Topic on Extension talk:LDAP Authentication

Log in / create account screen - 'Login error Incorrect password entered. Please try again.'

7 comments • 10:20, 16 September 2014 9 years ago
7
70.165.87.78 (talkcontribs)

Trying to integrate LdapAuthentication into content="MediaWiki 1.20.2" version and keep getting the message in the Subject line above: 'Login error Incorrect password entered. Please try again.'

When I go to: http://wikidev.xxxxx.net/wiki/index.php?title=Special:UserLogin I get:

'Log in / create account' Login successful; if you see a Log out link in the upper-right, you are logged in. Use the Navigation menu to the left to access the wiki.

Although, at the top, I see myself appear as an IP address but not seeing the 'Log out' option.

I've enabled the debugging, but it's not telling me much - at least not fully understanding the response:


Start request POST /wiki/index.php?title=Special:UserLogin&action=submitlogin&type=signup&returnto=Special:UserLogin&returntoquery=type%3Dlogin HTTP HEADERS: HOST: wikidev.pcoral.net CONNECTION: keep-alive CONTENT-LENGTH: 204 CACHE-CONTROL: max-age=0 ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 ORIGIN: http://wikidev.pcoral.net USER-AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.103 Safari/537.36 CONTENT-TYPE: application/x-www-form-urlencoded REFERER: http://wikidev.xxxxxx.net/wiki/index.php?title=Special:UserLogin&returnto=Special%3AUserLogin&returntoquery=type%3Dlogin&type=signup ACCEPT-ENCODING: gzip,deflate ACCEPT-LANGUAGE: en-US,en;q=0.8 COOKIE: my_wiki_session=3257096060cebd1313ccb377b9191c86 CACHES: EmptyBagOStuff[main] SqlBagOStuff[message] SqlBagOStuff[parser] session_set_cookie_params: "0", "/", "", "", "1" LocalisationCache: using store LCStore_DB Fully initialised Connecting to localhost my_wiki... Profiler::instance called without $wgProfiler['class'] set, falling back to ProfilerStub for safety Connected to localhost my_wiki. Connecting to localhost my_wiki... IP: 70.165.87.78 Connected to localhost my_wiki. MessageCache::load: Loading en... got from global cache Unstubbing $wgParser on call of $wgParser::firstCallInit from MessageCache::getParser Parser: using preprocessor: Preprocessor_DOM Unstubbing $wgLang on call of $wgLang::_unstub from ParserOptions::__construct User::getBlockedStatus: checking... Parser: using preprocessor: Preprocessor_DOM Class PEAR_Error not found; skipped loading OutputPage::sendCacheControl: private caching; ** Request ended normally

LocalSettings.php

...

$wgLDAPDebug = 3; //for debugging LDAP $wgShowExceptionDetails = true; //for debugging MediaWiki

$wgDebugLogFile = "/var/www/html/wiki/wikidebug-{$wgDBname}.log";

  1. LDAP

require_once 'extensions/LdapAuthentication/LdapAuthentication.php'; $wgAuth = new LdapAuthenticationPlugin(); $wgLDAPDomainNames = array('xxxxx.net'); $wgLDAPServerNames = array('xxxxx.net' => 'ldap-east.xxxxx.net'); $wgLDAPUseLocal = false; $wgLDAPEncryptionType = array('xxxxx.net' => 'tls'); $wgLDAPPort = array('xxxxx.net' => 389); $wgLDAPSearchAttributes = array('xxxxx.net' => 'cn'); $wgLDAPBaseDNs = array('xxxxx.net' => 'dc=xxxxx,dc=net');

$wgLDAPPreferences = array( 'xxxxx.net' => array( 'email' => 'mail'));


Thanks!!! And any help is GREATLY appreciated.

Reply 19:29, 11 September 2014 9 years ago
70.165.87.78 (talkcontribs)

Tried to re-add the debug log again to see if this time the carriage return line feeds are in...

