Created a regular filter: (sAMAccountName=doej) Entering getBaseDN basedn is not set for this type of entry, trying to get the default basedn. Entering getBaseDN basedn is ou=groups,ou=town a,ou=sites,dc=domainname,dc=com Using base: ou=groups,ou=town a,ou=sites,dc=domainname,dc=com Fetched username is not a string (check your hook code...). This message can be safely ignored if you do not have the SetUsernameAttributeFromLDAP hook defined. Pulled the user's DN:
This right here is the problem... For some reason, the plugin wasn't able to find the user's DN, which causes the problem below:
Checking for (new style) group membership Entering isMemberOfRequiredLdapGroup Required groups:cn=wiki-w,ou=groups,ou=town a,ou=sites,dc=domainname,dc=com Entering getUserGroups Entering getGroups Entering getBaseDN basedn is not set for this type of entry, trying to get the default basedn. Entering getBaseDN basedn is ou=groups,ou=town a,ou=sites,dc=domainname,dc=com Search string: (&(member=)(objectclass=group))
Notice how this search wouldn't find anything?
Is your user somewhere under "ou=groups,ou=town a,ou=sites,dc=domainname,dc=com"? If not, you need to set your base DN to something closer to your root. If your AD is too large to be able to do this without performance impacts, you can set the user entry base dn to something separate than the group base dn:
$wgLDAPGroupBaseDNs = array( "domainname.com"=>"ou=groups,ou=town a,ou=sites,dc=domainname,dc=com" ); $wgLDAPUserBaseDNs = array( "domainname.com"=>"ou=users,ou=town a,ou=sites,dc=domainname,dc=com" );
Of course the $wgLDAPUserBaseDNs variable should be set to wherever in your tree contains your users.
V/r,
Ryan Lane