[snip]
Entering getUserGroups
Entering getGroups
Search string:
(&(member=CN=wiki-rw,CN=Users,DC=smp-inc,DC=com)(objectclass=group))
Returned groups:cn=wiki-readwrite,cn=users,dc=smp-inc,dc=com
Returned groups:
This looks like your problem... The plugin is getting the group, but
isn't getting the group's shortname (the cn), please set:
$wgLDAPGroupNameAttribute = array( "SMP-INC"=>"cn" );
Also, MediaWiki seems to have an issue with long group names (more than
16 characters). It looks like your groups are ok, but it is something to
watch out for in the future.
Found user in a group.
Retrieving LDAP group membership
Entering getUserGroups
Entering getAllGroups
Entering getGroups
Search string: (&(member=\5c2a)(objectclass=group))
Returned groups:
Returned groups:
This looks like a bug...
In function getGroups change this line:
$filter = "(&($attribute=" .
$this->getLdapEscapedString($dn) . ")(objectclass=$objectclass))";
to:
if ($dn != "*") {
$dn = $this->getLdapEscapedString($dn);
}
$filter = "(&($attribute=" . $dn .
")(objectclass=$objectclass))";
I'll fix this tonight...
[snip]
You'll notice the line: "Effective groups are: *,user".
Shouldn't this show wiki-readwrite, since that's the AD group
this user belongs to? Or does it not check the AD groups
until it says "checking to see if user is in:
wiki-readwrite"? Also, once the member is found in an AD
group, should the MySQL table "wikidb_user_groups" get an
UPDATE statement adding the userid to the AD group?
These are the current effective user's groups for this user according to
MediaWiki. The plugin will later check the AD groups to see if the user
needs to be added/removed from a MediaWiki group.
I've read a lot and looked for Ryan Lane on Freenode. I
think I'm having similar problems as this guy, but I have the
newer version:
http://www.mediawiki.org/wiki/Extension_talk:LDAP_Authentication/archive
1#Group_Synchronization
Ha. I wish I would have checked that link before I started tracing
through my code :). This link fixes half of your problems, as a user
mentioned that $wgLDAPGroupNameAttribute needed to be set. With that,
the plugin would add users to MediaWiki groups, but the bug would
probably cause the plugin to remove the user the next time they log in
(and then add them the next time, and so on).
I'm usually on freenode after 7:00pm cst. I can't access IRC from work.
V/r,
Ryan Lane