DokuWiki LDAP can't see any groups - ldap

We have just changed our domain after protracted name change (the name actually happened two years ago!) and our DokuWiki installation has stopped being able to see any groups and memberships.
The config has been updated to reflect the new server and DCs and login is working correctly, it is only the groups that aren't working.
$conf['auth']['ldap']['server'] = 'ldap://MYDC.mydomain.co.uk:389';
$conf['auth']['ldap']['binddn'] = '%{user}#mydomain.co.uk';
$conf['auth']['ldap']['usertree'] = 'dc=mydomain,dc=co,dc=uk';
$conf['auth']['ldap']['userfilter'] = '(userPrincipalName=%{user}#mydomain.co.uk)';
$conf['auth']['ldap']['mapping']['name'] = 'displayname';
$conf['auth']['ldap']['mapping']['grps'] = 'array(\'memberof\' => \'/CN=(.+?),/i\')';
$conf['auth']['ldap']['grouptree'] = 'dc=mydomain,dc=co,dc=uk';
$conf['auth']['ldap']['groupfilter'] = '(&(cn=*)(Member=%{dn})(objectClass=group))';
$conf['auth']['ldap']['referrals'] = '0';
$conf['auth']['ldap']['version'] = '3';
$conf['auth']['ldap']['debug'] = 1;
Obviously I have edited the doain name there, but for the life of me I can't see what's wrong here, It all worked fine yesterday on the old domain.
I should also state that this is an old version of DokuWiki that for various reasons I can't actually update.
The debug line gives me a "ldap search: success" line, but if I add "?do=check" onto any url within the system I get "You are part of the groups"...... and nothing, it can't see any groups.
It's a massive pain as we have a pretty intricate ACL setup for the site, so it's not like I can just throw it open to all.
If anyone has any suggestions, no matter how obvious, please pass them on.

Solved it by changing the dokuwiki authentication plugin that was used, the 'authad' is more simple to use and just works with what I'm doing.
As a side bonus it also means that I have finally been able to get the install upgraded to the current version.

Related

What is wrong in these steps regarding to connecting metabase and ldap?

I am not able to create connection between metabase and LDAP.
I am trying to set it up similar with our Zeppelin configuration:
ldapRealm.contextFactory.url = our_url<br>
ldapRealm.contextFactory.systemUsername = our_username<br>
ldapRealm.contextFactory.systemPassword = our_password
ldapRealm.userDnTemplate = cn={0},ou=people,dc=xha,dc=app<br>
ldapRealm.memberAttributeValueTemplate = cn={0},ou=people,dc=xha,dc=app<br>
ldapRealm.authorizationEnabled = true<br>
ldapRealm.searchBase = dc=xha,dc=app<br>
ldapRealm.userSearchBase = ou=people,dc=xha,dc=app<br>
ldapRealm.groupSearchBase = ou=group,dc=xha,dc=app<br>
ldapRealm.userSearchAttributeName = uid<br>
ldapRealm.userSearchFilter = (&(objectclass=*)(uid={0}))<br>
ldapRealm.memberAttribute = memberUid
When I tried similar configuration:
URL, Username, Password, worked well.
I tried use “ou=people,dc=xha,dc=app” for “USER SEARCH BASE”, but it did not work and I get error in log:
errors {:ldap-user-base "User search base does not exist or is
unreadable"}}
So it seems, that “USER SEARCH BASE” is in reality “GROUP SEARCH BASE”.
The only one value which working in “USER SEARCH BASE” is “OU=group,DC=xha, DC=app”
I tried for “USER FILTER”:<br>
cn={login},ou=people,dc=xha,dc=app<br>
(&(objectClass=)(uid={0}))<br>
(&(objectClass=)(uid={login}))<br>
(&(objectClass=)(memberUid={0}))<br>
(&(objectClass=)(memberUid={login}))<br>
{uid={login}}<br>
(&(objectclass=*)(cn={login}))<br>
I also tried with empty filter.
Nothing works yet and I am stuck on this for like 2 weeks.
In log is just:
{:errors {:password “did not match stored password”}}
I also tried steps in https://discourse.metabase.com/t/ldap-debugging/2741 but I am still not able to make it work.
Our “LDAP” accounts have no email -> https://discourse.metabase.com/t/autenticate-by-ldap-a-user-that-have-no-email/5215
I do not know if this is still “hardcoded” in version: 0.34.2
So, do you have any suggestions, how can I figured it out?
Thank you in advance
Peter
Actually I figured it out. "OU=people,DC=xha, DC=app" was correct, but our LDAP schema was huge and there were errors in LDAP's logs, that "SIZE LIMIT EXCEEDED". So we started using MariaDB for storing Metabase settings and I saved settings with "OU=group,DC=xha, DC=app" and then manually changed to OU=people,DC=xha, DC=appin MariaDB.

