Topic on Manual talk:Active Directory Integration

Windows Server 2012R2

LDAPAuthentication2 1.0.2 (58e281c) 07:04, 7 January 2021

Auth_remoteuser 2.1.1 (a448e28) 23:55, 7 May 2021

LDAPAuthorization 1.1.0 (e037664) 19:38, 9 July 2020

LDAPProvider 1.0.5 (ca854c1) 07:54, 14 December 2020

LDAPUserInfo 1.0.0 (39cca83) 19:58, 9 July 2020

PluggableAuth 5.7 (2a465ae) 15:07, 10 July 2020

I have proper modules installed as far as I can tell, but MW requires me to click the login button and enter a password. How can I automate this so it logs in automagically and uses perms via groups?

I ended up using Auth_remoteuser for automatic login. I also had to disable LDAPAuthentication2 for that to work. Everything else seems to be okay so far. I am still testing.

Thanks for that. I disabled the load of LDAPAuthentication2 but it still leaves me at the main wiki page not logged in. Were there any other settings you changed in your LocalSettings.php file related to this?

Sorry, that I didn't see your question until now.

Here's the other relevant bits from my localsettings file:

$LDAPProviderDomainConfigs = $ldapJsonFile;

$LDAPProviderDefaultDomain = "DOMAIN";

$LDAPProviderCacheType = CACHE_MEMCACHED; #*

$LDAPProviderCacheTime = 8 * 60 * 60;

$wgPluggableAuth_EnableAutoLogin = true;

$wgPluggableAuth_EnableLocalLogin = true;

*Obviously use your own caching method here. I went through the pain of setting up memcached. It seems to make the difference since I am using a lot of nested templates.

I hope that helps!

I got it to finally auto-login but only if the account exists in the user tables in the database. I have the createaccount and autocreateaccount set to true but the accounts are never added to the table. Plus those people get server Error 500 and no event log entries are generated, plus no MW extension log files are written to. However for anyone who is already in the user table everything works great, no errors are thrown, and they are auto-logged in. Thoughts?

Are you using IIS, or another web server? I'd be digging down a bit more with LDAPAuthorization.

Enable and check any logs you can. There were a couple of good posts about logging with examples that I found in the posts on these plugin talk pages and some other related pages.

Profiling, and the process monitor software were really helpful too. Though it took me some time to figure out.

I am on a domain system with Windows defender enabled by my admin. Since I put the website and PHP in non-standard folders I had to add exclusions to defender to help with some speed (+10 seconds) and permissions( related to image uploading, I think). There was some sort of locking issue.

So the problem appears to be code in auth_remoteuser extension file UserNameSessionInfo.php and I had to comment out this code:

#if ( !Hooks::run( static::HOOKNAME, [ &$filteredUserName ] ) ) {

# $metadata[ 'filteredUserName' ] = $filteredUserName;

# $this->logger->warning(

# "Can't login remote user '{remoteUserName}' automatically. " .

# "Blocked this user when applying filter to '{filteredUserName}'.",

# $metadata

# );

# continue;

#}

Not sure what it even tries to do, but it would never work properly and nobody could get authenticated via active directory and automatically logged in. When I commented this section out, everything works as expected! I manually stripped the domain from the front of the username info and allowed it to get properly stuffed into the filtered name array. Would be great if somebody would tell me what this HOOKNAME stuff is trying to do...