Topic on Extension talk:LDAP Authentication

Error authenticating on 1.30 with AD

3 comments 15:18, 3 May 2018 5 years ago
3
Summary by Nicovell3

Now the problem is solved and encrypted authentication works without issues.

Nicovell3 (talkcontribs)

Hi, I've got a problem while configuring an encrypted authentication with mediawiki 1.30 in CentOS 7.

Here is the part of my LocalSettings.php which configures the AD:

# Use ADDOMAIN AD
require_once( "$IP/extensions/LdapAuthentication/LdapAuthentication.php" );
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDomainNames = array( "ADDOMAIN" );
$wgLDAPServerNames = array( "ADDOMAIN" => "dc.ADDOMAIN.local" );
$wgLDAPSearchStrings = array( "ADDOMAIN" => "ADDOMAIN\\USER-NAME" );
$wgLDAPEncryptionType = array( "ADDOMAIN" => "ssl" );
$wgLDAPUseLocal = false;
$wgMinimalPasswordLength = 8;
$wgLDAPBaseDNs = array( "ADDOMAIN" => "ou=people,dc=ADDOMAIN,dc=local" );
$wgLDAPSearchAttributes = array( "ADDOMAIN" => "sAMAccountName" );
$wgLDAPRetrievePrefs = array( "ADDOMAIN" => "true" );
$wgLDAPPreferences = array( 'ADDOMAIN' => array( 'email' => 'mail','realname' => 'displayname') );
$wgLDAPLowerCaseUsername = array( "ADDOMAIN" => "true" );
$wgLDAPDebug = 2;
$wgDebugLogGroups["ldap"] = "/var/www/mediawiki/debug.log" ;
$wgShowExceptionDetails = true;

I've already configured my CA certificate at /etc/openldap/ldap.conf:

TLS_CACERTDIR   /etc/pki/tls/mediawiki/
TLS_CACERTFILE  /etc/pki/tls/mediawiki/ca.crt
TLS_CACERT      /etc/pki/tls/mediawiki/ca.crt

But when I try to authenticate, this is the output produced:

2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering strict.
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Returning true in strict().
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering allowPasswordChange
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering modifyUITemplate
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is an IP, not munging.
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering validDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 User is using a valid domain (ADDOMAIN).
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Setting domain as: ADDOMAIN
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering userExists
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering authenticate for username aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering Connect
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Using SSL
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Using servers: ldaps://dc.ADDOMAIN.local:636
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 PHP's LDAP connect method returned true (note, this does not imply it connected to the server).
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getSearchString
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Doing a straight bind
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 userdn is: ADDOMAIN\aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Binding as the user
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Failed to bind as ADDOMAIN\aduser  <- I think problem is here
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering strict.
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Returning true in strict().
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering allowPasswordChange
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering modifyUITemplate
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering strict.
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Returning true in strict().
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering strict.
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 11:55:14 mywikiserver.domain.com wikidb: 2.1.0 Returning true in strict().

As can be seen, the problem seems to be that the user can't be binded. At the web interface, the server says the password is not correct. But if I change the following line at LocalSettings.php:

$wgLDAPEncryptionType = array( "ADDOMAIN" => "clear" );

Then, the authentication completes successfully with this log file:

2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering strict.
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Returning true in strict().
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering allowPasswordChange
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering modifyUITemplate
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Username is an IP, not munging.
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering validDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 User is using a valid domain (ADDOMAIN).
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Setting domain as: ADDOMAIN
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering userExists
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering authenticate for username aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering Connect
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Using TLS or not using encryption.
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Using servers: ldap://dc.ADDOMAIN.local:389
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 PHP's LDAP connect method returned true (note, this does not imply it connected to the server).
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getSearchString
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Doing a straight bind
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 userdn is: ADDOMAIN\aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Binding as the user
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Bound successfully
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getUserDN
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Created a regular filter: (sAMAccountName=aduser)
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getBaseDN
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 basedn is not set for this type of entry, trying to get the default basedn.
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getBaseDN
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Using base: ou=people,dc=ADDOMAIN,dc=local
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Fetched UserDN: CN=RealName AD user,OU=people,DC=ADDOMAIN,DC=local
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getGroups
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering checkGroups
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getPreferences
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Retrieving preferences
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Retrieved email (aduser@ADDOMAIN.com) using attribute (mail)
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Retrieved realname (RealName AD user) using attribute (displayname)
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Authentication passed
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering updateUser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Setting user preferences.
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Setting realname.
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Setting email.
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 User has a token, setting domain in user options.
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Saving user settings.
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering updateExternalDB
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Either the user is using a local domain, or the wiki isn't allowing updates
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering strict.
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:01:59 mywikiserver.domain.com wikidb: 2.1.0 Returning true in strict().
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Entering getCanonicalName
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Username is: aduser
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Munged username: aduser
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Entering strict.
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Returning true in strict().
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Returning true in strict().
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Entering strict.
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Returning true in strict().
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Entering strict.
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Entering getDomain
2018-05-02 12:02:00 mywikiserver.domain.com wikidb: 2.1.0 Returning true in strict().

Could someone help me please? I don't want to send my users passwords in plaintext.

Thanks in advance.

Edited 15:38, 2 May 2018 5 years ago
Nicovell3 (talkcontribs)

Oh, and I forgot to append my LdapAuthentication extension version:

# cat /var/www/mediawiki/extensions/LdapAuthentication/version
LdapAuthentication: REL1_30
2017-09-21T22:10:51

907953e
15:36, 2 May 2018 5 years ago
Nicovell3 (talkcontribs)

Finally I got this working. All I had to do was add this line to the /etc/openldap/ldap.conf file and restart the web server:

TLS_REQCERT allow
15:18, 3 May 2018 5 years ago
Retrieved from "https://www.mediawiki.org/wiki/Topic:Ucdal2t35iwfxin4"