I Installed the LDAP Stack on my Mediawiki (version 1.35.1) and connected LDAP to my Active Directory following the linked guide Manual:Active Directory Integration.
When trying to log in, the LDAP stack successfully authenticates the user from the AD. However, I get the following error message:
"Die angegebenen Anmeldeinformationen sind mit keinem Benutzer auf diesem Wiki verknüpft." which is the German equivalent for "Credentials are not associated with any user on this wiki."
I therefore suspected, that the automatic account creation does not work. But my LocalSettings.php contains $wgGroupPermissions['*']['autocreateaccount'] = true;.
LocalSettings.php:
#
#
# LDAP Settings
#
#
// Safe IP or not (for bypassing external login via AD)
$safeIPs = array('127.0.0.1','localhost');
$ipsVars = array('HTTP_X_FORWARDED_FOR','HTTP_X_REAL_IP','REMOTE_ADDR');
foreach ($ipsVars as $ipsVar) {
#console_log($ipsVar . " ".$_SERVER[$ipsVar]);
if (isset($_SERVER[$ipsVar]) && mb_strlen($_SERVER[$ipsVar]) > 3 ) { $wikiRequestIP = $_SERVER[$ipsVar]; break; }
}
$wikiRequestSafe = (isset($wikiRequestIP) && ( in_array($wikiRequestIP,$safeIPs) ));
// Create Wiki-Group 'engineering' from default user group
$wgGroupPermissions['engineering'] = $wgGroupPermissions['user'];
// Private Wiki. External LDAP login. Default NS requires login.
$wgEmailConfirmToEdit = false;
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['*']['read'] = false;
$wgGroupPermissions['*']['createaccount'] = false;
$wgGroupPermissions['sysop']['createaccount'] = false;
$wgGroupPermissions['*']['autocreateaccount'] = true;
$wgBlockDisablesLogin = true;
// Load LDAP Config from JSON
$ldapJsonFile = "$IP/ldap.json";
#$ldapConfig = true;
if (is_file($ldapJsonFile) && is_dir("$IP/extensions/LDAPProvider")) {
$testJson = @json_decode(file_get_contents($ldapJsonFile),true);
if (is_array($testJson)) {
$ldapConfig = true;
} else {
error_log("Found invalid JSON in file: $IP/ldap.json");
}
}
// Activate Extension
if ( $ldapConfig ) {
wfLoadExtension( 'PluggableAuth' );
wfLoadExtension( 'LDAPProvider' );
wfLoadExtension( 'LDAPAuthentication2' );
wfLoadExtension( 'LDAPAuthorization' );
wfLoadExtension( 'LDAPUserInfo' );
wfLoadExtension( 'LDAPGroups' );
wfLoadExtension( 'Auth_remoteuser' );
wfLoadExtension( 'LDAPSyncAll' );
$LDAPProviderDomainConfigs = $ldapJsonFile;
#$wgPluggableAuth_ButtonLabel = "Log In";
$wgPluggableAuth_ButtonLabel = "Mit LDAP anmelden";
#$wgPluggableAuth_EnableLocalLogin = true;
#$LDAPAuthentication2AllowLocalLogin = true;
#
#
#
#
#console_log("WikiRequestSafe:" . " " . $wikiRequestIP . " safe: " . implode("|",$safeIPs) . " ipsvars: " . implode("|",$ipsVars));
if ($wikiRequestSafe) { $LDAPAuthentication2AllowLocalLogin = true; }
}
PluggableAuth Log:
2021-05-26 17:16:19 wiki-test my_wiki: In execute()
2021-05-26 17:16:19 wiki-test my_wiki: Getting PluggableAuth singleton
2021-05-26 17:16:19 wiki-test my_wiki: Class name: MediaWiki\Extension\LDAPAuthentication2\PluggableAuth
2021-05-26 17:16:19 wiki-test my_wiki: Authenticated new user:
2021-05-26 17:16:20 wiki-test my_wiki: User is authorized.
