Topic on Extension talk:LDAP Authentication

Another $wgLDAPRequiredGroups problem...

2 comments • 09:02, 20 February 2017 7 years ago
2
192.36.220.66 (talkcontribs)

Hi, i have been 2 days with this, I start to feel desperate.

Commenting $wgLDAPRequiredGroups all can log in, if i dont, nobody can (even if in the required group)

Using: Latest version (from the web), Windows server 2012R2 with AD

The modified lines in LocalSettings.php

require_once ("extensions/LdapAuthentication/LdapAuthentication.php");

$wgAuth = new LdapAuthenticationPlugin();

$wgLDAPDomainNames = array("domain");

$wgLDAPServerNames = array("ad"=>"servername.ad");

$wgLDAPUseLocal = false;

$wgLDAPEncryptionType = array("ad"=>"clear");

$wgLDAPBaseDNs = array("ad"=> "dc=ad");

$wgLDAPSearchAttributes = array("ad"=>"sAMAccountName");

$wgLDAPRetrievePrefs = array("ad" => true );

$wgLDAPPreferences = array( "ad" => array( "email" => "mail"));

$wgLDAPProxyAgent = array("ad" => "binduser@ad");

$wgLDAPProxyAgentPassword = array("ad" => "password");

$wgLDAPGroupUseFullDN = array( "ad" => true);

$wgLDAPLowerCaseUsername = array("ad" => false);

$wgLDAPGroupObjectclass = array("ad" => "group");

$wgLDAPGroupAttribute = array("ad" => "member");

$wgLDAPGroupNameAttribute = array( "ad" => "cn");

$wgLDAPGroupBaseDNs = array( "ad" => "dc=ad");

$wgLDAPUserBaseDNs = array( "ad" => "dc=ad");

$wgLDAPOptions = array("ad"=>array( LDAP_OPT_DEREF, 0 ));

$wgLDAPLowerCaseUsername = array( "ad"=>true );

$wgLDAPRequiredGroups = array( "ad" => "cn=wiki,cn=users,dc=ad");

$wgLDAPGroupSearchNestedGroups = array("ad" => true);

$wgLDAPActiveDirectory = array( "ad" => true);

$wgLDAPDebug = 3;

$wgDebugLogGroups['ldap'] = "/tmp/wiki.ldap.debug-{$wgDBname}.log";

$wgShowExceptionDetails = true;

The logs show this:

2017-02-15 15:28:28 wiki wikidb: 2.1.0 Checking against: cn=users,cn=builtin,dc=ad

2017-02-15 15:28:28 wiki wikidb: 2.1.0 Checking against: cn=domain users,cn=users,dc=ad

2017-02-15 15:28:28 wiki wikidb: 2.1.0 Checking against: cn=crp,cn=users,dc=ad

2017-02-15 15:28:28 wiki wikidb: 2.1.0 Checking against: cn=wiki,cn=users,dc=ad

2017-02-15 15:28:28 wiki wikidb: 2.1.0 Checking against: cn=projects,cn=users,dc=ad

2017-02-15 15:28:28 wiki wikidb: 2.1.0 Checking against: cn=redmine,cn=users,dc=ad

2017-02-15 15:28:28 wiki wikidb: 2.1.0 Couldn't find the user in any groups.

The user in the group wiki. Originally the group was called WIKI, created wiki and deleted the other one just in case, same result

A bit desperate here, please help!

Thx

Erengard

PS: ad is dc=something,dc=something,dc=something (obviously)

Reply 15:47, 15 February 2017 7 years ago
192.36.220.66 (talkcontribs)

2 days more and i founded it. For future references...:

Required Groups needs an ARRAY of groups. I was entering the group without array

$wgLDAPRequiredGroups = array( "ad" => array ( "cn=wiki,cn=users,dc=ad"));

For future evolutions, i would change so an string is converted to an array of one element. It seems like it is a normal mistake (i have even seen it like that in 2 manuals, already informed them)

Thx for your help!

Erengard

Reply 09:02, 20 February 2017 7 years ago
Reply to "Another $wgLDAPRequiredGroups problem..."
Retrieved from "https://www.mediawiki.org/wiki/Topic:Tl3986atfrtfwou8"