Hi there,
currently I am trying to add LDAP authentication to my media wiki instance. I was able to log in once but on logging back in i revive the above error.
Mediawiki : 1.31
PHP: 7.2
Mysql: 5.5.62
Here is my LocalSetting.php
<?php
# This file was automatically generated by the MediaWiki 1.23.6
# installer. If you make manual changes, please keep track in case you
# need to recreate them later.
#
# See includes/DefaultSettings.php for all configurable settings
# and their default values, but don't forget to make changes in _this_
# file, not there.
#
# Further documentation for configuration settings may be found at:
# https://www.mediawiki.org/wiki/Manual:Configuration_settings
# Protect against web entry
if ( !defined( 'MEDIAWIKI' ) ) {
exit;
}
wfLoadSkin( 'Vector' );
## Uncomment this to disable output compression
# $wgDisableOutputCompression = true;
## The protocol and server name to use in fully-qualified URLs
$wgServer = "https://site.com";
## The relative URL path to the skins directory
$wgStylePath = "$wgScriptPath/skins";
## The relative URL path to the logo. Make sure you change this from the default,
## or else you'll overwrite your logo when you upgrade!
$wgLogo = "$wgScriptPath/images/cis_logo.png";
## UPO means: this is also a user preference option
$wgEnableEmail = false;
$wgEnableUserEmail = true; # UPO
$wgEmergencyContact = "webmaster@site.com";
$wgPasswordSender = "webmaster@site.com";
$wgEnotifUserTalk = false; # UPO
$wgEnotifWatchlist = false; # UPO
$wgEmailAuthentication = true;
## Database settings
$wgDBtype = "mysql";
$wgDBserver = "mysql.site.com";
$wgDBname = "dbuser";
$wgDBuser = "dbuser";
$wgDBpassword = "dbpassword";
# MySQL table options to use during installation or update
$wgDBTableOptions = "ENGINE=InnoDB, DEFAULT CHARSET=utf8";
# Experimental charset support for MySQL 5.0.
$wgDBmysql5 = false;
## Shared memory settings
$wgMainCacheType = CACHE_NONE;
$wgParserConf = array('class' => 'Parser',);
#$wgMainCacheType = CACHE_MEMCACHED;
#$wgMemCachedServers = ['127.0.0.1:11211'];
#$wgSessionsInMemcached = true;
## To enable image uploads, make sure the 'images' directory
## is writable, then set this to true:
$wgEnableUploads = true;
$wgUseImageMagick = true;
$wgImageMagickConvertCommand = "/usr/bin/convert";
# InstantCommons allows wiki to use images from http://commons.wikimedia.org
$wgUseInstantCommons = false;
## If you use ImageMagick (or any other shell command) on a
## Linux server, this will need to be set to the name of an
## available UTF-8 locale
$wgShellLocale = "en_US.utf8";
## If you want to use image uploads under safe mode,
## create the directories images/archive, images/thumb and
## images/temp, and make them all writable. Then uncomment
## this, if it's not already uncommented:
#$wgHashedUploadDirectory = false;
## Set $wgCacheDirectory to a writable directory on the web server
## to make your wiki go slightly faster. The directory should not
## be publically accessible from the web.
#$wgCacheDirectory = "$IP/cache";
# Site language code, should be one of the list in ./languages/Names.php
$wgLanguageCode = "en";
## Default skin: you can change the default skin. Use the internal symbolic
## names, ie 'cologneblue', 'monobook', 'vector':
$wgDefaultSkin = "vector";
## For attaching licensing metadata to pages, and displaying an
## appropriate copyright notice / icon. GNU Free Documentation
## License and Creative Commons licenses are supported so far.
$wgRightsPage = ""; # Set to the title of a wiki page that describes your license/copyright
$wgRightsUrl = "";
$wgRightsText = "";
$wgRightsIcon = "";
# Path to the GNU diff3 utility. Used for conflict resolution.
$wgDiff3 = "/usr/bin/diff3";
# The following permissions were set based on your choice in the installer
$wgGroupPermissions['*']['createaccount'] = false;
$wgGroupPermissions['*']['edit'] = false;
$wgDebugLogFile = "/path/to/error.log";
$wgDebugLogGroups['LDAPProvider'] = '/path/to/LDAP.log';
