Last modified: 2014-10-14 09:40:11 UTC
I've notice the kerberos authentication from LdapAuthentication-REL1_19-e378be4 (the version you can get from mediawiki) have some issues loading user information from AD. I've notice when using Kerberos token, the LDAP information (email, user groups and other information) is not updated. This procedure works fine with same configuration when login using password. So I've notice on the function authenticate, when useAutoAuth is set, the system do not bind to AD looking for the details, so getUserInfo is never executed. I've modified the function to enable bind as proxyAgent and initilize the user information from AD. diff -r LdapAuthentication/LdapAuthentication.php LdapAuthentication.orig/LdapAuthentication.php 682,705d670 < // IGGL < //} < } else { < $this->printDebug( "Binding as proxyAgent", NONSENSITIVE ); < $bind = $this->bindAs( $this->getConf( 'ProxyAgent'), $this->getConf( 'ProxyAgentPassword' ) ); < if ( !$bind ) { < $this->markAuthFailed(); < return false; < } < $ss = $this->getConf( 'SearchString' ); < if ( $ss ) { < if ( strstr( $ss, "@" ) || strstr( $ss, '\\' ) ) { < // We are most likely configured using USER-NAME@DOMAIN, or < // DOMAIN\\USER-NAME. < // Get the user's full DN so we can search for groups and such. < $this->userdn = $this->getUserDN( $username ); < $this->printDebug( "Fetched UserDN: $this->userdn", NONSENSITIVE ); < } else { < // Now that we are bound, we can pull the user's info. < $this->printDebug( "GetUserInfo", NONSENSITIVE ); < $this->getUserInfo(); < } < } < 707d671 < // IGGL