Extension talk:LDAPAuthentication2

About this board

When reporting an error, please be sure to include version information for MediaWiki and all relevant extensions as well as configuration information. Also, please turn on debug logging as described at Manual:How to debug#Logging and include the relevant portions of the debug log.

Username not found in user info provided by LDAP

6
109.197.247.94 (talkcontribs)

Hello,

Since we migrated our Debian server from Bullseye to Bookworm, the LDAP authentication doesn't work anymore.

I got the following configuration in ldapprovider.json

{

       "myserver.mydomain": {

               "connection": {

                       "server": "myserver.mydomain",

                       "user": "cn=mediawiki,dc=mydc,dc=mydomain,dc=com",

                       "pass": "mypassword",

                       "options": {

                               "LDAP_OPT_DEREF": 1

                       },

                       "port": 636,

                       "enctype": "ssl",

                       "basedn": "dc=mydc,dc=mydomain,dc=com",

                       "groupbasedn": "dc=mydc,dc=mydomain,dc=com",

                       "userbasedn": "ou=users,dc=mydc,dc=mydomain,dc=com",

                       "searchattribute": "loginid",

                       "searchstring": "loginid=USER-NAME,ou=users,dc=mydc,dc=mydomain,dc=com",

                       "usernameattribute": "loginid",

                       "realnameattribute": "cn",

                       "emailattribute": "mail"

               },

               "userinfo": {

                       "attributes-map": {

                               "email": "mail",

                               "realname": "cn"

                       }

               }

       }

}

In the LocalSettings.php, i adapted the ldap section like this:

wfLoadExtension( 'PluggableAuth' );

wfLoadExtension( 'LDAPProvider' );

wfLoadExtension( 'LDAPAuthentication2' );

wfLoadExtension( 'LDAPAuthorization' );

wfLoadExtension( 'LDAPUserInfo' );

$LDAPProviderDomainConfigs = "/etc/mediawiki/ldapprovider.json";

$LDAPProviderDefaultDomain = "myserver.mydomain";

$LDAPAuthentication2AllowLocalLogin = true;

$wgAuthRemoteuserAllowUserSwitch = false;

$wgPluggableAuth_EnableLocalLogin = true;

$wgPluggableAuth_Config['LDAP Log In'] = [

   'plugin' => 'LDAPAuthentication2',

   'data' => [

       'domain' => 'myserver.mydomain'

           ]

];

In the logs, i got:

2024-05-29 13:53:15 marmotis2 mediawiki_db: Try to authenticate user: nicolasgo

2024-05-29 13:53:15 marmotis2 mediawiki_db: Not local login. Checking LDAP...

2024-05-29 13:53:16 marmotis2 mediawiki_db: LDAP domain: myserver.mydomain

2024-05-29 13:53:16 marmotis2 mediawiki_db: Username not found in user info provided by LDAP!Please check LDAP domain configuration. Specifically usernameattribute

2024-05-29 13:53:16 marmotis2 mediawiki_db: LDAP user info results for user nicolasgo: Array

(

   [mail] => nicolas.myname@mydomain

   [cn] => Nicolas

   [sn] => My name

   [personnalmail] => nicolas@personnal.net

   [telephonenumber] => 07 24 68 25 32

   [memberof] => cn=mygroup,ou=groups,dc=mydc,dc=mydomain,dc=com

   [dn] => loginId=nicolasgo,ou=users,dc=mydc,dc=mydomain,dc=com

)

System information:

Mediawiki Debian package 1.39.7-1~deb12u1

PHP Debian packages php8.2 (not supported for ldap auth?)

LDAPAuthentication2: REL1_39 2ed6e51

LDAPAuthorization: REL1_39 f20eeab

LDAPProvider: REL1_39 c800dd6

LDAPUserInfo: REL1_39 0bbff87

PluggableAuth: REL1_39 1884a12

The loginId is not listed.

I tried "loginId" or in ldapprovider.json, same result.

In the Compatibility web page it's shown that php8.2 is supported only for the mediawiki version 1.42

Is the upgrade mandatory or a workaround is possible ?

Thank you in advance.

Best regards,

Nicolas

109.197.247.94 (talkcontribs)

Re,

I just tried with mediawiki-1.42.0-rc and REL1_42 LDAP stack extension, i got the same result.

I made php update.php before

Best regards,

Nicolas.

109.197.247.94 (talkcontribs)

Re,

I just tried with mediawiki-1.42.0-rc and REL1_42 LDAP stack extension, i got the same result.

I made php update.php before

Best regards,

Nicolas.

109.197.247.94 (talkcontribs)

Hello,

I got a doubt concerning our slapd configuration, so i created a new dedicated ldap attribute 'wikiLoginId'

I changed the ldapprovider.json file like this

{

       "myserver.mydomain": {
               "connection": {
                       "server": "myserver.mydomain",
                       "user": "cn=mediawiki,dc=mydc,dc=mydomain,dc=com",
                       "pass": "mypassword",
                       "options": {
                               "LDAP_OPT_DEREF": 1
                       },
                       "port": 636,
                       "enctype": "ssl",
                       "basedn": "dc=mydc,dc=mydomain,dc=com",
                       "groupbasedn": "dc=mydc,dc=mydomain,dc=com",
                       "userbasedn": "ou=users,dc=mydc,dc=mydomain,dc=com",
                       "searchattribute": "wikiLoginId",
                       "searchstring": "loginid=USER-NAME,ou=users,dc=mydc,dc=mydomain,dc=com",
                       "usernameattribute": "wikiLoginId",
                       "presearchusernamemodifiers": [ "spacestounderscores", "lowercase" ],
                       "realnameattribute": "cn",
                       "emailattribute": "mail"
               }
       }

}

Now i can access the wiki, in my slapd logfile, i see the authentication working. CheckLogin.php is still OK

I disabled local local to be sure it's using remote LDAP:

$LDAPAuthentication2AllowLocalLogin = false; $wgAuthRemoteuserAllowUserSwitch = false; $wgPluggableAuth_EnableLocalLogin = false;

But in the mediawiki logs, i got:

> LDAPAuthentication2.log <

2024-05-30 09:13:04 myserver mediawiki_db: No user info found for user: Nicolasgo.Please check LDAP domain configuration 2024-05-30 09:13:04 myserver mediawiki_db: LDAP login succeeded.

> PluggableAuth.log <

2024-05-30 09:13:04 myserver mediawiki_db: Authenticated existing user: Nicolasgo 2024-05-30 09:13:04 myserver mediawiki_db: No groupsync set. 2024-05-30 09:13:04 myserver mediawiki_db: User is authorized. 2024-05-30 09:13:05 myserver mediawiki_db: Getting PluggableAuth instance 2024-05-30 09:13:05 myserver mediawiki_db: Plugin name: LDAPAuthentication2 2024-05-30 09:13:05 myserver mediawiki_db: Getting PluggableAuth instance 2024-05-30 09:13:05 myserver mediawiki_db: Plugin name: LDAPAuthentication2

Do you think the LDAPAuthentication error message could be ignored ? Any idea to debug this please ?

Thank you in advance. Best regards,

Nicolas.

109.197.247.94 (talkcontribs)

Hello,

Sorry for the noise, i had to edit "extensions/LDAPProvider/extension.json" to add my custom attribute.

The LDAP login is truly successfull this time.

Best regards,

Nicolas.

Compumatter (talkcontribs)

Can you share what that "extensions/LDAPProvider/extension.json" custom attribute was that made it work? I am stuck after upgrading from 1.35 to 1.39 and cannot get LDAP working

Reply to "Username not found in user info provided by LDAP"

No domain list on login page

10
Qyingy (talkcontribs)

I refer the maunal write the follows in LocalSettings.php file, and have right ldapprovider.json,

but ,why my login page do not have domain list,only username and password input


wfLoadExtension( 'PluggableAuth' );

wfLoadExtension( 'LDAPAuthentication2' );

wfLoadExtension( 'LDAPProvider' );

wfLoadExtension( 'LDAPUserInfo' );

wfLoadExtension( 'LDAPGroups' );

$wgPluggableAuth_EnableLocalLogin = true;

$LDAPAuthentication2AllowLocalLogin = true;

$ldapJsonFile = "/var/www/html/extensions/LDAPProvider/ldapprovider.json";

$LDAPProviderDomainConfigs = $ldapJsonFile;

$wgPluggableAuth_Config['Log In (LDAP1)'] = [

   'plugin' => 'LDAPAuthentication2',

   'data' => [

       'domain' => 'LDAP1',

   ]

];

Osnard (talkcontribs)

There should be two buttons. One saying "Login" (that's the "local login") and one saying "Log In (LDAP1)'". Can you confrim?

Also, please make sure your ldapprovider.json is not web accessible.

61.66.146.179 (talkcontribs)

hi ,OSnard

Thank you very much firstly ,but

My LocalSettings.php about LDAP is as follows:

#---Extension LDAPProvider

wfLoadExtension( 'LDAPProvider' );

$ldapJsonFile = "/etc/mediawiki/ldapprovider.json";

$LDAPProviderDomainConfigs = $ldapJsonFile;

$LDAPProviderDomainConfigProvider = "\\MediaWiki\\Extension\\LDAPProvider\\DomainConfigProvider\\LocalJSONFile::newInstance";


#---Extension PluggableAuth

wfLoadExtension( 'PluggableAuth' );

$wgPluggableAuth_EnableLocalLogin = false;

$wgPluggableAuth_EnableAutoLogin = false;


#---Extension LDAPAuthentication2

#wfLoadExtension( 'LDAPUserInfo' );

#wfLoadExtension( 'LDAPGroups' );

wfLoadExtension( 'LDAPAuthentication2' );

$LDAPAuthentication2AllowLocalLogin = true;

#$LDAPAuthentication2UsernameNormalizer = "strtolower";

$wgPluggableAuth_Config['Log In (LDAP1)'] = [

   'plugin' => 'LDAPAuthentication2',

   'data' => [

       'domain' => 'LDAP'

   ]


my ldapprovider.json is as follow:

-rw-r--r-- 1 www-data www-data ldapprovider.json

{

       "LDAP": {

               "connection": {

                       "server": "172.21.218.101",

                       "port":"389",

                       "user": "acnmediawiki",

                       "pass": "xxxxx",

                       "enctype": "clear",

                       "options": {

                               "LDAP_OPT_DEREF": 1

                       },

                       "basedn": "DC=AXX,DC=MYCOMPANY,DC=CORP",

                       "groupbasedn": "DC=AXX,DC=MYCOMPANY,DC=CORP",

                       "userbasedn": "DC=AXX,DC=MYCOMPANY,DC=CORP",

                       "searchattribute": "samaccountname",

                       "searchstring": "CN=USER-NAME,OU=AXX,DC=AXX,DC=MYCOMPANY,DC=CORP",

                       "usernameattribute": "samaccountname",

                       "realnameattribute": "displayname",

                       "emailattribute": "mail"

               }

       }

}

Only username and password input and one loggin button,

the domain selection still has not appear on the loggin webpage yet, Can you help me.


the version information:

MediaWiki : 1.41.1

PHP  : 8.1.2-1ubuntu2.18 (apache2handler)

ICU  : 70.1

MariaDB  : 10.6.18-MariaDB-0ubuntu0.22.04.1

Lua  : 5.1.5

Pygments  : 2.16.1

LDAPAuthentication2  : 3.0.0-alpha (c11a143)

LDAPProvider  : 3.0.0-alpha (04e6499)

PluggableAuth  : 7.1.0 (b8e2e84)

This post was hidden by Qyingy (history)
This post was hidden by Qyingy (history)
Qyingy (talkcontribs)

@Osnard Can you give me some help?

I want to login with local users and ldap user with only one login button. And in the future, there will be multiple ldap domain connect, so I hope a domain selector appears on the login webpage. The local and multi-domain can be selected by the selecter and use only one login button, How can I do it.

Osnard (talkcontribs)

[...] the domain selection still has not appear on the loggin webpage yet, [...]

Newer versions of Extension:LDAPAuthentication2 do not feature a "domain selection" on Special:Userlogin anymore. Instead each configured domain will be shown as a dedicated button (in your case with the label "Log In (LDAP1)"). With $wgPluggableAuth_EnableLocalLogin = false; you will also not see another login button for the local login (usually with label "Login"). If you don't see a button for your configured PluggableAuth plugin, then I guess your configuration may not be evaluated properly during the web request. Have you tried to wire debug logging and check if there is any hint in them?

Qyingy (talkcontribs)

@Osnard Yes, I tried to add multiple $wgPluggableAuth_Config with different ldap domain ,multiple login button appears, just like you said.

Then I have tried the old extension:LdapAuth, It has "domain selection", but the version required are too old. so I have to give up it.

Qyingy (talkcontribs)

@Osnard Can you give me some advice, if I want to login with local users and ldap user with only one login button. And in the future, there will be multiple ldap domain connect, so I hope a domain selector appears on the login webpage. The local and multi-domain can be selected by the selecter and use only one login button, How can I do it.

Osnard (talkcontribs)

The new extensions do not implement a domain selector anymore. There will be one button for each PluggableAuth plugin (=domain in this case). And one separate for "local login" if enabled.

Reply to "No domain list on login page"

LDAP-User cannot be authenticated

6
Julio1501 (talkcontribs)

MediaWiki    1.39.4

PHP    8.0.30 (apache2handler)

MariaDB    10.5.19-MariaDB-0+deb11u2

BlueSpice 4.3.2 (build:20230907155405)


All LDAP Test from the maintenance folder work. But LDAP authentication fails

The LocalSettings.php is configured like below:

$LDAPProviderCacheType = CACHE_NONE;

$wgGroupPermissions['*']['autocreateaccount'] = true;

//$wgBlockDisablesLogin = true;

// Load LDAP Config from JSON

$ldapJsonFile = "/var/www/ldap.json";

$ldapConfig = true;

// Activate Extension

if ( $ldapConfig ) {

  wfLoadExtension( 'PluggableAuth' ); //"version": "7.0.0"

  wfLoadExtension( 'LDAPProvider' ); //"version": "2.0.1"

  wfLoadExtension( 'LDAPAuthentication2' ); //"version": "2.0.2"

  wfLoadExtension( 'LDAPAuthorization' ); //"version": "2.0.1"

  wfLoadExtension( 'LDAPUserInfo' ); //"version": "2.0.0"

  wfLoadExtension( 'LDAPGroups' ); //"version": "2.0.1"

  $LDAPProviderDomainConfigs = $ldapJsonFile;

  $LDAPAuthentication2AllowLocalLogin = true;

  $wgPluggableAuth_EnableLocalLogin = true;

  $wgPluggableAuth_ButtonLabel = "Log In";

  // Force LDAPGroups to sync by choosing a domain (e.g. first JSON object in ldap.json)

  $LDAPProviderDefaultDomain = "mydomain.local";

}

$wgLDAPDebug = 3; //for debugging LDAP

$wgDebugLogGroups['LDAP'] = "/var/log/mediawiki/ldap_debug.log";

$wgDebugLogGroups['LDAPGroups'] = "/var/log/mediawiki/LDAPGroups.log";

$wgDebugLogGroups['LDAPAuthentication2'] =  "/var/log/mediawiki/LDAPauth.log";


my ldap.json:


{

"mydomain.local": {

"connection": {

"server": "mydomain.local",

"port": "389",

"user": "binduser@mydomain.local",

"pass": "mysecret",

"enctype": "clear",

"options": {

"LDAP_OPT_DEREF": 1

},

"basedn": "DC=mydomain,DC=local",

"userbasedn": "DC=mydomain,DC=local",

"groupbasedn": "DC=mydomain,DC=local",

"searchattribute": "samaccountname",

"usernameattribute": "samaccountname",

"realnameattribute": "cn",

"emailattribute": "mail",

"grouprequest": "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\UserMemberOf::factory",

"presearchusernamemodifiers": ["spacestounderscores", "lowercase"]

},

"userinfo": [],

"authorization": {

"rules": {

"groups": {

"required": [""]

}

}

},

"groupsync": {

"mapping": {

"sysop": ""

}

}

}

}


Thanks!

