I upgraded from Version 1.32.2 to 1.33.0. Since then I cannot log in to the wiki with the LDAP Authentication. We would still like to use that extension so that our people don't need to remember a new password, and we do it for security reasons. What happened with the LDAP Authentication extension that it totally shot the login procedure? And what alternative is there to that extension?
Topic on Project:Support desk
Did you manage to fix the error. what is the solution?
You can try LDAP Stack. See also LDAP hub.
I read everything that was written there, but it seems very complicated to me, and therefore useless. What I need is a simple extension that authenticates users against our LDAP through contact with the LDAP server. The LDAP Authentication extension provided us with exactly that. I did not see any way to configure Auth_remoteuser or LDAP Authorization in that same way. How about simply retrofitting the LDAP Authentication extension for MediaWiki 1.33.0?
Same problem here :`-(
Here the same. Would be nice, when it can be fixed.
Please take a look at these error messages from my Apache Webserver error log:
[Fri Aug 09 10:10:34.102519 2019] [php7:warn] [pid 21580] [client 10.50.152.24:60371] PHP Warning: array_merge(): Argument #1 is not an array in /srv/www/htdocs/testwiki/extensions/PluggableAuth/includes/PluggableAuthBeginAuthenticationRequest.php on line 36
[Fri Aug 09 10:10:34.102659 2019] [php7:warn] [pid 21580] [client 10.50.152.24:60371] PHP Warning: array_filter() expects parameter 1 to be array, null given in /srv/www/htdocs/testwiki/includes/auth/AuthenticationRequest.php on line 308
[Fri Aug 09 10:10:34.102754 2019] [php7:warn] [pid 21580] [client 10.50.152.24:60371] PHP Warning: array_keys() expects parameter 1 to be array, null given in /srv/www/htdocs/testwiki/includes/auth/AuthenticationRequest.php on line 308
[Fri Aug 09 10:10:34.102829 2019] [php7:warn] [pid 21580] [client 10.50.152.24:60371] PHP Warning: array_intersect(): Argument #2 is not an array in /srv/www/htdocs/testwiki/includes/auth/AuthenticationRequest.php on line 312
[Fri Aug 09 10:10:34.102924 2019] [php7:warn] [pid 21580] [client 10.50.152.24:60371] PHP Warning: in_array() expects parameter 2 to be array, null given in /srv/www/htdocs/testwiki/includes/auth/AuthenticationRequest.php on line 329
[Fri Aug 09 10:10:34.103009 2019] [php7:warn] [pid 21580] [client 10.50.152.24:60371] PHP Warning: in_array() expects parameter 2 to be array, null given in /srv/www/htdocs/testwiki/includes/auth/AuthenticationRequest.php on line 329
[Fri Aug 09 10:10:34.103107 2019] [php7:warn] [pid 21580] [client 10.50.152.24:60371] PHP Warning: array_merge(): Argument #1 is not an array in /srv/www/htdocs/testwiki/extensions/PluggableAuth/includes/PluggableAuthBeginAuthenticationRequest.php on line 36
[Fri Aug 09 10:10:34.103228 2019] [php7:warn] [pid 21580] [client 10.50.152.24:60371] PHP Warning: array_merge(): Argument #1 is not an array in /srv/www/htdocs/testwiki/extensions/PluggableAuth/includes/PluggableAuthBeginAuthenticationRequest.php on line 36
[Fri Aug 09 10:10:34.103319 2019] [php7:warn] [pid 21580] [client 10.50.152.24:60371] PHP Warning: array_filter() expects parameter 1 to be array, null given in /srv/www/htdocs/testwiki/includes/auth/AuthenticationRequest.php on line 308
[Fri Aug 09 10:10:34.103392 2019] [php7:warn] [pid 21580] [client 10.50.152.24:60371] PHP Warning: array_keys() expects parameter 1 to be array, null given in /srv/www/htdocs/testwiki/includes/auth/AuthenticationRequest.php on line 308
[Fri Aug 09 10:10:34.103482 2019] [php7:warn] [pid 21580] [client 10.50.152.24:60371] PHP Warning: array_intersect(): Argument #2 is not an array in /srv/www/htdocs/testwiki/includes/auth/AuthenticationRequest.php on line 312
[Fri Aug 09 10:10:34.103573 2019] [php7:warn] [pid 21580] [client 10.50.152.24:60371] PHP Warning: in_array() expects parameter 2 to be array, null given in /srv/www/htdocs/testwiki/includes/auth/AuthenticationRequest.php on line 329
[Fri Aug 09 10:10:34.103663 2019] [php7:warn] [pid 21580] [client 10.50.152.24:60371] PHP Warning: in_array() expects parameter 2 to be array, null given in /srv/www/htdocs/testwiki/includes/auth/AuthenticationRequest.php on line 329
[Fri Aug 09 10:10:34.103753 2019] [php7:warn] [pid 21580] [client 10.50.152.24:60371] PHP Warning: array_merge(): Argument #1 is not an array in /srv/www/htdocs/testwiki/extensions/PluggableAuth/includes/PluggableAuthBeginAuthenticationRequest.php on line 36
It looks like $wgPluggableAuth_ExtraLoginFields
is not set properly by LDAPAuthentication2. But this UnitTest passes on REL1_33
: https://github.com/wikimedia/mediawiki-extensions-LDAPAuthentication2/blob/f8607b952959c477c62d2b8207cf835f049d145b/tests/phpunit/SetupTest.php
@Cindy.cicalese, do you have an idea?
