Hello,
Since we migrated our Debian server from Bullseye to Bookworm, the LDAP authentication doesn't work anymore.
I got the following configuration in ldapprovider.json
{
"myserver.mydomain": {
"connection": {
"server": "myserver.mydomain",
"user": "cn=mediawiki,dc=mydc,dc=mydomain,dc=com",
"pass": "mypassword",
"options": {
"LDAP_OPT_DEREF": 1
},
"port": 636,
"enctype": "ssl",
"basedn": "dc=mydc,dc=mydomain,dc=com",
"groupbasedn": "dc=mydc,dc=mydomain,dc=com",
"userbasedn": "ou=users,dc=mydc,dc=mydomain,dc=com",
"searchattribute": "loginid",
"searchstring": "loginid=USER-NAME,ou=users,dc=mydc,dc=mydomain,dc=com",
"usernameattribute": "loginid",
"realnameattribute": "cn",
"emailattribute": "mail"
},
"userinfo": {
"attributes-map": {
"email": "mail",
"realname": "cn"
}
}
}
}
In the LocalSettings.php, i adapted the ldap section like this:
wfLoadExtension( 'PluggableAuth' );
wfLoadExtension( 'LDAPProvider' );
wfLoadExtension( 'LDAPAuthentication2' );
wfLoadExtension( 'LDAPAuthorization' );
wfLoadExtension( 'LDAPUserInfo' );
$LDAPProviderDomainConfigs = "/etc/mediawiki/ldapprovider.json";
$LDAPProviderDefaultDomain = "myserver.mydomain";
$LDAPAuthentication2AllowLocalLogin = true;
$wgAuthRemoteuserAllowUserSwitch = false;
$wgPluggableAuth_EnableLocalLogin = true;
$wgPluggableAuth_Config['LDAP Log In'] = [
'plugin' => 'LDAPAuthentication2',
'data' => [
'domain' => 'myserver.mydomain'
]
];
In the logs, i got:
2024-05-29 13:53:15 marmotis2 mediawiki_db: Try to authenticate user: nicolasgo
2024-05-29 13:53:15 marmotis2 mediawiki_db: Not local login. Checking LDAP...
2024-05-29 13:53:16 marmotis2 mediawiki_db: LDAP domain: myserver.mydomain
2024-05-29 13:53:16 marmotis2 mediawiki_db: Username not found in user info provided by LDAP!Please check LDAP domain configuration. Specifically usernameattribute
2024-05-29 13:53:16 marmotis2 mediawiki_db: LDAP user info results for user nicolasgo: Array
(
[mail] => nicolas.myname@mydomain
[cn] => Nicolas
[sn] => My name
[personnalmail] => nicolas@personnal.net
[telephonenumber] => 07 24 68 25 32
[memberof] => cn=mygroup,ou=groups,dc=mydc,dc=mydomain,dc=com
[dn] => loginId=nicolasgo,ou=users,dc=mydc,dc=mydomain,dc=com
)
System information:
Mediawiki Debian package 1.39.7-1~deb12u1
PHP Debian packages php8.2 (not supported for ldap auth?)
LDAPAuthentication2: REL1_39 2ed6e51
LDAPAuthorization: REL1_39 f20eeab
LDAPProvider: REL1_39 c800dd6
LDAPUserInfo: REL1_39 0bbff87
PluggableAuth: REL1_39 1884a12
The loginId is not listed.
I tried "loginId" or in ldapprovider.json, same result.
In the Compatibility web page it's shown that php8.2 is supported only for the mediawiki version 1.42
Is the upgrade mandatory or a workaround is possible ?
Thank you in advance.
Best regards,
Nicolas