Osnard (talkcontribs)

So is there anything on the logs?

Julio1501 (talkcontribs)

Hi, @Osnard,

These are not error messages relating to this error.

I just get this mask without the possibility to enter my login data:


Kind regards

Julio1501 (talkcontribs)

Hi @Osnard

the problem has been solved. It was due to the BlueSpice plugin "BlueSpiceDistributionConnector"

Kind regards

Osnard (talkcontribs)

Thanks for the feedback. Can you please provide a little bit more information about the issue?

Julio1501 (talkcontribs)

Hi @Osnard,

I had the problem that there was no option to show the login screen. I always got the message "the specified login information could not be verified."

After I deactivated the plugin "BlueSpiceDistributionConnector" in 001-BlueSpiceDistribution.php I was able to log in to the LDAP

Thanks

Could not authenticate credentials against domain "test.local"

6
Ksmith197 (talkcontribs)

Hi,


I'm having issues authenticating against my AD server from Special:UserLogin page. I tried running the "CheckLogin.php" with the account which returned a "FAILED". Utilizing the same account I'm able to login to the Active Directory server locally, and from the mediawiki server, perform an ldapsearch w/ bind successfully. The end goal is for any user that exist in Active directory to be able to authenticate and log into the wiki. Similar to a local wiki account


Below is the version numbers for all relevant components.

Product Version
MediaWiki 1.39.6
PHP 7.4.33 (fpm-fcgi)
MariaDB 11.3.2-MariaDB-1:11.3.2+maria~ubu2204
ICU 67.1
Lua 5.1.5
Pygments 2.7.1
LDAPAuthentication2 2.0.5 (f303c55) 02:27, 27 November 2023 GPL-2.0 Allows authentication against a LDAP resource Cindy Cicalese, Mark A. Hershberger and Hallo Welt! GmbH
LDAPProvider 2.0.3 (740f097) 07:27, 19 December 2023 GPL-2.0+ Provides a common infrastructure to connect to an LDAP resource and run queries against it Cindy Cicalese, Mark A. Hershberger and Hallo Welt! GmbH
PluggableAuth 7.0.0 (b1ca368) 10:23, 8 January 2024 MIT Provides framework for pluggable authentication and authorization Cindy Cicalese


Here is my LocalSettings.php:


# Degbugging!                                                                                                                                                                                                                                             

  4                                                                                                                                                                                                                                                           

  5 error_reporting( E_ALL );                                                                                                                                                                                                                                 

  6 ini_set( 'display_errors', 1 );                                                                                                                                                                                                                           

  7 $wgShowExceptionDetails = true;                                                                                                                                                                                                                           

  8 $wgDebugToolbar = true;                                                                                                                                                                                                                                   

  9 $wgShowErrors = true;                                                                                                                                                                                                                                     

10 $wgShowError = true;                                                                                                                                                                                                                                       

11 $wgShowDebug = true;                                                                                                                                                                                                                                       

12 $wgDebugLogFile = '/tmp/debug.log';                                                                                                                                                                                                                       

13                                                                                                                                                                                                                                                           

14 $wgDebugLogGroups = array(                                                                                                                                                                                                                                 

15     'PluggableAuth' => '/tmp/pa.log',                                                                                                                                                                                                                     

16     'LDAP' => '/tmp/LDAP.log',                                                                                                                                                                                                                             

17     'LDAPProvider' => '/tmp/LDAPProvider.log',                                                                                                                                                                                                             

18     'LDAPAuthentication2' => '/tmp/LDAPAuthentication2.log',                                                                                                                                                                                               

19     'LDAPAuthorization' => '/tmp/LDAPAuthorization.log',                                                                                                                                                                                                   

20     'LDAPUserInfo' => '/tmp/LDAPUser.log',                                                                                                                                                                                                                 

21     'LDAPGroups' => '/tmp/LDAPGroups.log',                                                                                                                                                                                                                 

22     'MediaWiki\\Extension\\LDAPProvider\\Client' => '/tmp/ldapprovider_client.log'                                                                                                                                                                         

23 );                     


462 ##################################################################                                                                                                                                                                                         

463 # LDAP JSON FILE #                                                                                                                                                                                                                                         

464 ##################################################################                                                                                                                                                                                         

465                                                                                                                                                                                                                                                           

466 $safeIPs = array('127.0.0.1','localhost');                                                                                                                                                                                                                 

467 $ipsVars = array('HTTP_X_FORWARDED_FOR', 'HTTP_X_REAL_IP', 'REMOTE_ADDR');                                                                                                                                                                                 

468 foreach ($ipsVars as $ipsVar) {                                                                                                                                                                                                                           

469     if (isset($_SERVER[$ipsVar]) && mb_strlen($_SERVER[$ipsVar]) > 3 ) { $wikiRequestIP = $_SERVER[$ipsVar];                                                                                                                                               

470     break; }                                                                                                                                                                                                                                               

471  }                                                                                                                                                                                                                                                         

472 $wikiRequestSafe = ( isset($wikiRequestIP) && ( in_array($wikiRequestIP,$safeIPs) ));                                                                                                                                                                     

473                                                                                                                                                                                                                                                           

474 // Create Wiki-Group 'engineering' from default user group                                                                                                                                                                                                 

475 $wgGroupPermissions['engineering'] = $wgGroupPermissions['user'];                                                                                                                                                                                         

476                                                                                                                                                                                                                                                           

477 // Private Wiki. External LDAP Login. Default NS requires login.                                                                                                                                                                                           

478 $wgEmailConfirmToEdit = false;                                                                                                                                                                                                                             

479 $wgGroupPermissions['*']['edit'] = false;                                                                                                                                                                                                                 

480 $wgGroupPermissions['*']['read'] = false;                                                                                                                                                                                                                 

481 $wgGroupPermissions['*']['createaccount'] = false;                                                                                                                                                                                                         

482 $wgGroupPermissions['sysop']['createaccount'] = false;                                                                                                                                                                                                     

483 $wgGroupPermissions['*']['autocreateaccount'] = true;                                                                                                                                                                                                     

484 $wgBlockDisablesLogin = true;                                                                                                                                                                                                                             

485                                                                                                                                                                                                                                                           

486 $ldapConfig = false;                                                                                                                                                                                                                                       

487 $ldapJsonFile = "/var/www/ldapprovider.json";                                                                                                                                                                                                             

488 if (is_file($ldapJsonFile) && is_dir("/var/www/mediawiki/w/extensions/LDAPProvider")) {                                                                                                                                                                   

489     $testJson = @json_decode(file_get_contents($ldapJsonFile), true);                                                                                                                                                                                     

490     if (is_array($testJson)) {                                                                                                                                                                                                                             

491         $ldapConfig = true;                                                                                                                                                                                                                               

492                                                                                                                                                                                                                                                           

493     } else {                                                                                                                                                                                                                                               

494         error_log("Found invalid JSON in file: /var/www/ldapprovider.json");                                                                                                                                                                               

495     }                                                                                                                                                                                                                                                     

496 }                                                                                                                                                                                                                                                         

497                                                                                                                                                                                                                                                           

498 if ($ldapConfig) {                                                                                                                                                                                                                                         

499                                                                                                                                                                                                                                                           

500     wfLoadExtension('LDAPProvider');                                                                                                                                                                                                                       

501     wfLoadExtension('LDAPAuthentication2');                                                                                                                                                                                                               

502     #wfLoadExtension('LDAPAuthorization');                                                                                                                                                                                                                 

503     #wfLoadExtension('LDAPUserInfo');                                                                                                                                                                                                                     

504     #wfLoadExtension('LDAPGroups');                                                                                                                                                                                                                       

505     wfLoadExtension('PluggableAuth');         


$LDAPProviderDomainConfigs = $ldapJsonFile;                                                                                                                                                                                                           

509                                                                                                                                                                                                                                                           

510     $wgLDAPDebug = 3;//for debugging LDAP                                                                                                                                                                                                                 

511                                                                                                                                                                                                                                                           

512     $wgLDAPProvider["CacheType"] = "CACHE_NONE";                                                                                                                                                                                                           

513     $wgLDAPProvider["CacheTime"] = 3600;                                                                                                                                                                                                                   

514                                                                                                                                                                                                                                                           

515     // Force LDAPGroups to sync by choosing a domain (e.g. first JSON object in ldapprovider.json)                                                                                                                                                         

516     $LDAPProviderDefaultDomain = array_key_first(json_decode(file_get_contents($LDAPProviderDomainConfigs), true));                                                                                                                                       

517                                                                                                                                                                                                                                                           

518     $wgPluggableAuth_EnableAutoLogin = false;                                                                                                                                                                                                             

519     $wgPluggableAuth_EnableLocalLogin = false; # required to show the username and password field on login page                                                                                                                                           

520     $wgPluggableAuth_EnableFastLogout = true;                                                                                                                                                                                                             

521                                                                                                                                                                                                                                                           

522                                                                                                                                                                                                                                                           

523     $wgPluggableAuth_Config = array(                                                                                                                                                                                                                       

524         array(                                                                                                                                                                                                                                             

525             "plugin" => "LDAPAuthentication2",                                                                                                                                                                                                             

526             "buttonLabelMessage" => "Domain Login",                                                                                                                                                                                                       

527             "data" => ["domain" => $LDAPProviderDefaultDomain]                                                                                                                                                                                             

528         ),                                                                                                                                                                                                                                                 

529         #array("plugin" => "LDAPAuthorization"),                                                                                                                                                                                                           

530     );                                                                                                                                                                                                                                                     

531                                                                                                                                                                                                                                                           

532   if ($wikiRequestSafe) { $LDAPAuthentication2AllowLocalLogin = false; }                                                                                                                                                                                   

533 }                                                                                                                                                                                                                                                         

534                                   


# LDAPAuthentication2                                                                                                                                                                                                                                     

608                                                                                                                                                                                                                                                           

609 // Whether or not to display a "local" psuedo-domain in the domain selector on "Special:Login", thus allowing to authenticate against the local user database. (defaults to false if not specified)                                                       

610 $LDAPAuthentication2AllowLocalLogin = true;                                                                                                                                                                                                               

611                                                                                                                                                                                                                                                           

612 // Use this function for normalizing username for LDAP, for example 'strtolower'. (defaults to "")                                                                                                                                                         

613 $LDAPAuthentication2UsernameNormalizer = "";                                                                                                                                                                                                               

614                                                                                                                                                                                                                                                           

615 # Auth_remoteuser                                                                                                                                                                                                                                         

616 // Set the name for mapping into the local wiki user database. If the value is `null`, the extension defaults to using the enviornment variables `REMOTE_USER` and `REDIRECT_REMOTE_USER`                                                                 

617                                                                                                                                                                                                                                                           

618 $wgAuthRemoteuserUserName = null; //default                                                                                                                                                                                                               

619                                                                                                                                                                                                                                                           

620 #$wgAuthRemoteuserUserName = [                                                                                                                                                                                                                             

621 #   $_SERVER[ 'REMOTE_USER' ],                                                                                                                                                                                                                             

622 #   $_SERVER[ 'REDIRECT_REMOTE_USER' ]                                                                                                                                                                                                                     

623 #];                                                                                                                                                                                                                                                       

624                                                                                                                                                                                                                                                           

625 $wgAuthRemoteuserUserNameReplaceFilter = null; //default                                                                                                                                                                                                   

626                                                                                                                                                                                                                                                           

627                                                                                                                                                                                                                                                           

628                                                                                                                                                                                                                                                           

629                                                                                                                                                                                                                                                           

630 # PluggableAuth Extension Configuration                                                                                                                                                                                                                   

631                                                                                                                                                                                                                                                           

632 // Should user login occur automatically when a user visits the wiki?                                                                                                                                                                                     

633 $wgPluggableAuth_EnableAutoLogin = true;                                                                                                                                                                                                                   

634                                                                                                                                                                                                                                                           

635 // Should user also be presented with username/password fields on the login page to allow local password-based login to the wiki                                                                                                                           

636 $wgPluggableAuth_EnableLocalLogin = true;                                 


Here is my ldapprovider.json located at /var/www/:

{

    "test.local": {

        "connection": {

        "server": "{IP_ADDRESS_HERE}",

        "port": "389",

        "user": "CN=XXXXX,CN=Users,DC=test,DC=local",

        "pass": "XXXXXXX",

        "enctype": "clear",

        "options": {

                "LDAP_OPT_DEREF": 1

                   },

        "basedn": "dc=test,dc=local",

        "userbasedn": "dc=test,dc=local",

        "groupbasedn": "dc=test,dc=local",

        "searchattributes": {

                "realname": "cn",

                "username": "samaccountname"

        },

        "grouprequest": {

                "groupAttribute": "member",

                "isMemberCritical": true

        },

        "userinfo": [],

        "authorization": [],

        "groupsync": {

                "mapping": {

                        "bureaucrat": ["CN=Domain Admins,CN=Users,DC=test,DC=local", "CN=Adminstrators,CN=Users,DN=test,DN=local"],

                        "interface-admin": ["CN=Domain Admins,CN=Users,DC=test,DC=local", "CN=Adminstrators,CN=Users,DN=test,DN=local"],

                        "sysop": ["CN=Domain Admins,CN=Users,DC=test,DC=local", "CN=Adminstrators,CN=Users,DN=test,DN=local"]

                        }

   

                   }

           }

    }

}


Debug logs

__________________________________________

LDAPAuthentication2.log

2024-04-26 19:04:45 canasta mediawiki: Try to authenticate user: xxxx

2024-04-26 19:04:45 canasta mediawiki: Not local login. Checking LDAP...

