I have tried every combination of plugins to get my Mediawiki to authenticate using LDAP to Active Directory with no such luck. I have attempted to convert from LDAPAuthentication, to LDAPHub migration. When attempting to login, I am now receiving this error, "There seems to be a problem with your login session; this action has been canceled as a precaution against session hijacking. Please resubmit the form." Any Help would be appreciated. All was working fine with LDAPAuthencation before the upgrade. Thanks again.
Topic on Project:Support desk
try setting $wgSessionCacheType = CACHE_DB;
Tried your suggestion. Still no luck. I was at one point able to get it to return my full name from the table, but still failed on login like it wasn't excepting the group I was limiting it to. "Username Not Authorized"
Added this to my localsettings.php file. still no luck. attaching the config I am using for ldap if this may help. Checked that all extensions are loaded, but still get the same error about session hijacking.
wfLoadExtensions( [
'PluggableAuth',
'Auth_remoteuser',
'LDAPProvider',
'LDAPAuthentication2',
'LDAPAuthorization',
'LDAPUserInfo'
] );
$LDAPAuthorizationAutoAuthRemoteUserStringParser = 'username-at-domain';
$LDAPAuthentication2UsernameNormalizer = 'strtolower';
$LDAPAuthentication2AllowLocalLogin = true;
$wgAuthRemoteuserAllowUserSwitch = true;
$wgPluggableAuth_EnableLocalLogin = false;
$wgAuthRemoteuserUserName = function() {
$user = '';
if( isset( $_SERVER[ 'REMOTE_USER' ] ) ) {
$user = strtolower( $_SERVER[ 'REMOTE_USER' ] );
}
return $user;
};
$LDAPProviderDomainConfigProvider = function() {
$config = [
'domain.net' => [
'connection' => [
"server" => "Server.oishq.net",
"user" => "cn=username,cn=users,dc=domain,dc=net",
"pass" => "XXXXXX",
"port" => "389",
"enctype" => "clear",
"options" => [
"LDAP_OPT_DEREF" => 1
],
"basedn" => "dc=domain,dc=net",
"groupbasedn" => "cn=users,dc=domain,dc=net",
"userbasedn" => "dc=domain,dc=net",
"searchattribute" => "uid",
"usernameattribute" => "uid",
"realnameattribute" => "fullname",
"emailattribute" => "mail",
"grouprequest" => "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\UserMemberOf::factory"
],
'authorization' => [
'rules' => [
'groups' => [
'required' => [
'cn=wiki-admin,cn=users,dc=domain,dc=net'
]
]
]
],
'userinfo' => [
'attributes-map' => [
'email' => 'mail',
'realname' => 'fullname'
]
]
]
];
return new \MediaWiki\Extension\LDAPProvider\DomainConfigProvider\InlinePHPArray( $config );
};
- You are not setting
$wgAuthRemoteUserNamecorrectly. See the documentation. - If you want to use Auth_remoteuser, then you do not want to also include LDAPAuthentication2. Choose one. See the LDAPStack flow chart.
