2017 (UTC)Reply

Mediawiki isn't compatible with MediaWiki 1.28 at present. The main problem is AuthManager. MathieuRobe (talk) 12:57, 8 June 2017 (UTC)Reply

Please let us know if this issue with compatibility will be resolved 3ShapeDevOps (talk) 11:19, 13 June 2017 (UTC)Reply

I'm interested as well. Trying to upgrade from 1.23 and this one's a blocker. Happy to test anything you can come up with. 73.176.255.33 (talk) 18:01, 8 June 2017 (UTC)Reply

Ryan lane is the Author of LDAP Authentication but no answer. MathieuRobe (talk) 10:48, 13 June 2017 (UTC)Reply

That means if I am upgraded to Mediawiki 1.28, I can't use LDAP authentication i.e. I cant login my application which uses mediawiki 1.28. Is my understanding correct on this? 204.114.196.21 (talk) 07:29, 14 June 2017 (UTC)Reply

I am running Debian and using official Debian packages repo. After upgrade from Debian Jessie to Stretch, surprisingly, the package mediawiki-extensions-base has disappeared from Stretch, so its Jessie version has just been removed, including the Ldap extension.

That made MW corrupted of course. Current Debian package delivers 1.27.3 version of mediawiki in Debian Stretch, and apparently everyone who upgraded has to manually hack the .php files to

- no more include the removed extensions (to fix warning)

- manually download removed extensions like this Ldap one, and hack LocalSettings.php to load them

... currently I am stuck with Ldap extension, experiencing same problem as in the title of this topic. After the hacks, I ran the udpate.php eventually, even restarted apache, but still, when looking into mediawiki's SQL db ("wiki"), the table "ldap_domains" is empty. Only local accounts work.

What is the point with "AuthManager problem", is it what this commit talks about? 85.93.97.173 (talk) 09:49, 5 August 2017 (UTC)Reply

i have enalbe LDAP Auth. over SSL 636 and doing user auth successfully

i wanted to check if User password reset is possible ? @Ryan 203.88.129.14 (talk) 12:27, 8 June 2017 (UTC)Reply

I use Mediawiki 1.27.3. LDAP authentication is required but since we upgraded the error "Automatic account creation is not allowed" occured for new LDAP users.

We used to authenticate using LdapAuthenticationPlugin() in LocalSettings.php, but since this is deprecated, the correct way to fix it would be using AuthManager, like below:

$wgAuthManagerAutoConfig['primaryauth'] += [

    LdapPrimaryAuthenticationProvider::class => [

    'class' => LdapPrimaryAuthenticationProvider::class,

    'args' => [ ['authoritative' => true, ] ],

    'sort' => 50,    ],

];

However, this didn't work for us, since it couldn't authenticate with the LDAP server (according to our logs). We even set the following in our LocalSettings:

$wgGroupPermissions['*']['autocreateaccount'] = true;

That didn't work either, *until* we restarted our apache service. So, keep in mind that you need to do that.

That is a temporary fix in my opinion, until AuthManager is updated so that it works with LDAP. Hope this helps... 82.75.122.213 (talk) 16:23, 9 July 2017 (UTC)Reply

You are a legend. Thank you! 155.4.45.19 (talk) 13:26, 29 August 2018 (UTC)Reply

I saw many problems here about running LDAP Authentication with newer versions of MW. Especially in companies this feature is a very important requirement for the use of a Wiki. The description page gives the impression that the plugin is discontinued and that there is no acitivity to make it running again. It would be really important if someone with expertise could clarify at the descriptions page what users that want to use newer MWs should do and what are the future plans if there are some. Aschroet (talk) 09:25, 28 July 2017 (UTC)Reply

Hello,

I am trying to configure the extension for corporate LDAP but I can not get to configure the part to fill the mail and the realname, I have the following version:

MediaWiki 1.23.9

PHP 5.3.3 (apache2handler)

MySQL 5.7.16

And it is impossible to update it by PHP, that in the corporate is not authorized a higher version. And I have the following configuration in the config:

    require_once ("$IP/extensions/LdapAuthentication/LdapAuthentication.php");

    $wgAuth = new LdapAuthenticationPlugin();

        // $wgDebugLogFile = '/DATOS/html/mediawiki/tmp/mediawiki-logfile.log';

        // $wgDebugLogGroups['ldap'] = '/DATOS/html/mediawiki/tmp/mediawiki-logfile.log';

        // $wgLDAPDebug = 1;

        // $wgShowSQLErrors = 1;

        // $wgShowExceptionDetails = true;    

    $wgLDAPDomainNames = array("ARRAK");

    $wgLDAPServerNames = array("ARRAK" => "ARRAK.es");

    $wgLDAPSearchStrings = array("ARRAK" => "ARRAK\\USER-NAME");

    $wgLDAPEncryptionType = array("ARRAK" => "clear");

    $wgLDAPUseSSL = array("ARRAK" => "true");

    $wgLDAPUseLocal = false;

    $wgMinimalPasswordLength = 1;

    $wgLDAPAddLDAPUsers = array("ARRAK" => false);

    $wgLDAPUpdateLDAP = array("ARRAK" => false);

    $wgLDAPRetrievePrefs = array("ARRAK" => true);

    $wgLDAPPreferences = array("ARRAK" => array("email" => "mail","realname" => "cn","nickname" => "sAMAccountName"));

Could you help me to see where the error is?

Thank you, Danii 2611 (talk) 09:09, 22 August 2017 (UTC)Reply

Hello,

In case someone happens to you, I leave the configuration that has worked for me.

require_once ("$IP/extensions/LdapAuthentication/LdapAuthentication.php");

$wgAuth = new LdapAuthenticationPlugin();

$wgLDAPDomainNames        = array('ARRAK');

$wgLDAPServerNames        = array('ARRAK' => 'arrak.es');

$wgLDAPPort               = array('ARRAK' => 389 );

$wgLDAPSearchStrings = array("ARRAK" => "ARRAK\\USER-NAME");

$wgLDAPLowerCaseUsername  = array('ARRAK' => true );

$wgLDAPEncryptionType = array("ARRAK" => "clear","tls");

$wgLDAPBaseDNs            = array('ARRAK' => "dc=dacfi,dc=es" );

$wgLDAPSearchAttributes   = array('ARRAK' => "sAMAccountName" );

$wgLDAPAddLDAPUsers       = array('ARRAK' => false);

$wgLDAPUpdateLDAP         = array('ARRAK' => false);

$wgLDAPRetrievePrefs      = array('ARRAK' => true);

$wgLDAPPreferences        = array('ARRAK' => array("email"=>"mail","realname"=>"cn","nickname"=>"sAMAccountName")); Danii 2611 (talk) 09:45, 23 August 2017 (UTC)Reply

Hi,

I have a mediawiki for internal Company use only. The ldap authentication extension is configured to let anyone automatically login and read the wiki who has got a Domain account. This is working without issues.