2024-04-26 19:04:45 canasta mediawiki: LDAP domain: test.local

2024-04-26 19:04:45 canasta mediawiki: Could not bind to LDAP domain with given user: xxxx

_______________________________________________________________________________

LDAPProvider.log

2024-04-26 19:04:45 canasta mediawiki: Setting LDAP_OPT_PROTOCOL_VERSION to 3

2024-04-26 19:04:45 canasta mediawiki: Setting LDAP_OPT_REFERRALS to 0

2024-04-26 19:04:45 canasta mediawiki: Setting LDAP_OPT_DEREF to 1

2024-04-26 19:04:45 canasta mediawiki: MediaWiki\Extension\LDAPProvider\Client::getUserDN: search with array (

  'base' => 'dc=test,dc=local',

  'filter' => '(uid=xxxx)',

  'attributes' =>

  array (

    0 => '*',

    1 => 'memberof',

  ),

)

2024-04-26 19:04:45 canasta mediawiki: Could not get user DN!

2024-04-26 19:04:45 canasta mediawiki: MediaWiki\Extension\LDAPProvider\Client::getSearchString: User DN is: ''

___________________________________________________________________________________

pa.log

2024-04-26 19:04:45 canasta mediawiki: In execute()

2024-04-26 19:04:45 canasta mediawiki: Getting PluggableAuth instance

2024-04-26 19:04:45 canasta mediawiki: Plugin name: LDAPAuthentication2

2024-04-26 19:04:45 canasta mediawiki: Authentication failure.

2024-04-26 19:04:45 canasta mediawiki: ERROR: Could not authenticate credentials against domain "test.local"

___________________________________________________________________________________

debug.log

Debug data:

  • [objectcache] MainWANObjectCache using store EmptyBagOStuff
  • Start request GET /w/index.php?title=Special:UserLogin&returnto=Main+Page IP: 172.18.0.1 HTTP HEADERS: COOKIE: mediawikiUserName=Fei; mediawiki_session=t4to3covc32mo28855ge0ntcj3ugpdbt; UseDC=master; UseCDNCache=false ACCEPT-LANGUAGE: en-US,en;q=0.9 ACCEPT-ENCODING: gzip, deflate REFERER: http://raider/w/index.php?title=Special:UserLogin&returnto=Main+Page ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 USER-AGENT: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 UPGRADE-INSECURE-REQUESTS: 1 CACHE-CONTROL: max-age=0 CONNECTION: keep-alive HOST: raider (end headers)
  • [session] SessionManager using store SqlBagOStuff
  • [localisation] LocalisationCache using store LCStoreDB
  • [session] Session "t4to3covc32mo28855ge0ntcj3ugpdbt" requested without UserID cookie
  • [DBQuery] Wikimedia\Rdbms\DatabaseMysqlBase::open [0s] database: SET group_concat_max_len = 262144, `sql_mode` = ''
  • [DBReplication] Cannot use ChronologyProtector with EmptyBagOStuff
  • [DBReplication] Wikimedia\Rdbms\LBFactory::getChronologyProtector: request info { "IPAddress": "172.18.0.1", "UserAgent": "Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/124.0.0.0 Safari\/537.36", "ChronologyProtection": false, "ChronologyPositionIndex": 0, "ChronologyClientId": false }
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::lazyLoadReplicationPositions: executed chronology callback.
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: opened new connection for localAutoCommit/0
  • [DBQuery] SqlBagOStuff::fetchBlobs [0s] database: SELECT keyname,value,exptime FROM `objectcache` WHERE keyname = 'mediawiki:MWSession:t4to3covc32mo28855ge0ntcj3ugpdbt' AND (exptime >= '20240426190445')
  • [SQLBagOStuff] SqlBagOStuff debug: SqlBagOStuff::fetchBlobs: retrieved mediawiki:MWSession:t4to3covc32mo28855ge0ntcj3ugpdbt; expiry time is 20240426200445
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for localAutoCommit/0
  • [EventLogging] wgEventLoggingBaseUri has not been configured.
  • [SQLBagOStuff] MainObjectStash using store ReplicatedBagOStuff
  • [DBQuery] Wikimedia\Rdbms\DatabaseMysqlBase::open [0s] database: SET group_concat_max_len = 262144, `sql_mode` = ''
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: opened new connection for local/0
  • [DBQuery] Wikimedia\Rdbms\Database::beginIfImplied (Wikimedia\Rdbms\Database::select) [0s] database: BEGIN
  • [DBQuery] Wikimedia\Rdbms\Database::select [0s] database: SELECT pp_value FROM `page_props` WHERE pp_page = 0 AND pp_propname = 'MintyDocsPageType'
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'deps' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0.001s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'list' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'preload' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'preload' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'specialPageAliases' LIMIT 1
  • User::getBlockedStatus: checking blocked status for 172.18.0.1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] MediaWiki\Block\DatabaseBlock::newLoad [0s] database: SELECT ipb_id,ipb_address,ipb_timestamp,ipb_auto,ipb_anon_only,ipb_create_account,ipb_enable_autoblock,ipb_expiry,ipb_deleted,ipb_block_email,ipb_allow_usertalk,ipb_parent_block_id,ipb_sitewide,ipb_by_actor,ipblocks_actor.actor_user AS `ipb_by`,ipblocks_actor.actor_name AS `ipb_by_text`,comment_ipb_reason.comment_text AS `ipb_reason_text`,comment_ipb_reason.comment_data AS `ipb_reason_data`,comment_ipb_reason.comment_id AS `ipb_reason_cid` FROM `ipblocks` JOIN `actor` `ipblocks_actor` ON ((actor_id=ipb_by_actor)) JOIN `comment` `comment_ipb_reason` ON ((comment_ipb_reason.comment_id = ipb_reason_id)) WHERE ipb_address = '172.18.0.1' OR ((ipb_range_start LIKE 'AC12%' ESCAPE '`' ) AND (ipb_range_start <= 'AC120001') AND (ipb_range_end >= 'AC120001'))
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] Wikimedia\Rdbms\Database::select [0s] database: SELECT pp_value FROM `page_props` WHERE pp_page = 0 AND pp_propname = 'MintyDocsPageType'
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'namespaceGenderAliases' LIMIT 1
  • ContextSource::getContext (MediaWiki\Skins\Vector\SkinVector22): called and $context is null. Using RequestContext::getMain()
  • [MessageCache] MessageCache using store SqlBagOStuff
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for localAutoCommit/0
  • [DBQuery] SqlBagOStuff::fetchBlobs [0s] database: SELECT keyname,value,exptime FROM `objectcache` WHERE keyname = 'mediawiki:messages:en' AND (exptime >= '20240426190445')
  • [SQLBagOStuff] SqlBagOStuff debug: SqlBagOStuff::fetchBlobs: retrieved mediawiki:messages:en; expiry time is 99991231235959
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for localAutoCommit/0
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for localAutoCommit/0
  • [DBQuery] SqlBagOStuff::fetchBlobs [0s] database: SELECT keyname,value,exptime FROM `objectcache` WHERE keyname = 'mediawiki:messages:en:status' AND (exptime >= '20240426190445')
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for localAutoCommit/0
  • [DBQuery] SqlBagOStuff::doLock [0s] database: SELECT IF(GET_LOCK('mediawiki:messages:en',0),UNIX_TIMESTAMP(SYSDATE(6)),NULL) AS acquired
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] MessageCache::loadFromDB(en)-big [0s] database: SELECT page_title,page_latest FROM `page` WHERE page_is_redirect = 0 AND page_namespace = 8 AND (page_title NOT LIKE '%/%' ESCAPE '`' ) AND (page_len > 10000)
  • [DBQuery] MessageCache::loadFromDB(en)-small [0s] database: SELECT /*! STRAIGHT_JOIN */ rev_id,rev_page,rev_timestamp,rev_minor_edit,rev_deleted,rev_len,rev_parent_id,rev_sha1,comment_rev_comment.comment_text AS `rev_comment_text`,comment_rev_comment.comment_data AS `rev_comment_data`,comment_rev_comment.comment_id AS `rev_comment_cid`,actor_rev_user.actor_user AS `rev_user`,actor_rev_user.actor_name AS `rev_user_text`,rev_actor,page_namespace,page_title,page_id,page_latest,page_is_redirect,page_len FROM `page` JOIN `revision` ON ((page_id = rev_page)) JOIN `revision_comment_temp` `temp_rev_comment` ON ((temp_rev_comment.revcomment_rev = rev_id)) JOIN `comment` `comment_rev_comment` ON ((comment_rev_comment.comment_id = temp_rev_comment.revcomment_comment_id)) JOIN `actor` `actor_rev_user` ON ((actor_rev_user.actor_id = rev_actor)) WHERE page_is_redirect = 0 AND page_namespace = 8 AND (page_title NOT LIKE '%/%' ESCAPE '`' ) AND (page_len <= 10000) AND (page_latest = rev_id)
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for localAutoCommit/0
  • [DBQuery] SqlBagOStuff::modifyTableSpecificBlobsForSet [0s] database: REPLACE INTO `objectcache` (keyname,value,exptime) VALUES ('mediawiki:messages:en','���\n�@���e�`]�n��B�&�B0���kː�v30LF�� ���u��\'���N(h췑.l�䱨����>^���8�������Eа/���¢�bMǪ����','99991231235959')
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for localAutoCommit/0
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for localAutoCommit/0
  • [DBQuery] SqlBagOStuff::doUnlock [0s] database: SELECT RELEASE_LOCK('mediawiki:messages:en') AS released
  • [MessageCache] MessageCache::loadUnguarded: Loading en... local cache is empty, global cache is expired/volatile, loading from DB
  • [session] SessionBackend "t4to3covc32mo28855ge0ntcj3ugpdbt" data dirty due to dirty(): AuthManagerSpecialPage->handleReturnBeforeExecute/MediaWiki\Auth\AuthManager->removeAuthenticationSessionData/MediaWiki\Session\Session->setSecret/MediaWiki\Session\Session->set/MediaWiki\Session\SessionBackend->dirty
  • [session] SessionBackend "t4to3covc32mo28855ge0ntcj3ugpdbt" save: dataDirty=1 metaDirty=0 forcePersist=0
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for localAutoCommit/0
  • [DBQuery] SqlBagOStuff::modifyTableSpecificBlobsForSet [0.003s] database: REPLACE INTO `objectcache` (keyname,value,exptime) VALUES ('mediawiki:MWSession:t4to3covc32mo28855ge0ntcj3ugpdbt','mx���Z��$н!P��������N�zC���}������t�)\"�\n�ſ���{�����[�������������|p�tɷ�����߿����_�\\���_�J�(��(�\'iN`E���L�y���J����=�Ǟ��k=����c$L� ��Ћ@`�CR�J��C_$�ʒ�G���V�f�\"o��o��׳�7�A���$�����������R�� .*���v���7N�I�����G\\��$�s���Z��t��4����S�E�_�C�� ��njo�[x\"A�c„�\ZI����j/�<���00��˴?��:KD+@hU�h����9��\0�������2v�k;:6�9�����e���U�6����=���\nմi�mZ�-��5;�(�c���O����QM�s)\n\ry?��`i�E����A���*ީ��D�2���]�ȊLOT3SU͡^�0�|\Z�)h��&��x�>��/S��9�$�B��.cq�\'�,ld��2��FZ�A\"��/�`J�7&qŝ�eB�Ӷ�$h���\r���%T��`�E��o���N�\'\rQ�a�1�Z�HC��\\���ވ)��1i�᪘� ��aK��[ݻꇩu\'+���F��Y��z�Hӝǩ� ���ӈ$2U�r�\n�K�\'��v�Q��1G_��F�����߿�o���������OM\r��o����_з���h��\rb�6-^��a�V��-Z�mer�3����ɢ���\'�ta\Z�XL��,��I6�߲j�7N��In�r���}6аI�T�R�����Y0:�5U���� ��7�Ր�N��^ȝPj�]������Q������-{sJ��� T3��Ҏ��д���.��3�r��]9���׭�uб�gq���$D�=Z<!���B$C�1�B֎����22��6g��h��?I$�f��A�\\��6�A�y�&k��y��0h��4�y� ���v\"�w�������o�|�G�#�����\r��<^�>rgRX5նIFy֙���������.T���_���\"\\޻PϪ�v77U�����\"��V���{��#�>yb���H��ԩ��y��#�6&����\Z�q[��C�����P�\\�>#���Cl�����N{�eF������`{7\'Τ��f��gĦ�9��w;��9P�7��J��%_�����\'jY���~�8V���$1q����h�2՘�\'0w�u1j|�������*tL�H�\n�g�\n��~�������^q�{���TԈ������Z���2�ɣ�������vv�Z�U{˲ ����)n��4�C6\rk��uE�\nOx��Y��E���W�l�2����d����Hvpw\rv0=����Qg�r�6�lNUVH���}I���׷iʍ�h�[ժGBof��NL����\Z�o�ƹ�!ЁhY~Y���8�v]{����(f:��O6q�����r]l�=��Fx�O\r������]+���0�l��+�c�MW�U��`e�6詏���ȎR�[c�~�{��@�㊢D���I��3���k��*�~��I�.݀�y�6��Z�����+ĵ�%�5q�ڥ\n\Z�J�s��1���!�>r�{��� EY@�d�DV�C �\'����&�����?�P*<B��5z2�/�c�B\r���t�\"^�\'��O{���]x<#\0��ec�<�0\\��tdx���Fʼ8�YM9�t8��`����)��7e��4P��4����BӤ<�)9z\r�V�:�p��\"��S��x�X�&�H�$9,i��̬�Z��y���t�E���`��!G���\r�=��t���ߩ0���\"��?r�x/3��������잗�s>��� |I���g�{��$�Y�i��� �?��t�^q�������D��g��|������˃^�b��\Z�Z�>2sqVgq����������d�lc�n���,�t��Y�ie;ye�Z�)��)���j�V�J��dG��� Y1��2{��� ]i�S�W������o �����ƣ�\"��7����\"�1�~�D��@�v��̂���^,D���@��5\nF1��s�H_�����i��R�\\PW]��r~ԑ��g��͸R��\ZN���,�(�}R������4H/�%��г�?�io���r�V�/LjX+m�P:����ha��u���bݖ8���\'�b�ܬ�;�\n�İ�~�u�_���㕼�5���ơo��#��;g\\�6�Oq�� .n�f@l�w�IcNI&���X?e�n�y�0=f���%�|MLu��O95+��/w�i {e���� xy��UE�>R[]�2Zf��?M�-��)*Á$����������-���)F�wX�ө�C���rt����m��9G����y��Kx�$gQ��#7-�\n�Gm���xu\r�[ς��u�����$L5᫆��|�o��������I�4c��s^��������5(U�ө�����jy櫨\'B��O�i\r���dK��e�l�A����#�Ɉm�=h3$:���1�k<\'׼ʻu�\0�bY��,������k����ِ���KUӳ/i��EY��,K0|o�=3�aRc�!x�ݥ�\Z+��[�c�^�K����y��!�N����k�hBE���@�1��6�A@i��z�fTS�y{\rB�,��+@C0���ěT���\n�ᓅI��X�����`՝���[\\���;��o�67�AI�\Z+�S���:A�C�����@���T\'^:�g�u��$���I���3K2���\r�䵂p��8��z�\Zs��=�\'� ݀�\n\\z-���L�%y���T��]���q�ջ(y�{&���S���*Ƿ6�*sw�YH���b�V��C�\'�R����;/iy���:p��P�g����5���0~��/��_��N��������4���f�u��S�6C���AP}O0���^���7\Z�AD���:�L`ռ�o���Ũ����4̮K��?�X��M\rY�\'cy����� �΢�����iޗ�f}��T�8��!�s�-���i\0�^����e�@�r��S�a��\Z0�S]�zy�z�� �\r0\r��m�a��\ZN�A�[<B��㱔��9�Җxi���X����s��r\'��63�\Z,�FJ� ���麝�B�����-��=��V)������פlj�ۥ��W�ˣ�\'��1Rn5��%�מ��x�9_6F\"���n��~Q����ڷ\\Tk\0�@�]�����p�Ҹ륗���@H�L�1`mO0����4��ɞ��T��Ψ������~�n�kF��̸�|���j���mu�=��:,��\0�����N,���{��l��b\"���^�M��� q�p\n�I���&7�X�}\r��M�>��^\Z����]~O�]�I���Nd$\n#!��C%�����Y��vX�� x&�����~��S�a���D_۴�Jg�I�JЄ�)�<M#v8\\��4xL�m@ǜŁ$��\'��k�����&�����\rλΆe�/ �B �e�����7�\n�K�^���CJ���0��4�_^� p]�d��دw�@2UZc���\r�^1FK��|������?���S �}�M��P�h<�5 �=|�fa��c{2��?��?�5�-��c�􊮸���T�\Z�M؅��K.�|o�E�p���{�������vx2;����E?mgx�];�X�I�C��0�\\w>�M�� ��&����x<����\\}��&�/�2$c���Fų��������]@����\"2�b�����{5�z\Z����ퟸ^�h����B������ٶ���e�!y���y�\Z��m��.��F`F9����\'Eĝ�.�Jٴ9t��b@z��\"���=��g���:y3�z��pĤ{~��;�\"n�T�F����.�6S�\n�#��}v{��iTe�^F�3\n�� ���dx@S@��Gr-��h��N�\Z�\0s�\Z���5Y���� ��]�}�98�rOO�B\0�zں#lD5���W.������,�y@����>q3KR�\n������(/��o�W~�n���J ��ͭ)pg���&�%�.�*ԑn�:�a�7me\"�Fhx�J������=�,�<p�F.p�2�Ufm�b���21��������\Zt�:@{�/7�Ѕ��s��>�bW�b~��\rf�T�O0��j]�Yb���`N���ZbV�Π�!\n���\'��$�|bk�w���}}d&�- i���ē��\\*���������R%��\'M�NA��a^���2���Rpu�j��\\�p+�v�x?JLP�*<�I���n���wQ~�ْ�n�z{��XG�;���x2�z=J3\rJG*6\'�zW�ߦڻ�/��,����S*����閑t�(F�]^���=~h�c~Xr�͇t�$l9)�e��N�(�Q���D��d.T�����߄�5��4����(��+����a�o��m�c�\'��q�~����,��� ���t�m_�o��G�F�߿�m�~����Y��&!���!˯L��z���)O���������1������g�+% (�r8��\"Ŋ�� ����@!*�^�A I��� ����mb����z\0�����B�~�|ȇ�N� �?�z�����7���*?H��x���~���-�76�C?��8-��������Y��u[�����Ŏc[���l��8L�?u���6��/c�fH�~�]�o4�`�}����7�O���|E������x�G���b\\�\\�<��7���W~M�����`�&�W+���o�e�������I����ُ ������','20240426200445')
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for localAutoCommit/0
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:loginreqlink' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:login' LIMIT 1
  • ParserFactory: using default preprocessor
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'magicWords' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:createacct-helpusername' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:userlogin-yourname' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:pt-login-continue-button' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:helplogin-url' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:userlogin-helplink2' LIMIT 1
  • [session] SessionBackend "t4to3covc32mo28855ge0ntcj3ugpdbt" data dirty due to dirty(): MediaWiki\Extension\PluggableAuth\PrimaryAuthenticationProvider->continuePrimaryAuthentication/MediaWiki\Auth\AuthManager->removeAuthenticationSessionData/MediaWiki\Session\Session->setSecret/MediaWiki\Session\Session->set/MediaWiki\Session\SessionBackend->dirty
  • [authentication] Login failed in primary authentication by MediaWiki\Extension\PluggableAuth\PrimaryAuthenticationProvider
  • [session] SessionBackend "t4to3covc32mo28855ge0ntcj3ugpdbt" data dirty due to dirty(): AuthManagerSpecialPage->handleFormSubmit/AuthManagerSpecialPage->performAuthenticationStep/MediaWiki\Auth\AuthManager->continueAuthentication/MediaWiki\Session\Session->remove/MediaWiki\Session\SessionBackend->dirty
  • [session] SessionBackend "t4to3covc32mo28855ge0ntcj3ugpdbt" save: dataDirty=1 metaDirty=0 forcePersist=0
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for localAutoCommit/0
  • [DBQuery] SqlBagOStuff::modifyTableSpecificBlobsForSet [0.003s] database: REPLACE INTO `objectcache` (keyname,value,exptime) VALUES ('mediawiki:MWSession:t4to3covc32mo28855ge0ntcj3ugpdbt','mSْ�H���\"�_�(2١˜(K--���藄���(�,*�������üq�s���=�Q��SGs$J2\"��Ǩc\\%��2:���_@��%\\�tG\n#�/�kꨊ#!��U�[*���C�|�Ұ�B�`E�}����k>�ҔG���x��6����i(�i��\"O�5մ�I=Z�)��މ��0�A�*�&��F���r$�g�n�������a�F?�q:����l����n(t�e�1��/Y�f���~1��M�v9L����\'�&_��KB�~����\r�~0���MD7^fE1E�,�*-Z���^ޙ�C��z��wf�[��X\'����]����ue��z�O��2I敝\"���Ut7�~8�����Z��M�jIrl���v�\"�yo���{�Cv.�.q�E�\\���e����L����ʟ��q�q����6��ݷ$5z����W\r+3C���Z���&�M����{4wM�c��Y�Z�&�z�vyNcn�e���b4�^D��0�}t���s]��求��M!��zߵ�[����n�0R��mA#����3!��d��_o���������mG��9c���z�q}l��rqYF+��MX���e�#˂p\n±�|����%>�e<�����s�:��D�#����5n���۾�� �������a�����l�L�0�/ >�t~��?��YԞ�~i� ���������K���T�:���!����� �϶��j�S�;CF��Ĩ�^��ET�z��T� PN6���vǯ�(:qxz�vl�����=�*U!�64�����FubJ�����f_�L�\"��g�&�\ZT5��D‡�r9w�Yӑ��s����X���,��ZIf@gy��u���)O3�5�~����','20240426200446')
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for localAutoCommit/0
  • [authevents] Login attempt
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0.001s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:domain_Login' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] MediaWiki\Page\PageStore::getPageByNameViaLinkCache [0s] database: SELECT page_id,page_namespace,page_title,page_is_redirect,page_is_new,page_touched,page_links_updated,page_latest,page_len,page_content_model FROM `page` WHERE page_namespace = 8 AND page_title = 'Domain_Login' LIMIT 1
  • [objectcache] fetchOrRegenerate(mediawiki:page:8:eb11e3e6821398afd6f2cba99a532351bdc00ee5): miss, new value computed
  • [objectcache] fetchOrRegenerate(mediawiki:messages-big:f6c4f725a607bfe8fa0cf0c05ee4f470:Domain_Login): miss, new value computed
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:pt-login-button' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:userlogin-resetpassword-link' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:double-redirect-fixer' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:usermessage-editor' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:proxyblocker' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:sorbs' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:spambot_username' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:autochange-username' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:newusermessage-editor' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:userlogin-yourname-ph' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:userlogin-yourpassword' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'linkPrefixExtension' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:userlogin-yourpassword-ph' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:userlogin-remembermypassword' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'separatorTransformTable' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'digitGroupingPattern' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'minimumGroupingDigits' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'digitTransformTable' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:loginprompt' LIMIT 1
  • [DBQuery] MediaWiki::preOutputCommit [0s] database: COMMIT
  • MediaWiki::preOutputCommit: primary transaction round committed
  • MediaWiki::preOutputCommit: pre-send deferred updates completed
  • MediaWiki::preOutputCommit: session changes committed
  • [DBReplication] Wikimedia\Rdbms\LBFactory::shutdown: finished ChronologyProtector shutdown
  • [DBReplication] LBFactory shutdown completed
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] Wikimedia\Rdbms\DatabaseMysqlBase::serverIsReadOnly [0s] database: SELECT @@GLOBAL.read_only AS Value
  • [objectcache] fetchOrRegenerate(global:rdbms-server-readonly:database:mediawiki:): miss, new value computed
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBPerformance] Expectation (writes <= 0) by MediaWiki::main not met (actual: 4): role-primary: INSERT INTO `online` (userid,username,timestamp,wikiid) VALUES (N,'X'
  • [DBQuery] WhosOnlineHooks::onBeforePageDisplay [0s] database: INSERT INTO `online` (userid,username,timestamp,wikiid) VALUES (0,'172.18.0.1','20240426190446','mediawiki') ON DUPLICATE KEY UPDATE timestamp = '20240426190446'
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] Wikimedia\Rdbms\Database::beginIfImplied (MediaWiki\User\TalkPageNotificationManager::dbCheckNewUserMessages) [0s] database: BEGIN
  • [DBQuery] MediaWiki\User\TalkPageNotificationManager::dbCheckNewUserMessages [0s] database: SELECT user_ip FROM `user_newtalk` WHERE user_ip = '172.18.0.1' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'rtl' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:pt-login' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:pt-createaccount' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] Wikimedia\Rdbms\Database::select [0s] database: SELECT pp_value FROM `page_props` WHERE pp_page = 0 AND pp_propname = 'MintyDocsPageType'
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:nstab-special' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:requestaccount-login' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:help-mediawiki' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:tooltip-p-navigation' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:tooltip-n-help-mediawiki' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:accesskey-n-help-mediawiki' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:tooltip-p-tb' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:tooltip-p-lang' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:otherlanguages' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:tooltip-p-user-interface-preferences' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:tooltip-ca-uls' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] MediaWiki\Page\PageStore::getPageByNameViaLinkCache [0s] database: SELECT page_id,page_namespace,page_title,page_is_redirect,page_is_new,page_touched,page_links_updated,page_latest,page_len,page_content_model FROM `page` WHERE page_namespace = 8 AND page_title = 'Tooltip-ca-uls' LIMIT 1
  • [objectcache] fetchOrRegenerate(mediawiki:page:8:6413cf1dc7e48626de004977c677b6c8a55e2805): miss, new value computed
  • [objectcache] fetchOrRegenerate(mediawiki:messages-big:f6c4f725a607bfe8fa0cf0c05ee4f470:Tooltip-ca-uls): miss, new value computed
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:accesskey-ca-uls' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] MediaWiki\Page\PageStore::getPageByNameViaLinkCache [0s] database: SELECT page_id,page_namespace,page_title,page_is_redirect,page_is_new,page_touched,page_links_updated,page_latest,page_len,page_content_model FROM `page` WHERE page_namespace = 8 AND page_title = 'Accesskey-ca-uls' LIMIT 1
  • [objectcache] fetchOrRegenerate(mediawiki:page:8:fd39f2d7962ddb50cb19fd00d7cffa75e5365066): miss, new value computed
  • [objectcache] fetchOrRegenerate(mediawiki:messages-big:f6c4f725a607bfe8fa0cf0c05ee4f470:Accesskey-ca-uls): miss, new value computed
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:user-interface-preferences' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] MediaWiki\Page\PageStore::getPageByNameViaLinkCache [0s] database: SELECT page_id,page_namespace,page_title,page_is_redirect,page_is_new,page_touched,page_links_updated,page_latest,page_len,page_content_model FROM `page` WHERE page_namespace = 8 AND page_title = 'User-interface-preferences' LIMIT 1
  • [objectcache] fetchOrRegenerate(mediawiki:page:8:cc55e312a5aa3b8484b6bc564e3edba47c592500): miss, new value computed
  • [objectcache] fetchOrRegenerate(mediawiki:messages-big:f6c4f725a607bfe8fa0cf0c05ee4f470:User-interface-preferences): miss, new value computed
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:tooltip-p-user-page' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:user-page' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] MediaWiki\Page\PageStore::getPageByNameViaLinkCache [0s] database: SELECT page_id,page_namespace,page_title,page_is_redirect,page_is_new,page_touched,page_links_updated,page_latest,page_len,page_content_model FROM `page` WHERE page_namespace = 8 AND page_title = 'User-page' LIMIT 1
  • [objectcache] fetchOrRegenerate(mediawiki:page:8:c70b5a4895ac1b24b96a7e32d0a18d0d4cbe9bdc): miss, new value computed
  • [objectcache] fetchOrRegenerate(mediawiki:messages-big:f6c4f725a607bfe8fa0cf0c05ee4f470:User-page): miss, new value computed
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:tooltip-p-personal' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:tooltip-p-notifications' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] MediaWiki\Page\PageStore::getPageByNameViaLinkCache [0s] database: SELECT page_id,page_namespace,page_title,page_is_redirect,page_is_new,page_touched,page_links_updated,page_latest,page_len,page_content_model FROM `page` WHERE page_namespace = 8 AND page_title = 'Tooltip-p-notifications' LIMIT 1
  • [objectcache] fetchOrRegenerate(mediawiki:page:8:5e89b9c18080b9e1a98fafc0da774d0eec80a023): miss, new value computed
  • [objectcache] fetchOrRegenerate(mediawiki:messages-big:f6c4f725a607bfe8fa0cf0c05ee4f470:Tooltip-p-notifications): miss, new value computed
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:notifications' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:tooltip-p-associated-pages' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] MediaWiki\Page\PageStore::getPageByNameViaLinkCache [0s] database: SELECT page_id,page_namespace,page_title,page_is_redirect,page_is_new,page_touched,page_links_updated,page_latest,page_len,page_content_model FROM `page` WHERE page_namespace = 8 AND page_title = 'Tooltip-p-associated-pages' LIMIT 1
  • [objectcache] fetchOrRegenerate(mediawiki:page:8:ef738cc53166fcf45692d0ade99df069e848dfb2): miss, new value computed
  • [objectcache] fetchOrRegenerate(mediawiki:messages-big:f6c4f725a607bfe8fa0cf0c05ee4f470:Tooltip-p-associated-pages): miss, new value computed
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:associated-pages' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] MediaWiki\Page\PageStore::getPageByNameViaLinkCache [0s] database: SELECT page_id,page_namespace,page_title,page_is_redirect,page_is_new,page_touched,page_links_updated,page_latest,page_len,page_content_model FROM `page` WHERE page_namespace = 8 AND page_title = 'Associated-pages' LIMIT 1
  • [objectcache] fetchOrRegenerate(mediawiki:page:8:cb7b37d2da1ced2fadc11aa3317c1a8efcf39648): miss, new value computed
  • [objectcache] fetchOrRegenerate(mediawiki:messages-big:f6c4f725a607bfe8fa0cf0c05ee4f470:Associated-pages): miss, new value computed
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:tooltip-p-namespaces' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:tooltip-ca-nstab-special' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:accesskey-ca-nstab-special' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:tooltip-p-views' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:tooltip-p-cactions' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:cactions' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:tooltip-p-variants' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:tooltip-p-vector-user-menu-overflow' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] MediaWiki\Page\PageStore::getPageByNameViaLinkCache [0s] database: SELECT page_id,page_namespace,page_title,page_is_redirect,page_is_new,page_touched,page_links_updated,page_latest,page_len,page_content_model FROM `page` WHERE page_namespace = 8 AND page_title = 'Tooltip-p-vector-user-menu-overflow' LIMIT 1
  • [objectcache] fetchOrRegenerate(mediawiki:page:8:e1513355c020e501f13cdd486bc0dcd4eb6be013): miss, new value computed
  • [objectcache] fetchOrRegenerate(mediawiki:messages-big:f6c4f725a607bfe8fa0cf0c05ee4f470:Tooltip-p-vector-user-menu-overflow): miss, new value computed
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:tooltip-pt-createaccount-2' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] MediaWiki\Page\PageStore::getPageByNameViaLinkCache [0s] database: SELECT page_id,page_namespace,page_title,page_is_redirect,page_is_new,page_touched,page_links_updated,page_latest,page_len,page_content_model FROM `page` WHERE page_namespace = 8 AND page_title = 'Tooltip-pt-createaccount-2' LIMIT 1
  • [objectcache] fetchOrRegenerate(mediawiki:page:8:e702f1464bc010b9a6e6eddb1f622b346a5e59a8): miss, new value computed
  • [objectcache] fetchOrRegenerate(mediawiki:messages-big:f6c4f725a607bfe8fa0cf0c05ee4f470:Tooltip-pt-createaccount-2): miss, new value computed
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:accesskey-pt-createaccount-2' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] MediaWiki\Page\PageStore::getPageByNameViaLinkCache [0s] database: SELECT page_id,page_namespace,page_title,page_is_redirect,page_is_new,page_touched,page_links_updated,page_latest,page_len,page_content_model FROM `page` WHERE page_namespace = 8 AND page_title = 'Accesskey-pt-createaccount-2' LIMIT 1
  • [objectcache] fetchOrRegenerate(mediawiki:page:8:67d5e11a789fd771a0c0d066fc8b52a31aab9f10): miss, new value computed
  • [objectcache] fetchOrRegenerate(mediawiki:messages-big:f6c4f725a607bfe8fa0cf0c05ee4f470:Accesskey-pt-createaccount-2): miss, new value computed
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:vector-user-menu-overflow' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] MediaWiki\Page\PageStore::getPageByNameViaLinkCache [0s] database: SELECT page_id,page_namespace,page_title,page_is_redirect,page_is_new,page_touched,page_links_updated,page_latest,page_len,page_content_model FROM `page` WHERE page_namespace = 8 AND page_title = 'Vector-user-menu-overflow' LIMIT 1
  • [objectcache] fetchOrRegenerate(mediawiki:page:8:8642b10d6bc1bde39628473b8a6ec36d0c562bfa): miss, new value computed
  • [objectcache] fetchOrRegenerate(mediawiki:messages-big:f6c4f725a607bfe8fa0cf0c05ee4f470:Vector-user-menu-overflow): miss, new value computed
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:tooltip-p-views-overflow' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] MediaWiki\Page\PageStore::getPageByNameViaLinkCache [0s] database: SELECT page_id,page_namespace,page_title,page_is_redirect,page_is_new,page_touched,page_links_updated,page_latest,page_len,page_content_model FROM `page` WHERE page_namespace = 8 AND page_title = 'Tooltip-p-views-overflow' LIMIT 1
  • [objectcache] fetchOrRegenerate(mediawiki:page:8:f055c2110fc07b3a656c5c3cafcc4b6c94bb48af): miss, new value computed
  • [objectcache] fetchOrRegenerate(mediawiki:messages-big:f6c4f725a607bfe8fa0cf0c05ee4f470:Tooltip-p-views-overflow): miss, new value computed
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:views-overflow' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] MediaWiki\Page\PageStore::getPageByNameViaLinkCache [0s] database: SELECT page_id,page_namespace,page_title,page_is_redirect,page_is_new,page_touched,page_links_updated,page_latest,page_len,page_content_model FROM `page` WHERE page_namespace = 8 AND page_title = 'Views-overflow' LIMIT 1
  • [objectcache] fetchOrRegenerate(mediawiki:page:8:7c6e666dd6029fe6c93284ac7d8c00a46b68e75f): miss, new value computed
  • [objectcache] fetchOrRegenerate(mediawiki:messages-big:f6c4f725a607bfe8fa0cf0c05ee4f470:Views-overflow): miss, new value computed
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:tooltip-pt-uls' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] MediaWiki\Page\PageStore::getPageByNameViaLinkCache [0s] database: SELECT page_id,page_namespace,page_title,page_is_redirect,page_is_new,page_touched,page_links_updated,page_latest,page_len,page_content_model FROM `page` WHERE page_namespace = 8 AND page_title = 'Tooltip-pt-uls' LIMIT 1
  • [objectcache] fetchOrRegenerate(mediawiki:page:8:225d4b727fb642595e4832aef4d935cb699182da): miss, new value computed
  • [objectcache] fetchOrRegenerate(mediawiki:messages-big:f6c4f725a607bfe8fa0cf0c05ee4f470:Tooltip-pt-uls): miss, new value computed
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:accesskey-pt-uls' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] MediaWiki\Page\PageStore::getPageByNameViaLinkCache [0s] database: SELECT page_id,page_namespace,page_title,page_is_redirect,page_is_new,page_touched,page_links_updated,page_latest,page_len,page_content_model FROM `page` WHERE page_namespace = 8 AND page_title = 'Accesskey-pt-uls' LIMIT 1
  • [objectcache] fetchOrRegenerate(mediawiki:page:8:523f3ac6664d7dd429ec9ea26c2ada43f94ca413): miss, new value computed
  • [objectcache] fetchOrRegenerate(mediawiki:messages-big:f6c4f725a607bfe8fa0cf0c05ee4f470:Accesskey-pt-uls): miss, new value computed
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:forced-globalnotice' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] MediaWiki\Page\PageStore::getPageByNameViaLinkCache [0s] database: SELECT page_id,page_namespace,page_title,page_is_redirect,page_is_new,page_touched,page_links_updated,page_latest,page_len,page_content_model FROM `page` WHERE page_namespace = 8 AND page_title = 'Forced-globalnotice' LIMIT 1
  • [objectcache] fetchOrRegenerate(mediawiki:page:8:83c6ecc50fe6ce718203ed0aefba490ba1c23ec3): miss, new value computed
  • [objectcache] fetchOrRegenerate(mediawiki:messages-big:f6c4f725a607bfe8fa0cf0c05ee4f470:Forced-globalnotice): miss, new value computed
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:globalnotice' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] MediaWiki\Page\PageStore::getPageByNameViaLinkCache [0s] database: SELECT page_id,page_namespace,page_title,page_is_redirect,page_is_new,page_touched,page_links_updated,page_latest,page_len,page_content_model FROM `page` WHERE page_namespace = 8 AND page_title = 'Globalnotice' LIMIT 1
  • [objectcache] fetchOrRegenerate(mediawiki:page:8:5a58b35f6c1687293410e0e1e4a7224cc9178224): miss, new value computed
  • [objectcache] fetchOrRegenerate(mediawiki:messages-big:f6c4f725a607bfe8fa0cf0c05ee4f470:Globalnotice): miss, new value computed
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:globalnotice-sysop' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] MediaWiki\Page\PageStore::getPageByNameViaLinkCache [0s] database: SELECT page_id,page_namespace,page_title,page_is_redirect,page_is_new,page_touched,page_links_updated,page_latest,page_len,page_content_model FROM `page` WHERE page_namespace = 8 AND page_title = 'Globalnotice-sysop' LIMIT 1
  • [objectcache] fetchOrRegenerate(mediawiki:page:8:34d8821d06d31b5148fc45c4bdc4866a122278d9): miss, new value computed
  • [objectcache] fetchOrRegenerate(mediawiki:messages-big:f6c4f725a607bfe8fa0cf0c05ee4f470:Globalnotice-sysop): miss, new value computed
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:globalnotice-bureaucrat' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] MediaWiki\Page\PageStore::getPageByNameViaLinkCache [0s] database: SELECT page_id,page_namespace,page_title,page_is_redirect,page_is_new,page_touched,page_links_updated,page_latest,page_len,page_content_model FROM `page` WHERE page_namespace = 8 AND page_title = 'Globalnotice-bureaucrat' LIMIT 1
  • [objectcache] fetchOrRegenerate(mediawiki:page:8:c2f9eee3262fb1b7383e7af0c3c64451a41389f7): miss, new value computed
  • [objectcache] fetchOrRegenerate(mediawiki:messages-big:f6c4f725a607bfe8fa0cf0c05ee4f470:Globalnotice-bureaucrat): miss, new value computed
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:globalnotice-bot' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] MediaWiki\Page\PageStore::getPageByNameViaLinkCache [0s] database: SELECT page_id,page_namespace,page_title,page_is_redirect,page_is_new,page_touched,page_links_updated,page_latest,page_len,page_content_model FROM `page` WHERE page_namespace = 8 AND page_title = 'Globalnotice-bot' LIMIT 1
  • [objectcache] fetchOrRegenerate(mediawiki:page:8:898ab349660866676036931128ae83ff8594aacb): miss, new value computed
  • [objectcache] fetchOrRegenerate(mediawiki:messages-big:f6c4f725a607bfe8fa0cf0c05ee4f470:Globalnotice-bot): miss, new value computed
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:globalnotice-rollback' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] MediaWiki\Page\PageStore::getPageByNameViaLinkCache [0s] database: SELECT page_id,page_namespace,page_title,page_is_redirect,page_is_new,page_touched,page_links_updated,page_latest,page_len,page_content_model FROM `page` WHERE page_namespace = 8 AND page_title = 'Globalnotice-rollback' LIMIT 1
  • [objectcache] fetchOrRegenerate(mediawiki:page:8:dddfe8db694750c29f68864b75ca1d14b10c4a20): miss, new value computed
  • [objectcache] fetchOrRegenerate(mediawiki:messages-big:f6c4f725a607bfe8fa0cf0c05ee4f470:Globalnotice-rollback): miss, new value computed
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:breadcrumbs' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:vector-opt-out-tooltip' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:vector-opt-out' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:vector-action-toggle-sidebar' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:vector-main-menu-tooltip' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:vector-jumptosearch' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:vector-jumptocontent' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:vector-toc-beginning' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:vector-toc-heading' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:vector-toc-toggle-position-sidebar' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:vector-toc-toggle-position-title' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:vector-toc-menu-tooltip' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:vector-toc-collapsible-button-label' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:vector-article-tools-nav-label' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:vector-site-nav-label' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:sitesubtitle' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:sitetitle' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:tooltip-vector-anon-user-menu-title' LIMIT 1
  • Unstubbing $wgLang on call of $wgLang::getCode from MediaWiki\Skins\Vector\SkinVector->decoratePortletData
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:variantname-en' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] MediaWiki\Page\PageStore::getPageByNameViaLinkCache [0s] database: SELECT page_id,page_namespace,page_title,page_is_redirect,page_is_new,page_touched,page_links_updated,page_latest,page_len,page_content_model FROM `page` WHERE page_namespace = 8 AND page_title = 'Variantname-en' LIMIT 1
  • [objectcache] fetchOrRegenerate(mediawiki:page:8:2065ff0b4b26c26fa83f8ad4a9907bb9ded198d0): miss, new value computed
  • [objectcache] fetchOrRegenerate(mediawiki:messages-big:f6c4f725a607bfe8fa0cf0c05ee4f470:Variantname-en): miss, new value computed
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [objectcache] fetchOrRegenerate(global:resourceloader-titleinfo:mediawiki:da39a3ee5e6b4b0d3255bfef95601890afd80709): miss, new value computed
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'defaultDateFormat' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:january' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:february' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:march' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:april' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:may_long' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:june' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:july' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:august' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:september' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:october' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:november' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:december' LIMIT 1
  • [DBConnection] Wikimedia\Rdbms\LoadBalancer::getLocalConnection: reused a connection for local/0
  • [DBQuery] LCStoreDB::get [0s] database: SELECT lc_value FROM `l10n_cache` WHERE lc_lang = 'en' AND lc_key = 'messages:vector-language-variant-switcher-label' LIMIT 1
Osnard (talkcontribs)