@Ablum010777, what PHP version are you using?
What version of MediaWiki and relevant extensions are you using? In particular, I find it odd that you are getting an exception at "PluggableAuthBeginAuthenticationRequest.php on line 36", since there are not 36 lines in that file, nor have there been in the history of that file as far as I can tell. I'm guessing that you added some debugging statements to that file that changed the line count? If so, I'd be interested in knowing what the values are of $GLOBALS['wgPluggableAuth_ExtraLoginFields'] and parent::getFieldInfo() before the call to array_merge().
I am working with PHP Version 7.2.5. (Osnard wrote that this would be fine.)
These are the extensions in my LocalSettings.php:
wfLoadExtension( 'CodeEditor' ); wfLoadExtension( 'PdfHandler' ); wfLoadExtension( 'SyntaxHighlight_GeSHi' ); wfLoadExtension( 'WikiEditor' ); wfLoadExtension( 'SimpleMathJax' ); require_once( "$IP/extensions/Realnames/Realnames.php" ); This is the configuration for the LDAP Authentication: wfLoadExtension( 'PluggableAuth' ); wfLoadExtension ( 'Auth_remoteuser' ); wfLoadExtension ( 'LDAPProvider' ); wfLoadExtension ( 'LDAPAuthentication2' ); wfLoadExtension ( 'LDAPAuthorization' ); wfLoadExtension ( 'LDAPUserInfo' ); $wgPluggableAuth_EnableLocalLogin = true; $LDAPAuthorizationAutoAuthRemoteUserStringParser = 'username-at-domain'; $LDAPAuthentication2UsernameNormalizer = 'strtolower'; $LDAPAuthentication2AllowLocalLogin = true; $wgAuthRemoteuserAllowUserSwitch = true; $wgPluggableAuth_ExtraLoginFields = array ( 'Login' => array ( 'type' => 'string', 'label' => 'Benutzername', 'optional' => false, 'sensitive' => true ), 'Passwort' => array( 'type' => 'password', 'label' => 'Passwort', 'optional' => false, 'sensitive' => true ) ); $wgAuthRemoteuserUserName = function () { $user = ''; if ( isset ($_SERVER[ 'REMOTE_USER' ] ) ) { $user = strtolower ( $_SERVER[ 'REMOTE_USER' ] ); } return $user; }; $LDAPProviderDomainConfigs = "/etc/mediawiki/ldapprovider.json";
I also have the following extensions activated: SphinxSearch Collection (for PDF rendering) Visual Editor
This is the ldapprovider.json file:
{ 'testwiki': { 'connection': { "server": "geo-infra.rlp", "options": { "LDAP_OPT_DEREF": 1 }, "basedn": "ou=group,ou=VermKV,o=Landesverwaltung Rheinland-Pfalz,c=de", "userbasedn": "ou=group,ou=VermKV,o=Landesverwaltung Rheinland-Pfalz,c=de", "groupbasedn": "ou=group,ou=VermKV,o=Landesverwaltung Rheinland-Pfalz,c=de", "searchattribute": "uid", "usernameattribute": "uid", "realnameattribute": "displayName", "emailattribute": "mail", "grouprequest": "MediaWiki\\Extension\\LDAPProvider\\UserGroupRequest\\GroupMember::factory" }, 'authorization': { 'rules': { 'groups': { 'required': "cn=wiki_testcontainer,ou=group,ou=VermKV,o=Landesverwaltung Rheinland-Pfalz,c=de" } } }, 'userinfo': { 'attributes-map': { 'email': 'mail', 'realname': 'displayName' } } } }
And the PluggableAuthBeginAuthenticationRequest.php:
<?php use \MediaWiki\Auth\ButtonAuthenticationRequest; use \MediaWiki\Auth\AuthManager; class PluggableAuthBeginAuthenticationRequest extends ButtonAuthenticationRequest { public function __construct() { if ( isset( $GLOBALS['wgPluggableAuth_ButtonLabelMessage'] ) ) { $label = wfMessage( $GLOBALS['wgPluggableAuth_ButtonLabelMessage'] ); } elseif ( $GLOBALS['wgPluggableAuth_ButtonLabel'] ) { $label = new RawMessage( $GLOBALS['wgPluggableAuth_ButtonLabel'] ); } else { $label = wfMessage( 'pluggableauth-loginbutton-label' ); } parent::__construct( 'pluggableauthlogin', $label, wfMessage( 'pluggableauth-loginbutton-help' ), true ); } /** * Returns field information. * @return array field information */ public function getFieldInfo() { if ( $this->action !== AuthManager::ACTION_LOGIN ) { return []; } error_log( 'A:' . var_export( $GLOBALS['wgPluggableAuth_ExtraLoginFields'], 1 ) ); // this is what Osnard asked me to add error_log( 'B:' . var_export( parent::getFieldInfo(), 1 ) ); // this, too error_log( 'C:' . var_export( array_merge( $GLOBALS['wgPluggableAuth_ExtraLoginFields'], parent::getFieldInfo() ), 1 ) ); // this, too. return array_merge( $GLOBALS['wgPluggableAuth_ExtraLoginFields'], parent::getFieldInfo() ); } }
The result of Osnard's recommendations are:
A:MediaWiki\\Extension\\LDAPAuthentication2\\ExtraLoginFields::__set_state( array( 'domain' => array ( 'type' => 'select', 'label' => Message::__set_state( array( 'interface' => true, 'language' => false, 'key' => 'yourdomainname', 'keysToTry' => array ( 0 => 'yourdomainname', ), 'parameters' => array ( ), 'format' => 'parse', 'useDatabase' => true, 'title' => NULL, 'content' => NULL, 'message' => NULL, ) ), 'help' => Message::__set_state( array( 'interface' => true, 'language' => false, 'key' => 'authmanager-domain-help', 'keysToTry' => array ( 0 => 'authmanager-domain-help', ), 'parameters' => array ( ), 'format' => 'parse', 'useDatabase' => true, 'title' => NULL, 'content' => NULL, 'message' => NULL, ) ), 'options' => array ( 'testwiki' => RawMessage::__set_state( array( 'interface' => true, 'language' => false, 'key' => 'testwiki', 'keysToTry' => array ( 0 => 'testwiki', ), 'parameters' => array ( ), 'format' => 'parse', 'useDatabase' => true, 'title' => NULL, 'content' => NULL, 'message' => 'testwiki', ) ) ), 'local' => RawMessage::__set_state( array( 'interface' => true, 'language' => false, 'key' => 'local', 'keysToTry' => array ( 0 => 'local', ), 'parameters' => array ( ), 'format' => 'parse', 'useDatabase' => true, 'title' => NULL, 'content' => NULL, 'message' => 'local', ) ), ), ), 'username' => array ( 'type' => 'string', 'label' => Message::__set_state( array( 'interface' => true, 'language' => false, 'key' => 'userlogin-yourname', 'keysToTry' => array ( 0 => 'userlogin-yourname', ), 'parameters' => array ( ), 'format' => 'parse', 'useDatabase' => true, 'title' => NULL, 'content' => NULL, 'message' => NULL, ) ), 'help' => Message::__set_state( array( 'interface' => true, 'language' => false, 'key' => 'authmanager-username-help', 'keysToTry' => array ( 0 => 'authmanager-username-help', ), 'parameters' => array ( ), 'format' => 'parse', 'useDatabase' => true, 'title' => NULL, 