Since I activated debug- and db-error logs for the whole wiki for monitoring purporses there is a DB-Error that bothers me. It looks like this and is logged randomly if a user logs in:

[Bug56269] Exception thrown with an uncommited database transaction: [00e37421] /Hauptseite DBQueryError from line 1246 of /var/www/mediawiki-1.25.1/includes/db/Database.php: A database error has occurred. Did you forget to run maintenance/update.php after upgrading? See: https://www.mediawiki.org/wiki/Manual:Upgrading#Run_the_update_script

Query: UPDATE `ldap_domains` SET domain = 'zeus.local' WHERE user_id = '107'

Function: LdapAuthenticationPlugin::saveDomain

Error: 1213 Deadlock found when trying to get lock; try restarting transaction (localhost)

#0 /var/www/mediawiki-1.25.1/includes/db/Database.php(1205): DatabaseBase->reportQueryError('Deadlock found ...', 1213, 'UPDATE `ldap_d...', 'LdapAuthenticat...', false)

#1 /var/www/mediawiki-1.25.1/includes/db/Database.php(2153): DatabaseBase->query('UPDATE `ldap_d...', 'LdapAuthenticat...')

#2 /var/www/mediawiki-1.25.1/extensions/LdapAuthentication/LdapAuthentication.php(2069): DatabaseBase->update('ldap_domains', Array, Array, 'LdapAuthenticat...')

#3 /var/www/mediawiki-1.25.1/extensions/LdapAuthentication/LdapAuthentication.php(1240): LdapAuthenticationPlugin::saveDomain(Object(User), 'zeus.local')

#4 /var/www/mediawiki-1.25.1/extensions/LdapAuthentication/LdapAutoAuthentication.php(63): LdapAuthenticationPlugin->updateUser(Object(User))

#5 [internal function]: LdapAutoAuthentication::Authenticate(Object(User))

#6 /var/www/mediawiki-1.25.1/includes/Hooks.php(209): call_user_func_array('LdapAutoAuthent...', Array)

#7 /var/www/mediawiki-1.25.1/includes/User.php(365): Hooks::run('UserLoadAfterLo...', Array)

#8 /var/www/mediawiki-1.25.1/includes/User.php(1997): User->load()

#9 /var/www/mediawiki-1.25.1/includes/User.php(3193): User->getId()

#10 /var/www/mediawiki-1.25.1/includes/MediaWiki.php(511): User->isLoggedIn()

#11 /var/www/mediawiki-1.25.1/includes/MediaWiki.php(414): MediaWiki->main()

#12 /var/www/mediawiki-1.25.1/index.php(41): MediaWiki->run()

#13 {main}

My Setup:

• OS: Debian 8.4
• Mediawiki: 1.25.1
• PHP: 5.6.20
• DBMS: MySQL 5.5.49
• Web Server: Apache 2.4.10
• Directory Server: Active Directory (2008 - 2012 R2)
• LDAP Authentication Version 2.1.0 REL 1.25

As suggested by the error I of course already ran the update.php script multiple times, but the error ist still there although the update.php ran without issues each time.

How can I solve that Deadlock Error? 62.192.2.194 (talk) 08:50, 25 August 2017 (UTC)Reply

A deadlock error is not caused by a missing update, but by either database contention or, most probably here (if it happens always) by a bug in the software. Maybe 2 different code paths are updating the ldap_domains in different transactions, causing the deadlock. You probably want to open a bug about this. Ciencia Al Poder (talk) 09:19, 25 August 2017 (UTC)Reply

Hey guys,

I just started working at a relatively big company and they want me to migrate their internal wiki to a fresh OS install. The only thing i'm having issues with is the LDAP authentication. I know that it isn't officially supported and developed anymore, but i believe there is fix for it as many people have mentioned before. I tried all of the below mentioned fixed and none of them worked for me. We have the AD on windows server 2008 and it worked on the 1.24. version of MediaWiki. My config is as follows:

require_once ("$IP/extensions/LdapAuthentication/LdapAuthentication.php");

$wgAuth = new LdapAuthenticationPlugin();

$wgLDAPDomainNames = array(

  'TEST'

);

$wgLDAPServerNames = array(

  'TEST' => 'IP'

);

$wgLDAPSearchStrings = array(

  'USER' => 'USER-NAME@TEST.COM'

);

#

$wgLDAPEncryptionType = array(

  'TEST' => 'clear'

);

#

$wgLDAPPreferences = array('TEST' => array( 'email' => 'mail'));

$wgLDAPUseLocal = false;

$wgMinimalPasswordLength = 1;

$wgGroupPermissions['*']['autocreateaccount'] = true;

I tried it the thing that Ryan posted years ago where you create the local user with the same name as an AD sysop and it didn't work. Any suggestions are welcome. Thanks! 91.199.124.66 (talk) 11:06, 28 August 2017 (UTC)Reply

If anyone ever reads this, i managed to fix it. The issue was with using "testing" versions of PHP, since MediaWiki 1.29.1 requires PHP 5.6+. I was installing it using SCL repos and installed all of the packages (rh-php56-php-{name} where {name} was all of the packages i needed: xml, ldap, mbstring, .........). Because there wasn't native PHP5.6 support, LDAP didn't work no matter what i did. I did a test Debian 9 install and it worked flawlessly.

