Hi, i think i'm getting pretty close.
I'm not getting errors on the loging page except for "Could not authenticate credentials against domain XXXX"
when i run php CheckLogin.php --domain XXXX --username ctorres
i get an "OK"
php ShowUserGroupsphp --domain XXXX --username ctorres
i get Full DN: (blank) and Short names: (blank)
php ShowUserInfo.php --domain XXXX --username ctorres
brings back all my info from AD so tha's ok i guess:
Here's my LocalSettings.php.
wfLoadExtension( 'PluggableAuth' );
wfLoadExtension( 'LDAPProvider' );
wfLoadExtension( 'LDAPAuthentication2' );
wfLoadExtension( 'LDAPAuthorization' );
wfLoadExtension( 'LDAPUserInfo' );
wfLoadExtension( 'LDAPGroups' );
$LDAPAuthorizationAutoAuthRemoteUserStringParser = "XXXX\username";
// Create Wiki-Group 'marketing' from default user group
$wgGroupPermissions['marketing'] = $wgGroupPermissions['user'];
// Private Wiki. External LDAP login. Default NS requires login.
$wgEmailConfirmToEdit = false;
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['*']['read'] = false;
$wgGroupPermissions['*']['createaccount'] = false;
$wgGroupPermissions['sysop']['createaccount'] = false;
$wgGroupPermissions['*']['autocreateaccount'] = true;
$wgBlockDisablesLogin = true;
// Load LDAP Config from JSON
$ldapJsonFile = "var/www/ldap.json";
$ldapConfig = false;
if (is_file($ldapJsonFile) && is_dir("$var/www/docs.XXXX.net/extensions/LDAPProvider")) {
$testJson = @json_decode(file_get_contents($ldapJsonFile),true);
if (is_array($testJson)) {
$ldapConfig = true;
} else {
error_log("Found invalid JSON in file: $IP/ldap.json");
}
}
// Activate Extension
if ( $ldapConfig ) {
wfLoadExtension( 'PluggableAuth' );
wfLoadExtension( 'LDAPProvider' );
wfLoadExtension( 'LDAPAuthentication2' );
wfLoadExtension( 'LDAPAuthorization' );
wfLoadExtension( 'LDAPUserInfo' );
wfLoadExtension( 'LDAPGroups' );
$WikiToLDAPMigrationInProgress = false;
$LDAPProviderDomainConfigs = "$etc/mediawiki/ldapprovider.json";
$wgPluggableAuth_ButtonLabel = "Log In";
$LDAPAuthentication2AllowLocalLogin = true;
// Force LDAPGroups to sync by choosing a domain ( e.g. first JSON object in ldap.json )
$LDAPProviderDefaultDomain = "dc.XXXX.net";
if ($wikiRequestSafe) { $LDAPAuthentication2AllowLocalLogin = true; }
}
$wgShowExceptionDetails = true;
$wgShowSQLErrors = true;
$wgShowDBErrorBacktrace = true;
$wgDebugLogGroups['PluggableAuth'] = '/var/log/mediawiki/PluggableAuth.log';
$wgDebugLogGroups['LDAP'] = '/var/log/mediawiki/LDAPGen.log';
$wgDebugLogGroups['MediaWiki\\Extension\\LDAPProvider\\Client'] = '/var/log/mediawiki/LDAPProviderClient.log';
$wgDebugLogGroups['LDAPGroups'] = '/var/log/mediawiki/LDAPGroups.log';
$wgDebugLogGroups['LDAPUserInfo'] ='/var/log/mediawiki/LDAPUserInfo.log';
$wgDebugLogGroups['LDAPAuthorization'] = '/var/log/mediawiki/LDAP.log';
$wgDebugLogGroups['LDAPAuthentication2'] = '/var/log/mediawiki/LDAPAuthentication2.log';
$LDAPProviderCacheType = CACHE_NONE;
$LDAPAuthorizationAutoAuthRemoteUserStringParserRegistry = "username@XXXX.net";
$wgShowExceptionDetails = true;
$wgShowDBErrorBacktrace = true;
##SQL Error ###
$wgDebugDumpSql = true;
#LDAP binding
$LDAPProviderDomainConfigProvider = function() {
$config = [
"XXX.net" => [
"connection" => [
"server" => "XXX.net",
"user" => "ctorres@XXXX.net",
"pass" => "XXXX",
"options" => [
"LDAP_OPT_DEREF" => 1
],
"basedn" => "dc=XXXX,dc=net",
"groupbasedn" => "dc=XXXX,dc=net",
"userbasedn" => "dc=XXXX,dc=net",
"searchattribute" => "samaccountname",
"searchstring" => "USER-NAME@XXXX.net",
"usernameattribute" => "samaccountname",
"realnameattribute" => "cn",
"emailattribute" => "mail"
]
]
];
return new \MediaWiki\Extension\LDAPProvider\DomainConfigProvider\InlinePHPArray( $config );
};
heres my ldap.json
{
"XXXX": {
"connection": {
"server": "dc.XXXX.net",
"port": "389",
"user": "ctorres@XXXX.net",
"pass": "XXX",
"enctype": "ssl",
"options": {
"LDAP_OPT_DEREF": 1
},
"basedn": "ou=XXXX Argentina,dc=XXXX,dc=net",
"userbasedn": "ou=XXXX Argentina,dc=XXXX,dc=net",
"groupbasedn": "ou=XXXX Argentina,dc=XXXX,dc=net",
"searchattribute": "samaccountname",
"usernameattribute": "samaccountname",
"realnameattribute": "cn",
"emailattribute": "mail",
"grouprequest": "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\UserMemberOf::factory",
"presearchusernamemodifiers": [ "spacestounderscores", "lowercase" ]
},
"userinfo": [],
"authorization": [],
#"groupsync": {
#"mapping": {
# "marketing": "CN=EngineeringCoreTeam,OU=XXXX.net,DC=XXXX,DC=local",
# "Comercial": "CN=Mediawiki Admins,OU=XXXX.net,DC=XXXX,DC=local",
# "logistica": "CN=Mediawiki Admins,OU=XXXX.net,DC=XXXX,DC=local",
# "sistemas": "CN=Mediawiki Admins,OU=XXXX.net,DC=XXXX,DC=local"
}
}
}
}