Page MenuHomePhabricator

LDAP based login is broken in pywikibot because lgdomain is not set
Closed, ResolvedPublic


Couldn't figure out why core didn't work on my wiki with LDAP login. After some debugging I found out that lgdomain doesn't seem to be set anywhere at all. See|query+info

If I just hardcode login_request["lgdomain"] = "mydomain" in, it magically works. The login logic should look in the family file if self.ldapDomain is set and if that's the case include it in the request. Compat doesn't have this problem.

Event Timeline

Multichill raised the priority of this task from to High.
Multichill updated the task description. (Show Details)
Multichill added a subscriber: Multichill.
Restricted Application added subscribers: Aklapper, Unknown Object (MLST). · View Herald TranscriptFeb 20 2015, 3:21 PM
XZise added a subscriber: XZise.Feb 20 2015, 3:25 PM

Can we set lgdomain even without LDAP login?

Dumindux claimed this task.Mar 4 2015, 6:47 AM
Dumindux removed Dumindux as the assignee of this task.
Dumindux set Security to None.
jayvdb added a subscriber: jayvdb.May 30 2015, 5:03 PM

This is pretty good first task, as it needs to be backwards compatible with compat, so no bikeshedding on names, etc. and it should be two lines of code in core.

compat$ git grep ldapDomain
families/README-family.txt:        #self.ldapDomain = 'domain here'        self.ldapDomain = ()            if                predata['lgdomain'] =            if     # VistaPrint fix                predata["wpDomain"] =

@Multichill, are you able to test patches for this?

Hi, I am interested in working on this bug.
As far as I understand (from the discussions above) there needs to be a check on ldapDomain and lgdomain should be set accordingly, somewhere near line no. 3036 in
i.e. just after the initialisation.
I'm completely new to this so please correct me if I'm wrong somewhere and should I move ahead resolving this bug?

Restricted Application added a subscriber: TerraCodes. · View Herald TranscriptSep 25 2016, 5:16 PM

why in Can't it be done in the like how it was done in compact?

The modification to outlined here resolved the issue for me:

LDAP authentication worked until I added a second domain to the authentication options in my LocalSettings.php. I have not had an opportunity to revert the change and test, but I wanted to mention it just in case it helps reproduce the issue.

Change 330144 had a related patch set uploaded (by Phantom42):
Fix broken LDAP based login

Change 330144 merged by jenkins-bot:
Fix broken LDAP based login

MtDu closed this task as Resolved.Jan 5 2017, 5:07 AM
MtDu added a subscriber: MtDu.

Patch has been merged. Hence closing as resolved. Thanks!