Start request POST /wiki/index.php?title=Special:UserLogin&action=submitlogin&type=signup&returnto=Special:UserLogin&returntoquery=type%3Dlogin HTTP HEADERS: HOST: wikidev.pcoral.net CONNECTION: keep-alive CONTENT-LENGTH: 204 CACHE-CONTROL: max-age=0 ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 ORIGIN: http://wikidev.xxxxx.net USER-AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.103 Safari/537.36 CONTENT-TYPE: application/x-www-form-urlencoded REFERER: http://wikidev.pcoral.net/wiki/index.php?title=Special:UserLogin&returnto=Special%3AUserLogin&returntoquery=type%3Dlogin&type=signup ACCEPT-ENCODING: gzip,deflate ACCEPT-LANGUAGE: en-US,en;q=0.8 COOKIE: my_wiki_session=3257096060cebd1313ccb377b9191c86 CACHES: EmptyBagOStuff[main] SqlBagOStuff[message] SqlBagOStuff[parser] session_set_cookie_params: "0", "/", "", "", "1" LocalisationCache: using store LCStore_DB Fully initialised Connecting to localhost my_wiki... Profiler::instance called without $wgProfiler['class'] set, falling back to ProfilerStub for safety Connected to localhost my_wiki. Connecting to localhost my_wiki... IP: 70.165.87.78 Connected to localhost my_wiki. MessageCache::load: Loading en... got from global cache Unstubbing $wgParser on call of $wgParser::firstCallInit from MessageCache::getParser Parser: using preprocessor: Preprocessor_DOM Unstubbing $wgLang on call of $wgLang::_unstub from ParserOptions::__construct User::getBlockedStatus: checking... Parser: using preprocessor: Preprocessor_DOM Class PEAR_Error not found; skipped loading OutputPage::sendCacheControl: private caching; ** Request ended normally

Reply 19:34, 11 September 2014 9 years ago
MichaelKesper (talkcontribs)

You need to set this option:

$wgDebugLogGroups["LDAP"] =  "/var/www/html/wiki/ldap-debug.log";

For security reasons, LDAP debugging will NOT be displayed in the normal logfile.

Reply Edited 10:58, 12 September 2014 9 years ago
70.165.87.78 (talkcontribs)

Thanks Michael for the response.

Actually, in my code snippet, forgot to include the few lines above that your mentioning....

$wgLDAPDebug = 3; //for debugging LDAP $wgShowExceptionDetails = true; //for debugging MediaWiki

$wgDebugLogGroups["ldap"] = "/var/www/html/wiki/wikidebug.log";

$wgDebugLogFile = "/var/www/html/wiki/wikidebug-{$wgDBname}.log";


So, even though I have both of these, seems that the logging is only going to the 2nd one - DebugLogFile and not the Groups?

Here again is the output - no change....

Start request POST /wiki/index.php?title=Special:UserLogin&action=submitlogin&type=signup&returnto=Special:UserLogin

HTTP HEADERS:

HOST: wikidev.xxxxx.net

CONNECTION: keep-alive

CONTENT-LENGTH: 204

CACHE-CONTROL: max-age=0

ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8

ORIGIN: http://wikidev.xxxxx.net

USER-AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.120 Safari/537.36

CONTENT-TYPE: application/x-www-form-urlencoded


REFERER: http://wikidev.xxxxx.net/wiki/index.php?title=Special:UserLogin&returnto=Special%3AUserLogin&type=signup ACCEPT-ENCODING: gzip,deflate

ACCEPT-LANGUAGE: en-US,en;q=0.8

COOKIE: my_wiki_session=3257096060cebd1313ccb377b9191c86

CACHES: EmptyBagOStuff[main] SqlBagOStuff[message] SqlBagOStuff[parser]

session_set_cookie_params: "0", "/", "", "", "1"

LocalisationCache: using store LCStore_DB

Fully initialised

Connecting to localhost my_wiki...

Profiler::instance called without $wgProfiler['class'] set, falling back to ProfilerStub for safety

Connected to localhost my_wiki.

Connecting to localhost my_wiki...

IP: 70.165.87.78

Connected to localhost my_wiki.

MessageCache::load: Loading en... got from global cache

Unstubbing $wgParser on call of $wgParser::firstCallInit from MessageCache::getParser

Parser: using preprocessor: Preprocessor_DOM

Unstubbing $wgLang on call of $wgLang::_unstub from ParserOptions::__construct

User::getBlockedStatus: checking...