I'd say the relevant part ist

2024-04-26 19:04:45 canasta mediawiki: MediaWiki\Extension\LDAPProvider\Client::getUserDN: search with array (
  'base' => 'dc=test,dc=local',
  'filter' => '(uid=xxxx)',
  'attributes' =>
  array (
    0 => '*',
    1 => 'memberof',
  ),
)
2024-04-26 19:04:45 canasta mediawiki: Could not get user DN!
2024-04-26 19:04:45 canasta mediawiki: MediaWiki\Extension\LDAPProvider\Client::getSearchString: User DN is: ''

As you can see, the search filter `(uid=xxxx) against dc=test,dc=local does not return anything.

FYI: There is no setting searchattributes, only searchattribute. Also the value of your grouprequest looks odd.

I guess you may need to set "searchattribute":"samaccountname".

Ksmith197 (talkcontribs)

Okay! I've made changes to the "LocalSettings.php" file as indicated in your response. Now instead of receiving Could not authenticate credentials against domain "test.local", I'm now receiving "User xxxx is not authorized".

=================================================================================

From:

searchattributes": {

                "realname": "cn",

                "username": "samaccountname"

        },

=================================================================================

To:

searchattribute": "samaccountname",

================================================================================= From:

"grouprequest": {

            "groupAttribute": "member",

            "isMemberCritical": true

        },

================================================================================= To:


"grouprequest": "MediaWiki\\Extension\\LDAPProvider\\UsrGroupsRequest\\groupUniqueMember::factory",

================================================================================ After changes this is the new logs within "LDAPProvider.log":


2024-04-29 12:28:54 canasta mediawiki: Found user DN: 'CN=xxxx,CN=Users,DC=test,DC=local'

2024-04-29 12:28:54 canasta mediawiki: MediaWiki\Extension\LDAPProvider\Client::getSearchString: User DN is: 'CN=xxxx,CN=Users,DC=test,DC=local'

2024-04-29 12:31:15 canasta mediawiki: Setting LDAP_OPT_PROTOCOL_VERSION to 3

2024-04-29 12:31:15 canasta mediawiki: Setting LDAP_OPT_REFERRALS to 0

2024-04-29 12:31:15 canasta mediawiki: Setting LDAP_OPT_DEREF to 1

2024-04-29 12:31:15 canasta mediawiki: MediaWiki\Extension\LDAPProvider\Client::getUserDN: search with array (

  'base' => 'dc=test,dc=local',

  'filter' => '(samaccountname=xxxx)',

  'attributes' =>

  array (

    0 => '*',

    1 => 'memberof',

================================================================================ Here is logs from "LDAPAuthentication2.log" after the change:

<syntaxhighlight lang="log"> 2024-04-29 12:31:15 canasta mediawiki: Try to authenticate user: xxxx

2024-04-29 12:31:15 canasta mediawiki: Not local login. Checking LDAP...

