Topic on Extension talk:LDAPAuthentication2

Dimassc (talkcontribs)

I'm trying to migrate from the old LdapAuthentication to the new LDAP Hub extensions. Now I can login with the ldap domain but can't login with local users.

Sorry, I created a similar entry in Topic:Vu74cyrkefdaua69 but I think LDAPAutentication2 is the responsable plugin, you can delete the other post.

If I've $LDAPAuthentication2AllowLocalLogin = true and $wgPluggableAuth_EnableAutoLogin = false it don't work (i select 'local' domain of course). But if I set it the other way around I can login with a local user (it appears two login buttons, the first works, the second don't work because it tries to login to the domain).

For the local login I created a user like this:

php ./wikiutic/maintenance/createAndPromote.php --force --bureaucrat admin password

My LocalSettings.php :

# Autenticació LDAP

wfLoadExtensions( [

   'PluggableAuth', // Autenticació base

   'LDAPProvider', // Autenticació base

   'LDAPAuthentication2', // Autenticació base

   'LDAPAuthorization', // Per restringir accés per grups

   'LDAPGroups' // Per sincronitzar grups ldap amb locals

] );

// $wgPluggableAuth_EnableAutoLogin = true; /* Si activem desactiva la opció de fer logout */

$wgPluggableAuth_EnableLocalLogin = false;

$wgPluggableAuth_ButtonLabel = "Inicia sessió";

$LDAPAuthentication2UsernameNormalizer = 'strtoupper'; // strtolower no funciona

$LDAPAuthentication2AllowLocalLogin = true;

$wgLDAPUseLocal = false; // Permetre autentificació local wiki. Mirar que no estigui sobreescrit a LdapAuthentication.php

$LDAPProviderDomainConfigProvider = function() {

   $config = [

       'LDAP' => [

           'connection' => [

               "server" => "golum.trueta.intranet",

               "enctype" => 'clear',

               "basedn" => "dc=htrueta,dc=intranet",

               "userbasedn" => "dc=htrueta,dc=intranet", // u=Users,dc=htrueta,dc=intranet

               "searchstring" => "uid=USER-NAME,ou=Users,dc=htrueta,dc=intranet",

               "searchattribute" => "uid",

               "usernameattribute" => "uid",

               "realnameattribute" => "cn",

               "emailattribute" => "mail",

               "groupbasedn" => "dc=htrueta,dc=intranet", // ou=Groups,dc=htrueta,dc=intranet

               "groupattribute" => "memberuid",

               "groupobjectclass" => "posixgroup",

               "grouprequest" => "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\Configurable::factory"

           ],

           'authorization' => [

               'rules' => [

                   'groups' => [

                       'required' => [ "cn=Domain Admins,ou=Groups,dc=htrueta,dc=intranet",

                                       "cn=s103,ou=Groups,dc=htrueta,dc=intranet",

                                       "cn=wikiUtic,ou=Groups,dc=htrueta,dc=intranet",

                                       "cn=wikiUticLectura,ou=Groups,dc=htrueta,dc=intranet",

                                       "cn=lt2b,ou=Groups,dc=htrueta,dc=intranet",

                                       "cn=lt1,ou=Groups,dc=htrueta,dc=intranet",

                                       "cn=lt15,ou=Groups,dc=htrueta,dc=intranet"]

                   ]

               ]

           ],

           'groupsync' => [

               "mechanism" => "allgroups",

               "mapping" => [

                   "s103" => "cn=s103,ou=Groups,dc=htrueta,dc=intranet",

                   "Domain admins" => "cn=Domain Admins,ou=Groups,dc=htrueta,dc=intranet"

               ],

               "locally-managed" => [ "local", "wiki", "group", "names" ]

           ]

       ]

   ];

   return new \MediaWiki\Extension\LDAPProvider\DomainConfigProvider\InlinePHPArray( $config );

};

I tried with $wgPluggableAuth_EnableLocalLogin to true but two login buttons appears. No one works.

I tried with $wgLDAPUseLocal to true and it don't work (i had it enabled in the old installation and old ldapauthentication plugin).

When I try to login I select "local" in the domain (it appears below my "ldap" domain).

Osnard (talkcontribs)

$wgLDAPUseLocal will not work with "LDAPAuthentication2". Usually $LDAPAuthentication2AllowLocalLogin = true; and selcting local in the domain drop down should be fine. Maybe it is related to the "authorization" part. Can you please disable "LDAPAuthorization" and test it again?

Dimassc (talkcontribs)

Sorry, now is working with $LDAPAuthentication2AllowLocalLogin = true; but I don't know why :-(