Hello,
i have upgraded our Mediawiki from 1.33.0 to the 1.35.6 Version.
After the upgrade, the new version of the Active Directory Integration was installed:
Manual:Active Directory Integration
Currently i have the following problem: Some User can perform an AD login, some not.
The access to the wiki is permited for the members of the AD group xxx-WIKI.
ldap.json (without security information):
{
"xxxxxxx": {
"connection": {
"server": "xxx-dc3.xxxxx-xxxxx.local",
"port": "389",
"user": "ldap_ro",
"pass": "top-secret",
"enctype": "clear",
"options": {
"LDAP_OPT_DEREF": 1
},
"basedn": "OU=MyBusiness,DC=xxxxx-xxxxx,DC=local",
"userbasedn": "OU=xxxxx-xxxxx,OU=MyBusiness,DC=xxxxx-xxxxx,DC=local",
"groupbasedn": "OU=MyBusiness,DC=xxxxx-xxxxx,DC=local",
"searchattribute": "samaccountname",
"usernameattribute": "samaccountname",
"realnameattribute": "cn",
"emailattribute": "mail",
"grouprequest": "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\UserMemberOf::factory",
"presearchusernamemodifiers": [ "spacestounderscores", "lowercase" ]
},
"userinfo": [],
"authorization": {
"rules": {
"groups": {
"required": ["CN=xxx-WIKI,OU=Security Groups,OU=MyBusiness,DC=xxxxx-xxxxx,DC=local"]
}
}
},
"groupsync": {
"mapping": {
"sysop": ["CN=xxx-WIKI,OU=Security Groups,OU=MyBusiness,DC=xxxxx-xxxxx,DC=local"]
}
}
}
here are the results of the ldap provider ShowUserGrroups.php (i have removed the other groups from the output, for security reasons):
User where the ldap login works:
Full DNs:
CN=xxx-WIKI,OU=Security Groups,OU=MyBusiness,DC=xxxxx-xxxxx,DC=local
Short names:
xxx-wiki
User where the ldap login doesn't works:
PHP Notice: Undefined index: memberof in /home/dokuwiki/mediawiki-1.35.6/extensions/LDAPProvider/src/UserGroupsRequest/UserMemberOf.php on line 17
Full DNs:
Short names:
When i run ShowUserInfo.php with the user, witch is not able to login, i got cryptic characters:
objectclass =>
0 => top
1 => person
2 => organizationalPerson
3 => user
cn => Test Hugo
sn => Hugo
description => Testuser
givenname => Test
distinguishedname => CN=Test Hugo,OU=xxx-IT,OU=xxxxx-xxxxx,OU=MyBusiness,DC=xxxxx-xxxxx,DC=local
displayname => Test Hugo
proxyaddresses => x500:/o=ExchangeLabs/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=5fd3030abdaf40238f02390b8c6aa835-Test Hugo
targetaddress => SMTP:testuser.hugo@steyrmotors365.mail.onmicrosoft.com
mailnickname => testuser.hugo
name => Test Hugo
objectguid => ▒▒#▒_▒J▒?▒l▒4܍
Please help & thank you