Jump to content

Topic on Extension talk:LDAPAuthorization

ldap authorization blows up not sure whats wrong in setup

3
Richr410 (talkcontribs)

After fighting with Ldap Authentication - which works fine now -- i wanted to restrict it to certain AD group(s).

But when I run with "wfLoadExtension( 'LDAPAuthorization' );" it passes the "auth" part, but the verification of the group check blows up.

MediaWiki 1.35.3

PHP 7.3.29

LDAPAuthentication2 1.0.3

LDAPAuthorization 1.1.0

LDAPProvider 1.0.5

PluggableAuth 5.7

I cant figure out what I am missing, if anything

On screen I get:

Special:PluggableAuthLogin TypeError from line 47 of includes/config/HashConfig.php: Argument 1 passed to HashConfig::__construct() must be of the type array, null given, called in extensions/LDAPProvider/src/DomainConfigFactory.php on line 74

Backtrace:

#0 extensions/LDAPProvider/src/DomainConfigFactory.php(74): HashConfig->__construct(NULL)

#1 extensions/LDAPAuthorization/src/Hook/PluggableAuthUserAuthorization.php(65): MediaWiki\Extension\LDAPProvider\DomainConfigFactory->factory(string, string)

#2 extensions/LDAPAuthorization/src/Hook/PluggableAuthUserAuthorization.php(77): MediaWiki\Extension\LDAPAuthorization\Hook\PluggableAuthUserAuthorization->__construct(User, boolean)

#3 includes/HookContainer/HookContainer.php(329): MediaWiki\Extension\LDAPAuthorization\Hook\PluggableAuthUserAuthorization::callback(User, boolean)

#4 includes/HookContainer/HookContainer.php(132): MediaWiki\HookContainer\HookContainer->callLegacyHook(string, array, array, array)

....

In the Debug Logging, I get:

2022-05-27 18:07:54 {server name} {wiki name}: Domain set to 'abc.def.org'.

[error] [YpETerowjGVT6h9w1gQ@LwAAAAo] Special:PluggableAuthLogin   ErrorException from line 74 of extensions/LDAPProvider/src/DomainConfigFactory.php:

PHP Notice: Undefined index: authorization

#0 extensions/LDAPProvider/src/DomainConfigFactory.php(74): MWExceptionHandler::handleError(integer, string, string, integer, array)

#1 extensions/LDAPAuthorization/src/Hook/PluggableAuthUserAuthorization.php(65): MediaWiki\Extension\LDAPProvider\DomainConfigFactory->factory(string, string)

#2 extensions/LDAPAuthorization/src/Hook/PluggableAuthUserAuthorization.php(77): MediaWiki\Extension\LDAPAuthorization\Hook\PluggableAuthUserAuthorization->__construct(User, boolean)

#3 includes/HookContainer/HookContainer.php(329): MediaWiki\Extension\LDAPAuthorization\Hook\PluggableAuthUserAuthorization::callback(User, boolean)

#4 includes/HookContainer/HookContainer.php(132): MediaWiki\HookContainer\HookContainer->callLegacyHook(string, array, array, array)

#5 includes/Hooks.php(137): MediaWiki\HookContainer\HookContainer->run(string, array, array)

#6 extensions/PluggableAuth/includes/PluggableAuthLogin.php(53): Hooks::run(string, array)

#7 includes/specialpage/SpecialPage.php(600): PluggableAuthLogin->execute(NULL)

#8 includes/specialpage/SpecialPageFactory.php(635): SpecialPage->run(NULL)

#9 includes/MediaWiki.php(307): MediaWiki\SpecialPage\SpecialPageFactory->executePath(Title, RequestContext)

#10 includes/MediaWiki.php(940): MediaWiki->performRequest()

SO the issue seems to be "Undefined index: authorization"

(which is present in my "ldap.json" file - below) Undefined index: authorization

{

        "abd.def.org": {

                "connection": {

                        "server": "dc.abc.def.org",

                        "port": "389",

                        "user": "CN=Service,OU=groups,DC=abc,DC=def,DC=org",

                        "pass": "",

                        "options": {

                                "LDAP_OPT_DEREF": 1

                        },

                        "basedn": "DC=abc,DC=def,DC=org",

                        "userbasedn": "DC=abc,DC=def,DC=org",

                        "groupbasedn": "DC=abc,DC=def,DC=org",

                        "searchattribute": "samAccountName",

                        "usernameattribute": "samaccountname",

                        "realnameattribute": "cn",

                        "emailattribute": "mail",

                        "grouprequest": "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\UserMemberOf::factory",

                        "authorization": {

                                "rules": {

                                        "groups": {

                                                "required": ["CN=support,DC=abc,DC=def,DC=org"]

                                        }

                                }

                        }

                }

        }

}

SO -- I have no idea what's wrong, havent been able to figure out out! Argh!

Osnard (talkcontribs)

The "authorization" node must not be nested within, but a sibling of "connection"

Richr410 (talkcontribs)

oh!!

that was it!!

thanks might!!

Reply to "ldap authorization blows up not sure whats wrong in setup"