I'm trying to migrate from the old LdapAuthentication to the new LDAP Hub extensions. Now I can login with the ldap domain but can't login with local users.
Sorry, I created a similar entry in Topic:Vu74cyrkefdaua69 but I think LDAPAutentication2 is the responsable plugin, you can delete the other post.
If I've $LDAPAuthentication2AllowLocalLogin = true and $wgPluggableAuth_EnableAutoLogin = false it don't work (i select 'local' domain of course). But if I set it the other way around I can login with a local user (it appears two login buttons, the first works, the second don't work because it tries to login to the domain).
For the local login I created a user like this:
php ./wikiutic/maintenance/createAndPromote.php --force --bureaucrat admin password
My LocalSettings.php :
# Autenticació LDAP
wfLoadExtensions( [
'PluggableAuth', // Autenticació base
'LDAPProvider', // Autenticació base
'LDAPAuthentication2', // Autenticació base
'LDAPAuthorization', // Per restringir accés per grups
'LDAPGroups' // Per sincronitzar grups ldap amb locals
] );
// $wgPluggableAuth_EnableAutoLogin = true; /* Si activem desactiva la opció de fer logout */
$wgPluggableAuth_EnableLocalLogin = false;
$wgPluggableAuth_ButtonLabel = "Inicia sessió";
$LDAPAuthentication2UsernameNormalizer = 'strtoupper'; // strtolower no funciona
$LDAPAuthentication2AllowLocalLogin = true;
$wgLDAPUseLocal = false; // Permetre autentificació local wiki. Mirar que no estigui sobreescrit a LdapAuthentication.php
$LDAPProviderDomainConfigProvider = function() {
$config = [
'LDAP' => [
'connection' => [
"server" => "golum.trueta.intranet",
"enctype" => 'clear',
"basedn" => "dc=htrueta,dc=intranet",
"userbasedn" => "dc=htrueta,dc=intranet", // u=Users,dc=htrueta,dc=intranet
"searchstring" => "uid=USER-NAME,ou=Users,dc=htrueta,dc=intranet",
"searchattribute" => "uid",
"usernameattribute" => "uid",
"realnameattribute" => "cn",
"emailattribute" => "mail",
"groupbasedn" => "dc=htrueta,dc=intranet", // ou=Groups,dc=htrueta,dc=intranet
"groupattribute" => "memberuid",
"groupobjectclass" => "posixgroup",
"grouprequest" => "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\Configurable::factory"
],
'authorization' => [
'rules' => [
'groups' => [
'required' => [ "cn=Domain Admins,ou=Groups,dc=htrueta,dc=intranet",
"cn=s103,ou=Groups,dc=htrueta,dc=intranet",
"cn=wikiUtic,ou=Groups,dc=htrueta,dc=intranet",
"cn=wikiUticLectura,ou=Groups,dc=htrueta,dc=intranet",
"cn=lt2b,ou=Groups,dc=htrueta,dc=intranet",
"cn=lt1,ou=Groups,dc=htrueta,dc=intranet",
"cn=lt15,ou=Groups,dc=htrueta,dc=intranet"]
]
]
],
'groupsync' => [
"mechanism" => "allgroups",
"mapping" => [
"s103" => "cn=s103,ou=Groups,dc=htrueta,dc=intranet",
"Domain admins" => "cn=Domain Admins,ou=Groups,dc=htrueta,dc=intranet"
],
"locally-managed" => [ "local", "wiki", "group", "names" ]
]
]
];
return new \MediaWiki\Extension\LDAPProvider\DomainConfigProvider\InlinePHPArray( $config );
};
I tried with $wgPluggableAuth_EnableLocalLogin to true but two login buttons appears. No one works.
I tried with $wgLDAPUseLocal to true and it don't work (i had it enabled in the old installation and old ldapauthentication plugin).
When I try to login I select "local" in the domain (it appears below my "ldap" domain).