LDAP Log:
2021-05-26 17:24:40 wiki-test my_wiki: ldap_connect( $hostname = 'ldap://MyActiveDirectory:389', $port = 389 );
2021-05-26 17:24:40 wiki-test my_wiki: # __METHOD__ returns Resource id #31
2021-05-26 17:24:40 wiki-test my_wiki: ldap_set_option( $linkID, $option = 17, $newval = 3 );
2021-05-26 17:24:40 wiki-test my_wiki: # returns 1
2021-05-26 17:24:40 wiki-test my_wiki: ldap_set_option( $linkID, $option = 8, $newval = 0 );
2021-05-26 17:24:40 wiki-test my_wiki: # returns 1
2021-05-26 17:24:40 wiki-test my_wiki: ldap_set_option( $linkID, $option = 2, $newval = 1 );
2021-05-26 17:24:40 wiki-test my_wiki: # returns 1
2021-05-26 17:24:40 wiki-test my_wiki: ldap_bind( $linkID, $bindRDN = 'CN=myldapuser,cn=users,dc=MyActiveDirectory', $bindPassword = 'XXXX' );
2021-05-26 17:24:40 wiki-test my_wiki: # returns 1
2021-05-26 17:24:40 wiki-test my_wiki: ldap_search( $linkID, $baseDN = 'cn=users,dc=MyActiveDirectory', $filter = '(samaccountname=test.user)', $attributes = [ '*', 'memberof' ], $attrsonly = , $sizelimit = , $timelimit = , $deref = );
2021-05-26 17:24:40 wiki-test my_wiki: # returns Resource id #46
2021-05-26 17:24:40 wiki-test my_wiki: ldap_count_entries( $linkiID, $result = 'Resource id #46' );
2021-05-26 17:24:40 wiki-test my_wiki: # returns 1
2021-05-26 17:24:40 wiki-test my_wiki: ldap_get_entries( $linkID, $resultID );
2021-05-26 17:24:40 wiki-test my_wiki: # returns: array (
'count' => 1,
0 =>
array (
'objectclass' =>
array (
'count' => 4,
0 => 'top',
1 => 'person',
2 => 'organizationalPerson',
3 => 'user',
),
0 => 'objectclass',
'cn' =>
array (
'count' => 1,
0 => 'test.user',
),
1 => 'cn',
'sn' =>
array (
'count' => 1,
0 => 'user',
),
2 => 'sn',
'givenname' =>
array (
'count' => 1,
0 => 'test',
),
3 => 'givenname',
'distinguishedname' =>
array (
'count' => 1,
0 => 'CN=test.user,CN=Users,dc=MyActiveDirectory',
),
4 => 'distinguishedname',
'instancetype' =>
array (
'count' => 1,
0 => '4',
),
5 => 'instancetype',
'whencreated' =>
array (
'count' => 1,
0 => '20201106163057.0Z',
),
6 => 'whencreated',
'whenchanged' =>
array (
'count' => 1,
0 => '20210524142647.0Z',
),
7 => 'whenchanged',
'displayname' =>
array (
'count' => 1,
0 => 'test.user',
),
8 => 'displayname',
'usncreated' =>
array (
'count' => 1,
0 => '98434',
),
9 => 'usncreated',
'memberof' =>
array (
'count' => 1,
0 => 'CN=mydomain-test,OU=Groups,OU=User,dc=MyActiveDirectory',
),
10 => 'memberof',
'usnchanged' =>
array (
'count' => 1,
0 => '2560462',
),
11 => 'usnchanged',
'name' =>
array (
'count' => 1,
0 => 'test.user',
),
12 => 'name',
'objectguid' =>
array (
'count' => 1,
0 => '±ÆÓ¿Hh±J¢jÊ(B4¦ð',
),
13 => 'objectguid',
'useraccountcontrol' =>
array (
'count' => 1,
0 => '512',
),
14 => 'useraccountcontrol',
'badpwdcount' =>
array (
'count' => 1,
0 => '0',
),
15 => 'badpwdcount',
'codepage' =>
array (
'count' => 1,
0 => '0',
),
16 => 'codepage',
'countrycode' =>
array (
'count' => 1,
0 => '0',
),
17 => 'countrycode',
'homedirectory' =>
array (
'count' => 1,
0 => '\\\\cifs\\users\\test.user',
),
18 => 'homedirectory',
'homedrive' =>
array (
'count' => 1,
0 => 'M:',
),
19 => 'homedrive',
'badpasswordtime' =>
array (
'count' => 1,
0 => '132665098264743610',
),
20 => 'badpasswordtime',
'lastlogoff' =>
array (
'count' => 1,
0 => '0',
),
21 => 'lastlogoff',
'lastlogon' =>
array (
'count' => 1,
0 => '132665098371930786',
),
22 => 'lastlogon',
'logonhours' =>
array (
'count' => 1,
