Jump to content

Topic on Manual talk:Active Directory Integration

Summary by Gregzme17

This was my fault, had to change the localsettings.php to point to the LDAP.JSON file by its absolute Windows path.

Gregzme17 (talkcontribs)

I followed the directions but it when I checked Special:Version, it does not appear to be loading any of the extensions, or at least they are not listed on that page.


Windows Server 2016 / IIS

MediaWiki 1.35.5

PHP 7.4.13

MaraDB 10.7.3.0

I have verified the DC, user account, password, groups


Here is my ldap.json file (details changed):

{
   "mydomain.net": {
       "connection": {
           "server": "dc.mydomain.net",
           "port": "3268",
           "user": "CN=user,OU=ou,OU=ou,OU=ou,DC=mydomain,DC=net",
           "pass": "password",
           "enctype": "clear",
           "options": {
               "LDAP_OPT_DEREF": 1
           },

           "basedn": "DC=mydomain,DC=net",
           "userbasedn": "DC=mydomain,DC=net",
           "groupbasedn": "DC=mydomain,DC=net",
           "searchattribute": "samaccountname",
           "usernameattribute": "samaccountname",
           "realnameattribute": "cn",
           "emailattribute": "mail",
           "grouprequest": "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\UserMemberOf::factory",
           "presearchusernamemodifiers": [ "spacestounderscores", "lowercase" ]
       },

       "userinfo": [],
       "authorization": [],
       "groupsync": {
           "mechanism": "mappedgroups"
           "mapping": {
               "Group": "CN=group,OU=ou,OU=ou,OU=ou,OU=ou,DC=mydomain,DC=net",
               "sysop": "",
           }
       }
   }
}

This is the bottom of my localsettings.php:

// Safe IP or not (for bypassing external login via AD)
$safeIPs = array('127.0.0.1','localhost');
$ipsVars = array('HTTP_X_FORWARDED_FOR','HTTP_X_REAL_IP','REMOTE_ADDR');
foreach ($ipsVars as $ipsVar) {
 if (isset($_SERVER[$ipsVar]) && mb_strlen($_SERVER[$ipsVar]) > 3 ) { $wikiRequestIP = $_SERVER[$ipsVar]; break; }
}
$wikiRequestSafe = (isset($wikiRequestIP) && ( in_array($wikiRequestIP,$safeIPs) ));


// Create Wiki-Group 'IS' from default user group
$wgGroupPermissions['IS'] = $wgGroupPermissions['user'];


// Private Wiki. External LDAP login. Default NS requires login.
$wgEmailConfirmToEdit = false;
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['*']['read'] = false;
$wgGroupPermissions['*']['createaccount'] = false;
$wgGroupPermissions['sysop']['createaccount'] = false;
$wgGroupPermissions['*']['autocreateaccount'] = true;
$wgBlockDisablesLogin = true;

// Load LDAP Config from JSON
$ldapJsonFile = "$IP/ldap.json";
$ldapConfig = false;
if (is_file($ldapJsonFile) && is_dir("$IP/extensions/LDAPProvider")) {
  $testJson = @json_decode(file_get_contents($ldapJsonFile),true);
  if (is_array($testJson)) {
    $ldapConfig = true;
  } else {
    error_log("Found invalid JSON in file: $IP/ldap.json");
  }
}

// Activate Extension
if ( $ldapConfig ) {

  wfLoadExtension( 'PluggableAuth' );
  wfLoadExtension( 'LDAPProvider' );
  wfLoadExtension( 'LDAPAuthentication2' );
  wfLoadExtension( 'LDAPAuthorization' );
  wfLoadExtension( 'LDAPUserInfo' );
  wfLoadExtension( 'LDAPGroups' );

  $LDAPProviderDomainConfigs = $ldapJsonFile;
  $wgPluggableAuth_ButtonLabel = "Log In";

// Force LDAPGroups to sync by choosing a domain ( e.g. first JSON object in ldap.json )
  $LDAPProviderDefaultDomain = "mydomain.net";

  if ($wikiRequestSafe) { $LDAPAuthentication2AllowLocalLogin = true; }
}

I am honestly completely new to this and not sure what I am doing wrong.