1

Topic: LDAP + Mediawiki

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.5-1
- Linux/BSD distribution name and version:  Ubuntu 12
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):  LDAP
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- Related log if you're reporting an issue:
====

Hi,

I am trying to install in another server mediawiki with auth LDAP on main server.
I have LDAP installed and working on main server and mediawiki running too in another server. Now I want to install plugin LDAP on mediawiki, but I can't do it because I receive some fails.

Info
LocalSettings.php
require_once( "extensions/LdapAuthentication/LdapAuthentication.php" );
$wgAuth = new LdapAuthenticationPlugin();

$wgLDAPDomainNames = array("iRedMail");
$wgLDAPServerNames = array("iRedMail" => "192.168.XX.XX");
$wgLDAPPort = array("iRedMail" => 389);
$wgLDAPEncryptionType = array( "iRedMail" => "clear");

$wgLDAPBaseDNs = array( "iRedMail"=>"o=domains,dc=example,dc=com");
$wgLDAPProxyAgent = array("iRedMail"=>"cn=vmail,dc=example,dc=com");
$wgLDAPProxyAgentPassword = array( "iRedMail"=>"PasswordBindPW");
$wgLDAPUserBaseDNs = array( "iRedMail"=>"o=domains,dc=example,dc=com");
$wgLDAPSearchAttributes = array( "iRedMail" => "mail");
$wgLDAPLowerCaseUsername = array( "iRedMail"=>true);
$wgLDAPUseLocal = true;


$wgLDAPDebug = 3;
$wgDebugLogGroups['ldap'] = '/tmp/debug.log';


