How to solve this login problem

Bugs
1

Describe the issue / Steps to reproduce:
Our company is using the software, however when we try to login, there is always the error reported

Expected behavior:
Normally after we input username and password which integrated with our company’s account, pages with different permissions will be displayed.

What was the error message/error log?
[4561762c9b9c91710a104812] /wiki/Special:PluggableAuthLogin MWException from line 169 of /var/www/bluespice/w/extensions/LDAPProvider/src/Client.php: Could not bind to LDAP: (49) Invalid credentials

Backtrace:

#0 /var/www/bluespice/w/extensions/LDAPProvider/src/Client.php(92): MediaWiki\Extension\LDAPProvider\Client->establishBinding()
#1 /var/www/bluespice/w/extensions/LDAPProvider/src/Client.php(331): MediaWiki\Extension\LDAPProvider\Client->init()
#2 /var/www/bluespice/w/extensions/LDAPAuthentication2/src/PluggableAuth.php(195): MediaWiki\Extension\LDAPProvider\Client->canBindAs()
#3 /var/www/bluespice/w/extensions/LDAPAuthentication2/src/PluggableAuth.php(62): MediaWiki\Extension\LDAPAuthentication2\PluggableAuth->checkLDAPLogin()
#4 /var/www/bluespice/w/extensions/PluggableAuth/includes/PluggableAuthLogin.php(30): MediaWiki\Extension\LDAPAuthentication2\PluggableAuth->authenticate()
#5 /var/www/bluespice/w/includes/specialpage/SpecialPage.php(600): PluggableAuthLogin->execute()
#6 /var/www/bluespice/w/includes/specialpage/SpecialPageFactory.php(635): SpecialPage->run()
#7 /var/www/bluespice/w/includes/MediaWiki.php(307): MediaWiki\SpecialPage\SpecialPageFactory->executePath()
#8 /var/www/bluespice/w/includes/MediaWiki.php(947): MediaWiki->performRequest()
#9 /var/www/bluespice/w/includes/MediaWiki.php(547): MediaWiki->main()
#10 /var/www/bluespice/w/index.php(53): MediaWiki->run()
#11 /var/www/bluespice/w/index.php(46): wfIndexMain()
#12 {main}

System info:
Product Version
MediaWiki 1.35.10 (aed5b1a)
07:18, 16 May 2023
PHP 8.0.28 (fpm-fcgi)
MariaDB 10.6.12-MariaDB-0ubuntu0.22.04.1
ICU 70.1
Lua 5.1.5
BlueSpice (Credits) 4.2.7 (build:20230516085453)

2

Hello and welcome to the BlueSpice community forums!

The error message indicates that the wiki server can not connect to the LDAP/AD server. Possible reasons are:

  1. No network connection - The wiki server can actually not establish a network connection to the LDAP/AD server, e.g. due to firewalls, subnetwork boundaries or similar.
  2. No hostname resolution - In case you configured used a hostname rather than an IP in the connection.server section of the domain config the wikiserver may just not be able to resolve it properly, due to DNS issues. You can test this by running ping <ldapserverhostname> on the wikiserver CLI
  3. Wrong username/password - Make sure connection.user and connection.pass are properly set. Be aware that connection.user needs to be a user DN
  4. Other connection settings are wrong - Check settings e.g. regarding secure connection (connection.enctype)

How to troubleshoot?

  1. Check if an LDAP connection can be established from the wikiserver to the LDAP server. E.g. use ldapsearch.
  2. Enable debug logging for the LDAP-Stack extensions to get more information
  3. Use maintenance scripts like extensions/LDAPProvider/maintenance/CheckLogin.php, extensions/LDAPProvider/maintenance/ShowUserInfor.php and extensions/LDAPProvider/maintenance/ShowUserGroups.php to verify that the wiki can connect to the LDAP/AD server

You can also share your LDAP related config here. Just make sure to remove any sensitive data (usernames, passwords, …) beforehand.

Hope that helps!

EDIT: Actually the error message indicates that values of connection.user and connection.pass are not correct. Apparently it is no generic connection issue.