'content' => NULL, 'message' => NULL, ) ), ), 'password' => array ( 'type' => 'password', 'label' => Message::__set_state( array( 'interface' => true, 'language' => false, 'key' => 'userlogin-yourpassword', 'keysToTry' => array ( 0 => 'userlogin-yourpassword', ), 'parameters' => array ( ), 'format' => 'parse', 'useDatabase' => true, 'title' => NULL, 'content' => NULL, 'message' => NULL, ) ), 'help' => Message::__set_state( array( 'interface' => true, 'language' => false, 'key' => 'authmanager-password-help', 'keysToTry' => array ( 0 => 'authmanager-password-help', ), 'parameters' => array ( ), 'format' => 'parse', 'useDatabase' => true, 'title' => NULL, 'content' => NULL, 'message' => NULL, ) ), 'sensitive' => true, ), ) ), B:array ( 'pluggableauthlogin' => array ( 'type' => 'button', 'label' => Message::__set_state( array( 'interface' => true, 'language' => false, 'key' => 'pluggableauth-loginbutton-label', 'keysToTry' => array ( 0 => 'pluggableauth-loginbutton-label', ), 'parameters' => array ( ), 'format' => 'parse', 'useDatabase' => true, 'title' => NULL, 'content' => NULL, 'message' => NULL, ) ), 'help' => Message::__set_state( array( 'interface' => true, 'language' => false, 'key' => 'pluggableauth-loginbutton-help', 'keysToTry' => array ( 0 => 'pluggableauth-loginbutton-help', ), 'parameters' => array ( ), 'format' => 'parse', 'useDatabase' => true, 'title' => NULL, 'content' => NULL, 'message' => NULL, ) ), ), ), C: NULL
Can you try to remove the $wgPluggableAuth_ExtraLoginFields
from you configuration? This is set implicitly by Extension:LDAPAuthentication2. Maybe this collides.
I already did, but it doesn't help. This is always the result:
[89dad82860e957e43a00ac89] /testwiki/ MWException from line 54 of /srv/www/htdocs/testwiki/extensions/LDAPProvider/src/DomainConfigProvider/LocalJSONFile.php: Could not parse configuration file '/etc/mediawiki/ldapprovider.json'!
Backtrace:
#0 /srv/www/htdocs/testwiki/extensions/LDAPProvider/src/DomainConfigProvider/LocalJSONFile.php(73): MediaWiki\Extension\LDAPProvider\DomainConfigProvider\LocalJSONFile->__construct(string)
#1 [internal function]: MediaWiki\Extension\LDAPProvider\DomainConfigProvider\LocalJSONFile::newInstance(MediaWiki\Extension\LDAPProvider\Config)
#2 /srv/www/htdocs/testwiki/extensions/LDAPProvider/src/DomainConfigFactory.php(106): call_user_func_array(string, array)
#3 /srv/www/htdocs/testwiki/extensions/LDAPAuthentication2/src/Setup.php(13): MediaWiki\Extension\LDAPProvider\DomainConfigFactory::getInstance()
#4 /srv/www/htdocs/testwiki/includes/Setup.php(903): MediaWiki\Extension\LDAPAuthentication2\Setup::init()
#5 /srv/www/htdocs/testwiki/includes/WebStart.php(77): require_once(string)
#6 /srv/www/htdocs/testwiki/index.php(39): require(string)
#7 {main}
The error message Could not parse configuration file '/etc/mediawiki/ldapprovider.json'!
suggests that there might be a syntax error in that file or the file is nor readable by the webserver. From the example you have posted above I believe the single quotes are the problem. Try using double quotes everywhere in JSON.