TLDR; CentOS doesn't officially support PHP 5.6+. Installed Debian, used the above config, everything works perfectly. 91.199.124.66 (talk) 09:03, 29 August 2017 (UTC)Reply

Hey Guys,

I was working with MediaWiki having MS-SQL database in backend, when I was trying to add the extension LDAP Authentication, this seems to not working. I have tried edit "ldap-mysql.sql" corresponding to have mssql values but this is not working for me. Could you please advise if there is way we can make use of LDAP Authentication plugin in MediaWiki with MSSQL database.

Thanks and Regards,

Dileep 111.93.236.105 (talk) 14:05, 8 September 2017 (UTC)Reply

Details:

MediaWiki version - 1.27.3

LdapAuthentication: REL1_272016-07-06T01:03:46b0dba33 111.93.236.105 (talk) 14:09, 8 September 2017 (UTC)Reply

Hi all,

I am getting Failing to bind and UserDN is blank error in debug logs when I am setting Encryption type as SSL in my LocalSettings.php file, However, when setting encryption type to CLEAR, its working fine.

Please suggest on this

Thanks! 204.114.196.21 (talk) 09:32, 13 September 2017 (UTC)Reply

Is the nested groups feature actually working for anyone?

I tried

- setting $wgLDAPGroupSearchNestedGroups to true,

- additionally setting $wgLDAPGroupsUseMemberOf to false

- additionally setting $wgLDAPLowerCaseUsername to false

and none of that made a difference... 217.6.145.253 (talk) 08:00, 18 September 2017 (UTC)Reply

Hi all,

Not all users in LDAP are authorized to own an user account in my MediaWiki. I already have users logging in because I created their accounts before installing LDAP Plugin. Now, I need to create accounts for new employees and I always receive the message "Username entered already in use. Please choose a different name.", through Special:CreateAccount.

Obviously, If I disable all LDAP configuration in LocalSettings, I'm able to create a local user account with the same LDAP username. Then , if I enable LDAP configuration again, the user is recognized with LDAP password and he can log in. The fact is that I don't want to edit LocalSettings every time I have a new employee.

My configuration is below. Thanks in advance.

require_once ('.../extensions/LdapAuthentication/LdapAuthentication.php');

$wgAuth = new LdapAuthenticationPlugin();

$wgLDAPDomainNames = array( 'AD' );

$wgLDAPServerNames = array( 'AD' => 'url' );

$wgLDAPUseLocal = false;

$wgLDAPEncryptionType = array( 'AD' => 'clear' );

$wgLDAPPort = array( 'AD' => 389 );

$wgLDAPProxyAgent = array( 'AD' => 'CN=a,OU=b,DC=c,DC=d' );

$wgLDAPProxyAgentPassword = array( 'UFPE-AD' => 'password' );

$wgLDAPSearchAttributes = array( 'AD' => 'description' );

$wgLDAPBaseDNs = array( 'AD' => 'DC=c,DC=d' );

$wgLDAPDisableAutoCreate = array( 'AD' => true );

$wgLDAPPreferences = array( 'AD' => array( 'email' => 'mail', 'realname' => 'cn','nickname' => 'givenname') );

$wgLDAPLowerCaseUsername = array( 'AD' => true);

$wgGroupPermissions['*']['createaccount'] = false;

MediaWiki: 1.29.1

PHP: 5.5.21 (apache2handler)

PostgreSQL: 9LDAP Ana.carvalho (talk) 13:08, 19 September 2017 (UTC)Reply

If I understand correctly, the `Special:CreateAccount` page will actually atempt to create an account (in your AD!). But the account already exists (in the AD)..

But if I understand correctly, with `$wgGroupPermissions['*']['autocreateaccount'] = true;` the accounts will be auto-created in the database on first log in. So you just need to make sure the account is available in AD and then tell the user to sign in to you wiki instance. Lesscomplex (talk) 09:50, 5 June 2018 (UTC)Reply

This is confusing. Are you saying that once you have LDAP connected that you can't create local accounts in the wiki instance? We have users that need to access the wiki that don't belong to our LDAP groups. So I was hoping to create accounts directly on the wiki server... 118.210.39.78 (talk) 03:29, 23 September 2021 (UTC)Reply

I just wanted to share some information from T110453

Configuration with AuthManager could look like

$wgAuthManagerAutoConfig['primaryauth'] += [
   LdapPrimaryAuthenticationProvider::class => [
       'class' => LdapPrimaryAuthenticationProvider::class,
       'args' => [ [
           'authoritative' => true, // don't allow local non-LDAP accounts
       ] ],       
       'sort' => 50, // must be smaller than local pw provider
   ],     
]; Osnard (talk) 14:21, 22 September 2017 (UTC)Reply

Hi, I don't know a great deal about authentication, so this might be a dumb question, so bear with me!

I've got Auto-Authentication working perfectly on a non-public-facing wiki for users of Windows. Users are set up in Active Directory, with permissions to the site being controlled by AD groups. I have however a small number of users accessing the wiki via non-windows systems (macOS, Linux). Although their accounts are in the Active Directory Auto-Authentication isn't working for them; they are getting prompted by the browser for a username and password.

Ideally, I'd like them to be able to benefit from auto-authentication too, if possible.

I expect that this will be mainly down to my authentication configuration in IIS. I've got it so that Windows Authentication is enabled, and all other authentication methods are disabled.

Is there any other configuration in IIS that would support auto authentication for both windows and non-windows users?

Many thanks Darren Dshinks (talk) 14:47, 25 September 2017 (UTC)Reply

The browser communicates with the underlying operating system to get an authentication token which then sends to the server, and is what makes possible the auto-authentication.

macOS and Linux doesn't provide that (AFAIK) for Active Directory authentication, so it's not possible. Ciencia Al Poder (talk) 15:09, 25 September 2017 (UTC)Reply

Thanks for that Ciencia,

A couple of follow-up questions on this:

• Should I expect API users to be affected by this? I've got a user who is now getting a 401 error when attempting to get his login token. He's still supplying the same details as he was before we enabled auto authentication. Not sure if he should be sending different parameters?
• For our non-windows users, a suitable alternative would be to allow access to the log in screen as a fallback. They can currently access ok as the browser prompts for credentials, but it doesn't keep them logged in once their session is closed. I'll do a bit more reading, but in principle is it possible to run an auto-auth domain alongside a manual auth domain? Dshinks (talk) 09:57, 26 September 2017 (UTC)Reply

Hello,

i keep getting Errors on login with ldap user from Active Directory. Generally the login always works aka i have the User Preference etc buttons on the upper right. But the second and ongoing login from a ldap User will generate DB Query Errors.

