Hello,
Im trying to setup ldap on Mediawiki 1.39.4, all plugins also downloaded for 1.39 version. LDAP is hosted in docker with OpenLDAP, Mediawiki is hosted on xampp with MySQL database. I think i configured everything how it should be by reading Active Directory Integration manual. When im clicking on log in im getting "The data provided cannot be used for credential checks."
Below is my ldap.json (ip and password changed for posting this):
{
"ldap.computingforgeeks.com": {
"connection": {
"server": "ldap://ip:389",
"port": "389",
"use-tls": "true",
"user": "cn=admin,dc=computingforgeeks,dc=com",
"pass": "password",
"enctype": "clear",
"options": {
"LDAP_OPT_DEREF": 1
},
"basedn": "dc=computingforgeeks,dc=com",
"userbasedn": "ou=users,dc=computingforgeeks,dc=com",
"groupbasedn": "ou=groups,dc=computingforgeeks,dc=com",
"searchattribute": "sAMAccountName",
"usernameattribute": "sAMAccountName",
"realnameattribute": "cn",
"emailattribute": "mail",
"grouprequest": "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\UserMemberOf::factory",
"presearchusernamemodifiers": [ "spacestounderscores", "lowercase" ]
},
"userinfo": [],
"authorization": [],
"groupsync": {
"mapping": {
"engineering": "CN=employees,OU=Groups,DC=computingforgeeks,DC=com",
"employer": "CN=employer,OU=Groups,DC=computingforgeeks,DC=com"
}
}
}
}
Below is LocalSettings.php:
# End of automatically generated settings.
# Add more configuration options below.
// Safe IP or not (for bypassing external login via AD)
$safeIPs = array('127.0.0.1','localhost');
$ipsVars = array('HTTP_X_FORWARDED_FOR','HTTP_X_REAL_IP','REMOTE_ADDR');
foreach ($ipsVars as $ipsVar) {
if (isset($_SERVER[$ipsVar]) && mb_strlen($_SERVER[$ipsVar]) > 3 ) { $wikiRequestIP = $_SERVER[$ipsVar]; break; }
}
$wikiRequestSafe = ( isset($wikiRequestIP ) && ( in_array($wikiRequestIP,$safeIPs) ));
// Create Wiki-Group 'engineering' from default user group
$wgGroupPermissions['engineering'] = $wgGroupPermissions['user'];
// Private Wiki. External LDAP login. Default NS requires login.
$wgEmailConfirmToEdit = false;
$wgGroupPermissions['*']['edit'] = true;
$wgGroupPermissions['*']['read'] = true;
$wgGroupPermissions['*']['createaccount'] = true;
$wgGroupPermissions['sysop']['createaccount'] = true;
$wgGroupPermissions['*']['autocreateaccount'] = true;
$wgBlockDisablesLogin = true;
// Load LDAP Config from JSON
$ldapJsonFile = "$IP/ldap.json";
$ldapConfig = false;
if (is_file($ldapJsonFile) && is_dir("$IP/extensions/LDAPProvider")) {
$testJson = @json_decode(file_get_contents($ldapJsonFile),true);
if (is_array($testJson)) {
$ldapConfig = true;
} else {
error_log("Found invalid JSON in file: $IP/ldap.json");
}
}
// Activate Extension
if ( $ldapConfig ) {
wfLoadExtension( 'PluggableAuth' );
wfLoadExtension( 'LDAPProvider' );
wfLoadExtension( 'LDAPAuthentication2' );
wfLoadExtension( 'LDAPUserInfo' );
wfLoadExtension( 'LDAPGroups' );
$LDAPProviderDomainConfigs = $ldapJsonFile;
$wgPluggableAuth_ButtonLabel = "Log In";
// Force LDAPGroups to sync by choosing a domain (e.g. first JSON object in ldap.json)
$LDAPProviderDefaultDomain = "ldap.computingforgeeks.com";
if ($wikiRequestSafe) { $LDAPAuthentication2AllowLocalLogin = false; }
}
I also checked ldap connection using python script and everything works in it. On mediawiki im getting error. Do you have any ideas what could help? Also i have deleted LDAPAuthorization plugin for a while and it changed nothing.