I'm using LDAP authentication plugin with MW 193. If a username does not exist in the MW user table, when that user logs in, he/she can't. The error displayed is
"There was either an external authentication database error or you are not allowed to update your external account"
So I have to add all the users existing in the AD to MW table as well. But this is not practical as new users are added to AD quite often.
I'm guessing you are using MediaWiki 1.9.x? If so, please look here: http://www.mediawiki.org/wiki/Extension_talk:LDAP_Authentication#Officia l_workaround
A small change needs to be made for the plugin to work with MediaWiki 1.9. Upgrading to MediaWiki 1.10 should also fix the problem.
Here's my settings for ldapauthentication plugin:
[snip]
$wgLDAPUseLocal = true;
You probably don't want this. This is meant mostly for transitional periods, where you originally had a local database, and you are moving to an LDAP backend. This has security hazards associated with it, such as possibly storing your LDAP account passwords in the local database.
[snip]
$wgLDAPDebug = 0;
0 is actually the default, so you don't really need to define this one.
V/r,
Ryan Lane