Issues pulling change log using python

I am trying to query and pull changelog details using python.
The below code returns the list of issues in the project.
issued = jira.search_issues('project= proj_a', maxResults=5)
for issue in issued:
print(issue)
I am trying to pass values obtained in the issue above
issues = jira.issue(issue,expand='changelog')
changelog = issues.changelog
projects = jira.project(project)
I get the below error on trying the above:
JIRAError: JiraError HTTP 404 url: https://abc.atlassian.net/rest/api/2/issue/issue?expand=changelog
text: Issue does not exist or you do not have permission to see it.
Could anyone advise as to where am I going wrong or what permissions do I need.
Please note, if I pass a specific issue_id in the above code it works just fine but I am trying to pass a list of issue_id
You can already receive all the changelog data in the search_issues() method so you don't have to get the changelog by iterating over each issue and making another API call for each issue. Check out the code below for examples on how to work with the changelog.
issues = jira.search_issues('project= proj_a', maxResults=5, expand='changelog')
for issue in issues:
print(f"Changes from issue: {issue.key} {issue.fields.summary}")
print(f"Number of Changelog entries found: {issue.changelog.total}") # number of changelog entries (careful, each entry can have multiple field changes)
for history in issue.changelog.histories:
print(f"Author: {history.author}") # person who did the change
print(f"Timestamp: {history.created}") # when did the change happen?
print("\nListing all items that changed:")
for item in history.items:
print(f"Field name: {item.field}") # field to which the change happened
print(f"Changed to: {item.toString}") # new value, item.to might be better in some cases depending on your needs.
print(f"Changed from: {item.fromString}") # old value, item.from might be better in some cases depending on your needs.
print()
print()
Just to explain what you did wrong before when iterating over each issue: you have to use the issue.key, not the issue-resource itself. When you simply pass the issue, it won't be handled correctly as a parameter in jira.issue(). Instead, pass issue.key:
for issue in issues:
print(issue.key)
myIssue = jira.issue(issue.key, expand='changelog')

MediaWiki Database: Why the incredibly long response time?

I have been consolidating 3 Databases into one via prefixes in my mediawiki installation. I got three wikis using the same database like so:
en_interwiki
de_interwiki
es_interwiki
Everything works fine out of visitor perspective... but whenever a USER wants to post a new article or commit edits, the database takes up to 35 seconds to respond. This is unacceptable.
I activated debugging like so:
# Debugging:
$wgDBerrorLog = '/var/log/mediawiki/WikiDBerror.log';
$wgShowSQLErrors = true;
$wgDebugDumpSql = true;
$wgDebugLogFile = '/var/log/mediawiki/WikiDebug.log';
$wgShowDBErrorBacktrace = true;
I am getting debug info, and it seems that pagelinks is the culprit, but i am not one hundred percent sure.
Did anyone ever have this issue before?
Please help me!
Best regards,
Max
I could fix it. In my case, the memcache had the wrong port. Everything is back to normal.
In case anyone uses memcache with their MediaWiki installation: Be sure to use the right port on your server, or you will end up like me, with 30 second-wait-times.

