Hi,
we use the LDAP extension to sync LDAP groups with the MW Database, so
that other extensions like accesscontrol can use these groups. But its
not working anymore and i dont know what to do about it.
Here is our current configuration and debug logs of a test user logging
in:
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDebug = 3;
$wgDebugLogGroups["ldap"] = "/tmp/test-wiki/ldap.debug.log";
$wgLDAPDomainNames = array( "domain" );
$wgLDAPServerNames = array( "domain"=>"server.com" );
$wgLDAPUseLocal = false;
$wgLDAPEncryptionType = array( "domain"=>"ssl" );
$wgLDAPSearchStrings = array( "domain"=>"domain\\USER-NAME" );
$wgLDAPProxyAgent = array(
"domain"=>"cn=searchonly,cn=Users,dc=server,dc=domain,dc=com" );
$wgLDAPProxyAgentPassword = array( "domain"=>"xxx" );
$wgLDAPSearchAttribudomains = array( "domain"=>"sAMAccountName" );
$wgLDAPBaseDNs = array( "domain"=>"dc=server,dc=domain,dc=com" );
$wgLDAPMailPassword = false;
$wgLDAPPreferences = array ( "domain"=>array(
"email"=>"mail","realname"=>"displayName","nickname"=>"cn","language"=>"
preferredLanguage") );
$wgLDAPDisableAutoCreate = array( "domain"=>false );
$wgMinimalPasswordLength = 1;
$wgLDAPGroupUseFullDN = array( "domain"=>true );
$wgLDAPGroupBaseDNs = array(
"domain"=>"ou=Groups,ou=department,dc=server,dc=domain,dc=com" );
$wgLDAPLowerCaseUsername = array( "domain"=>true );
$wgLDAPGroupUseRetrievedUsername = array( "domain"=>false );
$wgLDAPGroupObjectclass = array( "domain"=>"group" );
$wgLDAPGroupAttribudomain = array( "domain"=>"member" );
$wgLDAPGroupNameAttribudomain = array( "domain"=>"cn" );
$wgLDAPUseLDAPGroups = array( "domain"=>true );
$wgLDAPGroupLowerCaseUsername = array( "domain"=>true );
2009-10-28 09:47:26 wikidb_test: Entering validDomain
2009-10-28 09:47:26 wikidb_test: User is not using a valid domain.
2009-10-28 09:47:26 wikidb_test: Setting domain as: invaliddomain
2009-10-28 09:47:26 wikidb_test: Entering allowPasswordChange
2009-10-28 09:47:26 wikidb_test: Entering modifyUITemplate
2009-10-28 09:47:29 wikidb_test: Entering validDomain
2009-10-28 09:47:29 wikidb_test: User is not using a valid domain.
2009-10-28 09:47:29 wikidb_test: Setting domain as: invaliddomain
2009-10-28 09:47:29 wikidb_test: Entering allowPasswordChange
2009-10-28 09:47:29 wikidb_test: Entering modifyUITemplate
2009-10-28 09:47:34 wikidb_test: Entering validDomain
2009-10-28 09:47:34 wikidb_test: User is using a valid domain.
2009-10-28 09:47:34 wikidb_test: Setting domain as: domain
2009-10-28 09:47:34 wikidb_test: Entering getCanonicalName
2009-10-28 09:47:34 wikidb_test: Username isn't empty.
2009-10-28 09:47:34 wikidb_test: Munged username: Testneu
2009-10-28 09:47:34 wikidb_test: Entering authenticate
2009-10-28 09:47:34 wikidb_test:
2009-10-28 09:47:34 wikidb_test: Entering Connect
2009-10-28 09:47:34 wikidb_test: Using SSL
2009-10-28 09:47:34 wikidb_test: Using servers:
ldaps://server.com
2009-10-28 09:47:34 wikidb_test: Connected successfully
2009-10-28 09:47:34 wikidb_test: Lowercasing the username: Testneu
2009-10-28 09:47:34 wikidb_test: Entering getSearchString
2009-10-28 09:47:34 wikidb_test: Doing a straight bind
2009-10-28 09:47:34 wikidb_test: userdn is: domain\testneu
2009-10-28 09:47:34 wikidb_test:
2009-10-28 09:47:34 wikidb_test: Binding as the user
2009-10-28 09:47:39 wikidb_test: Bound successfully
2009-10-28 09:47:39 wikidb_test: Entering getUserDN
2009-10-28 09:47:39 wikidb_test: Created a regular filter:
(sAMAccountName=testneu)
2009-10-28 09:47:39 wikidb_test: Entering getBaseDN
2009-10-28 09:47:39 wikidb_test: basedn is not set for this type of
entry, trying to get the default basedn.
