Hi,
It seems that the following error is a common occurrence when someone tries to tie Mediawiki into an Active Directory domain: "The supplied credentials are not associated with any user on this wiki."
Osnard, as you know from a separate post in Extension talk:PluggableAuth, I was trying to get Mediawiki talking to a FreeIPA (Red Hat IdM) LDAP directory.
I still intend to reach out to someone with Red Hat or FreeIPA to help determine why there seems to be two "users" in the database associated with the same uid.
That said, my ultimate goal is to bind Media Wiki to an Active Directory (and use FreeIPA as a "proxy" of sorts).
In part of my troubleshooting, I decided to try to connect Mediawiki directly to AD without FreeIPA in the middle.
And that leads me to the error I'm currently getting, that "The supplied credentials are not associated with any user on this wiki."
If I enter in incorrect credentials, I confirm that there is a failure to authenticate.
I can confirm that I AM able to get correct output when I run:
php /var/www/html/extensions/LDAPProvider/maintenance/ShowUserInfo.php --domain LDAP --username {my-user}
My /etc/mediawiki/ldapprovider.json file contains the following:
"server": "10.10.10.10",
"user": "cn=bind_user,ou=MediaWiki,ou=Applications,ou=Foo,dc=example,dc=com",
"pass": "REDACTED",
"port":"389",
"enctype":"clear",
"basedn": "dc=example,dc=com",
"groupbasedn": "ou=Network Users,dc=example,dc=com",
"userbasedn": "ou=Network Users,dc=example,dc=com",
"searchattribute": "samaccountname",
"searchstring": "USER-NAME",
"usernameattribute": "samaccountname",
"realnameattribute": "cn",
"emailattribute": "mail"
My LocalSettings.php file contains:
wfLoadExtension( 'PluggableAuth' );
wfLoadExtension( 'LDAPProvider' );
wfLoadExtension( 'LDAPAuthentication2' );
wfLoadExtension( 'LDAPUserInfo' );
$LDAPProviderDomainConfigs = "/etc/mediawiki/ldapprovider.json";
$LDAPAuthentication2AllowLocalLogin = false;
I have the following versions:
- Mediawiki 1.34
- PluggableAuth-REL1_34
- LDAPUserInfo-REL1_31
- LDAPAuthentication2-master-2aa5664 (I've also tried LDAPAuthentication2-REL1_31)
- LDAPProvider-master-963bd84 (I've also tried LDAPProvider-REL1_31)
I'm not sure where to go from here.