The interesting part is in the attached debug_data.txt:

Query: INSERT INTO `comwiki-ldap_domains` (domain,user_id) VALUES (NULL,'4')

On the first Login this Query will be run towards my DB. Then the value of domain is empty; the next login will produce the attached Error.

Version:

|LDAP Authentication Plugin

|2.1.0 (4c9bdab)16:24, 21. Apr. 2017

|}

!Software

!Version

|-

|MediaWiki

|1.29.0 (8b5beb3)

|-

|PHP

|5.5.14 (apache2handler)

|-

|MySQL

|5.6.24-log

|-

|ICU

|52.1

|}

Greeting from Germany

Thanks in advance

Christian Hase Hasechris (talk) 08:47, 25 October 2017 (UTC)Reply

the same probleme with 1.27.3, PHP 7 206.55.83.201 (talk) 21:29, 9 November 2017 (UTC)Reply

Debug output:

[cookie] already deleted setcookie: "forceHTTPS", "", "1477383977", "/", "", "", "1"

[DBQuery] wikidb REPLACE /* SqlBagOStuff::setMulti */ INTO `comwiki-objectcache` (keyname,value,exptime) VALUES ('wikidb-comwiki-:MWSession:ltl8srq3pkcr4la1hhb7hkh9a5mgc3bb'','20171025092617')

[error] [9a4104b9e8f72ce750b716bf] /index.php?title=Special:UserLogin&returnto=Main+Page ErrorException from line 1168 of /srv/www/htdocs/extensions/LdapAuthentication/LdapAuthenticationPlugin.php: PHP Notice: Undefined index: wsDomain

[DBQuery] wikidb SELECT /* LdapAuthenticationPlugin::loadDomain 10.155.65.56 */ domain FROM `comwiki-ldap_domains` WHERE user_id = '4' LIMIT 1

[DBQuery] wikidb INSERT /* LdapAuthenticationPlugin::saveDomain 10.155.65.56 */ INTO `comwiki-ldap_domains` (domain,user_id) VALUES (NULL,'4')

[DBQuery] LdapAuthenticationPlugin::saveDomain <hostname> (edited) 1048 Column 'domain' cannot be null (<hostname> (edited)) INSERT INTO `comwiki-ldap_domains` (domain,user_id) VALUES (NULL,'4')

[DBQuery] SQL ERROR: Column 'domain' cannot be null (<hostname> (edited))

[session] SessionBackend "ltl8srq3pkcr4la1hhb7hkh9a5mgc3bb" data dirty due to dirty(): AuthManagerSpecialPage->performAuthenticationStep/MediaWiki\Auth\AuthManager->beginAuthentication/MediaWiki\Auth\AuthManager->continueAuthentication/MediaWiki\Session\Session->remove/MediaWiki\Session\SessionBackend->dirty

[DBQuery] wikidb ROLLBACK /* MWExceptionHandler::rollbackMasterChangesAndLog 10.155.65.56 */

[exception] [9a4104b9e8f72ce750b716bf] /index.php?title=Special:UserLogin&returnto=Main+Page Wikimedia\Rdbms\DBQueryError from line 1075 of /srv/www/htdocs/includes/libs/rdbms/database/Database.php: A database query error has occurred. Did you forget to run your application's database schema updater after upgrading?

Query: INSERT INTO `comwiki-ldap_domains` (domain,user_id) VALUES (NULL,'4') Function: LdapAuthenticationPlugin::saveDomain

Error: 1048 Column 'domain' cannot be null (<hostname> (edited))

[DBQuery] wikidb BEGIN /* Wikimedia\Rdbms\Database::query (LCStoreDB::get) 10.155.65.56 */ Hasechris (talk) 11:12, 25 October 2017 (UTC)Reply

The Error dump:

[9a4104b9e8f72ce750b716bf] /index.php?title=Special:UserLogin&returnto=Main+Page Wikimedia\Rdbms\DBQueryError from line 1075 of /srv/www/htdocs/includes/libs/rdbms/database/Database.php: A database query error has occurred. Did you forget to run your application's database schema updater after upgrading?

Query: INSERT INTO `comwiki-ldap_domains` (domain,user_id) VALUES (NULL,'4')

Function: LdapAuthenticationPlugin::saveDomain

Error: 1048 Column 'domain' cannot be null (mgtcom012.a41mgt.local)

Backtrace:

#0 /srv/www/htdocs/includes/libs/rdbms/database/Database.php(933): Wikimedia\Rdbms\Database->reportQueryError(string, integer, string, string, boolean)

#1 /srv/www/htdocs/includes/libs/rdbms/database/Database.php(1515): Wikimedia\Rdbms\Database->query(string, string)

#2 /srv/www/htdocs/extensions/LdapAuthentication/LdapAuthenticationPlugin.php(2003): Wikimedia\Rdbms\Database->insert(string, array, string)

#3 /srv/www/htdocs/extensions/LdapAuthentication/LdapAuthenticationPlugin.php(1168): LdapAuthenticationPlugin::saveDomain(User, NULL)

#4 /srv/www/htdocs/includes/auth/AuthPluginPrimaryAuthenticationProvider.php(145): LdapAuthenticationPlugin->updateUser(User)

#5 [internal function]: MediaWiki\Auth\AuthPluginPrimaryAuthenticationProvider->onUserLoggedIn(User)

#6 /srv/www/htdocs/includes/Hooks.php(186): call_user_func_array(array, array)

#7 /srv/www/htdocs/includes/auth/AuthManager.php(2388): Hooks::run(string, array)

#8 /srv/www/htdocs/includes/auth/AuthManager.php(690): MediaWiki\Auth\AuthManager->setSessionDataForUser(User, boolean)