2024-04-29 12:31:15 canasta mediawiki: LDAP domain: test.local

2024-04-29 12:31:15 canasta mediawiki: LDAP login succeeded.

</syntaxhighlight>

================================================================================ Log from "pa.log"(PluggableAuth):

2024-04-29 12:31:15 canasta mediawiki: Getting PluggableAuth instance

2024-04-29 12:31:15 canasta mediawiki: Plugin name: LDAPAuthentication2

2024-04-29 12:31:15 canasta mediawiki: Authenticated new user: xxxx

2024-04-29 12:31:15 canasta mediawiki: Authorization failure.

Osnard (talkcontribs)

Authorization failure. does mean some other extension prevents the login. What else extensions do you have enabled?

Ksmith197 (talkcontribs)

So here's the list of enabled extensions that I have listed in my LocalSettings.php, to include the LDAP one's aswell. (Any extension that I had commented out in my local machine, have been removed for this reply):

                                                                                                                                                               

wfLoadExtension('LDAPProvider');                                                                                                                                                                                                                           

    wfLoadExtension('LDAPAuthentication2');                                                                                                                                                                                                                                                                   

    wfLoadExtension('PluggableAuth');  


# Special Pages                                                                                                                                                                                                                                               

wfLoadExtension( 'AdminLinks' );                                                                                                                                                                                                                               

wfLoadExtension( 'Bootstrap' );                                                                                                                                                                                                                               

wfLoadExtension( 'CiteThisPage' );                                                                                                                                                                                                                             

wfLoadExtension( 'Collection' );                                                                                                                                                                                                                               

wfLoadExtension( 'ConfirmAccount' );                                                                                                                                                                                                                           

wfLoadExtension( 'ContactPage' );                                                                                                                                                                                                                                                                                                                                                                                                                                                         

wfLoadExtension( 'Echo' );                                                                                                                                                                                                                                     

wfLoadExtension( 'EditAccount' );                                                                                                                                                                                                                             

wfLoadExtension( 'Editcount' );                                                                                                                                                                                                                               

wfLoadExtension( 'Interwiki' );                                                                                                                                                                                                                               

wfLoadExtension( 'Linter' );                                                                                                                                                                                                                                   

wfLoadExtension( 'LookupUser' );                                                                                                                                                                                                                               

wfLoadExtension( 'MassMessage' );                                                                                                                                                                                                                             

wfLoadExtension( 'PageForms' );                                                                                                                                                                                                                               

wfLoadExtension('ReplaceText');                                                                                                                                                                                                                               

wfLoadExtension('SemanticDrilldown');                                                                                                                                                                                                                         

wfLoadExtension('SimpleBatchUpload');                                                                                                                                                                                                                                                                                                                                                                                                                       

wfLoadExtension('TemplateSandbox');                                                                                                                                                                        

wfLoadExtension('UserMerge');                                                                                                                                                                                                                                 

wfLoadExtension('UserPageViewTracker');                                                                                                                                                                                                                                                                                                                                                                                                                           

wfLoadExtension('WhosOnline');                                                                                                                                                                                                                                 

                                                                                                                                                                                                                                                               

# Editors                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       

wfLoadExtension('VisualEditor');                                                                                                                                                                                                                               

wfLoadExtension('WikiEditor');                                                                                                                                                                                                                                 

                                                                                                                                                                                                                                                               

# Parser hooks                                                                                                                                                                                                                                                 

wfLoadExtension('CategoryTree');                                                                                                                                                                                                                               

wfLoadExtension('Cite');                                                                                                                                                                                                                                       

wfLoadExtension('CommentStreams');                                                                                                                                                                                                                             

wfLoadExtension('DisplayTitle');                                                                                                                                                                                                                               

wfLoadExtension('EmbedVideo');                                                                                                                                                                                                                                 

wfLoadExtension('ExternalData');                                                                                                                                                                                                                               

wfLoadExtension('Graph');                                                                                                                                                                                                                                     

wfLoadExtension('ImageMap');                                                                                                                                                                                                                                   

wfLoadExtension('Math');                                                                                                                                                                                                                                       

wfLoadExtension('MintyDocs');                                                                                                                                                                                                                                 

wfLoadExtension('MsCalendar');                                                                                                                                                                                                                                 

wfLoadExtension('MsUpload');                                                                                                                                                                                                                                   

wfLoadExtension('Poem');                                                                                                                                                                                                                                       

wfLoadExtension('RegularTooltips');                                                                                                                                                                                                                           

wfLoadExtension('Scribunto');                                                                                                                                                                                                                                 

wfLoadExtension('SyntaxHighlight_GeSHi');                                                                                                                        

wfLoadExtension('SubPageList');                                                                                                                                                                                                                                                                                                                                                                                                                                                               

wfLoadExtension('UserFunctions');

# Media Handlers                                                                                                                                                                                                                                                                                                                                                                                                                                                                          

wfLoadExtension('MsUpload');                                                                                                                                                                                                                                   

                                                                                                                                                                                                                                                               

# Spam Prevention                                                                                                                                                                                                                                             

wfLoadExtension('AbuseFilter');                                                                                                                                                                                                                               

wfLoadExtension('AntiSpoof');                                                                                                                                                                                                                                 

wfLoadExtension('TitleBlacklist');                                                                                                                                                                                                                             

                                                                                                                                                                                                                                                               

# Other                                                                                                                                                                                                                                                       

wfLoadExtension('AdvancedSearch');                                                                                                                                                                                                                             

wfLoadExtension('BreadCrumbs2');                                                                                                                                                                                                                               

wfLoadExtension('EmailAuthorization');                                                                                                                                                                                                                         

wfLoadExtension('EventLogging');                                                                                                                                                                                                                               

wfLoadExtension('GlobalNotice');                                                                                                                                                                                                                               

wfLoadExtension( 'ParserFunctions' );                                                                                                                                                                                                                                                                                                                                     

wfLoadExtension('LinkTarget');                                                                                                                                                                                                                                 

wfLoadExtension('MediaUploader');                                                                                                                                                                                                                             

wfLoadExtension('MultimediaViewer');                                                                                                                                                                                                                           

wfLoadExtension('NewUserMessage');                                                                                                                                                                                                                             

wfLoadExtension('OATHAuth');

                                                                                                                     

wfLoadExtension('RevisionSlider');                                                                                                                                                                                                                             

wfLoadExtension('SaveSpinner');                                                                                                                                                                                                                               

wfLoadExtension( 'TemplateStyles' );                                                                                                                                                                                                                           

wfLoadExtension('Thanks');                                                                                                                                                                                                                                     

wfLoadExtension('Popups');                                                                                                                                                                                                                                     

wfLoadExtension('UniversalLanguageSelector');                      

Ksmith197 (talkcontribs)

@Osnard I got it! After you stated that "some other extension prevents the login", I reviewed all the extensions that stuck out to me. One in particular was the "EmailAuthorization" extension, since this utilizes "PluggableAuthUserAuthorization hook to provide authorization using a list of authorized email addresses ". I was unable to be authorized due to the fact that in my setup for Active Directory, users do not have an email address associated to their user accounts, just First name, Last name, and username. I commented out the extension, and tested login which was successful! Thank you for your help and your time!

Reply to "Could not authenticate credentials against domain "test.local""
Summary by Wikiphpnoob

moving from LDAP to Azure/Entra

65.207.72.210 (talkcontribs)

Hello, I have Windows Server 2016, with IIS version 10, with PHP 8.3.3, with MediaWiki 1.41.0

i am new to setting all of this up and at points can be rather confusing.

i have been trying to set up LDAP and thus far used extensions LDAPProvider, LDAPAuthentication2, LDAPAuthorization.

with LDAPProvider, i also have a ldapprovider.json

FIRST, i'd like to know which extensions would best support the following:

after authenticating to LDAP/active directory, i want permissions set where certain users only have access to certain pages in the wiki

here's my LocalSettings.php and ldapprovider.json as currently i'm getting HTTP ERROR 500. any assistance would be appreciated...

<?php

# This file was automatically generated by the MediaWiki 1.41.0

# installer. If you make manual changes, please keep track in case you

# need to recreate them later.

#

# See includes/MainConfigSchema.php for all configurable settings

# and their default values, but don't forget to make changes in _this_

# file, not there.

#

# Further documentation for configuration settings may be found at:

# https://www.mediawiki.org/wiki/Manual:Configuration_settings

# Protect against web entry

if ( !defined( 'MEDIAWIKI' ) ) {

exit;

}

## Uncomment this to disable output compression

# $wgDisableOutputCompression = true;

$wgSitename = "raa ems wiki";

$wgMetaNamespace = "Raa ems wiki";

## The URL base path to the directory containing the wiki;

## defaults for all runtime URL paths are based off of this.

## For more information on customizing the URLs

## (like /w/index.php/Page_title to /wiki/Page_title) please see:

## https://www.mediawiki.org/wiki/Manual:Short_URL

$wgScriptPath = "/raaemsitwiki/mediawiki-1.41.0";

## The protocol and server name to use in fully-qualified URLs

$wgServer = "XXX";

## The URL path to static resources (images, scripts, etc.)

$wgResourceBasePath = $wgScriptPath;

## The URL paths to the logo.  Make sure you change this from the default,

## or else you'll overwrite your logo when you upgrade!

$wgLogos = [

'1x' => "$wgResourceBasePath/resources/assets/RAAEMS-Image.svg",

'icon' => "$wgResourceBasePath/resources/assets/RAAEMS-Image.svg",

];

## UPO means: this is also a user preference option

$wgEnableEmail = false;

$wgEnableUserEmail = false; # UPO

$wgEmergencyContact = "";

$wgPasswordSender = "";

$wgEnotifUserTalk = false; # UPO

$wgEnotifWatchlist = false; # UPO

$wgEmailAuthentication = true;

## Database settings

$wgDBtype = "mysql";

$wgDBserver = "localhost";

$wgDBname = "raaemsitwiki";

$wgDBuser = "XXX";

$wgDBpassword = "XXX";

# MySQL specific settings

$wgDBprefix = "";

$wgDBssl = false;

# MySQL table options to use during installation or update

$wgDBTableOptions = "ENGINE=InnoDB, DEFAULT CHARSET=binary";

# Shared database table

# This has no effect unless $wgSharedDB is also set.

$wgSharedTables[] = "actor";

## Shared memory settings

$wgMainCacheType = CACHE_NONE;

$wgMemCachedServers = [];

## To enable image uploads, make sure the 'images' directory

## is writable, then set this to true:

$wgEnableUploads = true;

#$wgUseImageMagick = true;

#$wgImageMagickConvertCommand = "/usr/bin/convert";

# InstantCommons allows wiki to use images from https://commons.wikimedia.org

$wgUseInstantCommons = false;

# Periodically send a pingback to https://www.mediawiki.org/ with basic data

# about this MediaWiki instance. The Wikimedia Foundation shares this data

# with MediaWiki developers to help guide future development efforts.

$wgPingback = false;

# Site language code, should be one of the list in ./includes/languages/data/Names.php

$wgLanguageCode = "en";

# Time zone

$wgLocaltimezone = "UTC";

## Set $wgCacheDirectory to a writable directory on the web server

## to make your wiki go slightly faster. The directory should not

## be publicly accessible from the web.

#$wgCacheDirectory = "$IP/cache";

$wgSecretKey = "3f3c74223135b08da57eeffcc1fae44b00656ec470ff2b2abfc8b8286f82aa53";

# Changing this will log out all existing sessions.

$wgAuthenticationTokenVersion = "";

# Site upgrade key. Must be set to a string (default provided) to turn on the

# web installer while LocalSettings.php is in place

$wgUpgradeKey = "f697fe884146d13d";

## For attaching licensing metadata to pages, and displaying an

## appropriate copyright notice / icon. GNU Free Documentation

## License and Creative Commons licenses are supported so far.

$wgRightsPage = ""; # Set to the title of a wiki page that describes your license/copyright

$wgRightsUrl = "";

$wgRightsText = "";

$wgRightsIcon = "";

# Path to the GNU diff3 utility. Used for conflict resolution.

$wgDiff3 = "";

# The following permissions were set based on your choice in the installer

$wgGroupPermissions['*']['createaccount'] = false;

$wgGroupPermissions['*']['edit'] = false;

## Default skin: you can change the default skin. Use the internal symbolic

## names, e.g. 'vector' or 'monobook':

$wgDefaultSkin = "timeless";

# Enabled skins.

# The following skins were automatically enabled:

wfLoadSkin( 'Timeless' );

# Enabled extensions. Most of the extensions are enabled by adding

# wfLoadExtension( 'ExtensionName' );

# to LocalSettings.php. Check specific extension documentation for more details.

# The following extensions were automatically enabled:

wfLoadExtension( 'CategoryTree' );

wfLoadExtension( 'Cite' );

wfLoadExtension( 'CiteThisPage' );

wfLoadExtension( 'CodeEditor' );

wfLoadExtension( 'Echo' );

wfLoadExtension( 'InputBox' );

wfLoadExtension( 'Nuke' );

wfLoadExtension( 'ParserFunctions' );

wfLoadExtension( 'ReplaceText' );

wfLoadExtension( 'WikiEditor' );

wfLoadExtension( 'CSS' );

# End of automatically generated settings.

# Add more configuration options below.

# Enable LDAPProvider extension

wfLoadExtension( 'LDAPProvider' );

wfLoadExtension( 'LDAPAuthentication2' );

//wfLoadExtension( 'LDAPAuthorization' );

//wfLoadExtension( 'Lockdown' );

# Configure LDAP settings

$LDAPProviderDomainConfigs = "$IP/extensions/LDAPProvider/ldapprovider.json";

$LDAPProviderPreSearchUsernameModifierRegistry['strtolower'] = function (&$username) {

    $username = strtolower($username);

};

$wgLDAPProvider['CacheType'] = 'internal';

$wgLDAPProvider['CacheTime'] = 3600; // Cache LDAP queries for 1 hour

# LDAPAuthentication2 configuration

$LDAPAuthentication2AllowLocalLogin = false;

$LDAPAuthentication2UsernameNormalizer = 'strtolower';

$wgLDAPAuthentication2['authentication']['usernameattribute'] = 'samaccountName'; //Attribute in LDAP containing the username

************************


{

"raaric.org": {

"connection": {

"server": "XXX",

"port": "XXX",

"use-tls": "true",

"user": "CN=mediawiki,OU=XXX,DC=XXX,DC=XXX",

"pass": "XXX",

"enctype": "ssl",

"options": {

"LDAP_OPT_DEREF": 1

},

"basedn": "dc=XXX,dc=XXX",

"userbasedn": "dc=XXX,dc=XXX",

"groupbasedn": "dc=XXX,dc=XXX",

"searchattribute": "samaccountname",

"usernameattribute": "samaccountname",

"realnameattribute": "displayName",

"emailattribute": "mail",

"grouprequest": "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\UserMemberOf::factory",

"presearchusernamemodifiers": [ "strtolower" ]

}

}

}

Osnard (talkcontribs)

FIRST, i'd like to know which extensions would best support the following: after authenticating to LDAP/active directory, i want permissions set where certain users only have access to certain pages in the wiki

For basic authentication, you need Extension:LDAPAuthentication2. If you want to restrict login to users of certain LDAP groups you need Extension:LDAPAuthorization. Permissions in MediaWiki are assigned to usergroups, not to particular users. Therefore if you want to set up some permissions, you'll most likely want to use Extension:LDAPGroups for sychronization of LDAP groups into the wiki. Hope that helps.