I use double quotes in the JSON file everywhere. Besides I am testing on a console now. It seems to me that the variable containing the text boxes for the login name and the password are not passed to the LocalJSONFile.php file correctly, since I always read NULL. This is my ldapprovider.json now:
{
"testwiki": {
"connection": {
"server": "geo-infra.rlp",
"options": {
"LDAP_OPT_DEREF": 1
},
"basedn": "ou=group,ou=VermKV,o=Landesverwaltung Rheinland-Pfalz,c=de",
"userbasedn": "ou=group,ou=VermKV,o=Landesverwaltung Rheinland-Pfalz,c=de",
"groupbasedn": "ou=group,ou=VermKV,o=Landesverwaltung Rheinland-Pfalz,c=de",
"searchattribute": "uid",
"usernameattribute": "uid",
"realnameattribute": "displayName",
"emailattribute": "mail",
"grouprequest": "MediaWiki\\Extension\\LDAPProvider\\UserGroupRequest\\GroupMember::factory"
},
"authorization": {
"rules": {
"groups": {
"required": "cn=wiki_testcontainer,ou=group,ou=VermKV,o=Landesverwaltung Rheinland-Pfalz,c=de"
}
}
},
"authentication": {
"emailattribute": 'mail',
"realnameattribute": "displayName"
"usernameattribute": "uid"
}
}
}
That is also why these two fields (login name and password) are missing when I set the local login variables to false.
From the code you posted, your "C:" printout should be an array containing the merged contents of the two other arrays, but instead it is printing:
C: NULL
which would match the fact that the function appears to be returning NULL. But, how can the result of merging two populated arrays be null?
The problem has been solved. The variable $GLOBALS['PluggableAuth_ExtraLoginFields'] needs explicit typecasting to array.
Can you please tell where this typecast was required? Because as far as I can tell it is already casted in Extension:LDAPAuthentication2: https://github.com/wikimedia/mediawiki-extensions-LDAPAuthentication2/blob/e170a82153fa8d489a1e1c3b8f5ff1e95539a230/src/Setup.php#L14-L15
In PluggableAuthBeginAuthenticationRequest.php (code line printed in bold):
<?php
use \MediaWiki\Auth\ButtonAuthenticationRequest;
use \MediaWiki\Auth\AuthManager;
class PluggableAuthBeginAuthenticationRequest extends
ButtonAuthenticationRequest {
public function __construct() {
if ( isset( $GLOBALS['wgPluggableAuth_ButtonLabelMessage'] ) ) {
$label = wfMessage( $GLOBALS['wgPluggableAuth_ButtonLabelMessage'] );
} elseif ( $GLOBALS['wgPluggableAuth_ButtonLabel'] ) {
$label = new RawMessage( $GLOBALS['wgPluggableAuth_ButtonLabel'] );
} else {
$label = wfMessage( 'pluggableauth-loginbutton-label' );
}
parent::__construct(
'pluggableauthlogin',
$label,
wfMessage( 'pluggableauth-loginbutton-help' ),
true );
}
/**
* Returns field information.
* @return array field information
*/
public function getFieldInfo() {
if ( $this->action !== AuthManager::ACTION_LOGIN ) {
return [];
}
return array_merge( (array) $GLOBALS['wgPluggableAuth_ExtraLoginFields'],
parent::getFieldInfo() );
}
}
Ah, interesting. The printout:
error_log( 'A:' . var_export( $GLOBALS['wgPluggableAuth_ExtraLoginFields'], 1 ) );
is giving:
A:MediaWiki\\Extension\\LDAPAuthentication2\\ExtraLoginFields::__set_state(
array(
...
rather than
A:array(
...
Well, `ExtraLoginFields` is an `ArrayObject`. But I do an explicit cast to `array` before assignment (https://github.com/wikimedia/mediawiki-extensions-LDAPAuthentication2/blob/e170a82153fa8d489a1e1c3b8f5ff1e95539a230/src/Setup.php#L14-L15). And even my UnitTest passes: https://github.com/wikimedia/mediawiki-extensions-LDAPAuthentication2/blob/e170a82153fa8d489a1e1c3b8f5ff1e95539a230/tests/phpunit/SetupTest.php
This feels like overkill. We use LDAP with Auth_remoteuser but don't need any MediaWiki extensions for the LDAP part, since Apache httpd does the authentication to the LDAP server. The relevant bit of our LocalSettings.php file looks like this:
wfLoadExtension('Auth_remoteuser');
#$wgAuth = new Auth_remoteuser();
$wgAuthRemoteuserMailDomain = "spawar.navy.mil";
Then we put a .htaccess file in the root of our wiki with the following (we could also do it in a config file in /etc/httpd/conf.d/):
AuthName "wiki"
AuthType Basic
AuthBasicProvider ldap
AuthLDAPURL <our LDAP url>
Require valid-user
Yes. This is true, if you don't need features like form-based-authentication, group-based-login-restrictions, groupy-sync or user-info-synchronization.
This post was hidden by Osnard (history)