[Mediawiki-l] Nested Groups

Russ Lavoie rlavoie at ncsoft.com
Thu Mar 22 13:57:53 UTC 2007 

I updated it in the area you told me...  But here is the same
information I have.

Entering validDomain
User is using a valid domain.
Setting domain as: domain.com
Entering getCanonicalName
Username isn't empty.
Munged username: User
Entering authenticate
Entering Connect
Using TLS or not using encryption.
Using servers: ldap://dc2.domain.com ldap://dc4.domain.com
Using TLS
Connected successfully
Entering getSearchString
Doing a proxy or anonymous bind
Entering getUserDN
Doing a proxy bind
Created a regular filter: (sAMAccountName=User)
Using base: dc=domain,dc=com
Fetched username is not a string (check your hook code...).
userdn is: CN=User,OU=Operations&NOC,OU=Domain Staff,DC=domain,DC=com
Binding as the user
Binded successfully
Checking for (new style) group membership
Entering isMemberOfRequiredLdapGroup
Required groups:cn=nca se wiki users,ou=groups,dc=domain,dc=com
Entering getUserGroups
Entering getGroups
Search string: (&(member=CN=User,OU=Operations&NOC,OU=Domain
Staff,DC=domain,DC=com)(objectclass=group))
Binding as the proxyagentDN
Returned groups:cn=operations,ou=groups,dc=domain,dc=com,cn=nca
all,ou=groups,dc=domain,dc=com,cn=nca vpn
users,ou=groups,dc=domain,dc=com,cn=nca
altiris,ou=groups,dc=domain,dc=com,cn=systems
engineering,ou=groups,dc=domain,dc=com,cn=nca
outage,ou=groups,dc=domain,dc=com,cn=altiris helpdesk
workers,ou=groups,dc=domain,dc=com,cn=nc
tripwire,ou=groups,dc=domain,dc=com,cn=linuxadmins,ou=groups,dc=domain,d
c=com,cn=linuxdns,ou=groups,dc=domain,dc=com,cn=nca gw wiki
users,ou=groups,dc=domain,dc=com,cn=nca wiki core
users,ou=groups,dc=domain,dc=com
Returned groups:,,,,,,,,,,,
Entering searchNestedGroups
Checking groups:cn=operations,ou=groups,dc=domain,dc=com,cn=nca
all,ou=groups,dc=domain,dc=com,cn=nca vpn
users,ou=groups,dc=domain,dc=com,cn=nca
altiris,ou=groups,dc=domain,dc=com,cn=systems
engineering,ou=groups,dc=domain,dc=com,cn=nca
outage,ou=groups,dc=domain,dc=com,cn=altiris helpdesk
workers,ou=groups,dc=domain,dc=com,cn=nc
tripwire,ou=groups,dc=domain,dc=com,cn=linuxadmins,ou=groups,dc=domain,d
c=com,cn=linuxdns,ou=groups,dc=domain,dc=com,cn=nca gw wiki
users,ou=groups,dc=domain,dc=com,cn=nca wiki core
users,ou=groups,dc=domain,dc=com

Entering getUserGroups
Checking membership for: cn=operations,ou=groups,dc=domain,dc=com
Checking membership for: cn=nca all,ou=groups,dc=domain,dc=com
Checking membership for: cn=nca vpn users,ou=groups,dc=domain,dc=com
Checking membership for: cn=nca altiris,ou=groups,dc=domain,dc=com
Checking membership for: cn=systems
engineering,ou=groups,dc=domain,dc=com
Checking membership for: cn=nca    outage,ou=groups,dc=domain,dc=com
Checking membership for: cn=altiris helpdesk
workers,ou=groups,dc=domain,dc=com
Checking membership for: cn=nc tripwire,ou=groups,dc=domain,dc=com
Checking membership for: cn=linuxadmins,ou=groups,dc=domain,dc=com
Checking membership for: cn=linuxdns,ou=groups,dc=domain,dc=com
Checking membership for: cn=nca gw wiki users,ou=groups,dc=domain,dc=com
Checking membership for: cn=nca wiki core
users,ou=groups,dc=domain,dc=com
(Loops about 5 times or so)