Regarding the error 500: The JSON file and the PHP settings file look good. There must be something in the error logs. only this can give you a clue about what's wrong.

Just a hint: Windows Server 2016 is no longer maintained. Consider migrating your application to a more up to date environment.

Wikiphpnoob (talkcontribs)

thanks @Osnard for the update. i have since moved beyond previous issues. for the time being, i'm stuck with windows server 2016 trying to make do.

i have LDAPAuthentication2 3.0.0-alpha, LDAPAuthentication 3.0.0-alpha, LDAPGroups 3.0.0-alpha, LDAPProvider 3.0.0-alpha, LDAPUserInfo 3.0.0-alpha, PluggableAuth 7.1.0

right now i'm having issue authenticating using LDAP, i can use an internal mediawiki admin account, but once $wgPluggableAuth_EnableLocalLogin = false, and i Log in, instant "The supplied credentials could not be authenticated." log in prompts are never provided.

getting [authentication] Login failed in primary authentication because no provider accepted

Osnard (talkcontribs)

Have you tried the CLI tools like extensions/LDAPProvider/maintenance/CheckLogin.php?

Wikiphpnoob (talkcontribs)

thank you thank you @Osnard, your suggestion was very helpful, but i still immediately get to the "The supplied credentials could not be authenticated" without even showing prompts to enter username/password and i find a log that shows :

[authentication] Login failed in primary authentication because no provider accepted

it appears to look locally in mediawiki, and not reach out using ldap.

this is my LocalSettings:

# Safe IP or not (for bypassing external login via AD)

$safeIPs = array('10.0.0.0', '10.255.255.255'); // Replace with your desired range

$ipsVars = array('HTTP_X_FORWARDED_FOR', 'HTTP_X_REAL_IP', 'REMOTE_ADDR');

foreach ($ipsVars as $ipsVar) {

    if (isset($_SERVER[$ipsVar]) && mb_strlen($_SERVER[$ipsVar]) > 3 ) {

        $wikiRequestIP = $_SERVER[$ipsVar];

        break;

    }

}

$wikiRequestSafe = (isset($wikiRequestIP) && (in_array($wikiRequestIP, $safeIPs)));

# Load LDAP Config from JSON

$ldapJsonFile = dirname(__FILE__) . "/extensions/LDAPProvider/ldapprovider.json";

$ldapConfig = false;

if (is_file($ldapJsonFile)) {

    $testJson = @json_decode(file_get_contents($ldapJsonFile), true);

    if (is_array($testJson)) {

        $ldapConfig = true;

    } else {

        error_log("Found invalid JSON in file: $ldapJsonFile");

    }

}

# Activate extensions

if ($ldapConfig) {

    wfLoadExtension( 'LDAPProvider' );

    wfLoadExtension( 'LDAPAuthentication2' );

    wfLoadExtension( 'LDAPAuthorization' );

    wfLoadExtension( 'LDAPGroups');

    wfLoadExtension( 'LDAPUserInfo');

    wfLoadExtension( 'PluggableAuth' );

    $wgDebugLogGroups['PluggableAuth'] = 'C:\\Windows\\Temp\\PLUG.log';

    $wgDebugLogGroups['LDAP'] = 'C:\\Windows\\Temp\\LDAP.log';

    $wgDebugLogGroups['MediaWiki\\Extension\\LDAPProvider\\Client'] = 'C:\\Windows\\Temp\\LDprov.log';

    $wgDebugLogGroups['LDAPGroups'] = 'C:\\Windows\\Temp\\LDgrp.log';

    $wgDebugLogGroups['LDAPUserInfo'] = 'C:\\Windows\\Temp\\LDui.log';

    $wgDebugLogGroups['LDAPAuthorization'] = 'C:\\Windows\\Temp\\LDAPauthor.log';

    $wgDebugLogFile = 'C:\\Windows\\Temp\\wikidbg.log';

    $LDAPProviderDomainConfigs = $ldapJsonFile;

    $LDAPProviderPreSearchUsernameModifierRegistry = [

        'strtolower' => function () {

        return \MediaWiki\Extension\LDAPProvider\PreSearchUsernameModifier\ToLower::newInstance();

        },

        'removespaces' => function () {

        return \MediaWiki\Extension\LDAPProvider\PreSearchUsernameModifier\RemoveSpaces::newInstance();

        }

    ];

    $wgLDAPProvider['CacheType'] = 'CACHE_NONE'; //internal when not debugging

    $wgLDAPProvider['CacheTime'] = 3600; // Cache LDAP queries for 1 hour

    # LDAPAuthentication2 configuration

    $LDAPAuthentication2AllowLocalLogin = true;

    $LDAPAuthentication2UsernameNormalizer = 'strtolower';

    $wgLDAPAuthentication2['authentication']['usernameattribute'] = 'samaccountName'; //Attribute in LDAP containing the username

    # Configure PluggableAuth settings

    $wgPluggableAuth_EnableAutoLogin = false;

    $wgPluggableAuth_EnableLocalLogin = false;

    $wgPluggableAuth_EnableLocalProperties = false;

    $wgPluggableAuth_EnableFastLogout = true;

    $wgPluggableAuth_Config = [

        "My LDAP Login" => [

            'plugin' => 'PluggableAuth',

            'data' => [

                'server' => 'ldap://acme.org', // LDAP server hostname or IP address

                'port' => 389, // LDAP server port

                'basedn' => 'dc=acme,dc=org', // Base DN for LDAP searches

                'groupbasedn' => 'dc=acme,dc=org', // Base DN for LDAP groups

                'userbasedn' => 'dc=acme,dc=org', // Base DN for LDAP users

                'usersearch' => '(samaccountName=media wiki)', // LDAP search filter for users

                'groupsearch' => '(member=$dn)', // LDAP search filter for groups

                'options' => [

                    LDAP_OPT_DEREF => 1, // LDAP options

                ],

            ],

            'groupsyncs' => [

                [

                    'type' => 'mapped',

                    'map' => [

                        'information_technology' => ['groups' => 'Information Technology'],

                        'human_resources' => ['groups' => 'Human Resournces']

                    ]

                ],

            ],

        ],

    ];

    $LDAPGroupsSyncMechanismRegistry = [

        'mappedgroups' => 'MediaWiki\\Extension\\LDAPGroups\\SyncMechanism\\MappedGroups::factory'

    ];

} // end to activate extensions


any advice or questions to make my issue make more sense?

Osnard (talkcontribs)

Looks like you may have mixed $wgPluggableAuth_Config from Extension:PluggableAuth#Configuration and $LDAPProviderDomainConfigs from Extension:LDAPProvider#Static_JSON_file.

Just put all what you currently have in 'data' into the domain configs and reference only the domain in 'data'

$wgPluggableAuth_Config = [
        "My LDAP Login" => [
            'plugin' => 'PluggableAuth',
            'data' => [
                    'domain' => '<domain-specified-in-domainconfigs>
            ]
];

And e.g. ldapprovider.json with

{
	"<domain-specified-in-domainconfigs>": {
		"connection": {
			"server": "...",
            ...
Wikiphpnoob (talkcontribs)

@Osnard eternally grateful for the assist, i see you are busy around here...

getting ...

[error] [d06bae5a95d5d9585f8e5074] /raaemsitwiki/mediawiki-1.41.0/index.php?title=Special:UserLogin&returnto=Main+Page PHP Deprecated: Creation of dynamic property MediaWiki\Extension\PluggableAuth\BeginAuthenticationRequest::$password is deprecated

[error] [d06bae5a95d5d9585f8e5074] /raaemsitwiki/mediawiki-1.41.0/index.php?title=Special:UserLogin&returnto=Main+Page PHP Deprecated: Creation of dynamic property MediaWiki\Extension\PluggableAuth\BeginAuthenticationRequest::$pluggableauthlogin0 is deprecated

Deprecated: Creation of dynamic property MediaWiki\Extension\PluggableAuth\BeginAuthenticationRequest::$pluggableauthlogin0 is deprecated in C:\inetpub\wwwroot\raaemsitwiki\mediawiki-1.41.0\includes\session\Session.php on line 576

Deprecated: Creation of dynamic property MediaWiki\Extension\PluggableAuth\BeginAuthenticationRequest::$password is deprecated in C:\inetpub\wwwroot\raaemsitwiki\mediawiki-1.41.0\includes\session\Session.php on line 576

Deprecated: Creation of dynamic property MediaWiki\Extension\PluggableAuth\BeginAuthenticationRequest::$pluggableauthlogin0 is deprecated in C:\inetpub\wwwroot\raaemsitwiki\mediawiki-1.41.0\includes\session\Session.php on line 576

LOCALSETTINGS...

# Safe IP or not (for bypassing external login via AD)

$safeIPs = array('10.0.0.0', '10.255.255.255'); // Replace with your desired range

$ipsVars = array('HTTP_X_FORWARDED_FOR', 'HTTP_X_REAL_IP', 'REMOTE_ADDR');

foreach ($ipsVars as $ipsVar) {

    if (isset($_SERVER[$ipsVar]) && mb_strlen($_SERVER[$ipsVar]) > 3 ) {

        $wikiRequestIP = $_SERVER[$ipsVar];

        break;

    }

}

$wikiRequestSafe = (isset($wikiRequestIP) && (in_array($wikiRequestIP, $safeIPs)));

# Load LDAP Config from JSON

$ldapJsonFile = dirname(__FILE__) . "/extensions/LDAPProvider/ldapprovider.json";

$ldapConfig = false;

if (is_file($ldapJsonFile)) {

    $testJson = @json_decode(file_get_contents($ldapJsonFile), true);

    if (is_array($testJson)) {

        $ldapConfig = true;

    } else {

        error_log("Found invalid JSON in file: $ldapJsonFile");

    }

}

# Activate extensions

if ($ldapConfig) {

    wfLoadExtension( 'LDAPProvider' );

    wfLoadExtension( 'LDAPAuthentication2' );

    wfLoadExtension( 'LDAPAuthorization' );

    wfLoadExtension( 'LDAPGroups');

    wfLoadExtension( 'LDAPUserInfo');

    wfLoadExtension( 'PluggableAuth' );

    $wgDebugLogGroups['PluggableAuth'] = 'C:\\Windows\\Temp\\PLUG.log';

    $wgDebugLogGroups['LDAP'] = 'C:\\Windows\\Temp\\LDAP.log';

    $wgDebugLogGroups['MediaWiki\\Extension\\LDAPProvider\\Client'] = 'C:\\Windows\\Temp\\LDprov.log';

    $wgDebugLogGroups['LDAPGroups'] = 'C:\\Windows\\Temp\\LDgrp.log';

    $wgDebugLogGroups['LDAPUserInfo'] = 'C:\\Windows\\Temp\\LDui.log';

    $wgDebugLogGroups['LDAPAuthorization'] = 'C:\\Windows\\Temp\\LDAPauthor.log';

    $wgDebugLogFile = 'C:\\Windows\\Temp\\wikidbg.log';

    $LDAPProviderDomainConfigs = $ldapJsonFile;

   

    $LDAPProviderPreSearchUsernameModifierRegistry = [

        'strtolower' => function () {

        return \MediaWiki\Extension\LDAPProvider\PreSearchUsernameModifier\ToLower::newInstance();

        },

        'removespaces' => function () {

        return \MediaWiki\Extension\LDAPProvider\PreSearchUsernameModifier\RemoveSpaces::newInstance();

        }

    ];

    $wgLDAPProvider['CacheType'] = 'CACHE_NONE'; //internal when not debugging

    $wgLDAPProvider['CacheTime'] = 3600; // Cache LDAP queries for 1 hour

    # LDAPAuthentication2 configuration

    $LDAPAuthentication2AllowLocalLogin = true;

    $LDAPAuthentication2UsernameNormalizer = 'strtolower';   

    $wgLDAPAuthentication2['authentication']['usernameattribute'] = 'samaccountName'; //Attribute in LDAP containing the username

    # Configure PluggableAuth settings

    $wgPluggableAuth_EnableAutoLogin = false;

    $wgPluggableAuth_EnableLocalLogin = true;

    $wgPluggableAuth_EnableLocalProperties = false;

    $wgPluggableAuth_EnableFastLogout = true;

    $wgPluggableAuth_Config = [

        "My LDAP Login" => [

            'plugin' => 'LDAPAuthentication2',

            'data' => [

                    'domain' => 'acme.org'

            ]

        ]

    ];

    $LDAPGroupsSyncMechanismRegistry = [

        'mappedgroups' => 'MediaWiki\\Extension\\LDAPGroups\\SyncMechanism\\MappedGroups::factory'

    ];

} // end to activate extensions

LDAPPROVIDER.JSON

{

"acme.org": {

"connection": {

"server": "acme.org",

"port": 389,

"use-tls": "true",

"user": "media wiki",

"pass": "XXX",

"options": {

"LDAP_OPT_DEREF": 1

},

"basedn": "dc=acme,dc=org",

"userbasedn": "dc=acme,dc=org",

"groupbasedn": "dc=acme,dc=org",

"searchattribute": "samaccountname",

"usernameattribute": "samaccountname",

"realnameattribute": "cn",

"grouprequest": "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\UserMemberOf::factory",

"presearchusernamemodifiers": [ "strtolower" ]

},

"authorization": {

"rules": {

"groups": {

"required": [

"CN=Information Technology,OU=GROUPS,DC=ACME,DC=ORG",

"CN=Human Resources,OU=GROUPS,DC=ACME,DC=ORG"

]

}

}

},

"groupsync": {

"mechanism": "mappedgroups",

"mapping": {

"information_technology": "CN=Information Technology,OU=GROUPS,DC=acme,DC=ORG",

"human_resources": "CN=Human Resources,OU=GROUPS,DC=acme,DC=ORG"

}

},

"userinfo": {

"realname": "displayName"

}

}

}

Osnard (talkcontribs)

Well, die messages from above are only "deprecation warnings". Nothing that should break things. If those are actually visible in your browser, you should diable show_errors in your php.ini. Also consider adding ~E_USER_DEPRECATED to the list of your display_errors setting.