Parser: using preprocessor: Preprocessor_DOM

Class PEAR_Error not found; skipped loading

OutputPage::sendCacheControl: private caching; **

Request ended normally

Reply 13:32, 12 September 2014 9 years ago
MichaelKesper (talkcontribs)

That log is useless for debugging LDAPauth as it will never contain LDAPauth output. Did you try

error_reporting( -1 );

ini_set( 'display_errors', 1 ); ? Maybe the apache LDAP module isn't loaded or something like that.

Reply 06:26, 15 September 2014 9 years ago
70.165.87.78 (talkcontribs)

Hi Michael - thanks again for taking a look. I've recapped on what is going on again - but still can't write to the log file???


To summarize again where I am - still getting the same error message on the create account screen: 'Login error - Incorrect password entered. Please try again.'

  • Not sure what this is necessarily in reference to? Is it the 2 passwords the I enter to create the account or is it ldap trying to bind to a password?


Current setup of LocalSettings.php

error_reporting(-1); ini_set('display_errors',1);

$wgLDAPDebug = 3; //for debugging LDAP $wgShowExceptionDetails = true; //for debugging MediaWiki

$wgDebugLogGroups["LDAP"] = "/var/www/html/wiki/wikidebug.log"; $wgDebugLogFile = "/var/www/html/wiki/wikidebug-{$wgDBname}.log";

require_once 'extensions/LdapAuthentication/LdapAuthentication.php'; $wgAuth = new LdapAuthenticationPlugin(); $wgLDAPDomainNames = array("xxxxx.net"); $wgLDAPServerNames = array("xxxxx.net" => "ldap.xxxxx.net"); $wgLDAPUseLocal = false; $wgLDAPEncryptionType = array("xxxxx.net" => "clear"); $wgLDAPPort = array("xxxxx.net" => 389); $wgLDAPSearchAttributes = array("xxxxx.net" => "cn"); $wgLDAPBaseDNs = array("xxxxx.net" => "dc=xxxxx,dc=net");

End of file ------------

  • Note: I did receive an error msg to the screen:

Warning: ldap_start_tls(): Unable to start TLS: Protocal error in /var/www/html/wiki/extensions/LdapAuthentication/LdapAuthentication.php on line 622

  • So - I changed "tls" to "clear" and that error went away.
      • What I don't get is why I'm still not seeing log messages written to wikidebug.log ???

The file has same permissions as: wikidebug-{$wgDBname}.log as shown:

ls -lZ -rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_rw_content_t:s0 wikidebug-my_wiki.log -rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_rw_content_t:s0 wikidebug.log

ls -lt -rw-r--r--. 1 apache apache 93849 Sep 15 16:06 wikidebug-my_wiki.log -rw-r--r--. 1 apache apache 12744 Sep 15 16:03 LocalSettings.php -rw-r--r--. 1 apache apache 0 Sep 12 09:59 wikidebug.log


= separate test file ========

<?php $ldaphost = 'ldap://ldap.xxxxx.net'; $ldapport = 389; $ds = ldap_connect($ldaphost, $ldapport) or die("Could not connect to $ldaphost");

   ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
   ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);

//ldap_set_option($ds, LDAP_OPT_DEBUG_LEVEL, 7); if ($ds) {

   $username = "cn=xxxxx,ou=Roles,dc=xxxxx,dc=net";
   $upasswd = "passwordhere";
   $ldapbind = ldap_bind($ds, $username, $upasswd);


   if ($ldapbind)
       {print "Congratulations! $username is authenticated.";}
   else
       {print "Access Denied!";}

} ?> Output of this test page:

Congratulations! cn=xxxxx,ou=Roles,dc=xxxxx,dc=net is authenticated.

  • NOTE: This tells me that I'm able to access the ldap server via apache and authenticate

- so I presume then Apache and php ldap modules are working properly.


===============================================


Any help - direction - advice is GREATLY appreciated!

Reply 20:28, 15 September 2014 9 years ago
MichaelKesper (talkcontribs)

Sorry, I don't know why it doesn't work for you. Maybe you should file a bug as mentioned on the extension page.

Reply 10:20, 16 September 2014 9 years ago
Reply to "Log in / create account screen - 'Login error Incorrect password entered. Please try again.'"
Retrieved from "https://www.mediawiki.org/wiki/Topic:S25h0xxw2wnsn3ad"