Topic on Extension talk:PluggableAuth

Hello, I'm struggling a bit with LDAP configuration on MediaWiki 1.39.5.

I know that it was discussed here before, but I was not able to make sense of the documentation or discussion on this comunity forum, to the point in which I would resolve it myself, so I decided to ask for help. I'm a bit new to this, so I suspect the main problem is with my understanding of configuration, and that it is not really a bug.

The issue I'm having is with extension PluggableAuth, which is causing the error "The supplied credentials could not be authenticated."

Please, can you help me understand, what am I doing wrong?

For context, this was the configuration of old wiki server:

_________________________________________________________________________ _________________________________________________________________________

# ---------------LDAP---------------
wfLoadExtensions( [
	'PluggableAuth',
	'Auth_remoteuser',
	'LDAPProvider',
	'LDAPAuthentication2',
	'LDAPAuthorization',
	'LDAPUserInfo'
] );
$LDAPAuthorizationAutoAuthRemoteUserStringParser = 'username-at-domain';
$LDAPAuthentication2UsernameNormalizer = 'strtolower';
$LDAPAuthentication2AllowLocalLogin = false;
$wgAuthRemoteuserAllowUserSwitch = false;
$wgPluggableAuth_EnableLocalLogin = false;
$wgPluggableAuth_ButtonLabel = "Log In";

$wgAuthRemoteuserUserName = function() {
	$user = '';''
	if( isset( $_SERVER[ 'REMOTE_USER' ] ) ) {
		$user = strtolower( $_SERVER[ 'REMOTE_USER' ] );
	}

	return $user;
};
$LDAPProviderDomainConfigProvider = function() {
	$config = [
		'example.com' => [
			'connection' => [
				"server" => "ldap-1.example.com ldap-2.example.com",
                "port" => 636,
                "enctype" => "ssl",
      			"user" => "cn=anonym,ou=ldap,dc=example,dc=com",
    			"pass" => "password",
				"options" => [
					"LDAP_OPT_DEREF" => 1
				],
				"basedn" => "ou=people,ou=users,dc=example,dc=com",
				"groupbasedn" => "ou=people,ou=users,dc=example,dc=com",
				"userbasedn" => "ou=people,ou=users,dc=example,dc=com",
				"searchattribute" => "uid",
				"usernameattribute" => "uid",
				"realnameattribute" => "displayName",
				"emailattribute" => "mail",
				"grouprequest" => "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\GroupMember::factory"
			],
			'authorization' => [],
			'userinfo' => [
				'attributes-map' => [
					'email' => 'mail',
					'realname' => 'displayName'
				]
			]
		]
	];

	return new \MediaWiki\Extension\LDAPProvider\DomainConfigProvider\InlinePHPArray( $config );
};

_________________________________________________________________________ _________________________________________________________________________

Versions of extensions used in new wiki are listed below. I didn't try any other as to my understanding, these should be compatible.

• Auth_remoteuser-REL1_39-b9c4b86 (2.1.1)
• LDAPAuthentication2-REL1_39-42ec3c8 (2.0.4)
• LDAPAuthorization-REL1_39-07d09d8 (2.0.2)
• LDAPProvider-REL1_39-a3c56fa (2.0.2)
• LDAPUserInfo-REL1_39-2fda62c (2.0.1)
• PluggableAuth-REL1_39-e952f13 (7.0.0)

To rule out the problem with connection with LDAP, and or the issue with PHP module for LDAP, I've tested the connection by using the command ldapsearch as the example below with success. I did same for PHP module with simple php script.

ldapsearch -x -H ldaps://ldap-1.example.com:636 -D "cn=anonym,ou=ldap,dc=example,dc=com" -W -b "ou=people,ou=users,dc=example,dc=com" "(uid=name.surname)"

The configuration I've tested is bellow. I've tried also other configurations, but this is the state in which I'm now.

_________________________________________________________________________ _________________________________________________________________________

The LocalSettings.php configuration for LDAP is:

wfLoadExtensions([
    'PluggableAuth',
    'Auth_remoteuser',
    'LDAPProvider',
    'LDAPAuthentication2',
    'LDAPAuthorization',
    'LDAPUserInfo'
]);

$LDAPProviderDomainConfigProvider = function() {
    $config = json_decode(file_get_contents("/path/to/ldap.json"), true);
    return new \MediaWiki\Extension\LDAPProvider\DomainConfigProvider\InlinePHPArray($config);
};

$LDAPAuthentication2UsernameNormalizer = 'strtolower';
$LDAPAuthentication2AllowLocalLogin = false;
$wgAuthRemoteuserAllowUserSwitch = false;
$wgPluggableAuth_EnableLocalLogin = false;
$wgPluggableAuth_ButtonLabel = "Log In";

$wgAuthRemoteuserUserName = function() {
    return strtolower($_SERVER['REMOTE_USER'] ?? '');
};

_________________________________________________________________________

This is ldap.json configuration:

{
    "example.com": {
        "connection": {
            "server": "ldap-1.example.com ldap-2.example.com",
            "port": 636,
            "enctype": "ssl",
            "user": "cn=anonym,ou=ldap,dc=example,dc=com",
            "pass": "password",
            "options": {
                "LDAP_OPT_DEREF": 1
            },
            "basedn": "ou=people,ou=users,dc=example,dc=com",
            "groupbasedn": "ou=people,ou=users,dc=example,dc=com",
            "userbasedn": "ou=people,ou=users,dc=example,dc=com",
            "searchattribute": "uid",
            "usernameattribute": "uid",
            "realnameattribute": "displayName",
            "emailattribute": "mail"
        },
        "authorization": [],
        "userinfo": {
            "attributes-map": {
                "email": "mail",
                "realname": "displayName"
            }
        }
    }
}

_________________________________________________________________________ _________________________________________________________________________

There is likely an issue with your configuration. Your best bet for getting help is to post at Extension talk:LDAPProvider or Extension talk:LDAPAuthentication2.