#9 /srv/www/htdocs/includes/auth/AuthManager.php(382): MediaWiki\Auth\AuthManager->continueAuthentication(array)

#10 /srv/www/htdocs/includes/specialpage/AuthManagerSpecialPage.php(353): MediaWiki\Auth\AuthManager->beginAuthentication(array, string)

#11 /srv/www/htdocs/includes/specialpage/AuthManagerSpecialPage.php(482): AuthManagerSpecialPage->performAuthenticationStep(string, array)

#12 [internal function]: AuthManagerSpecialPage->handleFormSubmit(array, VFormHTMLForm)

#13 /srv/www/htdocs/includes/htmlform/HTMLForm.php(663): call_user_func(array, array, VFormHTMLForm)

#14 /srv/www/htdocs/includes/specialpage/AuthManagerSpecialPage.php(416): HTMLForm->trySubmit()

#15 /srv/www/htdocs/includes/specialpage/LoginSignupSpecialPage.php(305): AuthManagerSpecialPage->trySubmit()

#16 /srv/www/htdocs/includes/specialpage/SpecialPage.php(522): LoginSignupSpecialPage->execute(NULL)

#17 /srv/www/htdocs/includes/specialpage/SpecialPageFactory.php(578): SpecialPage->run(NULL)

#18 /srv/www/htdocs/includes/MediaWiki.php(287): SpecialPageFactory::executePath(Title, RequestContext)

#19 /srv/www/htdocs/includes/MediaWiki.php(862): MediaWiki->performRequest()

#20 /srv/www/htdocs/includes/MediaWiki.php(523): MediaWiki->main()

#21 /srv/www/htdocs/index.php(43): MediaWiki->run()

#22 {main} Hasechris (talk) 11:13, 25 October 2017 (UTC)Reply

check php logs :

PHP Notice:  Undefined index: wsDomain in /wikimedia/wiki/extensions/LdapAuthentication/LdapAuthenticationPlugin.php on line 1165

edit /wikimedia/extensions/LdapAuthentication/LdapAuthenticationPlugin.php at line 1165

# We must set a user option if we want token based logins to work

                if ( $user->getToken( false ) ) {

                        $this->printDebug( "User has a token, setting domain in user options.", NONSENSITIVE );

                #       self::saveDomain( $user, $_SESSION['wsDomain'] );

                        self::saveDomain( $user, $this->getDomain() );

                }

(lien: [[Extension talk:LDAP Authentication/2016#h-Use_of_$_SESSION['wsDomain']_in_LdapAuthentication.php_causes_problems-2016-02-16T16:00:00.000Z|https://www.mediawiki.org/wiki/Extension%20talk%3ALDAP%20Authentication/2016#h-Use_of_%24_SESSION%5B%27wsDomain%27%5D_in_LdapAuthentication.php_causes_problems-2016-02-16T16%3A00%3A00.000Z]])

It woks for me. 206.55.83.201 (talk) 13:36, 10 November 2017 (UTC)Reply

AD auth - Automatic account creation is not allowed

[edit]

Latest comment: 8 years ago3 comments3 people in discussion

Hello.

I use Debian 9 with Nginx + last mediawiki

when i try to log in i receive: "Auto-creation of a local account failed: Automatic account creation is not allowed."

if i use correct auth name and password, if not - i receive thet user or password wrong. Another word ldap auth ok.

my config:

# The following permissions were set based on your choice in the installer

$wgGroupPermissions['*'    ]['createaccount']   = true;

$wgGroupPermissions['*'    ]['read']            = true;

$wgGroupPermissions['*'    ]['edit']            = true;

$wgGroupPermissions['*'    ]['createpage']      = true;

$wgGroupPermissions['*'    ]['createtalk']      = true;

# AD

require_once ("/usr/share/mediawiki-extensions/ldapauth/LdapAuthentication.php");

$wgAuth = new LdapAuthenticationPlugin();

$wgLDAPDomainNames = array(

  '**addomain**'

);

$wgLDAPServerNames = array(

  '**addomain**' => 'srv-dc2.**addomain**.ru'

);

$wgLDAPSearchStrings = array(

  '**addomain**' => '**addomain**\\USER-NAME'

);

$wgLDAPBaseDNs = array(

  '**addomain**' => 'dc=**addomain**,dc=ru'

);

$wgLDAPSearchAttributes = array(

  '**addomain**' => 'sAMAccountName' );

$wgLDAPPort = array(

  '**addomain**' => 389,

);

$wgLDAPEncryptionType = array(

  '**addomain**' => 'clear'

);

$wgLDAPProxyAgent =  array(

  '**addomain**' => 'CN=ldapwiki,CN=Users,DC=**addomain**,DC=ru'

);

$wgLDAPProxyAgentPassword = array(

  '**addomain**' => '****'

);

$wgLDAPDisableAutoCreate = array(

  '**addomain**' => true

);

$wgLDAPUseLocal = false;

$wgMinimalPasswordLength = 1;

$wgLDAPDebug = 99;

$wgDebugLogGroups['ldap'] = '/tmp/debug.log';

in debug log:

2017-10-27 12:46:17 srv-intranet wiki: 2.0a Using TLS or not using encryption.

2017-10-27 12:46:17 srv-intranet wiki: 2.0a Using non-standard port: 389

2017-10-27 12:46:17 srv-intranet wiki: 2.0a Using servers:  ldap://srv-dc2.**addomain**.ru:389

2017-10-27 12:46:17 srv-intranet wiki: 2.0a PHP's LDAP connect method returned true (note, this does not imply it connected to the server).

2017-10-27 12:46:17 srv-intranet wiki: 2.0a Entering getUserDN

2017-10-27 12:46:17 srv-intranet wiki: 2.0a Doing a proxy bind

2017-10-27 12:46:17 srv-intranet wiki: 2.0a Created a regular filter: (sAMAccountName=UserName)

2017-10-27 12:46:17 srv-intranet wiki: 2.0a Entering getBaseDN

2017-10-27 12:46:17 srv-intranet wiki: 2.0a basedn is not set for this type of entry, trying to get the default basedn.

