Topic on Extension talk:LDAPProvider

Hello,

For the past week I've been trying to migrate a really old mediawiki (1.23) on and old OS (CentOS 6 IIRC) to a newer OS (Ubuntu) and more importantly a supported version of MediaWiki (1.41).

I've managed to create a new VM and a new MediaWiki instance, in which I successfully imported my old wiki database (by first upgrading to 1.35 then 1.41).

I had a lot of trouble with the new extensions since it was using old versions of Ldap extensions. I managed to kind of power through to the point where I am able ( or seem to be able) to authenticate using my LDAP server, but once I'm connected I have this error :

TypeError: Argument 1 passed to MediaWiki\Config\HashCOnfig::__construct() must be of the type array, null given, called in /var/lib/mediawiki/extensions/LDAPProvider/src/DomainConfigFactory.php on line 76

The Backtrace mentions :

from /var/lib/mediawiki/includes/config/HashConfig.php(52)

#0 /var/lib/mediawiki/extensions/LDAPProvider/src/DomainConfigFactory.php(76): MediaWiki\Config\HashConfig->construct()

I can't directly copy/paste the full backtrace but it then calls the functions factory() from DomainConfigFactory, setSuitableDomainConfig() from UserLoadAfterLoadFromSession, process() from UserLoadAfterLoadFromSession...

Here are my current configuration files, anonymized as much as I could. The LocalSettings.php may look very bad because I started from the old instance LocalSettings.php, feel free to indicate which lines of config should/need to be removed in order to have a cleaner instance.

LocalSettings.php :

<?php

error_reporting( -1 );

ini_set( 'display_errors', 1 );

if ( !defined( 'MEDIAWIKI' ) ) {

        exit;

}

$wgSitename = "My_Wiki";

$wgScriptPath = "";

$wgScriptExtension = ".php";

$wgServer = "server_url";

$wgStylePath = "$wgScriptPath/skins";

$wgLogo = "$wgStylePath/common/images/wiki.png";

$wgEnableEmail = true;

$wgEnableUserEmail = true;

$wgEmergencyContact = "apache@IP";

$wgPasswordSender = "apache@IP";

$wgEnotifUserTalk = false;

$wgEnotifWatchlist = false;

$wgEmailAuthentication = true;

$wgDBtype = "mysql";

$wgDBserver = "localhost";

$wgDBname = "my_wiki";

$wgDBuser = "wikiuser";

$wgDBpassword = "anothersecureandlongpassword";

$wgDBprefix = "";

$wgDBTableOptions = "ENGINE=InnoDB, DEFAULT CHARSET=utf8";

$wgDBmysql5 = false;

$wgMainCacheType = CACHE_NONE;

$wgMemCachedServers = array();

$wgEnableUploads = true;

$wgUseInstantCommons = false;

$wgShellLocale = "en_US.utf8";

$wgLanguageCode = "fr";

$wgSecretKey = "longkey";

$wgUpgradeKey = "anotherlongkey";

$wgDefaultSkin = "Timeless";

wfLoadSkin('Timeless');

$wgRightsPage = ""; # Set to the title of a wiki page that describes your license/copyright

$wgRightsUrl = "";

$wgRightsText = "";

$wgRightsIcon = "";

$wgDiff3 = "/usr/bin/diff3";

$wgDebugLogFile = "debug.log";

$wgDebugComments = true;

$wgLDAPDebug = 3;

$wgDebugLogGroups["LDAPAuthentication2"] = "/var/lib/mediawiki/LDAPAuthentication2.log";

$wgPluggableAuth_Config['Log In Connection.1'] = [

        'plugin' => 'LDAPAuthentication2',

        'data' => [

                'domain' => 'connection.1'

        ]

];

$wgPluggableAuth_Config['Log In Connection2'] = [

        'plugin' => 'LDAPAuthentication2',

        'data' => [

                'domain' => 'connection.2'

        ]

];

$LDAPProviderDomainConfigs = "/var/www/html/ldapprovider.json";

$LDAPAuthentication2AllowLocalLogin = true;

$wgPluggableAuth_EnableLocalLogin = true;

$wgGroupPermissions['*']['read'] = true;

$wgGroupPermissions['*']['edit'] = true;

$wgGroupPermissions['user']['read'] = false;

$wgGroupPermissions['user']['edit'] = false;

$wgGroupPermissions['user']['createpage'] = false;

$wgGroupPermissions['user']['createtalk'] = false;

$wgGroupPermissions['user']['upload'] = false;

$wgGroupPermissions['user']['minoredit'] = false;

$wgGroupPermissions['user']['purge'] = false;

$wgGroupPermissions['user']['movefile'] = false;

$wgGroupPermissions['user']['move'] = false;

$wgGroupPermissions['user']['move-subpages'] = false;

$wgGroupPermissions['user']['move-rootuserpages'] = false;

$wgGroupPermissions['user']['reupload-shared'] = false;

$wgGroupPermissions['user']['reupload'] = false;

$wgGroupPermissions['user']['sendemail'] = false;

$wgGroupPermissions['user']['writeapi'] = false;

$wgGroupPermissions['exp']['read'] = true;

$wgGroupPermissions['exp']['edit'] = true;

$wgGroupPermissions['exp']['createpage'] = true;

