Hello,
In the local network is AD domain - xxx.yyy.org Domain Controllers - serv1.xxx.yyy.org and serv2.xxx.yyy.org In the domain is a group - MWUsers, which includes several users - mwuser1, mwuser2, etc. There MediaWiki 1.13.1. I need to allow automatic access only to users who are in the AD group users. I know that this can be done through LdapAuthentication and LdapAutoAuthentication, but all my attempts unsuccessful.
My LocalSettings.php:
require_once ("$IP/extensions/LdapAutoAuthentication.php"); require_once ("$IP/extensions/LdapAuthentication.php"); $wgAuth = new LdapAuthenticationPlugin(); $wgLDAPDomainNames = array('XXX'); $wgLDAPServerNames = array('XXX' => 'serv1.xxx.yyy.org serv2.xxx.yyy.org'); $wgLDAPSearchStrings = array('XXX' => 'XXX\USER-NAME'); $wgLDAPEncryptionType = array('XXX' => 'false'); $wgLDAPUseLocal = false; $wgMinimalPasswordLength = 1; $wgLDAPBaseDNs = array('XXX'=>'dc=xxx,dc=yyy,dc=org'); $wgLDAPSearchAttributes = array('XXX'=>'sAMAccountName'); $wgLDAPGroupBaseDNs = array('XXX'=>'ou=MWUsers,dc=xxx,dc=yyy,dc=org'); AutoAuthSetup(); $wgLDAPDebug = 6;
But these settings do not work as expected. Auto login is not performed. Therefore, I choose the "Log in / create account" and enter login - mwuser1 and password Log info:
Entering validDomain User is using a valid domain. Setting domain as: XXX Entering getCanonicalName Username isn't empty. Munged username: mwuser1 Entering authenticate
Entering Connect Using TLS or not using encryption. Using servers: ldap://serv1.xxx.yyy.org ldap://serv2.xxx.yyy.org Connected successfully Entering getSearchString Doing a straight bind userdn is: XXX\mwuser1
Binding as the user Bound successfully Entering getUserDN Created a regular filter: (sAMAccountName=mwuser1) Entering getBaseDN basedn is not set for this type of entry, trying to get the default basedn. Entering getBaseDN basedn is dc=xxx,dc=yyy,dc=org Using base: dc=xxx,dc=yyy,dc=org Fetched username is not a string (check your hook code...). This message can be safely ignored if you do not have the SetUsernameAttributeFromLDAP hook defined. Pulled the user's DN: CN=f_name l_name,OU=MWUsers,OU=DataArt,DC=xxx,DC=yyy,DC=org Authentication passed Entering updateUser WTF!?)