Topic on Extension talk:LDAPAuthorization

I have an issue where enabling LDAP Authorization for a specific LDAP group disables the use of local wiki account logins. I get the message "User not authorized" as if I was using a bad password or user which is not in the group.

If I disable the LDAP Authorization extension then my local wiki login works again.

Is there a way to work around this? Would it help to create a custom wiki group?

We need local logins for visitors and temporary users which do not need an LDAP account.

I'm using MediaWiki 1.35 with PHP 7.3.22.

Please share your "authorization" config section. Also please check with "LDAPProvider/maintenance/ShowUserInfo.php" and "LDAPProvider/maintenance/ShowUserGroups.php" what the application "sees".

@Osnard here's the authorization section from my JSON file.

                "authorization": {

                            "rules": {

                               "groups": {

                                  "required": ["cn=ausadmins,ou=Groups,ou=IMSS,o=Caltech,c=US"]

                                  }

                                }

                },

I can run the ShowUserGroups.php and ShowUserInfo.php scripts to query LDAP. They return the expected information.

If it helps we do have a wiki farm/family configuration. So I configure SERVER_NAME accordingly and give the --wiki option for running those scripts.

Yes, looks like others have the same issue. I have created a bug report: https://phabricator.wikimedia.org/T275496

Please feel free to add info to that task.