Hi, we use the LDAP extension to sync LDAP groups with the MW Database, so that other extensions like accesscontrol can use these groups. But its not working anymore and i dont know what to do about it.
Here is our current configuration and debug logs of a test user logging in: $wgAuth = new LdapAuthenticationPlugin(); $wgLDAPDebug = 3; $wgDebugLogGroups["ldap"] = "/tmp/test-wiki/ldap.debug.log"; $wgLDAPDomainNames = array( "domain" ); $wgLDAPServerNames = array( "domain"=>"server.com" ); $wgLDAPUseLocal = false; $wgLDAPEncryptionType = array( "domain"=>"ssl" ); $wgLDAPSearchStrings = array( "domain"=>"domain\\USER-NAME" ); $wgLDAPProxyAgent = array( "domain"=>"cn=searchonly,cn=Users,dc=server,dc=domain,dc=com" ); $wgLDAPProxyAgentPassword = array( "domain"=>"xxx" ); $wgLDAPSearchAttribudomains = array( "domain"=>"sAMAccountName" ); $wgLDAPBaseDNs = array( "domain"=>"dc=server,dc=domain,dc=com" ); $wgLDAPMailPassword = false; $wgLDAPPreferences = array ( "domain"=>array( "email"=>"mail","realname"=>"displayName","nickname"=>"cn","language"=>" preferredLanguage") ); $wgLDAPDisableAutoCreate = array( "domain"=>false ); $wgMinimalPasswordLength = 1; $wgLDAPGroupUseFullDN = array( "domain"=>true ); $wgLDAPGroupBaseDNs = array( "domain"=>"ou=Groups,ou=department,dc=server,dc=domain,dc=com" ); $wgLDAPLowerCaseUsername = array( "domain"=>true ); $wgLDAPGroupUseRetrievedUsername = array( "domain"=>false ); $wgLDAPGroupObjectclass = array( "domain"=>"group" ); $wgLDAPGroupAttribudomain = array( "domain"=>"member" ); $wgLDAPGroupNameAttribudomain = array( "domain"=>"cn" ); $wgLDAPUseLDAPGroups = array( "domain"=>true ); $wgLDAPGroupLowerCaseUsername = array( "domain"=>true ); 2009-10-28 09:47:26 wikidb_test: Entering validDomain 2009-10-28 09:47:26 wikidb_test: User is not using a valid domain. 2009-10-28 09:47:26 wikidb_test: Setting domain as: invaliddomain 2009-10-28 09:47:26 wikidb_test: Entering allowPasswordChange 2009-10-28 09:47:26 wikidb_test: Entering modifyUITemplate 2009-10-28 09:47:29 wikidb_test: Entering validDomain 2009-10-28 09:47:29 wikidb_test: User is not using a valid domain. 2009-10-28 09:47:29 wikidb_test: Setting domain as: invaliddomain 2009-10-28 09:47:29 wikidb_test: Entering allowPasswordChange 2009-10-28 09:47:29 wikidb_test: Entering modifyUITemplate 2009-10-28 09:47:34 wikidb_test: Entering validDomain 2009-10-28 09:47:34 wikidb_test: User is using a valid domain. 2009-10-28 09:47:34 wikidb_test: Setting domain as: domain 2009-10-28 09:47:34 wikidb_test: Entering getCanonicalName 2009-10-28 09:47:34 wikidb_test: Username isn't empty. 2009-10-28 09:47:34 wikidb_test: Munged username: Testneu 2009-10-28 09:47:34 wikidb_test: Entering authenticate 2009-10-28 09:47:34 wikidb_test: 2009-10-28 09:47:34 wikidb_test: Entering Connect 2009-10-28 09:47:34 wikidb_test: Using SSL 2009-10-28 09:47:34 wikidb_test: Using servers: ldaps://server.com 2009-10-28 09:47:34 wikidb_test: Connected successfully 2009-10-28 09:47:34 wikidb_test: Lowercasing the username: Testneu 2009-10-28 09:47:34 wikidb_test: Entering getSearchString 2009-10-28 09:47:34 wikidb_test: Doing a straight bind 2009-10-28 09:47:34 wikidb_test: userdn is: domain\testneu 2009-10-28 09:47:34 wikidb_test: 2009-10-28 09:47:34 wikidb_test: Binding as the user 2009-10-28 09:47:39 wikidb_test: Bound successfully 2009-10-28 09:47:39 wikidb_test: Entering getUserDN 2009-10-28 09:47:39 wikidb_test: Created a regular filter: (sAMAccountName=testneu) 2009-10-28 09:47:39 wikidb_test: Entering getBaseDN 2009-10-28 09:47:39 wikidb_test: basedn is not set for this type of entry, trying to get the default basedn. 