2009-10-28 09:47:39 wikidb_test: Entering getBaseDN
2009-10-28 09:47:39 wikidb_test: basedn is dc=server,dc=domain,dc=com
2009-10-28 09:47:39 wikidb_test: Using base: dc=server,dc=domain,dc=com
2009-10-28 09:47:39 wikidb_test: Fetched username is not a string
(check your hook code...). This message can be safely ignored if you do
not have the SetUsernameAttributeFromLDAP hook defined.
2009-10-28 09:47:39 wikidb_test: Pulled the user's DN: CN=test
userNEU,OU=Users,OU=department,DC=server,DC=domain,DC=com
2009-10-28 09:47:39 wikidb_test: Entering getGroups
2009-10-28 09:47:39 wikidb_test: Retrieving LDAP group membership
2009-10-28 09:47:39 wikidb_test: Searching for the groups
2009-10-28 09:47:39 wikidb_test: Entering searchGroups
2009-10-28 09:47:39 wikidb_test: Entering getBaseDN
2009-10-28 09:47:39 wikidb_test: basedn is
ou=Groups,ou=department,dc=server,dc=domain,dc=com
2009-10-28 09:47:39 wikidb_test: Search string: (&(member=CN=test
userNEU,OU=Users,OU=department,DC=server,DC=domain,DC=com)(objectclass=g
roup))
2009-10-28 09:47:39 wikidb_test: Binding as the proxyagent
2009-10-28 09:47:39 wikidb_test: Returned groups:
cn=test123,ou=groups,ou=department,dc=server,dc=domain,dc=com
2009-10-28 09:47:39 wikidb_test: Entering checkGroups
2009-10-28 09:47:39 wikidb_test: Entering getPreferences
2009-10-28 09:47:39 wikidb_test: Retrieving preferences
2009-10-28 09:47:39 wikidb_test: Retrieved email (test123(a)test.com)
using attribute (mail)
2009-10-28 09:47:39 wikidb_test: Retrieved nickname (test userNEU)
using attribute (cn)
2009-10-28 09:47:39 wikidb_test: Entering synchUsername
2009-10-28 09:47:39 wikidb_test: Authentication passed
2009-10-28 09:47:39 wikidb_test: Entering updateUser
2009-10-28 09:47:39 wikidb_test: Setting user preferences.
2009-10-28 09:47:39 wikidb_test: Setting nickname.
2009-10-28 09:47:39 wikidb_test: Setting email.
2009-10-28 09:47:39 wikidb_test: Setting user groups.
2009-10-28 09:47:39 wikidb_test: Entering setGroups.
2009-10-28 09:47:39 wikidb_test: Locally managed groups is unset, using
defaults: bot::sysop::bureaucrat
2009-10-28 09:47:39 wikidb_test: Available groups are:
bot::sysop::bureaucrat
2009-10-28 09:47:39 wikidb_test: Effective groups are:
*::user::autoconfirmed
2009-10-28 09:47:39 wikidb_test: Checking to see if user is in: bot
2009-10-28 09:47:39 wikidb_test: Entering hasLDAPGroup
2009-10-28 09:47:39 wikidb_test: Checking to see if user is in: sysop
2009-10-28 09:47:39 wikidb_test: Entering hasLDAPGroup
2009-10-28 09:47:39 wikidb_test: Checking to see if user is in:
bureaucrat
2009-10-28 09:47:39 wikidb_test: Entering hasLDAPGroup
2009-10-28 09:47:39 wikidb_test: Saving user settings.
2009-10-28 09:47:43 wikidb_test: Entering allowPasswordChange
If i understand the log correctly the group is returned but when i check
the database its not updated there.
I also posted my problem at the LDAP extension talk
http://www.mediawiki.org/wiki/Extension_talk:LDAP_Authentication#Not_upd
ating_Groups_in_the_MW_Database.
--
Turtle Entertainment GmbH
Felix Feinhals, Junior IT Operations Specialist
Siegburger Str. 189
50679 Cologne
Germany
fon. +49 221 880449-333
fax. +49 221 880449-399
http://www.turtle-entertainment.com/
http://www.esl.eu/
http://www.consoles.net/
Managing Directors: Jens Hilgers, Ralf Reichert
Register Court: Local Court Cologne, HRB 36678