$wgGroupPermissions['exp']['createtalk'] = true;

$wgGroupPermissions['exp']['upload'] = true;

$wgGroupPermissions['exp']['minoredit'] = true;

$wgGroupPermissions['exp']['purge'] = true;

$wgGroupPermissions['exp']['movefile'] = true;

$wgGroupPermissions['exp']['move'] = true;

$wgGroupPermissions['exp']['move-subpages'] = true;

$wgGroupPermissions['exp']['move-rootuserpages'] = true;

$wgGroupPermissions['exp']['reupload-shared'] = true;

$wgGroupPermissions['exp']['reupload'] = true;

$wgDefaultUserOptions['riched_disable']               = false;         //true = editor disabled

$wgDefaultUserOptions['riched_start_disabled']        = false;         //Important!!! else bug...

$wgDefaultUserOptions['riched_use_toggle']            = true;          //Editor can toggle CKEditor/WikiText

$wgDefaultUserOptions['riched_use_popup']             = false;         //Deprecated

$wgDefaultUserOptions['riched_toggle_remember_state'] = true;

$wgDefaultUserOptions['riched_link_paste_text']       = true;

$wgFCKEditorExcludedNamespaces[] = NS_MEDIAWIKI;

$wgFCKEditorExcludedNamespaces[] = NS_TEMPLATE;

$wgShowExceptionDetails = true;

$wgShowDBErrorBacktrace = true;

$wgShowSQLErrors = true;

wfLoadExtension( 'LDAPAuthentication2' );

wfLoadExtension( 'LDAPProvider' );

wfLoadExtension( 'PluggableAuth' );

wfLoadExtension( 'LDAPUserInfo' );

?>

ldapprovider.json :

{

        "connection.1": {

                "connection": {

                        "server": "my_ldap.server",

                        "enctype": "ssl",

                        "port": "636",

                        "options": {

                                "LDAP_OPT_DEREF": 1

                        },

                        "searchattribute": "uid",

                        "basedn": "dc=ldap,dc=server",

                        "userbasedn": "dc=ldap,dc=server",

                        "searchstring": "uid=USER-NAME,ou=users,dc=ldap,dc=server",

                        "user": "cn=rouser,dc=ldap,dc=server",

                        "pass": "ofcourseaverylongandcomplicatedpassword",

                        "realnameattribute": "uid",

                        "usernameattribute": "uid",

                        "emailattribute": "uid"

                },

                "authorization": {

                        "rules": {

                                "groups": {

                                        "required": ["ou=users,dc=ldap,dc=server"]

                                }

                        }

                }

        },

        "connection.2": {

                "connection": {

                        "server": "my_ldap.server",

                        "enctype": "ssl",

                        "port": "636",

                        "option": {

                                "LDAP_OPT_DEREF": 1

                        },

                        "searchattribute": "uid",

                        "user": "cn=rouser,dc=ldap,dc=server",

                        "pass": "ofcourseaverylongandcomplicatedpassword",

                        "basedn": "ou=admins,dc=ldap,dc=server",

                        "userbasedn": "dc=ldap,dc=server",

                        "searchstring": "uid=USER-NAME,ou=admins,dc=ldap,dc=server",

                        "realnameattribute": "uid",

                        "usernameattribute": "uid",

                        "emailattribute": "uid"

                }

        }

}

If anyone has any leads regarding what could be the problem, please let me know I'm beginning to lose my sanity :(

This error indeed is very strange. It emerges from

new HashConfig( $this->config[$domain][$section] )

-- https://github.com/wikimedia/mediawiki-extensions-LDAPProvider/blob/2.0.3/src/DomainConfigFactory.php#L76

which means either $this->config[$domain] or $this->config[$domain][$section] are not set.

I guess /var/www/html/ldapprovider.json is readable and valid.

Maybe you can add the following lines at in line 74 of extensions/LDAPProvider/src/DomainConfigFactory.php and check/share the log at /var/lib/mediawiki/LDAPAuthentication2.log

wfDebugLog( 'LDAPAuthentication2', '###START###' );
wfDebugLog( 'LDAPAuthentication2', var_export( $domain, true) );
wfDebugLog( 'LDAPAuthentication2', var_export( $section, true) );
wfDebugLog( 'LDAPAuthentication2', var_export( $this->config, true) );
wfDebugLog( 'LDAPAuthentication2', '###END###' );

Indeed everything was readable and accessible.

Thank you so much for the given lines, they allowed the app to highlight that, once logged in, the app tried to fetch userinfo from ldapprovider.json, which was not defined and thus would make the connection fail.

I added a simple userinfo with only "email": "mail" as its attributes-map and everything worked like a charm again !

Another bug I have is that when I tried to login to my local account (in the DB) I have this error : MediaWiki\Extension\LDAPProvider\LDAPNoDomainConfigException: No configuration available for domain 'local'!

Is it normal ? I thought these 2 lines

$LDAPAuthentication2AllowLocalLogin = true;

$wgPluggableAuth_EnableLocalLogin = true;

would allow local login :/

Update : in my ldapprovider.json i created an almost empy domain named local :

"local": {

        "connection": {

        },

        "userinfo": {

        },

        "authorization": {

        }

},

and it worked again !

I feel like a wizard but I no longer seem to have any problem !