If I try to connect I receive this on debug.log

2016-12-02 09:19:38 mikro wikidb: 2.1.0 basedn is o=domains,dc=example,dc=com
2016-12-02 09:19:38 mikro wikidb: 2.1.0 Using base: o=domains,dc=example,dc=com
2016-12-02 09:19:38 mikro wikidb: 2.1.0 Setting the LDAPUsername based on fetched wgLDAPSearchAttributes: pepe@mx.example.com
2016-12-02 09:19:38 mikro wikidb: 2.1.0 userdn is: mail=pepe@mx.example.com,ou=Users,domainName=mx.example.com,o=domains,dc=example,dc=com
2016-12-02 09:19:38 mikro wikidb: 2.1.0 Entering getDomain
2016-12-02 09:19:38 mikro wikidb: 2.1.0 Pulling domain from session.
2016-12-02 09:19:38 mikro wikidb: 2.1.0 Binding as the user
2016-12-02 09:19:38 mikro wikidb: 2.1.0 Bound successfully
2016-12-02 09:19:38 mikro wikidb: 2.1.0 Entering getDomain
2016-12-02 09:19:38 mikro wikidb: 2.1.0 Pulling domain from session.
2016-12-02 09:19:38 mikro wikidb: 2.1.0 Entering getDomain
2016-12-02 09:19:38 mikro wikidb: 2.1.0 Pulling domain from session.
2016-12-02 09:19:38 mikro wikidb: 2.1.0 Entering getGroups
2016-12-02 09:19:38 mikro wikidb: 2.1.0 Entering getDomain
2016-12-02 09:19:38 mikro wikidb: 2.1.0 Pulling domain from session.
2016-12-02 09:19:38 mikro wikidb: 2.1.0 Entering getDomain
2016-12-02 09:19:38 mikro wikidb: 2.1.0 Pulling domain from session.
2016-12-02 09:19:38 mikro wikidb: 2.1.0 Entering checkGroups
2016-12-02 09:19:38 mikro wikidb: 2.1.0 Entering getDomain
2016-12-02 09:19:38 mikro wikidb: 2.1.0 Pulling domain from session.
2016-12-02 09:19:38 mikro wikidb: 2.1.0 Entering getDomain
2016-12-02 09:19:38 mikro wikidb: 2.1.0 Pulling domain from session.
2016-12-02 09:19:38 mikro wikidb: 2.1.0 Entering getPreferences
2016-12-02 09:19:38 mikro wikidb: 2.1.0 Entering getDomain
2016-12-02 09:19:38 mikro wikidb: 2.1.0 Pulling domain from session.
2016-12-02 09:19:38 mikro wikidb: 2.1.0 Authentication passed
2016-12-02 09:19:38 mikro wikidb: 2.1.0 Entering getCanonicalName
2016-12-02 09:19:38 mikro wikidb: 2.1.0 Username is: Pepe@mx.example.com
2016-12-02 09:19:38 mikro wikidb: 2.1.0 Entering getDomain
2016-12-02 09:19:38 mikro wikidb: 2.1.0 Pulling domain from session.
2016-12-02 09:19:38 mikro wikidb: 2.1.0 Munged username: Pepe@mx.example.com
2016-12-02 09:19:38 mikro wikidb: 2.1.0 Allowing the local domain, adding it to the list.
2016-12-02 09:19:38 mikro wikidb: 2.1.0 Entering allowPasswordChange
2016-12-02 09:19:38 mikro wikidb: 2.1.0 Entering getDomain
2016-12-02 09:19:38 mikro wikidb: 2.1.0 Pulling domain from session.
2016-12-02 09:19:38 mikro wikidb: 2.1.0 Entering getDomain
2016-12-02 09:19:38 mikro wikidb: 2.1.0 Pulling domain from session.
2016-12-02 09:19:38 mikro wikidb: 2.1.0 Entering getDomain
2016-12-02 09:19:38 mikro wikidb: 2.1.0 Pulling domain from session.
2016-12-02 09:19:38 mikro wikidb: 2.1.0 Entering modifyUITemplate
2016-12-02 09:19:38 mikro wikidb: 2.1.0 Entering getDomain
2016-12-02 09:19:38 mikro wikidb: 2.1.0 Pulling domain from session.
2016-12-02 09:19:38 mikro wikidb: 2.1.0 Entering getDomain
2016-12-02 09:19:38 mikro wikidb: 2.1.0 Pulling domain from session.
2016-12-02 09:19:38 mikro wikidb: 2.1.0 Entering getDomain
2016-12-02 09:19:38 mikro wikidb: 2.1.0 Pulling domain from session.
2016-12-02 09:19:38 mikro wikidb: 2.1.0 Allowing the local domain, adding it to the list.
2016-12-02 09:19:38 mikro wikidb: 2.1.0 Entering getCanonicalName
2016-12-02 09:19:38 mikro wikidb: 2.1.0 Username is: Admin
2016-12-02 09:19:38 mikro wikidb: 2.1.0 Entering getDomain
2016-12-02 09:19:38 mikro wikidb: 2.1.0 Pulling domain from session.
2016-12-02 09:19:38 mikro wikidb: 2.1.0 Munged username: Admin

I see "Succesfully" on connect to LDAP server but Mediawiki can't login with this error:
Automatic creation of a local account failed: A valid username was not specified.

Why? How could I fix it?
Maybe Should I edit some config on Mediawiki to disable automatic creation account?
Maybe Am I using bad values on String?

Thanks
Greetings.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: LDAP + Mediawiki

aarango wrote:

I see "Succesfully" on connect to LDAP server but Mediawiki can't login with this error:
Automatic creation of a local account failed: A valid username was not specified.

What "valid username" does Mediawiki expect?

3

Re: LDAP + Mediawiki

ZhangHuangbin wrote:
aarango wrote:

I see "Succesfully" on connect to LDAP server but Mediawiki can't login with this error:
Automatic creation of a local account failed: A valid username was not specified.

What "valid username" does Mediawiki expect?

Thanks you for reply Zhang. I dont know what username expects MediaWiki but I understand that MediaWiki needn't create any user, don't? MediaWiki should request user to LDAP server and LDAP serve it.

