Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New stable authad plugin is broken #1616

Closed
urusha opened this issue Jun 27, 2016 · 11 comments
Closed

New stable authad plugin is broken #1616

urusha opened this issue Jun 27, 2016 · 11 comments

Comments

@urusha
Copy link

@urusha urusha commented Jun 27, 2016

After updating to 2016-06-26 "Elenor of Tsort" I have such errors in the log:

PHP Fatal error: Call to protected method adLDAPUtils::ldapSlashes() from context 'adLDAPGroups' in lib/plugins/authad/adLDAP/classes/adLDAPGroups.php on line 423

A workaround attached
patch.txt

@themysteq
Copy link

@themysteq themysteq commented Jun 27, 2016

Same error here. Used autoupdate feature.

php-fpm -v
PHP 5.6.22 (fpm-fcgi) (built: May 26 2016 15:37:05)
Copyright (c) 1997-2016 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2016 Zend Technologies

patch worked for me. Thanks very much for fast fix :)

@barrydegraaff
Copy link

@barrydegraaff barrydegraaff commented Jun 27, 2016

Yes, I have this problem too, after upgrading to 2016-06-26 "Elenor of Tsort", I can no longer log on and recieve a password/username is incorrect message when trying to log-on.

I have been using this configuration with admin upgrade module for a few years, and havent had this problem before.

Did something change in the Auth Ad??

@barrydegraaff
Copy link

@barrydegraaff barrydegraaff commented Jun 27, 2016

Also the suggested patch above does not work for me, also I use AD groups, so that may have to do with it as well. Putting an older version of AuthAD back, also does not work.

splitbrain added a commit that referenced this issue Jun 27, 2016
It seems some update of the adLDAP library made a crucial function
protected, thus breaking the authad plugin.

This just makes the function public again, which should fix the
immeadiate problem. A proper fix would need to do #1553 as well
@Klap-in
Copy link
Collaborator

@Klap-in Klap-in commented Jun 27, 2016

public to protected was by this PR: #1552
I think I copied too much from a new version.

@bug bug added this to the Elenor of Tsort - stable release milestone Jun 30, 2016
@bug
Copy link
Collaborator

@bug bug commented Jun 30, 2016

I'll roll out a hotfix with that fix included.
@splitbrain can you merge it?

Thank you all

@bug
Copy link
Collaborator

@bug bug commented Jun 30, 2016

Closing as the fix is in.

@bug bug closed this Jun 30, 2016
@splitbrain
Copy link
Owner

@splitbrain splitbrain commented Jun 30, 2016

@bug yeah. there's another report regarding problems with AD I want to have a look at tonight or tomorrow. I'll let you know when we're good to hotfix release.

@barrydegraaff
Copy link

@barrydegraaff barrydegraaff commented Jul 1, 2016

I looked into why my config did no longer work after upgrading, and apparently removing the $conf['plugin']['authad'] from the config file local.php and re-add them using the configuration manager works.

We used to have stuff like:
$conf['plugin']['authad']['debug'] = '1';
and that is now saved as:
$conf['plugin']['authad']['debug'] = 1;

Also for some reason I have troubles logging on with the bind user, but only some times, since I don't really need it (I think, I just removed it from the config)
$conf['plugin']['authad']['admin_username'] ....

Then the patch above works for me.

@zeroluck
Copy link

@zeroluck zeroluck commented Jul 5, 2016

I just updated today and it broke my working config. This instance was set up about 3 years ago and the configuration I had survived all the updates since then until Elenor of Tsort. To resolve I went back through the authad plugin documentation and reconfigured the parameters in local.protected.php from scratch. I'm not sure what I changed but it works now.

@Klap-in
Copy link
Collaborator

@Klap-in Klap-in commented Jul 5, 2016

I guess that this could be due to remove of support for the old format of config for the auth plugins...
But without more clue about what is now different in your config, this is just a guess...
(do you have at the bottom of your Configuration Manager some not normal defined config options?)

@zeroluck
Copy link

@zeroluck zeroluck commented Jul 6, 2016

old local.protected.php:

<?php
  // general DokuWiki options
  $conf['useacl']            = 1;
  $conf['disableactions']    = 'register,resendpwd';
  $conf['authtype']            = 'authad';

  // configure your Active Directory data here
  $conf['auth']['ad']['account_suffix']        = '@ad.domain.name';
  $conf['auth']['ad']['base_dn']            = 'DC=ad,DC=domain,DC=name';
  $conf['auth']['ad']['domain_controllers']    = 'dc.domain.name';

  // Enable SSO
  $conf['auth']['ad']['sso']                = 1;
  $conf['auth']['ad']['ad_username']        = 'wikibind';
//user account with permission to perform AD lookups
  $conf['auth']['ad']['ad_password']        = 'password';

  $conf['auth']['ad']['real_primarygroup']    = 1;
  $conf['auth']['ad']['use_ssl']            = 1;
  $conf['auth']['ad']['use_tls']            = 1;

  $conf['auth']['ad']['recursive_groups']    = 1;
  $conf['auth']['ad']['additional']            = 'department,office'; // additional attributes to fetch

  $conf['auth']['ad']['groupfilter']        = '(&(cn=*)(Member=%{dn})(objectClass=group))'; # find groups for current user(dn)

  // Admin
  $conf['manager']                            = '@it_group_all';
  $conf['superuser']                         = '@domain_admins,@wiki_admins,admin';

  // Debug
  $conf['auth']['ad']['debug']                = 1;
  $conf['auth']['ad']['userinfo_debug']        = 1;

New local.protected.php

<?php
  // general DokuWiki options
  $conf['useacl']         = 1;
  $conf['authtype']       = 'authad';

  // configure your Active Directory data here
  $conf['plugin']['authad']['account_suffix']     = '@ad.domain.name';
  $conf['plugin']['authad']['base_dn']            = 'DC=ad,DC=domain,DC=name';
  $conf['plugin']['authad']['domain_controllers'] = 'dc.domain.name'; //multiple can be given

  $conf['plugin']['authad']['admin_username']        = 'wikibind';
  $conf['plugin']['authad']['admin_password']        = 'password';
  $conf['plugin']['authad']['sso']                = 1;
  $conf['plugin']['authad']['real_primarygroup']  = 1;
  $conf['plugin']['authad']['use_tls']            = 1; // Only one of them.
  $conf['plugin']['authad']['debug']              = 1;
  $conf['plugin']['authad']['recursive_groups']   = 1; // If number of groups in AD is large switching to 0 will improve performance, but indirect membership will not work
  $conf['plugin']['authad']['additional']         = 'department,office'; // additional attributes to fetch
  // warn user about expiring password this many days in advance (in version 2012-03-10 and higher):

  $conf['manager']                            = '@it_group_all';
  $conf['superuser']                         = '@domain_admins,@wiki_admins,admin';
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
7 participants
You can’t perform that action at this time.