Jump to content

Topic on Extension talk:LDAP Authentication

LDAP group restriction errors

4
Harry-641 (talkcontribs)

Hi Ryan,

I’ve been trying to use your extension but I’m getting some odd errors. This is my first wiki, so apologies if it’s something really simple. I’m using WS2008 R2, Mediawiki 1.19.1, LDAP extension 1.19-108775.

First of all – I’d mention that I can’t get a debug file to write anywhere.

$wgDebugLogGroups["ldap"] = "d:\logs\debug.log" ;
$wgLDAPDebug = 5;

In any case, I’m getting two errors depending on when I comment in/comment out a line.

$wgLDAPGroupUseFullDN = array( "domain"=>true );
$wgLDAPBaseDNs = array( 'domain' => "dc=***,dc=***,dc=***,dc=com" );
$wgLDAPSearchAttributes = array( "domain" => "sAMAccountName" );

$wgLDAPGroupObjectclass = array( "domain"=>"group" );
$wgLDAPGroupAttribute = array( "domain"=>"member" );
$wgLDAPGroupNameAttribute = array( "domain"=>"cn" );
$wgLDAPRequiredGroups = array( "domain"=> array( "cn=wiki,ou=users,dc=***,dc=***,dc=***,dc=com" ) );</br></br>

$wgLDAPGroupSearchNestedGroups = array( "domain"=>true );

When I run the above, I get hundreds of lines of a php exception:

PHP Notice: Undefined offset: 0 in C:\inetpub\wwwroot\BlueWIKI\extensions\LdapAuthentication\LdapAuthentication.php on line 1580
PHP Notice: Undefined offset: 0 in C:\inetpub\wwwroot\BlueWIKI\extensions\LdapAuthentication\LdapAuthentication.php on line 1581

Etc etc

If I comment out the searchnestedgroups line, then I get a username incorrect message. Authentication works without any of the group config, but I’m trying to restrict login to certain OUs.

Thanks in advance.

141.84.149.18 (talkcontribs)

I have the same problem, although the Login and restrictions work like a charm. Still my error logs get flodded with this.

Ryan lane (talkcontribs)

You should use the master version of the extension. There's been a lot of bugfixes since the release you are on. Pull from git, rather than using the extension distributor.

200.163.18.107 (talkcontribs)

Seems the error is triggered in the part of the code where the is a tag "TODO: find a way to only do this search for AD domains.", which is not my case (openldap). The task would resolve the error messages.

Reply to "LDAP group restriction errors"