Topic on Extension talk:LDAPAuthorization

Screwing up my ldap.json file with authorization section

10 comments • 21:18, 12 November 2020 3 years ago

10

Rosenblitt (talkcontribs)

Every time I add the authorization section to the ldap.json file, I get the following errors when I run the maintenance/update.php code.

Found invalid JSON in file: /var/www/html/wiki/ldap.json



PHP Warning:  count(): Parameter must be an array or an object that implements Countable in /var/www/html/wiki/extensions/LDAPProvider/src/DomainConfigProvider/LocalJSONFile.php on line 53

[436fc5157dc2c6d4b9499735] [no req]   MWException from line 54 of /var/www/html/wiki/extensions/LDAPProvider/src/DomainConfigProvider/LocalJSONFile.php: Could not parse configuration file '/var/www/html/wiki/ldap.json'!

Backtrace:

#0 /var/www/html/wiki/extensions/LDAPProvider/src/DomainConfigProvider/LocalJSONFile.php(73): MediaWiki\Extension\LDAPProvider\DomainConfigProvider\LocalJSONFile->__construct(string)

#1 [internal function]: MediaWiki\Extension\LDAPProvider\DomainConfigProvider\LocalJSONFile::newInstance(MediaWiki\Extension\LDAPProvider\Config)

#2 /var/www/html/wiki/extensions/LDAPProvider/src/DomainConfigFactory.php(106): call_user_func_array(string, array)

#3 /var/www/html/wiki/extensions/LDAPAuthentication2/src/Setup.php(12): MediaWiki\Extension\LDAPProvider\DomainConfigFactory::getInstance()

#4 /var/www/html/wiki/includes/Setup.php(906): MediaWiki\Extension\LDAPAuthentication2\Setup::init()

#5 /var/www/html/wiki/maintenance/doMaintenance.php(83): require_once(string)

#6 /var/www/html/wiki/maintenance/update.php(277): require_once(string)

#7 {main}

This is my ldap.json code. I'm able to connect and authenticate without the authorization config set. {



  "itorg.ad.buffalo.edu": {

     "connection": {

        "server": "itorg.ad.buffalo.edu",

        "port": "636",

        "user": "CN=#######,OU=Users,OU=UBSA,OU=StudentAssociation,OU=ITORGS,DC=itorg,DC=ad,DC=buffalo,DC=edu",

        "pass": "#######",

        "enctype": "ssl",

        "options": {

                "LDAP_OPT_DEREF": 1

        },

        "basedn": "DC=itorg,DC=ad,DC=buffalo,DC=edu",

        "userbasedn": "DC=itorg,DC=ad,DC=buffalo,DC=edu",

        "groupbasedn": "DC=itorg,DC=ad,DC=buffalo,DC=edu",

        "searchattribute": "samaccountname",

        "usernameattribute": "samaccountname",

        "realnameattribute": "cn",

        "emailattribute": "mail",

        "grouprequest": "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\UserMemberOf::factory",

        "presearchusernamemodifiers": [ "spacestounderscores", "lowercase" ]

     },

     "userinfo": [],

     "authorization" =>[

        "rules" =>[

            "groups" =>[

                "required" => [ "CN=UBSA_Student_Staff,OU=Groups,OU=UBSA,OU=StudentAssociation,OU=ITORGS,DC=itorg,DC=ad,DC=buffalo,DC=edu" ]

            ]

        ]

     ],

     "groupsync": {

        "mapping": {

           "sysop": "CN=UBSA_Pro_Staff,DC=itorg,DC=ad,DC=buffalo,DC=edu"

        }

     }

   }

}

I'd REALLY appreciate any help out there... I have read through the other similar issues below, but I believe I have already implemented the suggestions that helped people out already. I've been knocking my head against the wall on this one for a couple weeks now.

