Project:Support desk

Jump to navigation Jump to search

About this board

Welcome to MediaWiki.org's Support desk, where you can ask MediaWiki questions!

There are also other places where to ask :

Before you post

Post a new question

  1. To help us answer your questions, please always indicate which versions you are using (reported by your wiki's Special:Version page):
    • MediaWiki
    • PHP
    • Database
  2. Please include the URL of your wiki unless you absolutely can't. It's often a lot easier for us to identify the source of the problem if we can look for ourselves.
  3. To start a new thread, click "Start a new topic".
Previous page history was archived for backup purposes at Project:Support_desk/old on 2015-07-30.
 

trying to get ldap auth working

5
Seth2740 (talkcontribs)

I have mediawiki 1.34.2 on fedora 32 with apache 2.4.43, mysql 8.0.21 and php 7.4.8. I installed ldapprovider, pluggableauth and ldapauthentication2; autocreate account set to true and have a json file with my ldap config (domain controller, base dn, etc. and hope it's correct).


When I try to login using a domain account, I get this...


[XzK0s3@C7oXFuPP8oKdn6QAAAIc] /index.php?title=Special:PluggableAuthLogin Error from line 244 of /var/www/html/extensions/LDAPProvider/src/PlatformFunctionWrapper.php: Call to undefined function ldap_connect()

Backtrace:

#0 /var/www/html/extensions/LDAPProvider/src/PlatformFunctionWrapper.php(261): MediaWiki\Extension\LDAPProvider\PlatformFunctionWrapper->connect()

#1 /var/www/html/extensions/LDAPProvider/src/Client.php(100): MediaWiki\Extension\LDAPProvider\PlatformFunctionWrapper::getConnection()

#2 /var/www/html/extensions/LDAPProvider/src/Client.php(88): MediaWiki\Extension\LDAPProvider\Client->makeNewConnection()

#3 /var/www/html/extensions/LDAPProvider/src/Client.php(329): MediaWiki\Extension\LDAPProvider\Client->init()

#4 /var/www/html/extensions/LDAPAuthentication2/src/PluggableAuth.php(77): MediaWiki\Extension\LDAPProvider\Client->canBindAs()

#5 /var/www/html/extensions/PluggableAuth/includes/PluggableAuthLogin.php(30): MediaWiki\Extension\LDAPAuthentication2\PluggableAuth->authenticate()

#6 /var/www/html/includes/specialpage/SpecialPage.php(575): PluggableAuthLogin->execute()

#7 /var/www/html/includes/specialpage/SpecialPageFactory.php(611): SpecialPage->run()

#8 /var/www/html/includes/MediaWiki.php(296): MediaWiki\Special\SpecialPageFactory->executePath()

#9 /var/www/html/includes/MediaWiki.php(900): MediaWiki->performRequest()

#10 /var/www/html/includes/MediaWiki.php(527): MediaWiki->main()

#11 /var/www/html/index.php(44): MediaWiki->run()

#12 {main}


I went over the pluggableauth configuration section and didn't see the need to add any options there as the defaults are fine. Could this be a php incompatibility since the latest version (5.7) is dated 2018?

Ciencia Al Poder (talkcontribs)
Seth2740 (talkcontribs)

ok fixed that part. now when trying to use a domain account it says "could not authenticate credentials against domain"

Osnard (talkcontribs)
Seth2740 (talkcontribs)

ok...will look at the extension page and AD integration section of the manual (didn't know they existed). i see there are more extensions required than listed on the ldapauthentication2 page so that could be a factor also

Reply to "trying to get ldap auth working"

How to show specific article on Main Page? (2)

1
Smilewhj (talkcontribs)

Hi, everybody. I want to show specific article on Main Page and someone told me 'transclusion'.

but as I know, using transclusion can add only assigned (namespace) article.

  1. How can I show 'most recently revised article' on the Main page?
  2. How can I show only one specific part of article? (if one article has introduction and several part started with '==', I wanna show only introduction part)
Reply to "How to show specific article on Main Page? (2)"

How to show specific article on Main Page?

3
Smilewhj (talkcontribs)

I want to show one part of specific article (actually, most recently revised article) on main page, how can I do this?

Malyacko (talkcontribs)
59.9.24.33 (talkcontribs)

Thanks, Malyacko

Reply to "How to show specific article on Main Page?"

How to update articles after extension changes?

3
176.59.68.66 (talkcontribs)

Hi, everybody. I have template changes to the Embedvideo extension, but the changes were not applied in my articles. Only after updating manually in the admin panel.

I found this solution

Manual:Purge#Examples, but this is for one article. Does the cli interface has this solution?

Majavah (talkcontribs)
Bawolff (talkcontribs)

generally making any edit to LocalSettings.php will force all pages to be reparsed on next view.

Reply to "How to update articles after extension changes?"

Mediawiki is not clearing Varnish cache

2
Lucasbasquerotto (talkcontribs)

Hi, I'm setting up Mediawiki with Varnish and the pages are being correctly cached by Varnish, but when I edit a Mediawiki page, the cache is not purged, so the outdated page still shows to users. I even removed the acl to make varnish accept calls from any source.

In Mediawiki settings, I defined both the host (name of the docker container) as well as the docker IP, but it didn't worked.


