CODEWITHSUNDEEP
linuxldapmediawiki
Stroes
Stroes

Reputation: 361

MediaWiki cant get LDAP authentication to work

I am running out of ideas here. I cant get LDAP authentication to work on my network, i have a local machine (Linux Ubuntu 14 with mediawiki)

Domain Name - XXXX
Domain Controllers - OBI1.XXXX.local cg-p-dc-04.XXXX.local cg-p-dc-05.XXXX.local

Here is my LocalSettings.php

require_once "$IP/extensions/LdapAuthentication/LdapAuthentication.php";
$wgAuth = new LdapAuthenticationPlugin();

$wgLDAPDomainNames = array( "XXXX" );
$wgLDAPServerNames = array( "XXXX" => "cg-p-dc-05.XXXX.local" );
$wgLDAPProxyAgent = array("XXXX" => "cn=serviceaccount,dc=XXXX,dc=local");
$wgLDAPProxyAgentPassword = array("XXXX"=> "XXXX01");
$wgLDAPSearchStrings = array( "XXXX" => "XXXX\\USER-NAME" );
$wgLDAPEncryptionType = array( "XXXX" => "clear" );
$wgLDAPUseLocal = false;
$wgMinimalPasswordLength = 1;
$wgLDAPBaseDNs = array( "XXXX" => "dc=XXXX,dc=local" );
$wgLDAPSearchAttributes = array( "XXXX" => "sAMAccountName" );
$wgLDAPRetrievePrefs = array( "XXXX" => "true" );
$wgLDAPPreferences = array('XXXX' => array( 'email' => 'mail','realname' => 'displayname'));
$wgLDAPDebug = 3; //for debugging LDAP
$wgShowExceptionDetails = true; //for debugging MediaWiki
$wgDebugLogGroups['ldap'] = '/var/www/html/XXXXwiki/wiki.log';
error_reporting( -1 );
ini_set( 'display_errors', 1 );

Here is my log extract

2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering validDomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 User is not using a valid domain ().
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 No domain found, returning invaliddomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 Setting domain as: invaliddomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering allowPasswordChange
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 No domain found, returning invaliddomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 No domain found, returning invaliddomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering modifyUITemplate
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 No domain found, returning invaliddomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 No domain found, returning invaliddomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:54 cg-p-ops-01v wikidb-wiki_: 2.1.0 No domain found, returning invaliddomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering validDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 User is using a valid domain (XXXX).
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Setting domain as: XXXX
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getCanonicalName
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Username is: username
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Munged username: username
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering authenticate for username username
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering Connect
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Can't set option to LDAP! Option code and value: 0=2
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Can't set option to LDAP! Option code and value: 1=0
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 PHP's LDAP connect method returned true (note, this does not imply it connected to the server).
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getSearchString
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Doing a straight bind
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:13:57 cg-p-ops-01v wikidb-wiki_: 2.1.0 Binding as the user
2015-04-30 10:14:12 cg-p-ops-01v wikidb-wiki_: 2.1.0 Failed to bind as uid=username,ou=people,dc=LDAP,dc=XXXX,dc=local
2015-04-30 10:14:12 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering strict.
2015-04-30 10:14:12 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:14:12 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:14:12 cg-p-ops-01v wikidb-wiki_: 2.1.0 Returning true in strict().
2015-04-30 10:14:12 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering allowPasswordChange
2015-04-30 10:14:12 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:14:12 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.
2015-04-30 10:14:12 cg-p-ops-01v wikidb-wiki_: 2.1.0 Entering getDomain
2015-04-30 10:14:12 cg-p-ops-01v wikidb-wiki_: 2.1.0 Pulling domain from session.

No matter what variation of settings i try, i still get Incorrect password entered. Please try again.

I have asked this question on Mediawiki support but not getting any feedback there

Upvotes: 1

Views: 1773

Answers (2)

Stroes
Stroes

Reputation: 361

I have managed to resolve this. Seems that my linux box did not like the idea of hostnames for my Domain Controllers and i had to revert to using the IP addresses of these machines in order for it to work.

Upvotes: 0

Liam Gretton
Liam Gretton

Reputation: 380

heiglandreas is right, as you're using AD (assumed because you're looking for sAMAccountName) you need the extension to bind first.

So you should add the following directives:

$wgLDAPProxyAgent = array('XXXXX' => 'cn=someone,dc=XXXX,dc=local');
$wgLDAPProxyAgentPassword = array('XXXX' => 'password');

Where obviously cn=someone,dc=XXXX,dc=local and password should be changed to reflect real credentials in your AD.

Upvotes: 1

Related Questions