Topic on Extension talk:LDAPProvider

Internal error: Parameter must be an array or an object that implements Countable

7
Kevin.murilo (talkcontribs)

Hello,


I'm not sure this is the correct place to post this, but based on the error, it seems to be the most appropriate, if I'm wrong please point me to the right place and I shall post my question there.


MediaWiki: 1.34.0

PHP: 7.3.22

MariaDB: 10.3.17

LDAPProvider: 1.0.5

PluggableAuth: 5.7

LDAPAuthentication2: 1.0.1


I'm implementing a local Wiki for my company and I'm having troubles with the LDAP configuration, the following error appears when debugging is enabled:


Warning: count(): Parameter must be an array or an object that implements Countable in /var/www/mediawiki/extensions/LDAPProvider/src/DomainConfigProvider/LocalJSONFile.php on line 53

[X2kKJjbSu3qH1fIln5ofhQAAABg] /index.php?title=Especial:Vers%C3%A3o MWException from line 54 of /var/www/mediawiki/extensions/LDAPProvider/src/DomainConfigProvider/LocalJSONFile.php: Could not parse configuration file '/var/www/mediawiki/ldap.json'!

Backtrace:

#0 /var/www/mediawiki/extensions/LDAPProvider/src/DomainConfigProvider/LocalJSONFile.php(73): MediaWiki\Extension\LDAPProvider\DomainConfigProvider\LocalJSONFile->__construct(string)

#1 [internal function]: MediaWiki\Extension\LDAPProvider\DomainConfigProvider\LocalJSONFile::newInstance(MediaWiki\Extension\LDAPProvider\Config)

#2 /var/www/mediawiki/extensions/LDAPProvider/src/DomainConfigFactory.php(106): call_user_func_array(string, array)

#3 /var/www/mediawiki/extensions/LDAPAuthentication2/src/Setup.php(12): MediaWiki\Extension\LDAPProvider\DomainConfigFactory::getInstance()

#4 /var/www/mediawiki/includes/Setup.php(906): MediaWiki\Extension\LDAPAuthentication2\Setup::init()

#5 /var/www/mediawiki/includes/WebStart.php(81): require_once(string)

#6 /var/www/mediawiki/index.php(41): require(string)

#7 {main}


My ldap.json is as follows:


{

   "LDAP": {

       "connection": {

           "server": "REDACTED.local",

           "port": "389",

           "enctype": "clear",

           "user": "REDACTED@REDACTED.local",

           "pass": "REDACTED",

           "options": {

               "LDAP_OPT_DEREF": 1

           },

           "basedn": "dc=REDACTED,dc=local",

           "userbasedn": "OU=Users,OU=REDACTED,DC=REDACTED,DC=local",

           "searchattribute": "sAMAccountName",

           "searchstring": "sAMAccountName=USER-NAME,dc=REDACTED,dc=local",

           "usernameattribute": "sAMAccountName",

           "realnameattribute": "displayName",

           "emailattribute": "mail"

       },

       "userinfo": {

           "attributes-map": {

               "email": "mail",

               "realname": "displayName",

               "nickname": "givenName"

           }

       }

   }

}


The "user" in the "connection" part of the JSON file was set to sAMAccountName=REDACTED,dc=REDACTED,dc=local but to no avail, as I keep getting the same error. Could someone point me in the right direction, please? Any help will be much appreciated :)

Osnard (talkcontribs)

The JSON format itself looks good. But the message clearly says Could not parse configuration file '/var/www/mediawiki/ldap.json'. So I'd guess that the webserver user is not allowed to access this file. By the way: Please do not put that file into a public available location (e.g. the MediaWiki installation directory). Is contains sensitive data any may be downloadable.

Kevin.murilo (talkcontribs)

I have changed the permission to 0777 and that didn't solve the problem, I've been trying different settings, but given I'm somewhat new to PHP and to webservers in general, I'm taking a bit of a beating, what I did realize is that disabling the LDAPAuthentication2 plugin by commenting these 3 lines


wfLoadExtension( 'LDAPAuthentication2' );

$LDAPAuthentication2AllowLocalLogin = true;

$LDAPAuthentication2UsernameNormalizer = "strtolower";


the Wiki works for local users, but uncommenting them makes it all break, even with $LDAPAuthentication2AllowLocalLogin = true; . I also don't know how to point to a JSON file located somewhere else, I apologize because it seems to be a very simple issue but I can't seem to be able to fix this. Thanks in advance :)

Osnard (talkcontribs)
Kevin.murilo (talkcontribs)

I rellocated the JSON file, gave it 0777 permissions but still, whenever I triy to load LDAPAuthentication2 it all breaks, I have followed the steps provided in the LDAP stack pages, but it seems like something is still misconfigured and I can't figure out what, are there any tips you could share to help make this work? Thanks for the help so far :D

Osnard (talkcontribs)
Kevin.murilo (talkcontribs)

I'm sorry for the late reply, I've been digging through forums and Wiki articles and managed to solve it about 3 days ago, everyone really liked the idea I presented and so my time has been dedicated almost fully to our internal Wiki, which has been a lot of fun.


The error I was being presented with was the same, sorry for not being more specific with the whole "it all breaks" thing, I was basically giving up at that point hahaha.


For future reference, maybe a lost soul finds this thread and has the same problem I had, here's what I did to fix it:

-followed Osnard's tips, first and foremost. Thank you for giving me some of your time to help me out.

-CHECK FOR SPELLING ERRORS!!! somewhere in there i wrote extemsions instead of extensions and computers really don't like mispelled file paths...or mispelled anything for that matter, so yeah, I triple checked everything.

-on the second line of my JSON file, LDAP is supposed to be mydomain.local (local in my specific case, might be com for you), that's just another lesson on spelling mistakes and also on reading the documentation thoroughly.

-after these steps (i knew it was a basic problem, I've been saying so all along hahaha), I solved the original problem of this thread, but was faced with the same problem mentioned here Topic:Vfhvfypotbtos8pt

-to solve this, keep in mind the JSON fields MUST be in all lower case letters, so instead of sAMAccountname you must use samaccountname and so on for all fields used by the JSON file.


What I felt is that the documentation, although it exists, is scarce and scattered, with bits of important information missing from the pages where they'd be most useful. I do not feel confident enough in my knowledge to edit them, as I feel I'd do more harm than good, so I'm pointing this out in hopes that someone more capable than me can make said edits.


Once again, Osnard, thanks for taking some time of your day to not only read but also answer my questions, I hope you have a great day :)