2017-10-27 12:46:17 srv-intranet wiki: 2.0a Entering getBaseDN

2017-10-27 12:46:17 srv-intranet wiki: 2.0a Using base: dc=**addomain**,dc=ru

2017-10-27 12:46:17 srv-intranet wiki: 2.0a Fetched username is not a string (check your hook code...). This message can be safely ignored if you do not have the SetUsernameAttributeFromLDAP hook defined.

2017-10-27 12:46:17 srv-intranet wiki: 2.0a Munged username: UserName

2017-10-27 12:46:17 srv-intranet wiki: 2.0a Entering getCanonicalName

2017-10-27 12:46:17 srv-intranet wiki: 2.0a Username isn't empty.

2017-10-27 12:46:17 srv-intranet wiki: 2.0a Entering Connect

2017-10-27 12:46:17 srv-intranet wiki: 2.0a Using TLS or not using encryption.

2017-10-27 12:46:17 srv-intranet wiki: 2.0a Using non-standard port: 389

2017-10-27 12:46:17 srv-intranet wiki: 2.0a Using servers:  ldap://srv-dc2.**addomain**.ru:389

2017-10-27 12:46:17 srv-intranet wiki: 2.0a PHP's LDAP connect method returned true (note, this does not imply it connected to the server).

2017-10-27 12:46:17 srv-intranet wiki: 2.0a Entering getUserDN

2017-10-27 12:46:17 srv-intranet wiki: 2.0a Doing a proxy bind

2017-10-27 12:46:17 srv-intranet wiki: 2.0a Created a regular filter: (sAMAccountName=UserName)

2017-10-27 12:46:17 srv-intranet wiki: 2.0a Entering getBaseDN

2017-10-27 12:46:17 srv-intranet wiki: 2.0a basedn is not set for this type of entry, trying to get the default basedn.

2017-10-27 12:46:17 srv-intranet wiki: 2.0a Entering getBaseDN

2017-10-27 12:46:17 srv-intranet wiki: 2.0a Using base: dc=**addomain**,dc=ru 77.245.199.118 (talk) 12:58, 27 October 2017 (UTC)Reply

$wgLDAPDisableAutoCreate = array(

  '**addomain**' => false ); 206.55.83.201 (talk) 21:27, 9 November 2017 (UTC)Reply

Right, $wgLDAPDisableAutoCreate needs t be set to false for the domain for auto creation to be allowed.

I had the same problem, but it had a different reason:

Automatic account creation needs one or both of the user rights "createaccount" and "autocreateaccount" to be granted to anonymous users. And these user rights need to be defined before the extension is included and configured.

In my case, the problem disappeared when I put the line

$wgGroupPermissions['*']['autocreateaccount'] = true;

before any line of the LdapAuthentication extension. 2003:CC:ABE0:EF00:CDBF:F0FF:9AD0:DA37 (talk) 21:50, 26 November 2017 (UTC)Reply

separation of the nickname

[edit]

Latest comment: 8 years ago1 comment1 person in discussion

Hi,

I`m using:

MediaWiki: 1.29.1

PHP: 5.6.30-0+deb8u1 (apache2handler)

MySQL: 5.5.58-0+deb8u1

Lua: 5.1.5

LdapAuthentication: REL1_29

uname -a

Linux MediaWiKi 4.10.15-1-pve #1 SMP PVE 4.10.15-15 (Fri, 23 Jun 2017 08:57:55 +0200) x86_64 GNU/Linux

Immediately I apologize for the big log...

Situation: Authorization is configured in the AD (USER-NAME).

The user with the name ddt comes in. User with deep_case nickname - wrote error "The password you entered is incorrect. Try again.". Login/password is 100% correct.

As I understand it - the problem is in symbol _

LocalSettings.php:

require_once( "$IP/extensions/LdapAuthentication/LdapAuthentication.php" );

$wgAuth = new LdapAuthenticationPlugin();

$wgLDAPDomainNames = array('test.td.com');

$wgLDAPServerNames = array('test.td.com' => 'dc1.test.td.com dc2.test.td.com');

$wgLDAPEncryptionType = array('test.td.com' => 'clear');

$wgLDAPBaseDNs = array('test.td.com' => 'DC=test,DC=td,DC=com');

$wgLDAPProxyAgent =  array('test.td.com' => 'CN=user_wiki,DC=test,DC=td,DC=com');

$wgLDAPProxyAgentPassword = array('test.td.com' => 'megapassword');

$wgLDAPLowerCaseUsername = array('test.td.com' => true);

$wgMinimalPasswordLength = 1;

$wgLDAPUseLocal = false;

$wgLDAPSearchStrings = array('test.td.com' => "TEST\\USER-NAME");

Debug file:

2017-11-07 13:54:24 MediaWiKi wiki-_wiki: 2.1.0 Entering strict.

2017-11-07 13:54:24 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:24 MediaWiKi wiki-_wiki: 2.1.0 Returning true in strict().

2017-11-07 13:54:24 MediaWiKi wiki-_wiki: 2.1.0 Entering strict.

2017-11-07 13:54:24 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:24 MediaWiKi wiki-_wiki: 2.1.0 Returning true in strict().

2017-11-07 13:54:26 MediaWiKi wiki-_wiki: 2.1.0 Entering strict.

2017-11-07 13:54:26 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:26 MediaWiKi wiki-_wiki: 2.1.0 Returning true in strict().

2017-11-07 13:54:26 MediaWiKi wiki-_wiki: 2.1.0 Entering allowPasswordChange

2017-11-07 13:54:26 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:26 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:26 MediaWiKi wiki-_wiki: 2.1.0 Entering modifyUITemplate

2017-11-07 13:54:26 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:26 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:26 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:26 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:26 MediaWiKi wiki-_wiki: 2.1.0 Username is an IP, not munging.

2017-11-07 13:54:26 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:26 MediaWiKi wiki-_wiki: 2.1.0 Username is: Ddt

2017-11-07 13:54:26 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:26 MediaWiKi wiki-_wiki: 2.1.0 Munged username: Ddt

2017-11-07 13:54:26 MediaWiKi wiki-_wiki: 2.1.0 Entering strict.

2017-11-07 13:54:26 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:26 MediaWiKi wiki-_wiki: 2.1.0 Returning true in strict().

