Topic on Extension talk:LDAPAuthentication2

Hello,

I'm trying to configure a MW installation to use AD for authentication. I modified LocalSettings.php and created ldap.json.

I run extensions/LDAPProvider/maintenance/ShowUserInfo.php, ShowUserGroups.php and CheckLogin.php scripts and all three works fine. Therefore at this point I was confident. But...

When I try to login I receive the message "Fatal error authenticating user" and I find three lines like the following in the log file:

ErrorException from line 42 of /var/www/mediawiki-1.34.1/extensions/LDAPAuthentication2/src/PluggableAuth.php: PHP Notice: Trying to access array offset on value of type null

The same for lines 43 and 44. This means that the variable $extraLoginFields is empty. But why? Why it needs extra login fields? Documentation, about $wgPluggableAuth_ExtraLoginFields says "This configuration variable may be set by authentication plugins and should not be set by wiki site administrators".

It happens even if I use a fake username or a wrong password therefore it seems it's not an authentication issue.

I tried with or without LDAPAuthorization and LDAPGroup extensions enabled but the result is the same.

Any suggest?

Best regards

My configuration:

MW: 1.34.1

Php: 7.4.3

LDAPAuthentication2, LDAPAuthorization, LDAPGroups, LDAPProvider, LDAPUserInfo, PluggableAuth: latest version

my LocalSettings.php modifications:

$ldapJsonFile = "$IP/ldap.json";

wfLoadExtension( 'PluggableAuth' );

wfLoadExtension( 'LDAPProvider' );

wfLoadExtension( 'LDAPAuthentication2' );

wfLoadExtension( 'LDAPAuthorization' );

wfLoadExtension( 'LDAPUserInfo' );

wfLoadExtension( 'LDAPGroups' );

$LDAPProviderDomainConfigs = $ldapJsonFile;

$LDAPAuthentication2AllowLocalLogin = false;

$wgPluggableAuth_ButtonLabel = "Log In";

my ldap.json:

{

   "MY.DOMAIN": {

       "connection": {

           "server": "adserver.ip.domain",

           "user": "aduser",

           "pass": "pass",

           "options": {

               "LDAP_OPT_DEREF": 1

           },

           "port": "636",

           "enctype": "ssl",

           "basedn": "DC=my,DC=domain",

           "userbasedn": "OU=Users,OU=organization,DC=my,DC=domain",

           "groupbasedn": "OU=Groups,OU=organization,DC=my,DC=domain",

           "grouprequest": "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\UserMemberOf::factory",

           "searchattribute": "sAMAccountName",

           "usernameattribute": "sAMAccountName",

           "realnameattribute": "cn",

           "emailattribute": "mail",

           "presearchusernamemodifiers": [ "spacestounderscores", "lowercase" ]

       },

       "userinfo": [],

       "groupsync": []

   }

}

The values for $wgPluggableAuth_ExtraLoginFields are defined in LDAPAuthentication2/src/ExtraLoginFields.php. It is set in Setup.php of the same extension. Could you try to debug this, by checking whether the variable is properly set in that function?

I did some debug. It seems it is not a problem with ExtraLoginFields. It is set and has original values form DOMAIN, USERNAME and PASSWORD attributes.

The issue is with the call of AuthManager->getAuthenticationSessionData() method.

Authmanager is set using

$authManager = AuthManager::singleton();

It is defined and it seems correct.

Instead, the call of $authManager->getAuthenticationSessionData(PluggableAuthLogin::EXTRALOGINFIELDS_SESSION_KEY) returns null;

PluggableAuthLogin::EXTRALOGINFIELDS_SESSION_KEY has the value "PluggableAuthLoginExtraLoginFields".

I did some debug on authManager->getAuthenticationSessionData().

Before the login, if I do a refresh of the page, it works and gives the values of the previous login attempt. After click on "Login" button the call of

$this->request->getSession()->getSecret( 'authData' );

returns null.

Quite strange.

Sorry if it is not clear but I not a big expert of php.

This looks like you might have an issue with the session storage in general. If you disable the LDAP-Stack extension, can you log in with a local user and stay logged in?

You put me on the right direction. I set up the local authentication before. Then, after some tweaking, it works now.

Thank you

Glad I could help

I'm having the same issue trying to build a new mediawiki server with AD authentication. ShowUserinfo and CheckLogin were successful but when I login I get Fatal error authenticating user. In the error logs I get "PHP Notice:  Trying to access array offset on value of type null in E:\Inetpub\wwwroot\mediawiki\extensions\LDAPAuthentication2\src\PluggableAuth.php on line 45" and for lines 46 and 47. Debug logs show "[error] [94c23f1e792b385369135ec0] /index.php?title=Special:PluggableAuthLogin   ErrorException: PHP Notice: Trying to access array offset on value of type null". I can login successfully with a local account. I followed the instructions from this page, "Manual:Installing MediaWiki on Windows Server 2019 - MediaWiki". I worked through the errors one by one but this is the last one that's got me stuck. BTW, I'm an Infrastructure engineer/Cloud Architect and a PHP newbie. I'm learning along the way.

I'm running the following version. MediaWiki 1.36.1, PHP 7.4.24 nts, running on IIS on Windows Server 2019.

Update: I configured the website to use HTTPS/SSL for more security. Using HTTPS I get the login error. I tested using HTTP and I was able to login using my AD account. I am not sure how to resolve for using HTTPS.

The LDAP-Stack extensions are completely agnostic to the protocoll used by the webserver. Maybe you need to reconfigure your wiki in general. Have a look at Manual:$wgServer.

Thank you Osnard. That did the trick.