Entering searchNestedGroups
Checking groups:cn=operations,ou=groups,dc=domain,dc=com,cn=nca
all,ou=groups,dc=domain,dc=com,cn=nca vpn
users,ou=groups,dc=domain,dc=com,cn=nca
altiris,ou=groups,dc=domain,dc=com,cn=systems
engineering,ou=groups,dc=domain,dc=com,cn=nca
outage,ou=groups,dc=domain,dc=com,cn=altiris helpdesk
workers,ou=groups,dc=domain,dc=com,cn=nc
tripwire,ou=groups,dc=domain,dc=com,cn=linuxadmins,ou=groups,dc=domain,d
c=com,cn=linuxdns,ou=groups,dc=domain,dc=com,cn=nca gw wiki
users,ou=groups,dc=domain,dc=com,cn=nca wiki core
users,ou=groups,dc=domain,dc=com
(Repeats about 10 times or so)

Entering getUserGroups
Checking membership for: cn=operations,ou=groups,dc=domain,dc=com
Checking membership for: cn=nca all,ou=groups,dc=domain,dc=com
Checking membership for: cn=nca vpn users,ou=groups,dc=domain,dc=com
Checking membership for: cn=nca altiris,ou=groups,dc=domain,dc=com
Checking membership for: cn=systems
engineering,ou=groups,dc=domain,dc=com
Checking membership for: cn=nca    outage,ou=groups,dc=domain,dc=com
Checking membership for: cn=altiris helpdesk
workers,ou=groups,dc=domain,dc=com
Checking membership for: cn=nc tripwire,ou=groups,dc=domain,dc=com
Checking membership for: cn=linuxadmins,ou=groups,dc=domain,dc=com
Checking membership for: cn=linuxdns,ou=groups,dc=domain,dc=com
Checking membership for: cn=nca gw wiki users,ou=groups,dc=domain,dc=com
Checking membership for: cn=nca wiki core
users,ou=groups,dc=domain,dc=com
wiki users,ou=groups,dc=domain,dc=com
Checking membership for: cn=nca wiki core
users,ou=groups,dc=domain,dc=com
(Loops 137 times)

Entering searchNestedGroups
Couldn't find user in any nested groups.
Couldn't find the user in any groups (2).
Entering strict.
Returning true in strict().
Entering modifyUITemplate
Log in / create account

The universal group "Systems Engineering" is a member of the universal
group "nca se wiki users" group which is the required group via the
Localsettings.php file.

I cannot login with the above nested groups.  But if I add myself to the
nca se wiki group I can login with no issues.

Any help would be great.

Russ

-----Original Message-----
From: mediawiki-l-bounces at lists.wikimedia.org
[mailto:mediawiki-l-bounces at lists.wikimedia.org] On Behalf Of Lane, Ryan
Sent: Wednesday, March 21, 2007 1:08 PM
To: MediaWiki announcements and site admin list
Subject: Re: [Mediawiki-l] Nested Groups

You haven't given me enough information. Please add a section to the
LDAP Authentication talk page on mediawiki.org, with this problem, and
include the version of the plugin you are using, the version of
mediawiki, your configuration, and the output of the debug information
(all with sensitive info snipped out).

V/r,

Ryan Lane 

> -----Original Message-----
> From: mediawiki-l-bounces at lists.wikimedia.org 
> [mailto:mediawiki-l-bounces at lists.wikimedia.org] On Behalf Of 
> Russ Lavoie
> Sent: Wednesday, March 21, 2007 10:33 AM
> To: mediawiki-l at lists.wikimedia.org
> Subject: [Mediawiki-l] Nested Groups
> 
> Hello All,
> 
>  
> 
> I know this isn't a default plugin for MediaWiki, but I am 
> sure that others are using LDAP authentication.
> 
>  
> 
> I am using the Ldap plugin on the mediawiki site and I am 
> unable to get nested groups working.  I can authenticate when 
> a user is part of a specific group, but when a group is added 
> to the required group it does not work.
> 
>  
> 
> Below is my nested groups array in my Localsettings.php file.
> 
>  
> 
> $wgLDAPGroupSearchNestedGroups = array( "domain.com"=>true );
> 
>  
> 
> Can anyone help me out with this?
> 
>  
> 
> Thanks!
> 
>  
> 
> Russ
> 
> _______________________________________________
> MediaWiki-l mailing list
> MediaWiki-l at lists.wikimedia.org
> http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
> 

_______________________________________________
MediaWiki-l mailing list
MediaWiki-l at lists.wikimedia.org
http://lists.wikimedia.org/mailman/listinfo/mediawiki-l

More information about the MediaWiki-l mailing list