LDAP installation with BS4

role-end · March 13, 2025, 9:56am

Hi,

I ran into issues with LDAP Extensions and BS4 Free.
My system runs on separated docker containers which are installed via ansible. During installation the latest zip of BS4 Free is downloaded and extracted into the docker. After the installation I clone the LDAP Extensions

LDAPProvider
LDAPAuthentication2
LDAPGroups
PluggableAuth

to the extension directory.

The versions and the config is the same as in my existing Mediawiki installation (REL1_40). The only adaptation is the solution from
LDAPStack in Bluespice 4.4 - Configuration/Setup - BlueSpice Community
which I have applied in my config.

When running all the maintenance scripts in LDAPProvider everything is working as expected without errors or any problems.

Since a few days the login with the UserLogin Page isn’t working anymore. Sometimes it was possible to login but for the most attempts I get following message back:

“Could not fetch required user info to complete login”

In the trace (see below) there is the binding ok but the ldap_search returns a false but with error code (Success).

I also checed with a LDAP Admin programm and the search there was successful with my filter and basedn etc.

Traces(sorry some personal information wwere replaced):
LDAPProvider Log:

Found user DN: 'CN=myUser,OU=USER_S,OU=myCompanyAG,OU=People,OU=myCompany_Holding,DC=myCompany,DC=at'
MediaWiki\Extension\LDAPProvider\Client::getSearchString: User DN is: 'CN=myUser,OU=USER_S,OU=myCompanyAG,OU=People,OU=myCompany_Holding,DC=myCompany,DC=at'
ldap_bind( $linkID, $bindRDN = 'CN=myUser,OU=USER_S,OU=myCompanyAG,OU=People,OU=myCompany_Holding,DC=myCompany,DC=at', $bindPassword = 'XXXX' );
# returns true
ldap_bind( $linkID, $bindRDN = 'cn=LdapAdminUser,cn=Users,dc=myCompany,dc=at', $bindPassword = 'XXXX' );
# returns true
ldap_search( $linkID, $baseDN = 'OU=People,OU=myCompany_Holding,DC=myCompany,DC=at', $filter = '(cn=myUser)', $attributes = [ 'description', 'givenname', 'distinguishedname', 'displayname', 'memberof', 'name', 'samaccountname', 'userprincipalname', 'objectcategory', 'mail', 'dn', 'telephonenumber', 'cn', 'sn', 'uid' ], $attrsonly = , $sizelimit = , $timelimit = , $deref =  );
# returns an error (Success)
ldap_error( $linkID );
# returns Success

LDAPAuthentication2 Log

Try to authenticate user: myUser
Not local login. Checking LDAP...
LDAP domain: myCompany_Logistik
Error fetching userinfo: Error in LDAP search: Success
#0 /var/www/bluespice/extensions/LDAPProvider/src/UserInfoRequest.php(68): MediaWiki\Extension\LDAPProvider\Client->search('(cn=myUser)', 'OU=People,OU=Kn...', Array)
#1 /var/www/bluespice/extensions/LDAPProvider/src/Client.php(272): MediaWiki\Extension\LDAPProvider\UserInfoRequest->getUserInfo('myUser')
#2 /var/www/bluespice/includes/libs/objectcache/BagOStuff.php(216): MediaWiki\Extension\LDAPProvider\Client->MediaWiki\Extension\LDAPProvider\{closure}(500)
#3 /var/www/bluespice/extensions/LDAPProvider/src/Client.php(263): BagOStuff->getWithSetCallback('bs?hwiki:ldap-p...', 500, Object(Closure))
#4 /var/www/bluespice/extensions/LDAPAuthentication2/src/PluggableAuth.php(271): MediaWiki\Extension\LDAPProvider\Client->getUserInfo('myUser')
#5 /var/www/bluespice/extensions/LDAPAuthentication2/src/PluggableAuth.php(122): MediaWiki\Extension\LDAPAuthentication2\PluggableAuth->checkLDAPLogin('myCompany_Logistik', 'myUser', 'myPassword', NULL, NULL, NULL)
#6 /var/www/bluespice/extensions/PluggableAuth/includes/PluggableAuthLogin.php(103): MediaWiki\Extension\LDAPAuthentication2\PluggableAuth->authenticate(NULL, 'myUser', NULL, NULL, NULL)
#7 /var/www/bluespice/includes/specialpage/SpecialPage.php(701): MediaWiki\Extension\PluggableAuth\PluggableAuthLogin->execute(NULL)
#8 /var/www/bluespice/includes/specialpage/SpecialPageFactory.php(1428): SpecialPage->run(NULL)
#9 /var/www/bluespice/includes/MediaWiki.php(316): MediaWiki\SpecialPage\SpecialPageFactory->executePath('PluggableAuthLo...', Object(RequestContext))
#10 /var/www/bluespice/includes/MediaWiki.php(904): MediaWiki->performRequest()
#11 /var/www/bluespice/includes/MediaWiki.php(562): MediaWiki->main()
#12 /var/www/bluespice/index.php(50): MediaWiki->run()
#13 /var/www/bluespice/index.php(46): wfIndexMain()
#14 {main}

PluggableAuth Log:

In execute()
Getting PluggableAuth instance
Plugin name: LDAPAuthentication2
Authentication failure.
ERROR: Could not fetch required user info to complete login

I have tried now everything but nothing is working. When the login is possible the ldap_search function doesn’t return the false but the correct data. This happens without changing anything…

Topic		Replies	Views
LDAPStack in Bluespice 4.4 Configuration/Setup	3	233	October 23, 2024
Extension failure with upgrade from MW 1.35 to 1.42 Configuration/Setup	5	36	March 2, 2025
Update 4.2.4 --> 4.4 geting errors Configuration/Setup	1	149	May 22, 2024
Newest Build 4.4 - Search don't work Configuration/Setup extendedsearch	2	263	February 9, 2024
Rootless Container and external data dir (permission problems) Configuration/Setup	1	180	February 2, 2024

LDAP installation with BS4

Related topics