Topic on Extension talk:LdapAuth/Configuration

Greetings,

I'm trying to configure LdapAuth with FreeIPA Ldap. So far My configuration does not allow me to login. If I try to login with a valid user/password I get an "incorrect login/password" error from mediawiki. According to tcpdump the bind has success, so I do not know what is the problem.

My guess is about the LdapAuthDomainNames which accept only domain in "Microsoft Active Directory" format, instead of full ldap format.

This is my configuration:

wfLoadExtension( 'LdapAuth' );

#$wgLdapAuthDomainNames = 'uid={0},cn=users,cn=accounts,dc=ipa,dc=company,dc=it';

$wgLdapAuthDomainNames = 'IPA.company.IT';

$wgLdapAuthServers = 'freeipa.company.it';

$wgLdapAuthBindDN = 'uid=binduser,cn=users,cn=accounts,dc=ipa,dc=company,dc=it';

$wgLdapAuthBindPass = 'binduserpass';

$wgLdapAuthUseLocal = true;

Can you please help me out?

Try this config, It works for users in OU but I'm struggling with setting trhis against AD groups members

wfLoadExtension( 'LdapAuth' );

$wgLdapAuthDomainNames = 'example.local';

$wgLdapAuthServers = 'DC.example.LOCAL';

$wgLdapAuthBindDN = 'serviceaccountinAD@example.local';

$wgLdapAuthBindPass = 'Password';

$wgLdapAuthBaseDN = 'OU=Example Users,DC=example,DC=local';

$wgShowExceptionDetails = true;

Thank you for your suggestion, anyway I got the error "The use of this username and password has been forbidden." with this configuration... no errors in apache's logs

Solved the problem with the latest build.

Is it possible to do anonymous bind? My MediaWiki is within a trusted private network. I didn't need to use a BindDN for the earlier version of this extension.