Hello.
I use Debian 9 with Nginx + last mediawiki
when i try to log in i receive: "Auto-creation of a local account failed: Automatic account creation is not allowed."
if i use correct auth name and password, if not - i receive thet user or password wrong. Another word ldap auth ok.
my config:
# The following permissions were set based on your choice in the installer
$wgGroupPermissions['*' ]['createaccount'] = true;
$wgGroupPermissions['*' ]['read'] = true;
$wgGroupPermissions['*' ]['edit'] = true;
$wgGroupPermissions['*' ]['createpage'] = true;
$wgGroupPermissions['*' ]['createtalk'] = true;
# AD
require_once ("/usr/share/mediawiki-extensions/ldapauth/LdapAuthentication.php");
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDomainNames = array(
'**addomain**'
);
$wgLDAPServerNames = array(
'**addomain**' => 'srv-dc2.**addomain**.ru'
);
$wgLDAPSearchStrings = array(
'**addomain**' => '**addomain**\\USER-NAME'
);
$wgLDAPBaseDNs = array(
'**addomain**' => 'dc=**addomain**,dc=ru'
);
$wgLDAPSearchAttributes = array(
'**addomain**' => 'sAMAccountName' );
$wgLDAPPort = array(
'**addomain**' => 389,
);
$wgLDAPEncryptionType = array(
'**addomain**' => 'clear'
);
$wgLDAPProxyAgent = array(
'**addomain**' => 'CN=ldapwiki,CN=Users,DC=**addomain**,DC=ru'
);
$wgLDAPProxyAgentPassword = array(
'**addomain**' => '****'
);
$wgLDAPDisableAutoCreate = array(
'**addomain**' => true
);
$wgLDAPUseLocal = false;
$wgMinimalPasswordLength = 1;
$wgLDAPDebug = 99;
$wgDebugLogGroups['ldap'] = '/tmp/debug.log';
in debug log:
2017-10-27 12:46:17 srv-intranet wiki: 2.0a Using TLS or not using encryption.
2017-10-27 12:46:17 srv-intranet wiki: 2.0a Using non-standard port: 389
2017-10-27 12:46:17 srv-intranet wiki: 2.0a Using servers: ldap://srv-dc2.**addomain**.ru:389
2017-10-27 12:46:17 srv-intranet wiki: 2.0a PHP's LDAP connect method returned true (note, this does not imply it connected to the server).
2017-10-27 12:46:17 srv-intranet wiki: 2.0a Entering getUserDN
2017-10-27 12:46:17 srv-intranet wiki: 2.0a Doing a proxy bind
2017-10-27 12:46:17 srv-intranet wiki: 2.0a Created a regular filter: (sAMAccountName=UserName)
2017-10-27 12:46:17 srv-intranet wiki: 2.0a Entering getBaseDN
2017-10-27 12:46:17 srv-intranet wiki: 2.0a basedn is not set for this type of entry, trying to get the default basedn.
2017-10-27 12:46:17 srv-intranet wiki: 2.0a Entering getBaseDN
2017-10-27 12:46:17 srv-intranet wiki: 2.0a Using base: dc=**addomain**,dc=ru
2017-10-27 12:46:17 srv-intranet wiki: 2.0a Fetched username is not a string (check your hook code...). This message can be safely ignored if you do not have the SetUsernameAttributeFromLDAP hook defined.
2017-10-27 12:46:17 srv-intranet wiki: 2.0a Munged username: UserName
2017-10-27 12:46:17 srv-intranet wiki: 2.0a Entering getCanonicalName
2017-10-27 12:46:17 srv-intranet wiki: 2.0a Username isn't empty.
2017-10-27 12:46:17 srv-intranet wiki: 2.0a Entering Connect
2017-10-27 12:46:17 srv-intranet wiki: 2.0a Using TLS or not using encryption.
2017-10-27 12:46:17 srv-intranet wiki: 2.0a Using non-standard port: 389
2017-10-27 12:46:17 srv-intranet wiki: 2.0a Using servers: ldap://srv-dc2.**addomain**.ru:389
2017-10-27 12:46:17 srv-intranet wiki: 2.0a PHP's LDAP connect method returned true (note, this does not imply it connected to the server).
2017-10-27 12:46:17 srv-intranet wiki: 2.0a Entering getUserDN
2017-10-27 12:46:17 srv-intranet wiki: 2.0a Doing a proxy bind
2017-10-27 12:46:17 srv-intranet wiki: 2.0a Created a regular filter: (sAMAccountName=UserName)
2017-10-27 12:46:17 srv-intranet wiki: 2.0a Entering getBaseDN
2017-10-27 12:46:17 srv-intranet wiki: 2.0a basedn is not set for this type of entry, trying to get the default basedn.
2017-10-27 12:46:17 srv-intranet wiki: 2.0a Entering getBaseDN
2017-10-27 12:46:17 srv-intranet wiki: 2.0a Using base: dc=**addomain**,dc=ru