$
# End of automatically generated settings.
# Add more configuration options below.
# Misc settings
#$wgFileExtensions = array_merge( $wgFileExtensions, array( 'zip' ) );
# LDAP
error_reporting( -1 );
ini_set( 'display_errors', 1 );
#$wgLDAPDebug = 0;
#$wgShowSQLErrors = true;
#$wgDebugDumpSql = true;
#$wgShowDBErrorBacktrace = true;
$wgShowExceptionDetails = true;
wfLoadExtensions( [
'PluggableAuth',
'Auth_remoteuser',
'LDAPProvider',
'LDAPAuthentication2',
'LDAPAuthorization',
'LDAPGroups',
'LDAPUserInfo'
] );
$wgAuthRemoteuserAllowUserSwitch = true;
$wgPluggableAuth_EnableLocalLogin = false;
$wgShowExceptionDetails = true;
#$wgAuthRemoteuserUserNameReplaceFilter = [
# '@win2.cs.ksu.edu$' => ''
#];
$wgAuthRemoteuserUserName = function() {
$user = '';
if( isset( $_SERVER[ 'REMOTE_USER' ] ) ) {
$user = strtolower( $_SERVER[ 'REMOTE_USER' ] );
}
return $user;
};
$LDAPProviderDomainConfigProvider = function() {
$config = [
'AD' => [
'connection' => [
"server" => "AD.site.com",
"user" => "CN=searchuser,CN=Users,DC=site,DC=com",
"pass" => 'searchuser_pass',
"options" => [
"LDAP_OPT_DEREF" => 1
],
"grouprequest" => "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\UserMemberOf::factory",
"emailattribute" => "saaccountname",
"basedn" => "dc=site,dc=com",
"groupbasedn" => "dc=site,dc=com",
"userbasedn" => "dc=site,dc=com",
"searchattribute" => "samaccountname",
"searchstring" => "",
"usernameattribute" => "samaccountname",
"realnameattribute" => "cn"
],
'authorization' => [
'rules' => [
'groups' => [
'required' => [
'cn=admins,dc=site,dc=com'
]
]
]
],
'userinfo' => [
"attributes-map" => [
"realname" => "cn"
]
],
'groupsync' => [
"mechanism" => "mappedgroups",
"mapping" => [
"sysop" => "cn=admins,dc=site,dc=com",
"customgroup" => "CN=Users,DC=site,DC=com"
]
]
]
];
return new \MediaWiki\Extension\LDAPProvider\DomainConfigProvider\InlinePHPArray( $config );
};
# timezone
$wgLocaltimezone = "US/Central";
date_default_timezone_set( $wgLocaltimezone );
# turn on the nice editor by default.
wfLoadExtensions(['WikiEditor']);
# WikiEditor Options
#wfLoadExtension( ['VisualEditor'] );
$wgDefaultUserOptions['usebetatoolbar'] = 1;
$wgDefaultUserOptions['usebetatoolbar-cgd'] = 1;
# Displays the Preview and Changes tabs
$wgDefaultUserOptions['wikieditor-preview'] = 1;
# Displays the Publish and Cancel buttons on the top right side
$wgDefaultUserOptions['wikieditor-publish'] = 1;
# allow linking/embedding of images from external sites
$wgAllowExternalImages = true;
# Enable Seealso extension
# H.D.G. 1/15/2015
#require_once "$IP/extensions/Seealso/Seealso.php";
# Enable MsUpload extension
# H.D.G. 1/15/2015
#equire_once "$IP/extensions/MsUpload/MsUpload.php";
#wfLoadExtension( ['MsUpload']);
# Enable Labeled Section Transclusion
# H.D.G 1/23/15
#require_once "$IP/extensions/LabeledSectionTransclusion/lst.php";
#require_once "$IP/extensions/LabeledSectionTransclusion/lsth.php";
# Enable syntax highlighting
# SDG 2/25/2016
#require_once "$IP/extensions/SyntaxHighlight_GeSHi/SyntaxHighlight_GeSHi.php";
Here are the logs the issues causes.
IP: 192.168.1.5
Start request POST /Docs/index.php?title=Special:UserLogin&returnto=Main+Page
HTTP HEADERS:
HOST: site.com
USER-AGENT: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0
ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
ACCEPT-LANGUAGE: en-US,en;q=0.5
ACCEPT-ENCODING: gzip, deflate, br
CONTENT-TYPE: application/x-www-form-urlencoded
CONTENT-LENGTH: 237
ORIGIN: https://site.com
CONNECTION: keep-alive
REFERER: https://site.com/Docs/index.php?title=Special:UserLogin&returnto=Main+Page
COOKIE: support_dev_wm_UserName=myuser; support_dev_wm_51a2e67c_session=hq9p1mjl1at2ihtt4dgppnealuc589uh
UPGRADE-INSECURE-REQUESTS: 1
[caches] cluster: EmptyBagOStuff, WAN: mediawiki-main-default, stash: db-replicated, message: SqlBagOStuff, session: SqlBagOStuff
[caches] LocalisationCache: using store LCStoreDB
[CryptRand] 0 bytes of randomness leftover in the buffer.
[DBConnection] Wikimedia\Rdbms\LoadBalancer::openConnection: calling initLB() before first connection.
[DBReplication] Cannot use ChronologyProtector with EmptyBagOStuff.