Magento1.9.1 Please make sure your password match issue

I am encountering this issue in CE1.9.1.
When a User registers (doesn't matter if its during checkout or from the Create an Account link) the user keeps getting the password mismatch error even though the password is re-entered correctly.
The form validation does not indicate a miss-match, but once a user clicks on Register it returns the mismatch error.
There is no errors in the chrome console...
I found this: https://magento.stackexchange.com/questions/37381/please-make-sure-your-passwords-match-password-error-in-checkout-with-new-re
But I don't believe it is the same error.
I need to fix it soon, any help is greatly appreciated!
We also had this issue with 1 of our webshops. However we used a checkout extension. So im not sure if this applies for the regular standard checkout. Anyway.
The question should be, are u using a checkout extension?
If so, the value inside the model's file of that extension is set at:
$customer->setConfirmation($password);
but should be:
$customer->setPasswordConfirmation($password);
For me this worked, without changing anything in the core. It's just that the extensions should get a small update, or you can do it manually like i did. Just find that line in the files of the model map of your extension.
as workaround you can use folloing code:
$confirmation = $this->getConfirmation();
$passwordconfirmation = $this->getPasswordConfirmation();
//if ($password != $confirmation) {
if (!(($password == $confirmation) ||
($password == $passwordconfirmation))) {
$errors[] = Mage::helper('customer')->__('Please make sure your passwords match.');
}
Changing app/code/core/Mage/Customer/Model/Customer.php as proposed by #Pedro breaks the functionality of "forgot password" and "edit customer account" pages. Instead, make the following changes to
app/code/core/Mage/Checkout/Model/Type/Onepage.php
by editing lines starting from 369
if ($quote->getCheckoutMethod() == self::METHOD_REGISTER) {
// set customer password
$customer->setPassword($customerRequest->getParam('customer_password'));
$customer->setConfirmation($customerRequest->getParam('confirm_password'));
} else {
// emulate customer password for quest
$password = $customer->generatePassword();
$customer->setPassword($password);
$customer->setConfirmation($password);
}
and set the PasswordConfirmation -Property and not the Confirmation-Property of the Customer-Object:
if ($quote->getCheckoutMethod() == self::METHOD_REGISTER) {
// set customer password
$customer->setPassword($customerRequest->getParam('customer_password'));
$customer->setPasswordConfirmation($customerRequest->getParam('confirm_password'));
} else {
// emulate customer password for quest
$password = $customer->generatePassword();
$customer->setPassword($password);
$customer->setPasswordConfirmation($password);
}
Encountered the same problem and fixed it. Snel's answer is closer to right answer. The problem could lay in the external/local modules, so you should check not the
app/code/core/Mage/Checkout/Model/Type/Onepage.php
And of course do NOT modify it in any case!
But you should find _validateCustomerData() method which is used in your case. Use Mage::log() or debug_backtrace() for it. It may look something like (but not exactly, because this part could be modified for some reason):
if ($quote->getCheckoutMethod() == self::METHOD_REGISTER) {
// set customer password
$customer->setPassword($customerRequest->getParam('customer_password'));
$customer->setConfirmation($customerRequest->getParam('confirm_password'));
} else {
// emulate customer password for quest
$password = $customer->generatePassword();
$customer->setPassword($password);
$customer->setConfirmation($password);
}
Those modules extend the old version of core file so if you module wasn't updated, you should change them yourself and change
setConfirmation()
to its current usable analog:
setPasswordConfirmation()
I also had this same problem. I'm not comfortable with code so I wanted to avoid all the above fiddling. To fix it all I did was update my extensions, and I also disable one page checkout, cleared cache, then re-enabled one-page checkout.
This has now fixed the problem without needing to modify code.
hope it helps for you.
If anybody still can't figure out, why this is happening:
The Conlabz Useroptin extension (http://www.magentocommerce.com/magento-connect/newsletter-double-opt-in-for-customers.html) can cause this behavior aswell.
Unless this truly is a core bug, I wouldn't recommend changing core files.But i sloved this way Open app\code\core\Mage\Customer\Model\Customer.php and edit your code like below
$confirmation = $this->getConfirmation();
$passwordconfirmation = $this->getPasswordConfirmation();
//if ($password != $confirmation) {
if (!(($password == $confirmation) ||
($password == $passwordconfirmation))) {
$errors[] = Mage::helper('customer')->__('Please make sure your passwords match.');
}
I had the same issue after updating to 1.9.2.1 and was unable to resolve using some of the suggested code changes here and elsewhere - also very reluctant to change core code for obvious reasons.
My solution - a configuration update. It was:
Enable OnePage Checkout = Yes
Allow Guest Checkout = Yes
Require Customer to be Logged in = No
I updated to Yes/No/Yes as per the above and cleared the cache. This resolved the issue by inserting the standard customer registration form (rather than appending the registration to end of the billing info) and passing that info to the billing form on successful registration.
It seems there is a code issue here along the lines of the other responses but this was an excellent workaround for me. Hope it helps.
Change this code
app\code\core\Mage\Customer\Model\Customer.php
$confirmation = $this->getPasswordConfirmation();
to this code
$confirmation = $this->getConfirmation();

Trac + AccountManagerPlugin: How do I get cookie sharing working?

I have an active Trac installation with multiple projects. I am using the AccountManagerPlugin to manage user accounts, and to allow users to manage their own accounts.
My current AccountManagerPlugin configuration looks like this:
[account-manager]
account_changes_notify_addresses =
authentication_url =
force_passwd_change = true
generated_password_length = 8
hash_method = HtDigestHashMethod
htdigest_realm = TracRealm
notify_actions = []
password_file = /home/sms/trac_sites/trac.htdigest
password_store = HtDigestStore
persistent_sessions = true
user_lock_max_time = 0
verify_email = false
This works great, except: Each Trac project currently requires separate authentication. The projects are unable to share their authentication cookies.
Setting auth_cookie_path = /trac does not work, because session data is stored in each project's own database; therefore one project cannot validate the cookie of another. Worse, this causes projects to overwrite each other's cookies.
Using an undocumented two-year-old monkey patch (SharedCookieAuthPlugin) seems like a bad idea.
Is there a solution?
SharedCookieAuthPlugin is indeed the way to go. The author of the plugin (k0s, alias Jeff Hammel) was the person who requested the auth_cookie_path option, specifically for his plugin. The fact that it hasn't been updated in two years just means that it works as it is.