Topic on Talk:LDAP hub

Could not authenticate credentials against domain

3 comments 12:33, 6 September 2021 2 years ago
3
Summary by MountainGoat92

Got it to run with the exact same ldapprovider file from this site Manual:Active Directory Integration.

I think it is mandatory to have the emtpy userinfo and authorization parts...

MountainGoat92 (talkcontribs)

Hello,

i am running a mediawiki 1.35 with the following extensions:

LDAPProvider, PluggableAuth, LDAPAuthentication2

My goal is that users can manually log in to mediawiki with their used username and password from active directory.

The users are already created in mediawiki.


When running php extensions/LDAPProvider/maintenance/ShowUserInfo.php i receive the informations from active directory.

When running php extensions/LDAPProvider/maintenance/CheckLogin.php it is just failing.


The debug log saying following at the end:

2021-08-24 09:57:14 mediawiki wiki: Ran LDAP search for '(samaccountname=mic-sma)' in 0.002122163772583 seconds.

2021-08-24 09:57:26 mediawiki wiki: ldap_connect( $hostname = 'ldap://192.168.73.250:389', $port = 389 );

2021-08-24 09:57:26 mediawiki wiki: # __METHOD__ returns Resource id #763

2021-08-24 09:57:26 mediawiki wiki: Setting LDAP_OPT_PROTOCOL_VERSION to 3

2021-08-24 09:57:26 mediawiki wiki: ldap_set_option( $linkID, $option = 17, $newval = 3 );

2021-08-24 09:57:26 mediawiki wiki: # returns 1

2021-08-24 09:57:26 mediawiki wiki: Setting LDAP_OPT_REFERRALS to 0

2021-08-24 09:57:26 mediawiki wiki: ldap_set_option( $linkID, $option = 8, $newval = 0 );

2021-08-24 09:57:26 mediawiki wiki: # returns 1

2021-08-24 09:57:26 mediawiki wiki: Setting LDAP_OPT_DEREF to 1

2021-08-24 09:57:26 mediawiki wiki: ldap_set_option( $linkID, $option = 2, $newval = 1 );

2021-08-24 09:57:26 mediawiki wiki: # returns 1

2021-08-24 09:57:26 mediawiki wiki: ldap_bind( $linkID, $bindRDN = 'wikisync', $bindPassword = 'XXXX' );

2021-08-24 09:57:26 mediawiki wiki: # returns 1

2021-08-24 09:57:26 mediawiki wiki: MediaWiki\Extension\LDAPProvider\Client::getSearchString: User DN is: 'samaccountname=mic-sma,dc=xxx,dc=xxx'

2021-08-24 09:57:26 mediawiki wiki: ldap_bind( $linkID, $bindRDN = 'samaccountname=mic-sma,dc=xxx,dc=xxx', $bindPassword = 'XXXX' );

2021-08-24 09:57:26 mediawiki wiki: # returns


Does someone can help me?

Best regards,

Manuel

Edited 07:59, 1 September 2021 2 years ago
Osnard (talkcontribs)

'samaccountname=mic-sma,dc=micado,dc=local' does not look like a proper user DN. Maybe remove the "searchtring" setting from the config.

08:16, 30 August 2021 2 years ago
MountainGoat92 (talkcontribs)

Hello @Osnard,

i removed the searchstring but now i am getting the error "Could not fetch required user info to complete login" when trying to log in via the domain in mediawiki.

When i try to enter a wrong password, i get the notification "Could not authenticate credentials against domain micado.local"


Running ShowUserInfo.php still showing the user information from the active directory.


Running CheckLogin.php is now saying "ok", so i guess we are one step closer :)

My config file looks like pretty simple like this: (i did substitue user, pass, OU and DC here)

{

   "micado.local":

       {

           "connection":

           {

               "server": "192.168.73.250",

               "user": "user",

               "pass": "pass",

               "basedn": "dc=domain,dc=local",

               "userbasedn": "dc=domain,dc=local",

               "searchattribute": "samaccountname"

               }

       }

}


The Log File after logging try to log in via web form:


2021-09-02 08:59:26 mediawiki wiki: In execute()

2021-09-02 08:59:26 mediawiki wiki: Getting PluggableAuth singleton

2021-09-02 08:59:26 mediawiki wiki: Class name: MediaWiki\Extension\LDAPAuthentication2\PluggableAuth

2021-09-02 08:59:27 mediawiki wiki: Setting LDAP_OPT_PROTOCOL_VERSION to 3

2021-09-02 08:59:27 mediawiki wiki: Setting LDAP_OPT_REFERRALS to 0

2021-09-02 08:59:27 mediawiki wiki: MediaWiki\Extension\LDAPProvider\Client::getUserDN: search with array (

  'base' => 'ou=benutzer,ou=companyname,dc=domain,dc=local',

  'filter' => '(samaccountname=mic-sma)',

  'attributes' =>

  array (

   0 => '*',

   1 => 'memberof',

  ),

)

2021-09-02 08:59:27 mediawiki wiki: Found user DN: 'CN=mic-sma,OU=BEN_IT,OU=BENUTZER,OU=companyname,DC=domain,DC=local'

2021-09-02 08:59:27 mediawiki wiki: MediaWiki\Extension\LDAPProvider\Client::getSearchString: User DN is: 'CN=mic-sma,OU=BEN_IT,OU=BENUTZER,OU=companyname,DC=domain,DC=local'

2021-09-02 08:59:27 mediawiki wiki: Ran LDAP search for '(samaccountname=mic-sma)' in 0.0013182163238525 seconds.

2021-09-02 08:59:27 mediawiki wiki: Authentication failure.

2021-09-02 08:59:27 mediawiki wiki: ERROR: Could not fetch required user info to complete login


I can't explain the error, i can run the php CheckLogin with the same user and it works... so i don't think it is a problem with the user settings?


Best regards,

Manuel

Edited 09:17, 2 September 2021 2 years ago
Retrieved from "https://www.mediawiki.org/wiki/Topic:Wf8itjnf6eozlcgq"