After fighting with Ldap Authentication - which works fine now -- i wanted to restrict it to certain AD group(s).
But when I run with "wfLoadExtension( 'LDAPAuthorization' );" it passes the "auth" part, but the verification of the group check blows up.
MediaWiki 1.35.3
PHP 7.3.29
LDAPAuthentication2 1.0.3
LDAPAuthorization 1.1.0
LDAPProvider 1.0.5
PluggableAuth 5.7
I cant figure out what I am missing, if anything
On screen I get:
Special:PluggableAuthLogin TypeError from line 47 of includes/config/HashConfig.php: Argument 1 passed to HashConfig::__construct() must be of the type array, null given, called in extensions/LDAPProvider/src/DomainConfigFactory.php on line 74
Backtrace:
#0 extensions/LDAPProvider/src/DomainConfigFactory.php(74): HashConfig->__construct(NULL)
#1 extensions/LDAPAuthorization/src/Hook/PluggableAuthUserAuthorization.php(65): MediaWiki\Extension\LDAPProvider\DomainConfigFactory->factory(string, string)
#2 extensions/LDAPAuthorization/src/Hook/PluggableAuthUserAuthorization.php(77): MediaWiki\Extension\LDAPAuthorization\Hook\PluggableAuthUserAuthorization->__construct(User, boolean)
#3 includes/HookContainer/HookContainer.php(329): MediaWiki\Extension\LDAPAuthorization\Hook\PluggableAuthUserAuthorization::callback(User, boolean)
#4 includes/HookContainer/HookContainer.php(132): MediaWiki\HookContainer\HookContainer->callLegacyHook(string, array, array, array)
....
In the Debug Logging, I get:
2022-05-27 18:07:54 {server name} {wiki name}: Domain set to 'abc.def.org'.
[error] [YpETerowjGVT6h9w1gQ@LwAAAAo] Special:PluggableAuthLogin ErrorException from line 74 of extensions/LDAPProvider/src/DomainConfigFactory.php:
PHP Notice: Undefined index: authorization
#0 extensions/LDAPProvider/src/DomainConfigFactory.php(74): MWExceptionHandler::handleError(integer, string, string, integer, array)
#1 extensions/LDAPAuthorization/src/Hook/PluggableAuthUserAuthorization.php(65): MediaWiki\Extension\LDAPProvider\DomainConfigFactory->factory(string, string)
#2 extensions/LDAPAuthorization/src/Hook/PluggableAuthUserAuthorization.php(77): MediaWiki\Extension\LDAPAuthorization\Hook\PluggableAuthUserAuthorization->__construct(User, boolean)
#3 includes/HookContainer/HookContainer.php(329): MediaWiki\Extension\LDAPAuthorization\Hook\PluggableAuthUserAuthorization::callback(User, boolean)
#4 includes/HookContainer/HookContainer.php(132): MediaWiki\HookContainer\HookContainer->callLegacyHook(string, array, array, array)
#5 includes/Hooks.php(137): MediaWiki\HookContainer\HookContainer->run(string, array, array)
#6 extensions/PluggableAuth/includes/PluggableAuthLogin.php(53): Hooks::run(string, array)
#7 includes/specialpage/SpecialPage.php(600): PluggableAuthLogin->execute(NULL)
#8 includes/specialpage/SpecialPageFactory.php(635): SpecialPage->run(NULL)
#9 includes/MediaWiki.php(307): MediaWiki\SpecialPage\SpecialPageFactory->executePath(Title, RequestContext)
#10 includes/MediaWiki.php(940): MediaWiki->performRequest()
SO the issue seems to be "Undefined index: authorization"
(which is present in my "ldap.json" file - below) Undefined index: authorization
{
"abd.def.org": {
"connection": {
"server": "dc.abc.def.org",
"port": "389",
"user": "CN=Service,OU=groups,DC=abc,DC=def,DC=org",
"pass": "",
"options": {
"LDAP_OPT_DEREF": 1
},
"basedn": "DC=abc,DC=def,DC=org",
"userbasedn": "DC=abc,DC=def,DC=org",
"groupbasedn": "DC=abc,DC=def,DC=org",
"searchattribute": "samAccountName",
"usernameattribute": "samaccountname",
"realnameattribute": "cn",
"emailattribute": "mail",
"grouprequest": "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\UserMemberOf::factory",
"authorization": {
"rules": {
"groups": {
"required": ["CN=support,DC=abc,DC=def,DC=org"]
}
}
}
}
}
}
SO -- I have no idea what's wrong, havent been able to figure out out! Argh!