2009-10-28 09:47:39 wikidb_test: Entering getBaseDN 2009-10-28 09:47:39 wikidb_test: basedn is dc=server,dc=domain,dc=com 2009-10-28 09:47:39 wikidb_test: Using base: dc=server,dc=domain,dc=com 2009-10-28 09:47:39 wikidb_test: Fetched username is not a string (check your hook code...). This message can be safely ignored if you do not have the SetUsernameAttributeFromLDAP hook defined. 2009-10-28 09:47:39 wikidb_test: Pulled the user's DN: CN=test userNEU,OU=Users,OU=department,DC=server,DC=domain,DC=com 2009-10-28 09:47:39 wikidb_test: Entering getGroups 2009-10-28 09:47:39 wikidb_test: Retrieving LDAP group membership 2009-10-28 09:47:39 wikidb_test: Searching for the groups 2009-10-28 09:47:39 wikidb_test: Entering searchGroups 2009-10-28 09:47:39 wikidb_test: Entering getBaseDN 2009-10-28 09:47:39 wikidb_test: basedn is ou=Groups,ou=department,dc=server,dc=domain,dc=com 2009-10-28 09:47:39 wikidb_test: Search string: (&(member=CN=test userNEU,OU=Users,OU=department,DC=server,DC=domain,DC=com)(objectclass=g roup)) 2009-10-28 09:47:39 wikidb_test: Binding as the proxyagent 2009-10-28 09:47:39 wikidb_test: Returned groups: cn=test123,ou=groups,ou=department,dc=server,dc=domain,dc=com 2009-10-28 09:47:39 wikidb_test: Entering checkGroups 2009-10-28 09:47:39 wikidb_test: Entering getPreferences 2009-10-28 09:47:39 wikidb_test: Retrieving preferences 2009-10-28 09:47:39 wikidb_test: Retrieved email ([email protected]) using attribute (mail) 2009-10-28 09:47:39 wikidb_test: Retrieved nickname (test userNEU) using attribute (cn) 2009-10-28 09:47:39 wikidb_test: Entering synchUsername 2009-10-28 09:47:39 wikidb_test: Authentication passed 2009-10-28 09:47:39 wikidb_test: Entering updateUser 2009-10-28 09:47:39 wikidb_test: Setting user preferences. 2009-10-28 09:47:39 wikidb_test: Setting nickname. 2009-10-28 09:47:39 wikidb_test: Setting email. 2009-10-28 09:47:39 wikidb_test: Setting user groups. 2009-10-28 09:47:39 wikidb_test: Entering setGroups. 2009-10-28 09:47:39 wikidb_test: Locally managed groups is unset, using defaults: bot::sysop::bureaucrat 2009-10-28 09:47:39 wikidb_test: Available groups are: bot::sysop::bureaucrat 2009-10-28 09:47:39 wikidb_test: Effective groups are: *::user::autoconfirmed 2009-10-28 09:47:39 wikidb_test: Checking to see if user is in: bot 2009-10-28 09:47:39 wikidb_test: Entering hasLDAPGroup 2009-10-28 09:47:39 wikidb_test: Checking to see if user is in: sysop 2009-10-28 09:47:39 wikidb_test: Entering hasLDAPGroup 2009-10-28 09:47:39 wikidb_test: Checking to see if user is in: bureaucrat 2009-10-28 09:47:39 wikidb_test: Entering hasLDAPGroup 2009-10-28 09:47:39 wikidb_test: Saving user settings. 2009-10-28 09:47:43 wikidb_test: Entering allowPasswordChange If i understand the log correctly the group is returned but when i check the database its not updated there. I also posted my problem at the LDAP extension talk http://www.mediawiki.org/wiki/Extension_talk:LDAP_Authentication#Not_upd ating_Groups_in_the_MW_Database. -- Turtle Entertainment GmbH Felix Feinhals, Junior IT Operations Specialist Siegburger Str. 189 50679 Cologne Germany fon. +49 221 880449-333 fax. +49 221 880449-399 http://www.turtle-entertainment.com/ http://www.esl.eu/ http://www.consoles.net/ Managing Directors: Jens Hilgers, Ralf Reichert Register Court: Local Court Cologne, HRB 36678 _______________________________________________ MediaWiki-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