0 => 'ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ',
),
23 => 'logonhours',
'pwdlastset' =>
array (
'count' => 1,
0 => '132535516035944362',
),
24 => 'pwdlastset',
'primarygroupid' =>
array (
'count' => 1,
0 => '513',
),
25 => 'primarygroupid',
'profilepath' =>
array (
'count' => 1,
0 => '\\\\cifs\\profiles\\test.user',
),
26 => 'profilepath',
'objectsid' =>
array (
'count' => 1,
0 => '��' . "\0" . '' . "\0" . '' . "\0" . '' . "\0" . '' . "\0" . '��' . "\0" . '' . "\0" . '' . "\0" . 'üâîxc��LY±S…0�' . "\0" . '' . "\0" . '',
),
27 => 'objectsid',
'accountexpires' =>
array (
'count' => 1,
0 => '0',
),
28 => 'accountexpires',
'logoncount' =>
array (
'count' => 1,
0 => '22',
),
29 => 'logoncount',
'samaccountname' =>
array (
'count' => 1,
0 => 'test.user',
),
30 => 'samaccountname',
'samaccounttype' =>
array (
'count' => 1,
0 => '805306368',
),
31 => 'samaccounttype',
'userprincipalname' =>
array (
'count' => 1,
0 => 'test.user@mydomain.mydomain.de',
),
32 => 'userprincipalname',
'lockouttime' =>
array (
'count' => 1,
0 => '0',
),
33 => 'lockouttime',
'objectcategory' =>
array (
'count' => 1,
0 => 'CN=Person,CN=Schema,CN=Configuration,dc=MyActiveDirectory',
),
34 => 'objectcategory',
'dscorepropagationdata' =>
array (
'count' => 3,
0 => '20210111164144.0Z',
1 => '20201228231658.0Z',
2 => '16010101000000.0Z',
),
35 => 'dscorepropagationdata',
'lastlogontimestamp' =>
array (
'count' => 1,
0 => '132663400070044244',
),
36 => 'lastlogontimestamp',
'uid' =>
array (
'count' => 1,
0 => 'test.user',
),
37 => 'uid',
'mssfu30name' =>
array (
'count' => 1,
0 => 'test.user',
),
38 => 'mssfu30name',
'mssfu30nisdomain' =>
array (
'count' => 1,
0 => 'mydomain',
),
39 => 'mssfu30nisdomain',
'uidnumber' =>
array (
'count' => 1,
0 => '10006',
),
40 => 'uidnumber',
'gidnumber' =>
array (
'count' => 1,
0 => '10000',
),
41 => 'gidnumber',
'unixhomedirectory' =>
array (
'count' => 1,
0 => '/users/test.user',
),
42 => 'unixhomedirectory',
'loginshell' =>
array (
'count' => 1,
0 => '/bin/bash',
),
43 => 'loginshell',
'count' => 44,
'dn' => 'CN=test.user,CN=Users,dc=MyActiveDirectory',
),
)
2021-05-26 17:24:40 wiki-test my_wiki: ldap_bind( $linkID, $bindRDN = 'CN=test.user,CN=Users,dc=MyActiveDirectory', $bindPassword = 'XXXX' );
2021-05-26 17:24:40 wiki-test my_wiki: # returns 1
2021-05-26 17:24:40 wiki-test my_wiki: ldap_bind( $linkID, $bindRDN = 'CN=myldapuser,cn=users,dc=MyActiveDirectory', $bindPassword = 'XXXX' );
2021-05-26 17:24:40 wiki-test my_wiki: # returns 1
2021-05-26 17:24:40 wiki-test my_wiki: ldap_search( $linkID, $baseDN = 'cn=users,cd=mydomain,dc=mydomain,dc=de', $filter = '(samaccountname=test.user)', $attributes = [ '*', 'memberof' ], $attrsonly = , $sizelimit = , $timelimit = , $deref = );
2021-05-26 17:24:40 wiki-test my_wiki: # returns Resource id #59
2021-05-26 17:24:40 wiki-test my_wiki: ldap_get_entries( $linkID, $resultID );
2021-05-26 17:24:40 wiki-test my_wiki: # returns: array (
'count' => 0,
)
2021-05-26 17:24:40 wiki-test my_wiki: ldap_search( $linkID, $baseDN = 'cn=users,cd=mydomain,dc=mydomain,dc=de', $filter = '(samaccountname=)', $attributes = [ '*', 'memberof' ], $attrsonly = , $sizelimit = , $timelimit = , $deref = );
2021-05-26 17:24:40 wiki-test my_wiki: # returns Resource id #75
2021-05-26 17:24:40 wiki-test my_wiki: ldap_get_entries( $linkID, $resultID );
2021-05-26 17:24:40 wiki-test my_wiki: # returns: array (
'count' => 0,
)