Mediawiki and user passwords
October 2nd, 2009 by ravi

I just spent a few hours trying to figure this out, and in the interest of saving someone equally clueless the same effort, for the Googles, a summary of my experience with user login issues in Mediawiki.

My setup uses the LdapAuthentication extension to, as can be expected, authenticate users using an LDAP directory. A few members of my team complained that they were unable to login, even though their Mediawiki login (with the first letter in lowercase) matched their LDAP uid. I am yet to nail down the exact cause of this, but it seems to have something to do with certain special characters in the password string. Change the password in LDAP (to not include these characters) and the problem disappears.

What made matters worse in my case was that in order to debug the situation, one of the users set his password to his login name (admittedly a highly insecure action, but this is not a public Wiki, and the change was temporary) and login attempts continued to fail for this person with the new, simple, password as well. Turns out that buried in the Mediawiki code (in includes/User.php) is a function isValidPassword() which implements a check that returns failure if the password and username are the same! Unfortunately the error returned is a generic “Wrong Password” error.

Which all made for a very enjoyable Friday evening!

»  Substance: WordPress  »  Style: Ahren Ahimsa