Reply Edited 21:32, 28 May 2020 3 years ago

Rosenblitt (talkcontribs)

Reply Edited 15:32, 29 May 2020 3 years ago

Osnard (talkcontribs)

Looks like you mixed PHP any JSON syntax in the "authorization" part. Please try this:

{
	"itorg.ad.buffalo.edu": {
		"connection": {
			"server": "itorg.ad.buffalo.edu",
			"port": "636",
			"user": "CN=#######,OU=Users,OU=UBSA,OU=StudentAssociation,OU=ITORGS,DC=itorg,DC=ad,DC=buffalo,DC=edu",
			"pass": "#######",
			"enctype": "ssl",
			"options": {
				"LDAP_OPT_DEREF": 1
			},
			"basedn": "DC=itorg,DC=ad,DC=buffalo,DC=edu",
			"userbasedn": "DC=itorg,DC=ad,DC=buffalo,DC=edu",
			"groupbasedn": "DC=itorg,DC=ad,DC=buffalo,DC=edu",
			"searchattribute": "samaccountname",
			"usernameattribute": "samaccountname",
			"realnameattribute": "cn",
			"emailattribute": "mail",
			"grouprequest": "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\UserMemberOf::factory",
			"presearchusernamemodifiers": ["spacestounderscores", "lowercase"]
		},

		"userinfo": [],
		"authorization": {
			"rules": {
				"groups": {
					"required": ["CN=UBSA_Student_Staff,OU=Groups,OU=UBSA,OU=StudentAssociation,OU=ITORGS,DC=itorg,DC=ad,DC=buffalo,DC=edu"]
				}
			}
		},
		"groupsync": {
			"mapping": {
				"sysop": "CN=UBSA_Pro_Staff,DC=itorg,DC=ad,DC=buffalo,DC=edu"
			}
		}
	}
}

Reply 05:50, 29 May 2020 3 years ago

Rosenblitt (talkcontribs)

You nailed it! I didn't even notice. It's very rare for me to edit json files, so thats totally on me. @Osnard, thank you again for pointing me in the right direction on all of this. I didn't realize that you are who you are, sorry again for emailing you direct the other day! You also helped me out once 2 weeks ago when I first started this project. Your help has been invaluable with this!

Reply 15:32, 29 May 2020 3 years ago

Osnard (talkcontribs)

Glad to hear this! Thanks!

Reply 08:14, 2 June 2020 3 years ago

Amaury Palao (talkcontribs)

Hello, I get the same error message from the apache log file : [client 132.156.9.193:62252] AH01071: Got error 'PHP message: Found invalid JSON in file: /media/wiki_cits35/ldap.json', referer: http://132.156.9.74:8080/index.php?title=Sp%C3%A9cial:Connexion&returnto=Accueil

However I don't think I have the same probleme. Here is my ldap.json.

{

"xxxx.xxx.xxx": {

"connection": {

"server": "xxxxx.xxx.xx.xx",

"port": "389",

"user": "CN=mediawiki-sa,CN=Users,DC=lenfiber,DC=local",

"pass": "*******",

"enctype": "clear",

"options": {

"LDAP_OPT_DEREF": 1

},

"basedn": "dc=nrn,dc=nrcan,dc=gc,dc=ca",

"userbasedn": "dc=nrn,dc=nrcan,dc=gc,dc=ca",

"groupbasedn": "dc=nrn,dc=nrcan,dc=gc,dc=ca",

"searchattribute": "samaccountName",

"usernameattribute": "samaccountname",

"realnameattribute": "cn",

"emailattribute": "mail",

"grouprequest": "Mediawiki\\Extension\\LDAPProvider\\UserGroupsRequest\\UserMemberOf::factory",

"presearchusernamemodifiers": [ "spacestounderscores", "lowercase" ]

},

"userinfo": [],

"authorization": []

"groupsync": []

}

Thank you for any help

Reply Edited 14:23, 6 November 2020 3 years ago

Osnard (talkcontribs)

The line "authorization": [] misses a comma. You can use tools like http://jsonlint.com/ to validate your json (*Be careful with sesitive data!*).

Reply 12:33, 9 November 2020 3 years ago

Amaury Palao (talkcontribs)

Thank you, I've implemented your solution, however the same error pop up. I have double check my ldap.json with the tool given.

Reply 16:17, 9 November 2020 3 years ago

Osnard (talkcontribs)

Well, that is strange. If you are using PHP-FPM, try restarting that service. Also make sure that the webserver user ("apache"?) has access permissions for this file.

Reply 11:14, 10 November 2020 3 years ago

Amaury Palao (talkcontribs)

I have rebuild an other wiki with the same configuration. While doing so, I notice on the home page of mediawiki a notice saying the following : Warning:MediaWiki is not compatible with PHP 7.4.0 to 7.4.2 due to an upstream bug. See task T246594 for more information.

So i believe the source of my problemes was the version of php.

I tested this theorie with my new wiki and it was proven true. Now my connection work.

Thank you for all your help.

Reply 21:18, 12 November 2020 3 years ago

Reply to "Screwing up my ldap.json file with authorization section"