Checking log its appears that bound is right but MedaWiki (in his interface) shows  -> Automatic creation of a local account failed: A valid username was not specified.

How could I debug it more? Thanks again.

4

Re: LDAP + Mediawiki

aarango wrote:

$wgLDAPUseLocal = true;

The sample config set this parameter to "false", maybe you should try it. FYI:
https://www.mediawiki.org/wiki/Extensio … n/Examples

5

Re: LDAP + Mediawiki

ZhangHuangbin wrote:
aarango wrote:

$wgLDAPUseLocal = true;

The sample config set this parameter to "false", maybe you should try it. FYI:
https://www.mediawiki.org/wiki/Extensio … n/Examples

I tried it too but not luck. I have that option enabled to login with local users while fix loggin with LDAP's users.

Its too weird. In log you can see "bound" successfully with server iredmail + LDAP but after Wiki tries create local account or similar and its fails (fail: Auto-creation of a local account failed: Automatic account creation is not allowed.)
I tried disabling option "autocreateaccount" but... not luck.

By other hand I am going to paste a wiki's debug, maybe there are any info that I am not seeing:

HOST: wiki.example.com
[caches] cluster: EmptyBagOStuff, WAN: mediawiki-main-default, stash: db-replicated, message: SqlBagOStuff, parser: SqlBagOStuff, session: SqlBagOStuff
[caches] LocalisationCache: using store LCStoreCDB
[authentication] Overriding AuthManager primary authn because $wgAuth is LdapAuthenticationPlugin
[session] Session "rt022a8ap1t5b6iijrovmilc8nr4e7r4" requested without UserID cookie
[DBConnection] Connected to database 0 at 'localhost'.
[SQLBagOStuff] Connection 931 will be used for SqlBagOStuff
Fully initialised
[DBReplication] LBFactory::getChronologyProtector: using request info {
    "IPAddress": "192.168.XX.XX",
    "UserAgent": "Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:50.0) Gecko\/20100101 Firefox\/50.0",
    "ChronologyProtection": false
}
[DBConnection] Connected to database 0 at 'localhost'.
[MessageCache] MessageCache::load: Loading es... local cache is empty, global cache is expired/volatile, loading from database
Unstubbing $wgParser on call of $wgParser::firstCallInit from MessageCache->transform
Parser: using preprocessor: Preprocessor_DOM
Unstubbing $wgLang on call of $wgLang::_unstub from ParserOptions->__construct
QuickTemplate::__construct was called with no Config instance passed to it
[GlobalTitleFail] MessageCache::parse called by array_map/AuthManagerSpecialPage::{closure}/Message->parse/Message->toString/Message->parseText/MessageCache->parse with no title set.
[GlobalTitleFail] MessageCache::parse called by array_map/AuthManagerSpecialPage::{closure}/Message->parse/Message->toString/Message->parseText/MessageCache->parse with no title set.
User::getBlockedStatus: checking...
[session] SessionBackend "rt022a8ap1t5b6iijrovmilc8nr4e7r4" data dirty due to dirty(): AuthManagerSpecialPage->performAuthenticationStep/MediaWiki\Auth\AuthManager->beginAuthentication/MediaWiki\Auth\AuthManager->removeAuthenticationSessionData/MediaWiki\Session\Session->remove/MediaWiki\Session\SessionBackend->dirty
[session] SessionBackend "rt022a8ap1t5b6iijrovmilc8nr4e7r4" save: dataDirty=1 metaDirty=0 forcePersist=0
[CryptRand] Generating cryptographic random bytes for

[CryptRand] openssl_random_pseudo_bytes generated 16 bytes of strong randomness.

[CryptRand] 0 bytes of randomness leftover in the buffer.

