Topic on Extension talk:PluggableAuth

Invalid username

4 comments 18:22, 11 August 2019 4 years ago
4
Summary by Cindy.cicalese

Settings for LDAP attributes are (currently) case sensitive

213.138.74.76 (talkcontribs)

Hello!

If i use php extensions/LDAPProvider/maintenance/CheckLogin.php --domain mydomain --username user

Auth is OK


php extensions/LDAPProvider/maintenance/ShowUserInfo.php --domain mydomain --username user

is pretty fine too


But then i trying to auth in usual way i get the error:


[568043a6f699c2aa8ba284f2] /mediawiki/index.php?title=%D0%A1%D0%BB%D1%83%D0%B6%D0%B5%D0%B1%D0%BD%D0%B0%D1%8F:%D0%92%D1%85%D0%BE%D0%B4&returnto=%D0%97%D0%B0%D0%B3%D0%BB%D0%B0%D0%B2%D0%BD%D0%B0%D1%8F+%D1%81%D1%82%D1%80%D0%B0%D0%BD%D0%B8%D1%86%D0%B0 DomainException from line 612 of /var/lib/mediawiki/includes/auth/AuthManager.php: PluggableAuthPrimaryAuthenticationProvider returned an invalid username:

Backtrace:

#0 /var/lib/mediawiki/includes/specialpage/AuthManagerSpecialPage.php(355): MediaWiki\Auth\AuthManager->continueAuthentication(array)

#1 /var/lib/mediawiki/includes/specialpage/AuthManagerSpecialPage.php(482): AuthManagerSpecialPage->performAuthenticationStep(string, array)

#2 /var/lib/mediawiki/includes/htmlform/HTMLForm.php(660): AuthManagerSpecialPage->handleFormSubmit(array, VFormHTMLForm)

#3 /var/lib/mediawiki/includes/specialpage/AuthManagerSpecialPage.php(416): HTMLForm->trySubmit()

#4 /var/lib/mediawiki/includes/specialpage/LoginSignupSpecialPage.php(316): AuthManagerSpecialPage->trySubmit()

#5 /var/lib/mediawiki/includes/specialpage/SpecialPage.php(565): LoginSignupSpecialPage->execute(NULL)

#6 /var/lib/mediawiki/includes/specialpage/SpecialPageFactory.php(568): SpecialPage->run(NULL)

#7 /var/lib/mediawiki/includes/MediaWiki.php(288): SpecialPageFactory::executePath(Title, RequestContext)

#8 /var/lib/mediawiki/includes/MediaWiki.php(861): MediaWiki->performRequest()

#9 /var/lib/mediawiki/includes/MediaWiki.php(524): MediaWiki->main()

#10 /var/lib/mediawiki/index.php(42): MediaWiki->run()

#11 {main}


Details:


MediaWiki 1.31.3

PluggableAuth5.4 (300ac44)

LDAPProvider1.0.1 (3d9d3a3)

LDAPAuthentication21.0.0 (954a8f9)


Config:


wfLoadExtension( 'PluggableAuth' );

wfLoadExtension( 'LDAPProvider' );

wfLoadExtension( 'LDAPAuthentication2' );


$LDAPAuthentication2UsernameNormalizer = 'strtolower';

$LDAPAuthentication2AllowLocalLogin = true;


$LDAPProviderDomainConfigProvider = function() {

   $config = [

       'mydomaincom' => [

           'connection' => [

               "server" => "dc1.mydomain.com",

               "user" => "mydomaincom\\user",

               "pass" => 'Password02',

               "options" => [

                   "LDAP_OPT_DEREF" => 1

               ],

               "basedn" => "DC=mydomain,DC=com",

               "groupbasedn" => "DC=mydomain,DC=com",

               "userbasedn" => "DC=mydomain,DC=com",

               "searchattribute" => "sAMAccountName",

               "searchstring" => "mydomaincom\\USER-NAME",

               "usernameattribute" => "sAMAccountName",

               "realnameattribute" => "cn",

               "emailattribute" => "mail"

           ],

                       "groupsync" => [

                       ],

                       "userinfo" => [

                       ]

       ]

   ];

   return new \MediaWiki\Extension\LDAPProvider\DomainConfigProvider\InlinePHPArray( $config );

};

$LDAPAuthentication2AllowLocalLogin=true;

$wgShowExceptionDetails = true;


13:30, 1 August 2019 4 years ago
Cindy.cicalese (talkcontribs)

Could you please include the part of the debug log before that point? In particular, was there any previous debugging output from PluggableAuth or any of the LDAP extensions?


@Osnard, does the LDAP config look OK?

17:10, 2 August 2019 4 years ago
MarkAHershberger (talkcontribs)

Debug logs would definitely help. This part is especially confusing:

DomainException from line 612 of /var/lib/mediawiki/includes/auth/AuthManager.php: PluggableAuthPrimaryAuthenticationProvider returned an invalid username:

Somehow you're getting an empty username instead of null or whatever you entered.

17:55, 2 August 2019 4 years ago
Osnard (talkcontribs)

Please check the value of connection.usernameattribute in the domain config of LDAPProvider. Be aware that this value is case sensitive. So if ShowUserInfo.php lists samaccountname a value of samAccountName will not work. These values need to match. There is already a Phabricator task: https://phabricator.wikimedia.org/T226693

10:53, 5 August 2019 4 years ago
Retrieved from "https://www.mediawiki.org/wiki/Topic:V4l7wnql3gy0v8dm"