Jump to content

Topic on Extension talk:LDAPAuthorization/Archive 2

LDAP group authorization plus local login

4
Dancabcaltech (talkcontribs)

I have an issue where enabling LDAP Authorization for a specific LDAP group disables the use of local wiki account logins. I get the message "User not authorized" as if I was using a bad password or user which is not in the group.

If I disable the LDAP Authorization extension then my local wiki login works again.

Is there a way to work around this? Would it help to create a custom wiki group?

We need local logins for visitors and temporary users which do not need an LDAP account.

I'm using MediaWiki 1.35 with PHP 7.3.22.

Osnard (talkcontribs)

Please share your "authorization" config section. Also please check with "LDAPProvider/maintenance/ShowUserInfo.php" and "LDAPProvider/maintenance/ShowUserGroups.php" what the application "sees".

Dancabcaltech (talkcontribs)

@Osnard here's the authorization section from my JSON file.


                "authorization": {

                            "rules": {

                               "groups": {

                                  "required": ["cn=ausadmins,ou=Groups,ou=IMSS,o=Caltech,c=US"]

                                  }

                                }

                },


I can run the ShowUserGroups.php and ShowUserInfo.php scripts to query LDAP. They return the expected information.

If it helps we do have a wiki farm/family configuration. So I configure SERVER_NAME accordingly and give the --wiki option for running those scripts.

Osnard (talkcontribs)
Reply to "LDAP group authorization plus local login"