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering strict.

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Returning true in strict().

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering allowPasswordChange

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering modifyUITemplate

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Username is an IP, not munging.

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Username is: Ddt

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Munged username: Ddt

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Username is: Ddt

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Munged username: Ddt

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Username is: Ddt

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Munged username: Ddt

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Username is: Ddt

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Munged username: Ddt

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Username is: Ddt

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Munged username: Ddt

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Username is: Ddt

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Munged username: Ddt

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Username is: Ddt

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Munged username: Ddt

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Username is: Ddt

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Munged username: Ddt

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering validDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 User is using a valid domain (test.td.com).

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Setting domain as: test.td.com

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Username is: Ddt

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Munged username: Ddt

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering userExists

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering authenticate for username Ddt

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering Connect

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Using TLS or not using encryption.

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Using servers: ldap://dc1.test.td.com:389 ldap://dc2.test.td.com:389

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 PHP's LDAP connect method returned true (note, this does not imply it connected to the server).

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getSearchString

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Doing a straight bind

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 userdn is: TEST\ddt

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Binding as the user

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Bound successfully

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getUserDN

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Created a regular filter: (=ddt)

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getBaseDN

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 basedn is not set for this type of entry, trying to get the default basedn.

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getBaseDN

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Using base: DC=test,DC=td,DC=com

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Couldn't find an entry

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Fetched UserDN:

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getGroups

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering checkGroups

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getPreferences

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Authentication passed

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Username is: Ddt

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Munged username: Ddt

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering updateUser

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 User has a token, setting domain in user options.

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Saving user settings.

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering updateExternalDB

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:38 MediaWiKi wiki-_wiki: 2.1.0 Either the user is using a local domain, or the wiki isn't allowing updates

2017-11-07 13:54:39 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:39 MediaWiKi wiki-_wiki: 2.1.0 Username is: Ddt

2017-11-07 13:54:39 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:39 MediaWiKi wiki-_wiki: 2.1.0 Munged username: Ddt

2017-11-07 13:54:39 MediaWiKi wiki-_wiki: 2.1.0 Entering strict.

2017-11-07 13:54:39 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:39 MediaWiKi wiki-_wiki: 2.1.0 Returning true in strict().

2017-11-07 13:54:39 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:39 MediaWiKi wiki-_wiki: 2.1.0 Username is: Ddt

2017-11-07 13:54:39 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:39 MediaWiKi wiki-_wiki: 2.1.0 Munged username: Ddt

2017-11-07 13:54:39 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:39 MediaWiKi wiki-_wiki: 2.1.0 Username is: Ddt

2017-11-07 13:54:39 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:39 MediaWiKi wiki-_wiki: 2.1.0 Munged username: Ddt

2017-11-07 13:54:43 MediaWiKi wiki-_wiki: 2.1.0 Entering strict.

2017-11-07 13:54:43 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:43 MediaWiKi wiki-_wiki: 2.1.0 Returning true in strict().

2017-11-07 13:54:45 MediaWiKi wiki-_wiki: 2.1.0 Entering strict.

2017-11-07 13:54:45 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:45 MediaWiKi wiki-_wiki: 2.1.0 Returning true in strict().

2017-11-07 13:54:46 MediaWiKi wiki-_wiki: 2.1.0 Entering allowPasswordChange

2017-11-07 13:54:46 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:46 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:46 MediaWiKi wiki-_wiki: 2.1.0 Entering modifyUITemplate

2017-11-07 13:54:46 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:46 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:46 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:46 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:46 MediaWiKi wiki-_wiki: 2.1.0 Username is an IP, not munging.

2017-11-07 13:54:46 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:46 MediaWiKi wiki-_wiki: 2.1.0 Username is: Ddt

2017-11-07 13:54:46 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:46 MediaWiKi wiki-_wiki: 2.1.0 Munged username: Ddt

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Entering strict.

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Returning true in strict().

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Entering allowPasswordChange

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Entering modifyUITemplate

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Username is an IP, not munging.

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Username is: Ddt

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Munged username: Ddt

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Username is: Deep case

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Munged username: Deep case

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Username is: Deep case

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Munged username: Deep case

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Username is: Deep case

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Munged username: Deep case

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Username is: Deep case

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:54 MediaWiKi wiki-_wiki: 2.1.0 Munged username: Deep case

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Username is: Deep case

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Munged username: Deep case

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Username is: Deep case

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Munged username: Deep case

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Username is: Deep case

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Munged username: Deep case

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering validDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 User is using a valid domain (test.td.com).

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Setting domain as: test.td.com

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Username is: Deep case

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Munged username: Deep case

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering userExists

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering authenticate for username Deep case

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering Connect

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Using TLS or not using encryption.

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Using servers: ldap://dc1.test.td.com:389 ldap://dc2.test.td.com:389

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 PHP's LDAP connect method returned true (note, this does not imply it connected to the server).

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getSearchString

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Doing a straight bind

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 userdn is: TEST\deep case

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Binding as the user

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Failed to bind as TEST\deep case

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering strict.

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Returning true in strict().

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Username is: Deep case

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Munged username: Deep case

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering allowPasswordChange

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering modifyUITemplate

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getCanonicalName

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Username is: Ddt

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:54:55 MediaWiKi wiki-_wiki: 2.1.0 Munged username: Ddt

2017-11-07 13:55:21 MediaWiKi wiki-_wiki: 2.1.0 Entering strict.

2017-11-07 13:55:21 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:55:21 MediaWiKi wiki-_wiki: 2.1.0 Returning true in strict().

2017-11-07 13:55:24 MediaWiKi wiki-_wiki: 2.1.0 Entering strict.

2017-11-07 13:55:24 MediaWiKi wiki-_wiki: 2.1.0 Entering getDomain

2017-11-07 13:55:24 MediaWiKi wiki-_wiki: 2.1.0 Returning true in strict(). Deep case (talk) 14:10, 7 November 2017 (UTC)Reply

LDAP "fake" log in

[edit]

I am describing a situation where LDAP Authentication wrongly seems to log in a user through the LDAP domain.

