MediaWiki 1.39.4
PHP 8.0.30 (apache2handler)
MariaDB 10.5.19-MariaDB-0+deb11u2
BlueSpice 4.3.2 (build:20230907155405)
All LDAP Test from the maintenance folder work. But LDAP authentication fails
The LocalSettings.php is configured like below:
$LDAPProviderCacheType = CACHE_NONE;
$wgGroupPermissions['*']['autocreateaccount'] = true;
//$wgBlockDisablesLogin = true;
// Load LDAP Config from JSON
$ldapJsonFile = "/var/www/ldap.json";
$ldapConfig = true;
// Activate Extension
if ( $ldapConfig ) {
wfLoadExtension( 'PluggableAuth' ); //"version": "7.0.0"
wfLoadExtension( 'LDAPProvider' ); //"version": "2.0.1"
wfLoadExtension( 'LDAPAuthentication2' ); //"version": "2.0.2"
wfLoadExtension( 'LDAPAuthorization' ); //"version": "2.0.1"
wfLoadExtension( 'LDAPUserInfo' ); //"version": "2.0.0"
wfLoadExtension( 'LDAPGroups' ); //"version": "2.0.1"
$LDAPProviderDomainConfigs = $ldapJsonFile;
$LDAPAuthentication2AllowLocalLogin = true;
$wgPluggableAuth_EnableLocalLogin = true;
$wgPluggableAuth_ButtonLabel = "Log In";
// Force LDAPGroups to sync by choosing a domain (e.g. first JSON object in ldap.json)
$LDAPProviderDefaultDomain = "mydomain.local";
}
$wgLDAPDebug = 3; //for debugging LDAP
$wgDebugLogGroups['LDAP'] = "/var/log/mediawiki/ldap_debug.log";
$wgDebugLogGroups['LDAPGroups'] = "/var/log/mediawiki/LDAPGroups.log";
$wgDebugLogGroups['LDAPAuthentication2'] = "/var/log/mediawiki/LDAPauth.log";
my ldap.json:
{
"mydomain.local": {
"connection": {
"server": "mydomain.local",
"port": "389",
"user": "binduser@mydomain.local",
"pass": "mysecret",
"enctype": "clear",
"options": {
"LDAP_OPT_DEREF": 1
},
"basedn": "DC=mydomain,DC=local",
"userbasedn": "DC=mydomain,DC=local",
"groupbasedn": "DC=mydomain,DC=local",
"searchattribute": "samaccountname",
"usernameattribute": "samaccountname",
"realnameattribute": "cn",
"emailattribute": "mail",
"grouprequest": "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\UserMemberOf::factory",
"presearchusernamemodifiers": ["spacestounderscores", "lowercase"]
},
"userinfo": [],
"authorization": {
"rules": {
"groups": {
"required": [""]
}
}
},
"groupsync": {
"mapping": {
"sysop": ""
}
}
}
}
Thanks!