I've been following the instructions (posted with the LDAP Stack extensions) on how to setup the LDAP authentication with some difficulty. I'm currently at a loss, and have tried for a few hours to get this right. Any help would be really appreciated!
I think all of the extensions are installed and setup properly. I've made sure to chown -R apache:apache for all of the installed extensions.
But when I run the update.php system, I receive this message:
[administrator@ubsa-web wiki]$ php maintenance/update.php
Found invalid JSON in file: /var/www/html/wiki/ldap.json
[38e932627974f1bcc47e1156] [no req] MWException from line 42 of /var/www/html/wiki/extensions/LDAPProvider/src/DomainConfigProvider/LocalJSONFile.php:
Could not access configuration file '/etc/mediawiki/ldapprovider.json'!
Please set up a domain configuration file for the LDAPProvider extension.
Backtrace:
#0 /var/www/html/wiki/extensions/LDAPProvider/src/DomainConfigProvider/LocalJSONFile.php(73): MediaWiki\Extension\LDAPProvider\DomainConfigProvider\LocalJSONFile->__construct(string)
#1 [internal function]: MediaWiki\Extension\LDAPProvider\DomainConfigProvider\LocalJSONFile::newInstance(MediaWiki\Extension\LDAPProvider\Config)
#2 /var/www/html/wiki/extensions/LDAPProvider/src/DomainConfigFactory.php(106): call_user_func_array(string, array)
#3 /var/www/html/wiki/extensions/LDAPAuthentication2/src/Setup.php(12): MediaWiki\Extension\LDAPProvider\DomainConfigFactory::getInstance()
#4 /var/www/html/wiki/includes/Setup.php(906): MediaWiki\Extension\LDAPAuthentication2\Setup::init()
#5 /var/www/html/wiki/maintenance/doMaintenance.php(83): require_once(string)
#6 /var/www/html/wiki/maintenance/update.php(277): require_once(string)
#7 {main}
I'm running on CentOS7 apache php7.2. I can connect to our LDAP system using this web server for other packages like OwnCloud.
When I go to the login screen, it gives me the option of local or the domain authentication.
But when trying to login using LDAP/AD, I get the following:
[XsP8CcWSnGSXTwj7yKISUgAABM4] 2020-05-19 15:32:25: Fatal exception of type MWException
ldap.json file:
{
"itorg.ad.buffalo.edu": {
"connection": {
"server": "itorg.ad.buffalo.edu",
"port": "636",
"user": "CN=BLANKED-FOR-THIS-POST,OU=Groups,OU=UBSA,OU=StudentAssociation,OU=ITORGS,DC=itorg,DC=ad,D$
"pass": "BLANKED-FOR-THIS-POST",
"enctype": "clear",
"options": {
"LDAP_OPT_DEREF": 1
},
"basedn": "DC=itorg,DC=ad,DC=buffalo,DC=edu",
"userbasedn": "DC=itorg,DC=ad,DC=buffalo,DC=edu",
"groupbasedn": "DC=itorg,DC=ad,DC=buffalo,DC=edu",
"searchattribute": "samaccountname",
"usernameattribute": "samaccountname",
"realnameattribute": "cn",
"emailattribute": "mail",
"grouprequest": "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\UserMemberOf::f$
"presearchusernamemodifiers": [ "spacestounderscores", "lowercase" ]
},
"userinfo": [],
"authorization": [],
"groupsync": {
"mapping": {
"sysop": "CN=UBSA_Pro_Staff,DC=itorg,DC=ad,DC=buffalo,DC=edu"
}
}
}
}
LDAP Setting in LocalSettings.php:
//LDAP Authentication Config
$wgMinimalPasswordLength = 6;
$wgPasswordPolicy['policies']['sysop']['MinimalPasswordLength'] = 6;
$wgPasswordPolicy['policies']['Administrators']['MinimalPasswordLength'] = 6;
$wgPasswordPolicy['policies']['interface-admin']['MinimalPasswordLength'] = 6;
$wgPasswordPolicy['policies']['bureaucrat']['MinimalPasswordLength'] = 6;
wfLoadExtension( 'LDAPProvider' );
wfLoadExtension( 'PluggableAuth' );
wfLoadExtension( 'LDAPAuthentication2' );
$LDAPAuthentication2AllowLocalLogin = true;
// Create Wiki-Group 'engineering' from default user group
$wgGroupPermissions['UBSA_Pro_Staff'] = $wgGroupPermissions['sysop'];
// Private Wiki. External LDAP login. Default NS requires login.
$wgEmailConfirmToEdit = false;
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['*']['read'] = false;
$wgGroupPermissions['*']['createaccount'] = false;
$wgGroupPermissions['sysop']['createaccount'] = true;
$wgGroupPermissions['*']['autocreateaccount'] = true;
$wgBlockDisablesLogin = true;
// Load LDAP Config from JSON
$ldapJsonFile = "$IP/ldap.json";
$ldapConfig = false;
if (is_file($ldapJsonFile) && is_dir("$IP/extensions/LDAPProvider")) {
$testJson = @json_decode(file_get_contents($ldapJsonFile),true);
if (is_array($testJson)) {
$ldapConfig = true;
} else {
error_log("Found invalid JSON in file: $IP/ldap.json");
}
}
$wikiRequestSafe = true;
// Activate Extension
if ( $ldapConfig ) {
wfLoadExtension( 'PluggableAuth' );
wfLoadExtension( 'LDAPProvider' );
wfLoadExtension( 'LDAPAuthentication2' );
wfLoadExtension( 'LDAPAuthorization' );
wfLoadExtension( 'LDAPUserInfo' );
wfLoadExtension( 'LDAPGroups' );
$LDAPProviderDomainConfigs = $ldapJsonFile;
$wgPluggableAuth_ButtonLabel = "Log In";
if ($wikiRequestSafe) { $LDAPAuthentication2AllowLocalLogin = true; }
}