Initial setup:

• One local user: user1 (who has logged in at least once in the wiki)
• Two ldap users: user1 and user2
• $wgMainCacheType = CACHE_ACCEL
• Local user1 and ldap user1 have the same password

After installing LDAP Authentication with $wgLDAPUseLocal = true; and before running maintenance/update.php (or creating /*_*/ldap_domains manually):

1. Access the wiki: Error: 1146 Table 'wiki_db_name.wiki_db_prefix_ldap_domains' doesn't exist
2. Change $wgMainCacheType = CACHE_NONE
3. Access the wiki: Wiki is displayed with no error message
4. Log in with user1 in local domain: Error: 1146 Table 'wiki_db_name.wiki_db_prefix_ldap_domains' doesn't exist but the user is logged in
5. Log out
6. Log in with user1 in ldap domain: The user is logged in with no error message
7. Log out
8. Log in with user2 in ldap domain: Wrong credential message, the is not logged in J. Xavier Atero 18:46, 11 November 2017 (UTC)

Autheniticate single users

[edit]

Latest comment: 8 years ago1 comment1 person in discussion

Currently we configure the allowed users for our MW by wgLDAPRequiredGroups. Is there a way to explicitely allow certains LDAP users to authenticate indepently from their groups? Aschroet (talk) 08:22, 14 November 2017 (UTC)Reply

Mediawiki 1.28 with php5.6 v. php7.0 & LdapAuthentication issues

[edit]

Latest comment: 8 years ago2 comments2 people in discussion

Hi,

with mediawiki 1.28 and php5.6 I can authenticate to my openldap servers, however when I enable php7.0 and disable php5.6 (Debian 9) it stops working.

Can anyone point me to posts similar to this if this has been brought up already?

Thanks 96.91.174.60 (talk) 21:13, 22 November 2017 (UTC)Reply

I've had the same issue with MW 1.26 and php 5.6 / php 7.0. This solved the problem:

1. Install LDAP: apt-get install php-ldap

2. Change line 600 of the file 'extensions/LdapAuthentication/LdapAuthentication.php' (see this post):

from:

$servers = rtrim( $servers );

to:

$servers = trim( $servers ); Rolacher (talk) 19:48, 13 December 2017 (UTC)Reply

Auto Create and Grant Access

[edit]

Latest comment: 8 years ago1 comment1 person in discussion

Is there anyway that I can configure this so that It will auto create accounts and grant them Specific permissions (read \ Write \ Admin) based on what AD group they are in please

I currently have it enabled so that it will allow you to log in if you are in certain groups but then I need to populate the permissions manually

here is current details

require_once( "$IP/extensions/LdapAuthentication/LdapAuthentication.php" );

$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDomainNames = array( "test" );
$wgLDAPServerNames = array( "test"=> "srvadfshqgw.test.test.co.uk srvadfsbrtn.test.test.co.uk"  );
$wgLDAPSearchStrings = array("test" => "test\\USER-NAME",);
$wgLDAPEncryptionType = array( "test"=>"ssl" );
#$wgLDAPUseLocal = false;
$wgMinimalPasswordLength = 1;
$wgLDAPBaseDNs = array( "test"=> "DC=test,DC=test,DC=co,DC=uk" );
$wgLDAPSearchAttributes = array( "test"=>"sAMAccountName" );
$wgLDAPRetrievePrefs = array( "test" => "true" );
$wgLDAPPreferences = array('test' => array( 'email' => 'mail','realname' => 'displayname'));
$wgLDAPDebug = 1; //for debugging LDAP;
$wgDebugLogGroups["ldap"] = "/tmp/wikidebuglog-{$wgDBname}.log";
#$wgLDAPRequiredGroups = array( "test"=> array("cn=Bimtest_Admin,ou=Groups for testing,ou=test,dc=test,dc=test,dc=co,dc=uk","cn=Bimtest_Read,ou=Groups for testing,ou=test,dc=test,dc=test,dc=co,dc=uk") );
$wgLDAPGroupUseFullDN = array( "test"=>true );
$wgLDAPGroupsUseMemberOf = array( "test"=>true );
$wgLDAPGroupObjectclass = array( "test"=>"group" );
$wgLDAPGroupAttribute = array( "test"=>"member" );
$wgLDAPGroupSearchNestedGroups = array( "test"=>true );
$wgLDAPGroupNameAttribute = array( "test"=>"cn" );
$wgLDAPGroupSearchNestedGroups = array( "test"=>true );
$wgLDAPActiveDirectory = array( "test" => true);
#$wgLDAPDisableAutoCreate = array(

  'test' => true;

thanks Dturtill (talk) 11:33, 28 November 2017 (UTC)Reply

Support for LDAP Authentication on MW 1.29 (Windows 2012 R2, IIS).

[edit]

Latest comment: 7 years ago5 comments5 people in discussion

After spending the better part of two days, I just installed LDAP authentication in my environment, which is made up of:

MediaWiki 1.29

PHP 7.1.8

MySQL 5.7.19

Windows Server 2012 R2

IIS 8.5

Unfortunately, it is not working (in fact, after installing all the pieces and parts, my Wiki site would not load at all)

Is LDAP Authentication supported under this configuration? I have seen conflicting information on this and before I spend a lot of time on this, I need to know if this is even achievable. 198.181.18.22 (talk) 18:47, 29 November 2017 (UTC)Reply

After tweaking some of the settings in LocalSettings.php, the site now loads when LDAP Authentication is enabled. Unfortunately, LDAP Authentication itself is still not working. In the meantime, I really need to know if this is supported/should work in my environment:

MediaWiki 1.29

PHP 7.1.8

MySQL 5.7.19

Windows Server 2012 R2

IIS 8.5 198.181.18.24 (talk) 16:19, 30 November 2017 (UTC)Reply

Still trying to find out if this configuration is supported ..... can anyone verify yes or no for me? 198.181.18.23 (talk) 21:46, 12 February 2018 (UTC)Reply

Any progress? 188.2.105.99 (talk) 22:29, 14 March 2018 (UTC)Reply

Did you ever get this working? I am having issues getting ldap working too. 24.182.14.221 (talk) 22:38, 11 June 2018 (UTC)Reply