Topic on Extension talk:PluggableAuth

Hello,

i run Ubuntu 18.04 with apache2 php7.3 mediawiki 1.31 (Bluespice).

I have activated the plugins LDAPProvider, PluggableAuth and LDAPAuthentication2.

The connection to LDAP works, however when trying to login via LDAP it says: "Auto-creation of a local account failed: Automatic account creation is not allowed."

Original (German): "Die automatische Erstellung des lokalen Benutzerkontos ist fehlgeschlagen: Die automatische Benutzerkontenerstellung ist nicht erlaubt."

Local-Login still works.

-Found some workaround where i first create a new account with the name of the AD-user and then log in with those AD credentials but that didn´t work either.

-put those to my LocalSettings.php:

$wgGroupPermissions['*']['createaccount'] = true;

$wgGroupPermissions['*']['autocreateaccount'] = true;

$wgLDAPDisableAutoCreate = array(

   '**addomain**' => false

);

Don´t think this has anything to do with it, but my Database always throws this Warning:

Warning in ./libraries/sql.lib.php#613

count(): Parameter must be an array or an object that implements Countable

There are no errors in access-bluespice.log, access.log, error-bluespice.log, error.log.

What do i have to do to get this working?

Any help is much appreciated!!!

PHP debug:

• [DBQuery] firmuswiki SELECT /* User::idFromName */ user_id FROM `user` WHERE user_name = 'username' LIMIT 1
• [authentication] Primary login with PluggableAuthPrimaryAuthenticationProvider succeeded
• [DBQuery] firmuswiki SELECT /* User::idFromName */ user_id FROM `user` WHERE user_name = 'username' LIMIT 1
• [authentication] Auto-creating username on login
• [authentication] MediaWiki\Auth\AuthManager::autoCreateUser: blacklisted in session cvh1k0sl19jar76cbtc4fa222b61kc0g

Topic:Tgdofnhfke1w3w7e didnt help me

Clearing the Cache doesn´t help here either.

Can anyone tell me how to fix this?

The blacklisted comment comes from this code. "Auto-creating username on login" appears to come from here which showed me that you are using "username" as the username. Is that right?

Yep 'username' is the username here in the above debug messages.

Thank you for those references, it saved some sessions in '$IP/cache' and in my db table 'objectcache' now i get following german error:

"Es gab ein Problem bei der Übertragung deiner Benutzerdaten. Diese Aktion wurde daher sicherheitshalber abgebrochen, um eine falsche Zuordnung deiner Änderungen zu einem anderen Benutzer zu verhindern. Bitte sende das Formular erneut ab."

In english it´s something like "Your login credentials could not be sent, therefore this action has been stopped to prevent wrong assignments to different users. Please resent the form."

Have tried some cache-settings variations

$wgMainCacheType = CACHE_ANYTHING; #also tried CACHE_NONE, CACHE_ACCEL

$wgSessionCacheType = CACHE_ANYTHING; #also tried CACHE_NONE, CACHE_ACCEL

$wgMemCachedServers = [];

$wgSessionsInMemcached = true;

session_save_path("tmp"); #was not set before

Any idea?

If you set $wgSessionsInMemcached = true, you'll also need to provide servers in $wgMemCachedServers.

You don't need to set $wgSessionCacheType since sessions are always stored in the object cache.

I recommend you install memcached and just use that for caching. That is, use $wgMainCacheType = CACHE_MEMCACHED;

I finally got it to work with

$GLOBALS['bsgPermissionConfig']['autocreateaccount'] = [ 'type' => 'global', "roles" => [ 'autocreateaccount' ] ];

$GLOBALS['bsgGroupRoles']['*']['autocreateaccount'] = true;

and these settings for caching:

$wgMainCacheType = CACHE_MEMCACHED;

$wgMemCachedServers = ["127.0.0.1:11211"];

$wgSessionsInMemcached = true;

Thanks!