Ryan, great job, this works wonderfully and I am sure I am missing something here. I can authenticate, use a required LDAP group for authentication and pull preferences, but I cannot pull group memberships from AD (server 2008 and TurnKey MediaWiki) to set User Group Rights. The list of members for AD groups is always empty in Special Pages, User Group Rights (either wiki_auth_users or support in this example). Here is the config and a log:
These settings are for LDAP authentication to the Wiki
require_once 'extensions/LdapAuthentication/LdapAuthentication.php';
$wgLDAPDebug = 3;
$wgDebugLogGroups['ldap'] = '/tmp/debug.log';
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDomainNames = array('WikiDomain');
$wgLDAPServerNames = array('WikiDomain' => 'AD1.WikiDomain.com AD2.WikiDomain.com AD3.WikiDomain.com');
$wgLDAPUseLocal = false;
$wgLDAPSearchAttributes = array('WikiDomain' => 'sAMAccountName');
$wgLDAPBaseDNs = array('WikiDomain' => 'dc=WikiDomain,dc=com');
$wgLDAPEncryptionType = array('WikiDomain' => 'clear');
$wgMinimalPasswordLength = 0;
$wgLDAPRequireAuthAttribute = array( 'WikiDomain' => true);
$wgHooks['SetUsernameAttributeFromLDAP'][] = 'SetUsernameAttribute';
function SetUsernameAttribute(&$LDAPUsername, $info) {
$LDAPUsername = $info[0]['samaccountname'][0];
return true;
}
$wgLDAPPreferences = array('WikiDomain' => array ( 'email'=>'mail','realname'=>'cn','nickname'=>'sAMAccountName','language'=>'preferredLanguage'));
$wgLDAPGroupObjectclass = array( 'WikiDomain' => 'group' );
$wgLDAPGroupAttribute = array( 'WikiDomain' => 'member' );
$wgLDAPGroupNameAttribute = array( 'WikiDomain' => 'cn' );
$wgLDAPGroupUseFullDN = array('WikiDomain' => 'true');
$wgLDAPLowerCaseUsername = array('WikiDomain' => 'true');
$wgLDAPGroupsUseMemberOf = array('WikiDomain' => 'true');
$wgLDAPUseLDAPGroups = array('WikiDomain' => 'true');
$wgLDAPGroupSearchNestedGroups = array( 'WikiDomain' => 'true' );
$wgLDAPRequiredGroups = array( 'WikiDomain' => array('cn=wiki_auth_users,ou=security groups,ou=groups,ou=users_WikiDomain,dc=WikiDomain,dc=com'));
$wgGroupPermissions['wiki_auth_users']['edit'] = true;
$wgGroupPermissions['support'] = $wgGroupPermissions['sysop'];
#This is a user account to enable search in AD
$wgLDAPProxyAgent = array('WikiDomain' => 'cn=Ldap User,ou=Generic Logons,ou=Users_WikiDomain,dc=WikiDomain,dc=com');
$wgLDAPProxyAgentPassword = array('WikiDomain' => 'Ld8p2sR8ss');