I'm trying to migrate from the old LdapAuthentication to the new LDAP Hub extensions. Now I can login to the LDAP and restrict groups but I can't get LDAPGroups to sync with local groups, and no local login works.
The explained LDAPGroups problem here: Topic:Vu74250r33xa1507
For the local login I created a user like this:
php ./wikiutic/maintenance/createAndPromote.php --force --bureaucrat admin password
My LocalSettings.php :
# Autenticació LDAP
wfLoadExtensions( [
'PluggableAuth', // Autenticació base
'LDAPProvider', // Autenticació base
'LDAPAuthentication2', // Autenticació base
'LDAPAuthorization', // Per restringir accés per grups
'LDAPGroups' // Per sincronitzar grups ldap amb locals
] );
// $wgPluggableAuth_EnableAutoLogin = true; /* Si activem desactiva la opció de fer logout */
$wgPluggableAuth_EnableLocalLogin = false;
$wgPluggableAuth_ButtonLabel = "Inicia sessió";
$LDAPAuthentication2UsernameNormalizer = 'strtoupper'; // strtolower no funciona
$LDAPAuthentication2AllowLocalLogin = true;
$wgLDAPUseLocal = false; // Permetre autentificació local wiki. Mirar que no estigui sobreescrit a LdapAuthentication.php
$LDAPProviderDomainConfigProvider = function() {
$config = [
'LDAP' => [
'connection' => [
"server" => "golum.trueta.intranet",
"enctype" => 'clear',
"basedn" => "dc=htrueta,dc=intranet",
"userbasedn" => "dc=htrueta,dc=intranet", // u=Users,dc=htrueta,dc=intranet
"searchstring" => "uid=USER-NAME,ou=Users,dc=htrueta,dc=intranet",
"searchattribute" => "uid",
"usernameattribute" => "uid",
"realnameattribute" => "cn",
"emailattribute" => "mail",
"groupbasedn" => "dc=htrueta,dc=intranet", // ou=Groups,dc=htrueta,dc=intranet
"groupattribute" => "memberuid",
"groupobjectclass" => "posixgroup",
"grouprequest" => "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\Configurable::factory"
],
'authorization' => [
'rules' => [
'groups' => [
'required' => [ "cn=Domain Admins,ou=Groups,dc=htrueta,dc=intranet",
"cn=s103,ou=Groups,dc=htrueta,dc=intranet",
"cn=wikiUtic,ou=Groups,dc=htrueta,dc=intranet",
"cn=wikiUticLectura,ou=Groups,dc=htrueta,dc=intranet",
"cn=lt2b,ou=Groups,dc=htrueta,dc=intranet",
"cn=lt1,ou=Groups,dc=htrueta,dc=intranet",
"cn=lt15,ou=Groups,dc=htrueta,dc=intranet"]
]
]
],
'groupsync' => [
"mechanism" => "allgroups",
"mapping" => [
"s103" => "cn=s103,ou=Groups,dc=htrueta,dc=intranet",
"Domain admins" => "cn=Domain Admins,ou=Groups,dc=htrueta,dc=intranet"
],
"locally-managed" => [ "local", "wiki", "group", "names" ]
]
]
];
return new \MediaWiki\Extension\LDAPProvider\DomainConfigProvider\InlinePHPArray( $config );
};
I tried with $wgPluggableAuth_EnableLocalLogin to true but two login buttons appears. No one works.
I tried with $wgLDAPUseLocal to true and it don't work.
When I try to login I select "local" in the domain (it appears below my "ldap" domain).