Topic on Extension talk:LdapAuth/Configuration

OpenLDAP - Incorrect username or password

1
173.150.79.116 (talkcontribs)

I am not using AD, only one LDAP server (Openldap) on debian, connecting to the localhost with no encryption. The debug log is reporting:

[authentication] Attempting to bind to LDAP for search with DN "cn=ro_admin,dc=domain,dc=com@domain.com".

[authentication] Bound successfully.

[authentication] Incorrect username or password entered.

Please try again.

[authentication] Invalid DN syntax

[GlobalTitleFail] MessageCache::parse called by Shanept\LdapAuth\Exceptions\ConnectionException->__construct/Exception->__construct/Message->__toString/Message->toString/Message->parseText/MessageCache->parse with no title set.

[authentication] Login failed in primary authentication by Shanept\LdapAuth\Auth\PrimaryAuthenticationProvider

[session] SessionBackend "utel4av22kqlfkdnt9ss4ib5gfmg8psv" data dirty due to dirty(): AuthManagerSpecialPage->performAuthenticationStep/MediaWiki\Auth\AuthManager->beginAuthentication/MediaWiki\Auth\AuthManager->continueAuthentication/$

[session] SessionBackend "utel4av22kqlfkdnt9ss4ib5gfmg8psv" save: dataDirty=1 metaDirty=0 forcePersist=0

[authevents] Login attempt


Obviously, I am not using domain.com - I replaced it above from the log, and ro_admin is my read-only account. My OpenLDAP will refuse any bind attempts with the @domain.com added to the end, so I am curious if this extension will not work properly in this environment? I can successfully bind to the server and perform all kinds of queries using LDAP Admin, but this is the consistent debug message in LdapAuth. The 'Invalid DN syntax' message is drawing me to this extension trying to add the @domain.com to the end. If I try connecting using LDAP Admin with user@domain.com, I receive 'Invalid DN syntax' as the error message.


My Config:

wfLoadExtension( 'LdapAuth' );

$wgLdapAuthDomainNames = 'domain.com';

$wgLdapAuthRequireDomain = false;

$wgLdapAuthServers = 'localhost';

$wgLdapAuthBindDN = 'cn=ro_admin,dc=domain,dc=com';

$wgLdapAuthBindPass = 'password';

$wgLdapAuthBaseDN = 'dc=domain,dc=com';

$wgLdapAuthSearchFilter = '(&(objectClass=posixAccount)(uid=%1$s))';

$wgLdapAuthUsernameField = 'uid';

$wgLdapAuthIsActiveDirectory = false;


I have done it with and without the $wgLdapAuthUsernameField and $wgLdapAuthIsActiveDirectory variables set, no luck either way / any combination.

Will this extension work successfully with a non AD server? I have limited experience with LDAP, but I don't recall seeing the use of @ symbols in LDAP authentication outside of AD. Suggestions on what could be causing the issues here?

Thanks!

Reply to "OpenLDAP - Incorrect username or password"