Topic on Extension talk:LDAP Authentication

Undefined offset: 0 in LdapAuthentication.php on line 1028

5 comments • 11:29, 20 April 2010 13 years ago
5
Quatog (talkcontribs)

Hello,

I have an LDAP server working with the following config

----slapd.conf-----

include		/etc/openldap/schema/core.schema
include		/etc/openldap/schema/cosine.schema
include		/etc/openldap/schema/inetorgperson.schema
include		/etc/openldap/schema/nis.schema


allow bind_v2



pidfile		/var/run/openldap/slapd.pid
argsfile	/var/run/openldap/slapd.args


database	bdb
suffix		"dc=proxy2,dc=xs,dc=edu,dc=ph"
rootdn		"uid=root,cn=Users,dc=xs1,dc=xs,dc=edu,dc=ph"

----base.ldif-----
dn: dc=proxy2,dc=xs,dc=edu,dc=ph
objectClass: top
objectClass: dcObject
objectClass: domain
o: xs
dc: proxy2
description: Proxy2 Domain

dn: ou=Group,dc=proxy2,dc=xs,dc=edu,dc=ph
objectClass: top
objectClass: organizationalUnit
ou: Group

dn: ou=Users,dc=proxy2,dc=xs,dc=edu,dc=ph
objectClass: top
objectClass: organizationalUnit
ou: Users

----user1.ldif------

dn: uid=user01,ou=Users,dc=proxy2,dc=xs,dc=edu,dc=ph
uid: user01
cn: user01
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
sn: user01
userPassword: user01

----LocalSettings.php-------

require_once( "$IP/includes/DefaultSettings.php" );

require_once( "$IP/extensions/LdapAuthentication.php" );
$wgAuth = new LdapAuthenticationPlugin();
 

  $wgLDAPDomainNames = array("proxy2.xs.edu.ph");
 
  $wgLDAPServerNames = array("proxy2.xs.edu.ph"=>"proxy2.xs.edu.ph");
  
  $wgLDAPUseLocal = true;
  
  $wgLDAPEncryptionType = array("proxy2.xs.edu.ph"=>"clear");
  
  $wgLDAPBaseDNs = array("proxy2.xs.edu.ph"=>"dc=proxy2,dc=xs,dc=edu,dc=ph");
  $wgLDAPSearchAttributes = array("proxy2.xs.edu.ph"=>"uid");
 
  $wgLDAPGroupsPrevail = array("proxy2.xs.edu.ph"=>true);
  $wgLDAPGroupNameAttribute = array("proxy2.xs.edu.ph"=>"cn");
  

$wgGroupPermissions['*']['createaccount'] = false;
$wgGroupPermissions['*']['read'] = true;
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['*']['createpage'] = false;
$wgGroupPermissions['*']['createtalk'] = false; 

-------------------


The LDAP server is working as I am able to do an ldapadd, ldapdelete and ldapsearch on the server or any computer with openldap-client installed. The problem is on media wiki with the LdapAuthentication extension. Whenever I login with username: user01 and password: user01, I do not have any php errors but it returns a message on the login page:Login error Incorrect password entered. Please try again. But when I enter a wrong username I get this error:Undefined offset: 0 in /xxx/wiki/extensions/LdapAuthentication.php on line 1028.

What could be the problem here? Is there a required data structure for LDAP to be followed in order to work well with the media wiki extension or is there anything wrong with my LocalSettings.php?

Thanking in advance for your support.

Reply Edited 23:49, 6 April 2010 14 years ago
Ryan lane (talkcontribs)

MediaWiki doesn't allow usernames and passwords to be the same; this is in the FAQ. Try it with a different password.

Reply 12:43, 7 April 2010 14 years ago
Quatog (talkcontribs)

Hello Ryan,

My mistake on the same username and password. I did change the password to a different one. It did not post any php errors but I got an incorrect password message on the login page. What could be wrong. Is any of my ldap config, data structure wrong? Thanks for the support.

Reply 08:50, 9 April 2010 14 years ago
Quatog (talkcontribs)

Hello Again Ryan,

Correction I did change the password to a different one. It had the same error: Undefined offset: 0 in LdapAuthentication.php on line 1028. I was able to extract a debug log

2010-04-10 03:53:56  itswaki: Entering validDomain
2010-04-10 03:53:56  itswaki: User is using a valid domain.
2010-04-10 03:53:56  itswaki: Setting domain as: proxy2
2010-04-10 03:53:56  itswaki: Entering getCanonicalName
2010-04-10 03:53:56  itswaki: Username isn't empty.
2010-04-10 03:53:56  itswaki: Munged username: User01
2010-04-10 03:53:56  itswaki: Entering authenticate
2010-04-10 03:53:56  itswaki: 
2010-04-10 03:53:56  itswaki: Entering Connect
2010-04-10 03:53:56  itswaki: Using TLS or not using encryption.
2010-04-10 03:53:56  itswaki: Using servers:  ldap://proxy2.xs.edu.ph
2010-04-10 03:53:56  itswaki: Connected successfully
2010-04-10 03:53:56  itswaki: Entering getSearchString
2010-04-10 03:53:56  itswaki: Doing an anonymous bind
2010-04-10 03:53:56  itswaki: Entering getUserDN
2010-04-10 03:53:56  itswaki: Created a regular filter: (uid=User01)
2010-04-10 03:53:56  itswaki: Entering getBaseDN
2010-04-10 03:53:56  itswaki: basedn is not set for this type of entry, trying to get the default basedn.
2010-04-10 03:53:56  itswaki: Entering getBaseDN
2010-04-10 03:53:56  itswaki: basedn is dc=proxy2,dc=xs,dc=edu,dc=ph
2010-04-10 03:53:56  itswaki: Using base: dc=proxy2,dc=xs,dc=edu,dc=ph
2010-04-10 03:53:56  itswaki: Fetched username is not a string (check your hook code...). This message can be safely ignored if you do not have the SetUsernameAttributeFromLDAP hook defined.
2010-04-10 03:53:56  itswaki: userdn is:
2010-04-10 03:53:56  itswaki: User DN is blank
2010-04-10 03:53:56  itswaki: Entering strict.
2010-04-10 03:53:56  itswaki: Returning true in strict().
2010-04-10 03:53:56  itswaki: Entering allowPasswordChange
2010-04-10 03:53:56  itswaki: Entering modifyUITemplate

So now the DN is blank and could not bind. What seems to be wrong here? Is there any code for me to expose other bugs? Thanks again.

Reply Edited 04:09, 10 April 2010 14 years ago
Ryan lane (talkcontribs)

Well, the DN is blank, because the query used didn't find it. The case of the username isn't an issue when using the uid attribute, according to rfc2798. Your settings look proper, but please try commenting out any of the group stuff until you get basic authentication working.

Can you check your LDAP server logs to see if a bind is occuring at all? BTW, if your LDAP server doesn't allow anonymous binds, then you'll need to configure a proxy agent. Even if the server allows anonymous binds, it may not allow anonymous users to read anything, you should test this by using ldapsearch without binding, with a query like (uid=*).

Reply 11:29, 20 April 2010 13 years ago
Reply to "Undefined offset: 0 in LdapAuthentication.php on line 1028"
Retrieved from "https://www.mediawiki.org/wiki/Topic:P9zcglumunnzfcmn#flow-post-patefrj2qg89eigj"