I've added to the settings:

$wgUseCdn = true;

$wgCdnServers = [];

$wgCdnServers[] = "172.22.0.10";


(the docker container had the above IP at that time)


I enabled Mediawiki logs and see the error:

[squid] CdnCacheUpdate::purge: https://localhost:8443/index.php/Test_Page https://localhost:8443/index.php?title=Test_Page&action=history

[DeferredUpdates] Deferred update CdnCacheUpdate failed: Call to undefined function socket_create()


I have found no solution for undefined socket_create() in Mediawiki.

Installed software

Product Version
MediaWiki 1.34.1
PHP 7.3.18 (apache2handler)
MariaDB 10.5.3-MariaDB-1:10.5.3+maria~bionic-log
ICU 63.1

I'm using varnish 6.4.0 (vcl 4.0). I'm using the docker image mediawiki:1.34.1

I don't know how to proceed and haven't found a solution.


Update:


If I try to enable sockets (docker-php-ext-enable sockets) it shows that it's already enabled: warning: sockets (sockets.so) is already loaded!, but from the error it seems as if it's not enabled tough.

Lucasbasquerotto (talkcontribs)

I've installed and enabled the sockets extension (docker-php-ext-install sockets and docker-php-ext-enable sockets) and restarted the docker container, and it works now.

I think it's important to document that the sockets extension needs to be enabled at Manual:Varnish caching and update $wgUseSquid and similar variables to $wgUseCdn and the other new variables.

Reply to "Mediawiki is not clearing Varnish cache"

Flagging an article for removal

2
2601:805:C182:C90:24EC:31CA:51EA:118F (talkcontribs)
Malyacko (talkcontribs)

Welcome to the support desk for the MediaWiki software. For random content on random websites, please contact those websites - we have nothing to do with roovet.com.

Reply to "Flagging an article for removal"
138.163.128.43 (talkcontribs)

When editing an article, MediaWiki seems to add a line break at the end of the existing text. It seems like it gets stripped on save, but it can be annoying for our use. Is there a way to prevent from this line break from being added when editing an article?

Reply to "Remove Line Break"
197.138.16.2 (talkcontribs)

Hello mediawiki

Kindly assist me with login

Majavah (talkcontribs)

Please be more specific with your question.

Reply to "login problem"
Minteck (talkcontribs)

Hello, I have setup a MediaWiki installation for a private wiki, and now I'd like to create my own website, but make it only available to people who are logged in to my MediaWiki installation.

I didn't found any straight-forward and simple API to validate a token (maybe the mediawiki_session cookie, or another one?) that my server could call to check if the token is valid.

The website I'll create and my MediaWiki instance are on the same domain. I found ?action=checktoken but when I try api.php?action=checktoken&type=login&token=<token> with the mediawiki_session it says it's invalid.

Here's a summary on how I want it to be:

  • The server should make the request, not the client
  • Validate the token easily
  • I know how to do the rest

Regards.

Bawolff (talkcontribs)

checktoken is for csrf tokens only. You should not use that for access control.

The hacky way to do this is to take all the user's cookies, make a server side request with the user's cookies to api.php?action=query&meta=userinfo and see what user is returned.


For the non hacky way of doing this - im not sure i understand what you are trying to accomplish. I assume you are not doing some sort of single-sign-on since you are using mediawiki's authorization (if you are doing some sort of single-sign-on see AuthManager). At the same time you don't want to use MediaWiki's builtin access control to only allow logged in users? I could probably better advise if i understood why you are trying to do this.

Nonetheless, if you didnt trust mediawiki's access control, and want to use some sort of interstitial access portal instead, probably the most proper approach would be to use a custom SessionManager and have all authorization be in your thing instead of just the access control. See AuthManager

Minteck (talkcontribs)

Thanks, it's working!

Here's my code if some are interested:

<?php

// We grab all the cookies
$cookies = "";
$keys = array_keys($_COOKIE);
$index = 0;
foreach ($_COOKIE as $cookie) {
    $cookies = $cookies . $keys[$index] . "=" . $cookie . ";";
    $index++;
}

// Make the request to the MediaWiki API
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, "https://{$_SERVER['HTTP_HOST']}/api.php?action=query&meta=userinfo&format=json");
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_COOKIE, $cookies);
curl_setopt($curl, CURLOPT_HEADER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
$result = curl_exec($curl);
curl_close($curl);

// Process the data
$data = json_decode($result);
header("Content-Type: application/json");

if (json_last_error() !== JSON_ERROR_NONE) {
    die("false");
}

if (isset($data->batchcomplete) && $data->batchcomplete == "") {
    die("true");
} else {
    die("false");
}

And it's surprisingly fast! I can even improve the speed using localhost instead of the domain name used by the client.

Bawolff (talkcontribs)

note: this is insecure if using client host header since it can be anything (see SSRF attack). In certain circumstances it may be possible to turn SSRF into code execution.

You may also want to urlencode the value of the cookies.


Batchcomplete is the wrong key to look for as it is present regardless of if the session is valid.

Minteck (talkcontribs)

What I want to do is just, using client's cookies, make the server check if a MediaWiki session is valid. I'll tell you what api.php?action=query&meta=userinfo gives me.

Reply to "Token validation API"

Media Viewer doesn't work on a page with a template?

1
Keren - WMIL (talkcontribs)

I have a project page with two tabs that are separate pages. Why does Media Viewer open the photos (as I want it) on the separate pages (e,g, this one), but not on the project page?

Reply to "Media Viewer doesn't work on a page with a template?"