I have the same problem that users that are not stored in the database are not authorized. This is what the log file for LDAPAuthorization gives me after I apply @Morix Dev's changes to PluggableAuthUserAuthorization.php :
2023-05-08 04:44:39 vermkv-wiki-neu wiki_d35: Domain set to 'wiki_d35'.
2023-05-08 04:44:39 vermkv-wiki-neu wiki_d35: MediaWiki\Extension\LDAPAuthorization\Hook\PluggableAuthUserAuthorization: Check authorization for user ')'.
2023-05-08 04:44:39 vermkv-wiki-neu wiki_d35: Requirement 'groups.required' not satisfied.
2023-05-08 04:44:39 vermkv-wiki-neu wiki_d35: Requirements could not be satisfied.
I have Mediawiki 1.39.3 with php 8.1.2 and MariaDB 10.6.12.
My configuration in LocalSettings.php:
wfLoadExtension( 'PluggableAuth' );
wfLoadExtension( 'LDAPProvider' );
wfLoadExtension( 'LDAPAuthentication2' );
wfLoadExtension( 'LDAPUserInfo' );
wfLoadExtension( 'LDAPAuthorization' );
$wgPluggableAuth_EnableLocalLogin = false;
$wgPluggableAuth_ButtonLabel = "Anmelden";
$LDAPAuthorizationAutoAuthRemoteUserStringParser = 'username-at-domain';
$LDAPAuthentication2UsernameNormalizer = 'ucfirst';
$LDAPAuthentication2AllowLocalLogin = false;
$wgAuthRemoteuserAllowUserSwitch = false;
$wgPluggableAuth_Config['Log In'] = [
'plugin' => 'LDAPAuthentication2',
'data' => [
'domain' => 'wiki_d35'
]
];
$wgDebugLogGroups['PluggableAuth'] = [
'destination' => "$IP/cache/PluggableAuth.log"
];
$wgDebugLogGroups['LDAPProvider'] = [
'destination' => "$IP/cache/LDAPProvider.log"
];
$wgDebugLogGroups['LDAPAuthentication2'] = [
'destination' => "$IP/cache/LDAPAuth.log"
];
$wgDebugLogGroups['LDAPAuthorization'] = [
'destination' => "$IP/cache/LDAPAuthorization.log"
];
$LDAPProviderDomainConfigProvider = function() {
$config = [
"LDAP" => [
"connection" => [
"server" => "***",
"options" => [ "LDAP_OPT_DEREF" => 1, "LDAP_OPT_PROTOCOL_VERSION" => 3 ],
"port" => 389,
"enctype" => "tls",
"basedn" => "o=***,c=***",
"userbasedn" => "o=***,c=***",
"groupbasedn" => "ou=group,ou=***,o=***,c=***",
"searchattribute" => 'uid',
"usernameattribute" => 'uid',
"realnameattribute" => "cn",
"emailattribute" => "mail",
"grouprequest" => "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\GroupMember::factory"
],
"authorization" => [
"rules" => [
"groups" => [
"required" => [
"cn=***,ou=***,ou=***,o=***,c=***"
]
]
]
],
"authentication" => [
"usernameattribute" => "uid",
"realnameattribute" => "cn",
"emailattribute" => "mail"
],
'userinfo' => [
'attributes-map' => [
'email' => 'mail',
'realname' => 'cn'
]
]
]
];
return new \MediaWiki\Extension\LDAPProvider\DomainConfigProvider\InlinePHPArray( $config );
};