search

shanept / mediawiki-LdapAuth

New LdapAuthentication provider plugin for mediawiki
GNU General Public License v3.0
4 stars 6 forks source link

PHP Warning: Invalid argument supplied for foreach() #17

Open Artim96 opened 4 years ago

Artim96 commented 4 years ago

I was finally able to set up this plugin so that I at least would get the login screen, but trying to log in MediaWiki (1.34) only tells me Could not successfully connect to an LDAP server. In the Log file I can see

[DBQuery] MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::beginPrimaryAuthentication [0s] localhost: SELECT user_id,user_newpassword,user_newpass_time FROM mediawikiuser WHERE user_name = 'Rrosner' LIMIT 1 [DBQuery] User::load [0s] localhost: SELECT actor_id,actor_user,actor_name FROM mediawikiactor WHERE actor_na\me = 'Rrosner' LIMIT 1 [authentication] Attempting to bind to LDAP for search with DN "cn=wikiauth,dc=x.yz,dc=de@x.yz.de". [error] [93f8799260a901f9e9f70920] /index.php/Spezial:Anmelden ErrorException from line 388 of /var/www/mediawiki-1.34.0/extensions/LdapAuth/src/Auth/PrimaryAuthenticationProvider.php: PHP Warning: Invalid argument supplied for foreach()

0 /var/www/mediawiki-1.34.0/extensions/LdapAuth/src/Auth/PrimaryAuthenticationProvider.php(388): MWExceptionHandler::handleError(integer, string, string, integer, array)

1 /var/www/mediawiki-1.34.0/extensions/LdapAuth/src/Auth/PrimaryAuthenticationProvider.php(110): Shanept\LdapAuth\Auth\PrimaryAuthenticationProvider-connect(Shanept\LdapAuth\Auth\LdapAuthenticationRequest)

2 /var/www/mediawiki-1.34.0/extensions/LdapAuth/src/Auth/PrimaryAuthenticationProvider.php(88): Shanept\LdapAuth\Auth\PrimaryAuthenticationProvider->beginPrimaryLdapAuthentication(Shanept\LdapAuth\Auth\LdapAuthenticationRequest)

3 /var/www/mediawiki-1.34.0/includes/auth/AuthManager.php(458): Shanept\LdapAuth\Auth\PrimaryAuthenticationProvider->beginPrimaryAuthentication(array)

4 /var/www/mediawiki-1.34.0/includes/auth/AuthManager.php(388): MediaWiki\Auth\AuthManager->continueAuthentication(array)

5 /var/www/mediawiki-1.34.0/includes/specialpage/AuthManagerSpecialPage.php(354): MediaWiki\Auth\AuthManager->beginAuthentication(array, string)

6 /var/www/mediawiki-1.34.0/includes/specialpage/AuthManagerSpecialPage.php(484): AuthManagerSpecialPage->performAuthenticationStep(string, array)

7 /var/www/mediawiki-1.34.0/includes/htmlform/HTMLForm.php(690): AuthManagerSpecialPage->handleFormSubmit(array, VFormHTMLForm)

8 /var/www/mediawiki-1.34.0/includes/specialpage/AuthManagerSpecialPage.php(417): HTMLForm->trySubmit()

9 /var/www/mediawiki-1.34.0/includes/specialpage/LoginSignupSpecialPage.php(313):

10 /var/www/mediawiki-1.34.0/includes/specialpage/SpecialPage.php(575): LoginSignupSpecialPage->execute(NULL)

11 /var/www/mediawiki-1.34.0/includes/specialpage/SpecialPageFactory.php(611): SpecialPage->run(NULL)

12 /var/www/mediawiki-1.34.0/includes/MediaWiki.php(296): MediaWiki\Special\SpecialPageFactory->executePath(Title, RequestContext)

13 /var/www/mediawiki-1.34.0/includes/MediaWiki.php(900): MediaWiki->performRequest()

14 /var/www/mediawiki-1.34.0/includes/MediaWiki.php(527): MediaWiki->main()

15 /var/www/mediawiki-1.34.0/index.php(44): MediaWiki->run()

16 {main}

And yes, the BindDN is actually cn=wikiauth,dc=x.yz,dc=de, not cn=wikiauth,dc=x,dc=yz,dc=de. I'm a bit confused about the "Attempting to bind to LDAP for search with DN "cn=wikiauth,dc=x.yz,dc=de@x.yz.de"." part. Maybe I missed something but the DN looks completely wrong. I'd say it has to be without the @-part.

But I have no clue if the config is even right. I set it to

wfLoadExtension( 'LdapAuth' );                                                                                       
$wgLdapAuthDomainNames = ['x.yz.de'];
$wgLdapAuthServers = ['x.yz.de' => 'auth.x.yz.de'];
$wgLdapAuthBindDN = ['x.yz.de' => 'cn=wikiauth,dc=x.yz,dc=de'];
$wgLdapAuthBindPass = ['x.yz.de' => 'xxxxxxxx'];
$wgLdapAuthEncryptionType = ['x.yz.de' => 'ssl'];
$wgLdapAuthBaseDN = ['x.yz.de' => 'dc=x.yz,dc=de'];
$wgLdapAuthSearchFilter = ['x.yz.de' => '(&(objectClass=inetOrgPerson)(uid=%1$s))'];

I know that with the previous MediaWiki Version we used (1.24) and the Plugin we used then (I think LdapAuthentication), the config was

$wgLDAPDomainNames = array(
  'x',
  );
$wgLDAPServerNames = array(
  'x' => 'auth.x.yz.de',
);
$wgLDAPUseLocal = false;
$wgLDAPEncryptionType = array(
  'x' => 'ssl',
);
$wgLDAPPort = array(
  'x' => 636,
);
$wgLDAPProxyAgent = array(
  'x' => 'cn=wikiauth,dc=x.yz,dc=de',
);
$wgLDAPProxyAgentPassword = array(
  'x' => 'xxxxxxxx',
);
$wgLDAPSearchAttributes = array(
  'x' => 'uid'
);
$wgLDAPBaseDNs = array(
  'x' => 'dc=x.yz,dc=de',
);                                                                                                                  
# To pull e-mail address from LDAP
$wgLDAPPreferences = array(
  'x' => array( 'email' => 'mail')
);
# Group based restriction
$wgLDAPGroupUseFullDN = array( "x"=>false );
$wgLDAPGroupObjectclass = array( "x"=>"posixGroup" );
$wgLDAPGroupAttribute = array( "x"=>"memberUid" );
$wgLDAPGroupSearchNestedGroups = array( "x"=>false );
$wgLDAPGroupNameAttribute = array( "x"=>"cn" );
$wgLDAPRequiredGroups = array( "x"=>array("cn=wiki,ou=groups,dc=x.yz,dc=de"));
$wgLDAPLowerCaseUsername = array(
  'x' => true,
);

Maybe someone could help me translate the settings. Because just changing the DomainName from x.yz.de to x as it was in the old version doesn't fix it.