Wikiphpnoob (talkcontribs)

ty again @Osnard

i can get checklogin,php and showuserinfo.php to succeed. but CheckConnection keeps giving :

MWException from line 236 of C:\inetpub\wwwroot\raaemsitwiki\mediawiki-1.41.0\extensions\LDAPProvider\src\Client.php: Error in LDAP search: Bad search filter

#0 C:\inetpub\wwwroot\raaemsitwiki\mediawiki-1.41.0\extensions\LDAPProvider\maintenance\CheckConnection.php(40): MediaWiki\Extension\LDAPProvider\Client->search()
#1 C:\inetpub\wwwroot\raaemsitwiki\mediawiki-1.41.0\maintenance\includes\MaintenanceRunner.php(703): MediaWiki\Extension\LDAPProvider\Maintenance\CheckConnection->execute()
#2 C:\inetpub\wwwroot\raaemsitwiki\mediawiki-1.41.0\maintenance\doMaintenance.php(100): MediaWiki\Maintenance\MaintenanceRunner->run()
#3 C:\inetpub\wwwroot\raaemsitwiki\mediawiki-1.41.0\extensions\LDAPProvider\maintenance\CheckConnection.php(72): require_once('...')
#4 {main}

and i'm having a hard time finding in the json where it may be hanging up:

{
    "acme.org": {
        "connection": {
            "server": "acme.ORG",
            "port": 389,
            "enctype": "clear",
            "user": "CN=media wiki,OU=user accounts,DC=acme,DC=ORG",
            "pass": "XXX",
            "options": {
                "LDAP_OPT_DEREF": 1
            },
            "basedn": "dc=acme,dc=org",
            "userbasedn": "dc=acme,dc=org",
            "groupbasedn": "dc=acme,dc=org",
            "searchattribute": "samaccountname",
            "usernameattribute": "samaccountname",
            "realnameattribute": "cn",
            "grouprequest": "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\UserMemberOf::factory",
            "presearchusernamemodifiers": [
                "strtolower"
            ]
        },
        "authorization": {
            "rules": {
                "groups": {
                    "required": [
                        "CN=Information Technology,OU=GROUPS,DC=acme,DC=ORG",
                        "CN=Human Resources,OU=GROUPS,DC=acme,DC=ORG"
                    ]
                }
            }
        },
        "groupsync": {
            "mechanism": "mappedgroups",
            "mapping": {
                "information_technology": "CN=Information Technology,OU=GROUPS,DC=acme,DC=ORG",
                "human_resources": "CN=Human Resources,OU=GROUPS,DC=acme,DC=ORG"
            }
        },
        "userinfo": {
            "realname": "displayName"
        }
    }
}

Also, when attempting to log in from the wiki site with the ldap binding account, i get "could not authenticate credentials against domain"

and when i try my AD log in, i get "incorrect username or password entered"

logs show no attempt made against LDAP when using anything other that the LDAP binding account

Osnard (talkcontribs)

Error in LDAP search: Bad search filter is odd. I believe we hat it here on the talk pages already, please do some search. Also you can enable debug logging, so we can find the root cause.

Wikiphpnoob (talkcontribs)

@Osnard

CheckConnection debug log shows :

Start command line script CheckConnection.php

[session] SessionManager using store SqlBagOStuff

[localisation] LocalisationCache using store LCStoreDB

[objectcache] MainWANObjectCache using store EmptyBagOStuff

[LDAPProvider] Setting LDAP_OPT_PROTOCOL_VERSION to 3

[LDAPProvider] Setting LDAP_OPT_REFERRALS to 0

[LDAPProvider] Setting LDAP_OPT_DEREF to 1

Wikiphpnoob (talkcontribs)

hello @Osnard

when attempting to authenticate with a local AD account, i get the following:

Could not authenticate credentials against domain "acme.org"

I run ShowUserInfo and CheckConnection using the same local AD account and both run successfully

as you can see below, i've tried to play around with little settings here and there in the .json:

"acme.org": {

"connection": {

"server": "IP address",

"port": 389,

"enctype": "clear",

"user": "CN=media wiki,OU=Managed Service Accounts,DC=ACME,DC=ORG",

"pass": "XXX",

"options": {

"LDAP_OPT_DEREF": 1

},

"basedn": "DC=RAARIC,DC=ORG",

"userbasedn": "OU=RAA Users,DC=ACME,DC=ORG",

"groupbasedn": "OU=GROUPS,DC=ACME,DC=ORG",

"usersearch": "samaccountname",

"groupsearch": "$dn",

"searchattribute": "samaccountname",

"usernameattribute": "samaccountname",

"realnameattribute": "cn",

"grouprequest": "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\UserMemberOf::factory",

"presearchusernamemodifiers": [ "lowercase" ],

"searchstring": "samaccountname"

},

"authorization": {

"rules": {

"groups": {

"required": [

"CN=Information Technology,OU=GROUPS,DC=ACME,DC=ORG",

"CN=Human Resources,OU=GROUPS,DC=ACME,DC=ORG"

]

}

}

},

"groupsync": {

"mechanism": "mappedgroups",

"mapping": {

"information_technology": "CN=Information Technology,OU=GROUPS,DC=ACME,DC=ORG",

"human_resources": "CN=Human Resources,OU=GROUPS,DC=ACME,DC=ORG"

}

},

"userinfo": {

"realname": "samaccountname"

}

}

}

any ideas where i need to look? what i need to edit/refactor? any further questions to help you in helping me?

Populate the ldap_domains database

8
GregANICO (talkcontribs)
GregANICO (talkcontribs)

I am running MediaWiki 1.39 with LDAPAuthentication2: REL1_39 and PluggableAuth: REL1_39. For some reason it seems my database table is empty for ldap_domains:

MariaDB [redacted_wikidb]> SELECT * FROM `ldap_domains`;

Empty set (0.000 sec)


I have ran the maintance/update.php and it doesn't populate that table. Any way I can populate it by hand to get this to work?

Thanks,

Greg

Osnard (talkcontribs)

It will populate itself, when the users log in.

GregANICO (talkcontribs)

That must not be the issue then. When I go to login to the site with my domain credentials I get the following error message: Please choose a valid domain

GregANICO (talkcontribs)

This is what I see

Error that I get
Osnard (talkcontribs)

Can you please share the $wgPluggableAuth_Config setting?

GregANICO (talkcontribs)

Sure, here it is I placed DOMAIN and subdomain.domain just on here for security purpose but left them case sensitive as they are in the configuration:

$wgPluggableAuth_Config['Log In (DOMAIN)'] = [

    'plugin' => 'LDAPAuthentication2',

    'data' => [

        'domain' => 'subdomain.domain.com'

    ]

];

Osnard (talkcontribs)

And subdomain.domain.com is configured in Extension:LDAPProviders "domain config"?

Do CLI tools like extensions/LDAPProvider/maintenance/CheckLogin.php work?

Reply to "Populate the ldap_domains database"

MediaWiki version >1.35

4
Issiegainsley (talkcontribs)

Has anyone got LDAP login to work on a mediawiki install later than 1.35?

Osnard (talkcontribs)

Yes, MediaWiki 1.39 works very well. But also other version should work

Issiegainsley (talkcontribs)

I have downloaded 1.39 and installed in on MediaWiki 1.39.6 and it fails. I have ran composer in the LDAP folder. I have installed:

PluggableAuth for 1.39.

LDAPProvider for 1.39.

Any suggestions?

I can log in locally. But when I log in with a domain, I get this error:

[3a3fdccb6706559f14f51d46] 2024-02-02 15:32:31: Fatal exception of type "Wikimedia\Rdbms\DBQueryError"

Once I put the following code in my localsettings file it worked. ????

$wgDebugLogGroups['LDAPAuthorization'] = '/log/LDAP.log';


These are the errors I get in the log file.

2024-02-02 17:23:38 MSPM1BAPPD1117 my_wiki: Getting PluggableAuth instance

2024-02-02 17:23:38 MSPM1BAPPD1117 my_wiki: Could not get authentication plugin instance.


I GUESS IT IS WORKING?

Osnard (talkcontribs)

Can you please share how $wgPluggableAuth_Config is set up?

Reply to "MediaWiki version >1.35"

SSO not working using LDAPAuthentication2

8
Testergt1302 (talkcontribs)

Hi,

We had MW 1.35 in Prod and SSO was working when using extension LDAPAuthentication. But when we upgraded to MW 1.39, we are advised to use extension LDAPAuthentication2 with LDAPProvider & PluggableAuth. But the SSO is not working with this Formbased solution.

Please let us know how can we achieve SSO with this form based approach?


Thanks,

GT

Osnard (talkcontribs)
Testergt1302 (talkcontribs)

Ok, we are currently using this one only. If the user id is present in wiki DB, the extension allows user to access wiki. But noticed that, new user acc is being created in wiki DB only with the user name. Email id and other things are not added in the user table. For existing users I can see email id and other details since it was done by LDAP extension.

Not sure if this will be a problem in the future if we plan to move to other SSO method like SAML.

Osnard (talkcontribs)

If you use Auth_remoteuser for SSO you can use extensions LDAPProvider, LDAPGroups and LDAPUserInfo in addition to do the synchronization of "realname", "e-mail" and "group assignments" after the SSO has happened.

If you switch to Extension:SimpleSAMLphp or Extension:OpenIDConnect all those things will be implicitly be handled in the SSO process.

Testergt1302 (talkcontribs)

We had some challenges in the networking and AD side while configuring the SAML SSO, this may take some time to setup. Meanwhile we have to use the AuthRemoteUser.


By the way, I tried installing extensions LDAPProvider, LDAPGroups and LDAPUserInfo in wiki. But not sure if it is able to do the synchronization. Is there any special setting/variable to do the sync in backend ?

Osnard (talkcontribs)
Testergt1302 (talkcontribs)

Hi Osnard,

I think I have done this. I can see these lines in the logs:

"wiki: Set 'realname' with raw value <My Full Name>"

But there is another problem here. Now I am not able to do upload while editing page. There is upload dialog which we use to upload files directly from editing a page inserting it into the page. This was easier than going to upload page, upload file there, then edit page embed it.

Now if I try to upload in edit page, it shows: You dont have permission to upload this file.

Tried to allow upload for all by setting: $wgGroupPermissions['*']['upload'] = true;

but then it says: You must be logged in to upload file.

Does this mean that I am still not logged in. Then how I can access our private wiki, edit pages and do all other things there ?

I dont understand this behavior..

Can please you help here ?

Thanks- GT

Osnard (talkcontribs)

Can you please check the following things:

  1. Are session cookies included in the Upload-API call? Use the "network" panel in the browser development tools (F12) to check this.
  2. Is Kerberos authentication enabled in conext of the api.php entrypoint? Look into the LDAP releated logs when the API endpoint gets called.
Reply to "SSO not working using LDAPAuthentication2"

Kerberos/SSO could not established for Mediawiki v1.39.4

2
202.91.136.46 (talkcontribs)

we have configured following extensions to enable auth from the LDAP/AD/Kerberos.

And we are able to connect LDAP server and get authenticated and authorized for all AD users. But, still SSO is not working for below extension configuration. any help appreciated.

wfLoadExtension( 'LDAPProvider' );

wfLoadExtension( 'PluggableAuth' );

wfLoadExtension( 'LDAPAuthentication2' );

wfLoadExtension( 'LDAPAuthorization' );

Osnard (talkcontribs)
Reply to "Kerberos/SSO could not established for Mediawiki v1.39.4"

The user cannot be authenticated

10
189.9.13.89 (talkcontribs)

Hi! I've been having some problems while trying to make AD ldap authentication in my 1.39 version mediaWiki. I did fix a lot congrats to Cindy. But now i have this little problem. When i try to login it returns to me that the user cannot be authenticated. I checked the configuration files, php, LDAP connection, fixed some issues, but that problem still there. May someone help me? In the logs i'd not get some resourceful information, but i'm trying to collect more data. Thanks!

Osnard (talkcontribs)

Which logs are you looking at? LDAP logs should give you all information you need.

2804:14C:658F:8EAA:BDFC:E27E:C859:12F7 (talkcontribs)

When i set mediawii them up they just don't work, just the db queries work

2804:14C:658F:8EAA:BDFC:E27E:C859:12F7 (talkcontribs)

php extensions/LDAPProvider/maintenance/ShowUserInfo.php --domain YourDomain --username SomeUser php extensions/LDAPProvider/maintenance/ShowUserGroups.php --domain YourDomain --username SomeUser php extensions/LDAPProvider/maintenance/CheckLogin.php --domain YourDomain --username SomeUser


These tests works fine

Osnard (talkcontribs)

Can you give me some more insight into the configuration? Have you enabled additional extensions?

2804:14C:658F:8EAA:D54F:4EC2:2B64:DDAB (talkcontribs)
2804:14C:658F:8EAA:D54F:4EC2:2B64:DDAB (talkcontribs)

2023-09-21 19:01:47 servername wiki: In execute()

2023-09-21 19:01:47 servername wiki: Getting PluggableAuth instance

2023-09-21 19:01:47 servername wiki: Plugin name: LDAPAuthentication2

2023-09-21 19:01:48 servername wiki: Try to authenticate user: user

2023-09-21 19:01:48 servername wiki: Not local login. Checking LDAP...

2023-09-21 19:01:48 servername wiki: LDAP domain: my.domain

2023-09-21 19:01:48 servername wiki: Username not found in user info provided by LDAP!Please check LDAP domain configuration. Specifically usernameattribute

2023-09-21 19:01:48 servername wiki: LDAP user info results for user user: Array

(

    [cn] => user

    [sn] => user

    [givenname] => user

    [distinguishedname] => CN=user,OU=Users,DC=my,DC=domain

    [displayname] => user

    [memberof] => CN=user_wiki,OU=Groups,DC=my,DC=domain

    [name] => user

    [samaccountname] => user

    [userprincipalname] => user@my.domain

    [objectcategory] => CN=Person,CN=Schema,CN=Configuration,DC=my,DC=domain

    [dn] => CN=user,OU=Users,DC=my,DC=domain

)

2023-09-21 19:01:48 servername wiki: Authentication failure.

2804:14C:658F:8EAA:D54F:4EC2:2B64:DDAB (talkcontribs)

that's the error

2804:14C:658F:8EAA:D54F:4EC2:2B64:DDAB (talkcontribs)

I've got it! Actualli in the ldap.json file, in usernameattribute, i had to put a different value than "samaccountname", it was just "name". Thank you a lot for the support!

2804:14C:658F:8EAA:D54F:4EC2:2B64:DDAB (talkcontribs)

That information i've got in that part of the ad search return [name] => user, if someone's facing the same problem, i suggest to do that, watch the ad's return and match with the ldap.json file.

Reply to "The user cannot be authenticated"
Return to "LDAPAuthentication2" page.