[DBReplication] Wikimedia\Rdbms\LBFactory::getChronologyProtector: using request info {
"IPAddress": "192.168.1.5",
"UserAgent": "Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:70.0) Gecko\/20100101 Firefox\/70.0",
"ChronologyProtection": false,
"ChronologyPositionIndex": 0
}
[DBConnection] Wikimedia\Rdbms\LoadBalancer::openConnection: connected to database 0 at 'db.site.com'.
[SQLBagOStuff] Connection 6325684 will be used for SqlBagOStuff
[CryptRand] 0 bytes of randomness leftover in the buffer.
[session] SessionBackend "2ca7ii61auemaic26d3fnefgrusmamrh" is unsaved, marking dirty in constructor
[session] SessionBackend "2ca7ii61auemaic26d3fnefgrusmamrh" save: dataDirty=1 metaDirty=1 forcePersist=0
[cookie] setcookie: "support_dev_wm_51a2e67c_session", "", "1544038447", "/", "", "1", "1"
[cookie] already deleted setcookie: "support_dev_wm_51a2e67cUserID", "", "1544038447", "/", "", "1", "1"
[cookie] already deleted setcookie: "support_dev_wm_51a2e67cToken", "", "1544038447", "/", "", "1", "1"
[cookie] already deleted setcookie: "forceHTTPS", "", "1544038447", "/", "", "", "1"
[DBConnection] Wikimedia\Rdbms\LoadBalancer::openConnection: connected to database 0 at 'db.site.com'.
[session] SessionBackend "2ca7ii61auemaic26d3fnefgrusmamrh" force-persist due to persist()
[session] SessionBackend "2ca7ii61auemaic26d3fnefgrusmamrh" save: dataDirty=0 metaDirty=1 forcePersist=1
[cookie] setcookie: "support_dev_wm_51a2e67c_session", "2ca7ii61auemaic26d3fnefgrusmamrh", "0", "/", "", "1", "1"
[cookie] already deleted setcookie: "support_dev_wm_51a2e67cRemoteToken", "", "1578166447", "/", "", "1", "1"
[cookie] already deleted setcookie: "support_dev_wm_51a2e67cUserID", "", "1544038447", "/", "", "1", "1"
[cookie] already deleted setcookie: "support_dev_wm_51a2e67cToken", "", "1544038447", "/", "", "1", "1"
[cookie] already deleted setcookie: "forceHTTPS", "", "1544038447", "/", "", "", "1"
[session] SessionBackend "2ca7ii61auemaic26d3fnefgrusmamrh" Taking over PHP session
[session] SessionBackend "2ca7ii61auemaic26d3fnefgrusmamrh" save: dataDirty=0 metaDirty=1 forcePersist=1
[cookie] already set setcookie: "support_dev_wm_51a2e67c_session", "2ca7ii61auemaic26d3fnefgrusmamrh", "0", "/", "", "1", "1"
[cookie] already deleted setcookie: "support_dev_wm_51a2e67cRemoteToken", "", "1578166447", "/", "", "1", "1"
[cookie] already deleted setcookie: "support_dev_wm_51a2e67cUserID", "", "1544038447", "/", "", "1", "1"
[cookie] already deleted setcookie: "support_dev_wm_51a2e67cToken", "", "1544038447", "/", "", "1", "1"
[cookie] already deleted setcookie: "forceHTTPS", "", "1544038447", "/", "", "", "1"
[MessageCache] MessageCache::load: Loading en... local cache is empty, global cache is expired/volatile, loading from database
Unstubbing $wgParser on call of $wgParser::firstCallInit from MessageCache->transform
Parser: using preprocessor: Preprocessor_DOM
Unstubbing $wgLang on call of $wgLang::_unstub from ParserOptions->__construct
QuickTemplate::__construct was called with no Config instance passed to it
[CryptRand] 0 bytes of randomness leftover in the buffer.
[session] SessionBackend "2ca7ii61auemaic26d3fnefgrusmamrh" data dirty due to dirty(): LoginSignupSpecialPage->getFakeTemplate/SpecialUserLogin->getToken/MediaWiki\Session\Session->getToken/MediaWiki\Session\Session->set/MediaWiki\Session\SessionBackend->dirty
[session] SessionBackend "2ca7ii61auemaic26d3fnefgrusmamrh" save: dataDirty=1 metaDirty=0 forcePersist=0
MediaWiki::preOutputCommit: primary transaction round committed
MediaWiki::preOutputCommit: pre-send deferred updates completed
MediaWiki::preOutputCommit: LBFactory shutdown completed
[cookie] setcookie: "UseDC", "master", "1575574457", "/", "", "1", "1"
[cookie] setcookie: "UseCDNCache", "false", "1575574457", "/", "", "1", "1"
OutputPage::sendCacheControl: private caching; **
Request ended normally
[session] Saving all sessions on shutdown
[DBConnection] Wikimedia\Rdbms\{closure}: closing connection to database 'db.site.com'.
[DBConnection] Wikimedia\Rdbms\{closure}: closing connection to database 'db.site.com'.
Thanks in advance!