Jump to content

Topic on User talk:Ryan lane/Flow

Janaboy (talkcontribs)

Hi Ryan,

I hope you can help me.

We try to restrict the access based on LDAP group but it is not working.

This is the current config:

$wgAuth = new LdapAuthenticationPlugin();

$wgLDAPDomainNames = array( 'DOMAIN');

$wgLDAPServerNames = array( 'DOMAIN' => 'xx1.corp.DOMAIN.com xx2.corp.DOMAIN.com');

$wgLDAPSearchStrings = array('DOMAIN' => 'DOMAIN\\USER-NAME');

$wgLDAPEncryptionType = array( 'DOMAIN' => 'false');

$wgLDAPUseLocal = false;

$wgMinimalPasswordLength = 1;

$wgLDAPBaseDNs = array( 'DOMAIN' => 'DC=corp,DC=DOMAIN,DC=com');

$wgLDAPUserBaseDNs = array( 'DOMAIN' => 'OU=users,DC=corp,DC=DOMAIN,DC=com' );

$wgLDAPGroupBaseDNs = array( 'DOMAIN' => 'OU=applications,OU=groups,DC=corp,DC=DOMAIN,DC=com' );

$wgLDAPSearchAttributes = array( 'DOMAIN' => 'usernameoftheaccount' );

$wgLDAPGroupNameAttribute = array( 'DOMAIN' => 'cn' );

$wgLDAPActiveDirectory = array( 'DOMAIN' => true );

$wgLDAPUseLDAPGroups = array( 'DOMAIN' => true );

$wgLDAPGroupUseFullDN = array( 'DOMAIN' => true );

$wgLDAPGroupObjectclass = array( 'DOMAIN' => 'group');

$wgLDAPGroupAttribute = array( 'DOMAIN' => 'user' );

$wgLDAPRequiredGroups = array( 'DOMAIN' => array( 'CN=thisisthenameoftheadgroup,OU=applications,OU=groups,DC=corp,DC=DOMAIN,DC=com' ) );

In the log i can see that not able to find user in the 'thisisthenameoftheadgroup' group.

Do you have any idea why?

The login is working without the LDAPRequiredGroups paramter.

Thank you in advance,

Br,

Janaboy

Janaboy (talkcontribs)

Just for the future, if somebody will have the same issue, here this parameter caused the issue:

$wgLDAPSearchAttributes

The working one is this:

$wgLDAPSearchAttributes = array( 'DOMAIN' => 'sAMAccountName' );

Reply to "Login issue"