MediaWiki

Topic on Extension talk:LDAPAuthentication2

< Extension talk:LDAPAuthentication2

Username not found in user info provided by LDAP

6 comments • 00:43, 28 August 2024 2 months ago
6
109.197.247.94 (talkcontribs)

Hello,

Since we migrated our Debian server from Bullseye to Bookworm, the LDAP authentication doesn't work anymore.

I got the following configuration in ldapprovider.json

{

       "myserver.mydomain": {

               "connection": {

                       "server": "myserver.mydomain",

                       "user": "cn=mediawiki,dc=mydc,dc=mydomain,dc=com",

                       "pass": "mypassword",

                       "options": {

                               "LDAP_OPT_DEREF": 1

                       },

                       "port": 636,

                       "enctype": "ssl",

                       "basedn": "dc=mydc,dc=mydomain,dc=com",

                       "groupbasedn": "dc=mydc,dc=mydomain,dc=com",

                       "userbasedn": "ou=users,dc=mydc,dc=mydomain,dc=com",

                       "searchattribute": "loginid",

                       "searchstring": "loginid=USER-NAME,ou=users,dc=mydc,dc=mydomain,dc=com",

                       "usernameattribute": "loginid",

                       "realnameattribute": "cn",

                       "emailattribute": "mail"

               },

               "userinfo": {

                       "attributes-map": {

                               "email": "mail",

                               "realname": "cn"

                       }

               }

       }

}

In the LocalSettings.php, i adapted the ldap section like this:

wfLoadExtension( 'PluggableAuth' );

wfLoadExtension( 'LDAPProvider' );

wfLoadExtension( 'LDAPAuthentication2' );

wfLoadExtension( 'LDAPAuthorization' );

wfLoadExtension( 'LDAPUserInfo' );

$LDAPProviderDomainConfigs = "/etc/mediawiki/ldapprovider.json";

$LDAPProviderDefaultDomain = "myserver.mydomain";

$LDAPAuthentication2AllowLocalLogin = true;

$wgAuthRemoteuserAllowUserSwitch = false;

$wgPluggableAuth_EnableLocalLogin = true;

$wgPluggableAuth_Config['LDAP Log In'] = [

   'plugin' => 'LDAPAuthentication2',

   'data' => [

       'domain' => 'myserver.mydomain'

           ]

];

In the logs, i got:

2024-05-29 13:53:15 marmotis2 mediawiki_db: Try to authenticate user: nicolasgo

2024-05-29 13:53:15 marmotis2 mediawiki_db: Not local login. Checking LDAP...

2024-05-29 13:53:16 marmotis2 mediawiki_db: LDAP domain: myserver.mydomain

2024-05-29 13:53:16 marmotis2 mediawiki_db: Username not found in user info provided by LDAP!Please check LDAP domain configuration. Specifically usernameattribute

2024-05-29 13:53:16 marmotis2 mediawiki_db: LDAP user info results for user nicolasgo: Array

(

   [mail] => nicolas.myname@mydomain

   [cn] => Nicolas

   [sn] => My name

   [personnalmail] => nicolas@personnal.net

   [telephonenumber] => 07 24 68 25 32

   [memberof] => cn=mygroup,ou=groups,dc=mydc,dc=mydomain,dc=com

   [dn] => loginId=nicolasgo,ou=users,dc=mydc,dc=mydomain,dc=com

)

System information:

Mediawiki Debian package 1.39.7-1~deb12u1

PHP Debian packages php8.2 (not supported for ldap auth?)

LDAPAuthentication2: REL1_39 2ed6e51

LDAPAuthorization: REL1_39 f20eeab

LDAPProvider: REL1_39 c800dd6

LDAPUserInfo: REL1_39 0bbff87

PluggableAuth: REL1_39 1884a12

The loginId is not listed.

I tried "loginId" or in ldapprovider.json, same result.

In the Compatibility web page it's shown that php8.2 is supported only for the mediawiki version 1.42

Is the upgrade mandatory or a workaround is possible ?

Thank you in advance.

