Still working on migrating from a 1.35 Mediawiki on Centos 7, to 1.42 on Ubuntu. The Wiki is up and running fine, except for the LDAP connection.
I've tried to follow some guides, and also tried to get to know the different extensions when that didn't work well. I got a lot further from studying them - but not far enough.
When I try to log in with a domain user now, the MediaWiki login feedback is: User cannot be authenticated
In pluggableauth.log:
mediawiki: Getting PluggableAuth instance
mediawiki: Plugin name: LDAPAuthentication2
mediawiki: Authentication failure.
In LDAPAuthentication2.log:
mediawiki: Try to authenticate user: frodobaggins
mediawiki: Not local login. Checking LDAP...
mediawiki: LDAP domain: intratriona.se
mediawiki: Username not found in user info provided by LDAP!Please check LDAP domain configuration. Specifically usernameattribute
mediawiki: LDAP user info results for user frodobaggins: Array
(
<snip>
[samaccountname] => FrodoBaggins
LocalSettings.php and ldapprovider.json are as follows:
LocalSettings.php - LDAP part
wfLoadExtension('PluggableAuth');
wfLoadExtension('LDAPProvider');
wfLoadExtension('LDAPAuthentication2');
wfLoadExtension('LDAPAuthorization');
wfLoadExtension('LDAPUserInfo');
wfLoadExtension('LDAPGroups');
$LDAPProviderDomainConfigs = "/srv/mediawiki/ldapprovider.json";
$LDAPAuthentication2UsernameNormalizer = 'strtolower';
$LDAPAuthorizationAutoAuthUsernameNormalizer = 'strtolower';
$wgLDAPGroupUseFullDN = false; # Use short group names instead of full DNs (optional)
$wgLDAPGroupsPrevail = false; # LDAP groups take precedence over MediaWiki's internal group settings
$wgPluggableAuth_Config['Domain login'] = [
'plugin' => 'LDAPAuthentication2',
'data' => [
'domain' => 'ourfirm.com',
],
];
$wgLDAPPreferences = [
"ourfirm.com" => [
"email" => "mail",
"realname" => "displayname"
]
];
------------------------
ldapprovider.json
{
"ourfirm.com": {
"connection": {
"server": "ldaps.ourfirm.com",
"port": "636",
"user": "<password",
"pass": "<username>",
"enctype": "ssl",
"options": {
"LDAP_OPT_DEREF": 1
},
"basedn": "DC=ourfirm,DC=com",
"groupbasedn": "OU=Groups,OU=Tech,DC=ourfirm,DC=com",
"userbasedn": "OU=Users,OU=Tech,DC=ourfirm,DC=com",
"searchattribute": "sAMAccountName",
"usernameattribute": "sAMAccountName",
"realnameattribute": "displayname",
"emailattribute": "mail"
},
"authorization": {
"rules": {
"groups": {
"required": ["CN=Tech Users,OU=Admin,DC=ourfirm,DC=com"]
}
}
}
}
}
Any help with this would be much appreciated!