Topic on Project:Support desk

Hi Folks,

I just created a CentOS 7 VM (release 7.6.1810) and successfully installed mediawiki. I did have to upgrade my php from 5.4 to 7.2 per the request of the software during configuration.

During the upgrade process, I was required to update php 5.4 to 7.2 and this was done successfully from the ius repository.

Per the page: Extension:LDAP Authentication/AD Configuration Examples I yum installed php72u-ldap:

[root]# !rpm

rpm -qa|grep php72u-ldap

php72u-ldap-7.2.17-1.ius.centos7.x86_64

Per the page: Special:ExtensionDistributor I downloaded the LdapAuthentication tar file and installed it using the command "tar -xzf LdapAuthentication-REL1_32-e2cab88.tar.gz -C /var/www/html/mediawiki/extensions" per instructions on the page https://www.mediawiki.org/wiki/Special:ExtensionDistributor?extdistname=LdapAuthentication&extdistversion=REL1_32

I've verified that the file /etc/php.d/20-ldap.ini has the ldap extension:

[root]# cat /etc/php.d/20-ldap.ini

; Enable ldap extension module

extension=ldap

and that the module loads:

[root]#   php -m |grep -i ldap

ldap

I've tried using the most simple LDAP configuration from the page : Extension:LdapAuth/Configuration#$wgLdapAuthMapGroups to see if I can at least hit my LDAP server.

I started a tcpdump: tcpdump port ldaps  -i ens3 -X -s 1024 and host 192.168.??.?? (edited for security) but it doesn't look like the mediawiki software ever sends a request to my server.

For my configuration in the LocalSettings.php file, I started with the following:

$wgLdapAuthServers = 'SERVER1,SERVER2,SERVER3';

$wgLdapAuthBindDN = 'MY_BIND_DN_HERE';

$wgLdapAuthBindPass = 'PASSWORD_FOR_BIND_DN';

where $wgLdapAuthServers = 'the ip of my ldap server'

$wgLdapAuthBindDN = 'cn=directory manager'

wgLdapAuthBindPass = 'my directory manager password'

I was hoping with this global/generic config, I'd at least see a reqest sent from my mediawiki server to my LDAP server but I don't see any traffic.

I should note that I did follow the page: Extension:LDAP Authentication/Requirements#Red Hat Enterprise Linux and Fedora and add certificat trusts.

I haven't been able to get the debug option to work. I can add the lines:

$wgLDAPDebug = 1;

$wgDebugLogGroups["ldap"] = "/var/tmp/debug.log"

But if I specify the variable $wgDebugLogGroups["ldap"] , the mediawiki page doesn't load.

I'm sure I'm missing the obvious but was hoping someone might be able to point me in the right direction.

Thanks,

Update: Following the instructions on page Extension:LDAP Authentication/Examples#Example one for OpenLDAP I'm at least able to see authentication traffic on the network from the mediawiki server to my LDAP server.

I still can't get debugging working but it would be helpful to see what username/password are being sent. I don't see a username in the network traffic.

Update: Ok.... following the info here: Topic:Tgdofnhfke1w3w7e and here: Topic:Tu037fub87bptaux, I've logged into the mediawiki using ldap.

But I'm getting the following error:

Database error

A database query error has occurred. This may indicate a bug in the software.

[XNRgSd5-o1fS5jrvAHwj4wAAAAc] 2019-05-09 17:15:53: Fatal exception of type "Wikimedia\Rdbms\DBQueryError"

Anyone ever see this before?

Please set

$wgShowExceptionDetails = true;
$wgShowSQLErrors = true;
$wgShowDBErrorBacktrace = true;

in your LocalSettings.php and try again. You should then receive a better error message.

Btw. have you run maintenance/update.php?

Hi, thanks!

I did both these things. I then restarted the web service and all is working. The key was running the update.php and restarting httpd.

Appreciate the help.