I'm using LDAP authentication plugin with MW 193.
If a
username does not exist in the MW user table, when that user
logs in, he/she can't. The error displayed is
"There was either an external authentication database error
or you are not allowed to update your external account"
So I have to add all the users existing in the AD to MW table
as well. But this is not practical as new users are added to
AD quite often.
I'm guessing you are using MediaWiki 1.9.x? If so, please look here:
http://www.mediawiki.org/wiki/Extension_talk:LDAP_Authentication#Officia
l_workaround
A small change needs to be made for the plugin to work with MediaWiki
1.9. Upgrading to MediaWiki 1.10 should also fix the problem.
Here's my settings for ldapauthentication plugin:
[snip]
$wgLDAPUseLocal = true;
You probably don't want this. This is meant mostly for transitional
periods, where you originally had a local database, and you are moving
to an LDAP backend. This has security hazards associated with it, such
as possibly storing your LDAP account passwords in the local database.
[snip]
$wgLDAPDebug = 0;
0 is actually the default, so you don't really need to define this one.
V/r,
Ryan Lane