[snip]
Entering getUserGroups
Entering getGroups
Search string: (&(member=CN=wiki-rw,CN=Users,DC=smp-inc,DC=com)(objectclass=group))
Returned groups:cn=wiki-readwrite,cn=users,dc=smp-inc,dc=com
Returned groups:
This looks like your problem... The plugin is getting the group, but isn't getting the group's shortname (the cn), please set:
$wgLDAPGroupNameAttribute = array( "SMP-INC"=>"cn" );
Also, MediaWiki seems to have an issue with long group names (more than 16 characters). It looks like your groups are ok, but it is something to watch out for in the future.
Found user in a group.
Retrieving LDAP group membership
Entering getUserGroups
Entering getAllGroups
Entering getGroups
Search string: (&(member=\5c2a)(objectclass=group))
Returned groups:
Returned groups:
This looks like a bug...
In function getGroups change this line:
$filter = "(&($attribute=" . $this->getLdapEscapedString($dn) . ")(objectclass=$objectclass))";
to:
if ($dn != "*") { $dn = $this->getLdapEscapedString($dn); } $filter = "(&($attribute=" . $dn . ")(objectclass=$objectclass))";
I'll fix this tonight...
[snip]
You'll notice the line: "Effective groups are: *,user". Shouldn't this show wiki-readwrite, since that's the AD group this user belongs to? Or does it not check the AD groups until it says "checking to see if user is in: wiki-readwrite"? Also, once the member is found in an AD group, should the MySQL table "wikidb_user_groups" get an UPDATE statement adding the userid to the AD group?
These are the current effective user's groups for this user according to MediaWiki. The plugin will later check the AD groups to see if the user needs to be added/removed from a MediaWiki group.
I've read a lot and looked for Ryan Lane on Freenode. I think I'm having similar problems as this guy, but I have the newer version:
http://www.mediawiki.org/wiki/Extension_talk:LDAP_Authentication/archive 1#Group_Synchronization
Ha. I wish I would have checked that link before I started tracing through my code :). This link fixes half of your problems, as a user mentioned that $wgLDAPGroupNameAttribute needed to be set. With that, the plugin would add users to MediaWiki groups, but the bug would probably cause the plugin to remove the user the next time they log in (and then add them the next time, and so on).
I'm usually on freenode after 7:00pm cst. I can't access IRC from work.
V/r,
Ryan Lane