[session] SessionBackend "rt022a8ap1t5b6iijrovmilc8nr4e7r4" data dirty due to dirty(): MediaWiki\Auth\ThrottlePreAuthenticationProvider->testForAuthentication/MediaWiki\Auth\AuthManager->setAuthenticationSessionData/MediaWiki\Session\Session->setSecret/MediaWiki\Session\Session->set/MediaWiki\Session\SessionBackend->dirty
[session] SessionBackend "rt022a8ap1t5b6iijrovmilc8nr4e7r4" save: dataDirty=1 metaDirty=0 forcePersist=0
[CryptRand] Generating cryptographic random bytes for

[CryptRand] openssl_random_pseudo_bytes generated 16 bytes of strong randomness.

[CryptRand] 0 bytes of randomness leftover in the buffer.

[session] SessionBackend "rt022a8ap1t5b6iijrovmilc8nr4e7r4" data dirty due to dirty(): AuthManagerSpecialPage->performAuthenticationStep/MediaWiki\Auth\AuthManager->beginAuthentication/MediaWiki\Session\Session->setSecret/MediaWiki\Session\Session->set/MediaWiki\Session\SessionBackend->dirty
[session] SessionBackend "rt022a8ap1t5b6iijrovmilc8nr4e7r4" save: dataDirty=1 metaDirty=0 forcePersist=0
[authentication] Primary login with MediaWiki\Auth\AuthPluginPrimaryAuthenticationProvider:LdapAuthenticationPlugin succeeded
[authentication] Auto-creating Pepe@mx.example.com on login
[authentication] MediaWiki\Auth\AuthManager::autoCreateUser: blacklisted in session rt022a8ap1t5b6iijrovmilc8nr4e7r4
[session] SessionBackend "rt022a8ap1t5b6iijrovmilc8nr4e7r4" data dirty due to dirty(): AuthManagerSpecialPage->performAuthenticationStep/MediaWiki\Auth\AuthManager->beginAuthentication/MediaWiki\Auth\AuthManager->continueAuthentication/MediaWiki\Session\Session->remove/MediaWiki\Session\SessionBackend->dirty
[session] SessionBackend "rt022a8ap1t5b6iijrovmilc8nr4e7r4" save: dataDirty=1 metaDirty=0 forcePersist=0
[authevents] Login attempt
QuickTemplate::__construct was called with no Config instance passed to it
[GlobalTitleFail] MessageCache::parse called by array_map/AuthManagerSpecialPage::{closure}/Message->parse/Message->toString/Message->parseText/MessageCache->parse with no title set.
[GlobalTitleFail] MessageCache::parse called by array_map/AuthManagerSpecialPage::{closure}/Message->parse/Message->toString/Message->parseText/MessageCache->parse with no title set.
[GlobalTitleFail] MessageCache::parse called by Message->toString/Message->replaceParameters/Message->extractParam/Message->toString/Message->parseText/MessageCache->parse with no title set.
[GlobalTitleFail] MessageCache::parse called by Message->toString/Message->replaceParameters/Message->extractParam/Message->toString/Message->parseText/MessageCache->parse with no title set.
MediaWiki::preOutputCommit: primary transaction round committed
MediaWiki::preOutputCommit: pre-send deferred updates completed
MediaWiki::preOutputCommit: LBFactory shutdown completed
[MessageCache] MessageCache::load: Loading en... local cache is empty, global cache is expired/volatile, loading from database
OutputPage::sendCacheControl: private caching;  **
Request ended normally
[session] Saving all sessions on shutdown
[DBConnection] Closing connection to database 'localhost'.
[DBConnection] Closing connection to database 'localhost'.

What do you think? Any bug? Any way to disable creation in local? There are more cases with this same error:
https://www.mediawiki.org/wiki/Extensio … entication

6

Re: LDAP + Mediawiki

I solved this installing a older version Wiki. Maybe there is any bug.

7

Re: LDAP + Mediawiki

If you think this is a bug of MediaWiki, you'd better report this bug to its developers, to that you don't need to worry about this and get the latest version.