Jump to content

Topic on Extension talk:LDAPAuthentication2/Flow

LDAP-User cannot be authenticated

6
Julio1501 (talkcontribs)

MediaWiki    1.39.4

PHP    8.0.30 (apache2handler)

MariaDB    10.5.19-MariaDB-0+deb11u2

BlueSpice 4.3.2 (build:20230907155405)


All LDAP Test from the maintenance folder work. But LDAP authentication fails

The LocalSettings.php is configured like below:

$LDAPProviderCacheType = CACHE_NONE;

$wgGroupPermissions['*']['autocreateaccount'] = true;

//$wgBlockDisablesLogin = true;

// Load LDAP Config from JSON

$ldapJsonFile = "/var/www/ldap.json";

$ldapConfig = true;

// Activate Extension

if ( $ldapConfig ) {

  wfLoadExtension( 'PluggableAuth' ); //"version": "7.0.0"

  wfLoadExtension( 'LDAPProvider' ); //"version": "2.0.1"

  wfLoadExtension( 'LDAPAuthentication2' ); //"version": "2.0.2"

  wfLoadExtension( 'LDAPAuthorization' ); //"version": "2.0.1"

  wfLoadExtension( 'LDAPUserInfo' ); //"version": "2.0.0"

  wfLoadExtension( 'LDAPGroups' ); //"version": "2.0.1"

  $LDAPProviderDomainConfigs = $ldapJsonFile;

  $LDAPAuthentication2AllowLocalLogin = true;

  $wgPluggableAuth_EnableLocalLogin = true;

  $wgPluggableAuth_ButtonLabel = "Log In";

  // Force LDAPGroups to sync by choosing a domain (e.g. first JSON object in ldap.json)

  $LDAPProviderDefaultDomain = "mydomain.local";

}

$wgLDAPDebug = 3; //for debugging LDAP

$wgDebugLogGroups['LDAP'] = "/var/log/mediawiki/ldap_debug.log";

$wgDebugLogGroups['LDAPGroups'] = "/var/log/mediawiki/LDAPGroups.log";

$wgDebugLogGroups['LDAPAuthentication2'] =  "/var/log/mediawiki/LDAPauth.log";


my ldap.json:


{

"mydomain.local": {

"connection": {

"server": "mydomain.local",

"port": "389",

"user": "binduser@mydomain.local",

"pass": "mysecret",

"enctype": "clear",

"options": {

"LDAP_OPT_DEREF": 1

},

"basedn": "DC=mydomain,DC=local",

"userbasedn": "DC=mydomain,DC=local",

"groupbasedn": "DC=mydomain,DC=local",

"searchattribute": "samaccountname",

"usernameattribute": "samaccountname",

"realnameattribute": "cn",

"emailattribute": "mail",

"grouprequest": "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\UserMemberOf::factory",

"presearchusernamemodifiers": ["spacestounderscores", "lowercase"]

},

"userinfo": [],

"authorization": {

"rules": {

"groups": {

"required": [""]

}

}

},

"groupsync": {

"mapping": {

"sysop": ""

}

}

}

}


Thanks!

Osnard (talkcontribs)

So is there anything on the logs?

Julio1501 (talkcontribs)

Hi, @Osnard,

These are not error messages relating to this error.

I just get this mask without the possibility to enter my login data:


Kind regards

Julio1501 (talkcontribs)

Hi @Osnard

the problem has been solved. It was due to the BlueSpice plugin "BlueSpiceDistributionConnector"

Kind regards

Osnard (talkcontribs)

Thanks for the feedback. Can you please provide a little bit more information about the issue?

Julio1501 (talkcontribs)

Hi @Osnard,

I had the problem that there was no option to show the login screen. I always got the message "the specified login information could not be verified."

After I deactivated the plugin "BlueSpiceDistributionConnector" in 001-BlueSpiceDistribution.php I was able to log in to the LDAP

Thanks