Best regards,

Nicolas

Reply 14:29, 29 May 2024 5 months ago
109.197.247.94 (talkcontribs)

Re,

I just tried with mediawiki-1.42.0-rc and REL1_42 LDAP stack extension, i got the same result.

I made php update.php before

Best regards,

Nicolas.

Reply 15:26, 29 May 2024 5 months ago
109.197.247.94 (talkcontribs)

Re,

I just tried with mediawiki-1.42.0-rc and REL1_42 LDAP stack extension, i got the same result.

I made php update.php before

Best regards,

Nicolas.

Reply 15:27, 29 May 2024 5 months ago
109.197.247.94 (talkcontribs)

Hello,

I got a doubt concerning our slapd configuration, so i created a new dedicated ldap attribute 'wikiLoginId'

I changed the ldapprovider.json file like this

{

       "myserver.mydomain": {
               "connection": {
                       "server": "myserver.mydomain",
                       "user": "cn=mediawiki,dc=mydc,dc=mydomain,dc=com",
                       "pass": "mypassword",
                       "options": {
                               "LDAP_OPT_DEREF": 1
                       },
                       "port": 636,
                       "enctype": "ssl",
                       "basedn": "dc=mydc,dc=mydomain,dc=com",
                       "groupbasedn": "dc=mydc,dc=mydomain,dc=com",
                       "userbasedn": "ou=users,dc=mydc,dc=mydomain,dc=com",
                       "searchattribute": "wikiLoginId",
                       "searchstring": "loginid=USER-NAME,ou=users,dc=mydc,dc=mydomain,dc=com",
                       "usernameattribute": "wikiLoginId",
                       "presearchusernamemodifiers": [ "spacestounderscores", "lowercase" ],
                       "realnameattribute": "cn",
                       "emailattribute": "mail"
               }
       }

}

Now i can access the wiki, in my slapd logfile, i see the authentication working. CheckLogin.php is still OK

I disabled local local to be sure it's using remote LDAP:

$LDAPAuthentication2AllowLocalLogin = false; $wgAuthRemoteuserAllowUserSwitch = false; $wgPluggableAuth_EnableLocalLogin = false;

But in the mediawiki logs, i got:

> LDAPAuthentication2.log <

2024-05-30 09:13:04 myserver mediawiki_db: No user info found for user: Nicolasgo.Please check LDAP domain configuration 2024-05-30 09:13:04 myserver mediawiki_db: LDAP login succeeded.

> PluggableAuth.log <

2024-05-30 09:13:04 myserver mediawiki_db: Authenticated existing user: Nicolasgo 2024-05-30 09:13:04 myserver mediawiki_db: No groupsync set. 2024-05-30 09:13:04 myserver mediawiki_db: User is authorized. 2024-05-30 09:13:05 myserver mediawiki_db: Getting PluggableAuth instance 2024-05-30 09:13:05 myserver mediawiki_db: Plugin name: LDAPAuthentication2 2024-05-30 09:13:05 myserver mediawiki_db: Getting PluggableAuth instance 2024-05-30 09:13:05 myserver mediawiki_db: Plugin name: LDAPAuthentication2

Do you think the LDAPAuthentication error message could be ignored ? Any idea to debug this please ?

Thank you in advance. Best regards,

Nicolas.

Reply 09:22, 30 May 2024 5 months ago
109.197.247.94 (talkcontribs)

Hello,

Sorry for the noise, i had to edit "extensions/LDAPProvider/extension.json" to add my custom attribute.

The LDAP login is truly successfull this time.

Best regards,

Nicolas.

Reply 09:12, 3 June 2024 5 months ago
Compumatter (talkcontribs)

Can you share what that "extensions/LDAPProvider/extension.json" custom attribute was that made it work? I am stuck after upgrading from 1.35 to 1.39 and cannot get LDAP working

Reply 00:43, 28 August 2024 2 months ago
Reply to "Username not found in user info provided by LDAP"
Retrieved from "https://www.mediawiki.org/wiki/Topic:Y5olq14f3epofyc1"