我们进行了域迁移。从那时起,用户就无法登录我们的 Mediawiki。似乎第一个 ldap 绑定失败了,因此 Web 用户无法进行身份验证和登录。
这是日志输出:
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a Entering validDomain
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a User is using a valid domain (my-domain).
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a Setting domain as: my-domain
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a Entering getCanonicalName
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a Username is: WebLoginUser
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a Entering validDomain
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a User is using a valid domain (my-domain).
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a Entering Connect
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a Using TLS or not using encryption.
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a Using servers: ldap://my-domain.com:389
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a PHP's LDAP connect method returned true (note, this does not imply it connected to the server).
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a Entering getUserDN
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a Doing a proxy bind
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a Failed to bind as ADAdminUser
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a Failed to bind
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a Fetched username is not a string (check your hook code...). This message can be safely ignored if you do not have the SetUsernameAttributeFromLDAP hook defined.
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a Munged username: WebLoginUser
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a Entering getCanonicalName
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a Username is: 172.xx.xx.xx
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a Entering validDomain
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a User is using a valid domain (my-
domain).
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a Entering Connect
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a Using TLS or not using encryption.
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a Using servers: ldap://my-
domain.com:389
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a PHP's LDAP connect method returned true (note, this does not imply it connected to the server).
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a Entering getUserDN
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a Doing a proxy bind
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a Failed to bind as ADAdminUser
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a Failed to bind
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a Fetched username is not a string (check your hook code...). This message can be safely ignored if you do not have the SetUsernameAttributeFromLDAP hook defined.
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a Munged username: 172.xx.xx.xx
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a Entering getCanonicalName
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a Username is: 172.xx.xx.xx
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a Entering validDomain
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a User is using a valid domain (my-
domain).
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a Entering Connect
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a Using TLS or not using encryption.
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a Using servers: ldap://my-domain.com:389
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a PHP's LDAP connect method returned
true (note, this does not imply it connected to the server).
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a Entering getUserDN
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a Doing a proxy bind
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a Failed to bind as ADAdminUser
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a Failed to bind
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a Fetched username is not a string (check your hook code...). This message can be safely ignored if you do not have
the SetUsernameAttributeFromLDAP hook defined.
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a Munged username: 172.xx.xx.xx
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a Entering userExists
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a Entering authenticate for username WebLoginUser
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a Entering Connect
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a Using TLS or not using encryption.
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a Using servers: ldap://my-
domain.com:389
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a PHP's LDAP connect method returned true (note, this does not imply it connected to the server).
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a Entering getSearchString
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a Doing a straight bind
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a userdn is: WebLoginUser
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a Binding as the user
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a Failed to bind as WebLoginUser
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a Entering allowPasswordChange
2020-03-29 19:29:23 wiki wikidb-exa_: 2.0a Entering modifyUITemplate
这是配置:
require_once( "$IP/extensions/LdapAuthentication/LdapAuthentication.php" );
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDebug = 3;
$wgLDAPDomainNames = array( 'my-domain');
$wgLDAPServerNames = array( 'my-domain' => 'my-domain.com',);
$wgLDAPSearchStrings = array('my-domain' => 'USER-NAME',);
$wgLDAPEncryptionType = array( 'my-domain' => 'clear',);
$wgLDAPBaseDNs = array( 'my-domain' => 'CN=Users,DC=my-domain,DC=com');
$wgLDAPSearchAttributes = array( 'my-domain' => 'sAMAccountName');
$wgLDAPProxyAgent = array( 'my-domain' => "ADAdminUser");
$wgLDAPProxyAgentPassword = array( 'my-domain' => "********");
$wgLDAPUpdateLDAP = array('my-domain'=>false);
$wgLDAPAddLDAPUsers = array('my-domain'=>false);
$wgLDAPPreferences = array( 'my-domain' => true );
$wgDebugLogGroups["ldap"] = "/tmp/debug_ldap.log";
使用此命令测试 LDAP 连接和查询,返回预期结果:
ldapsearch -x -D "CN=ADAdminUser,CN=Users,DC=my-domain,DC=com" -W -h my-domain.com -b "CN=saWebLoginUserarn,CN=Users,DC=my-domain,DC=com"
我的配置有什么错误?