IIS / PHP 5.4 / LDAP / SSO Problem

All about webserver configurations, PHP and databases.

Moderator: Thorsten

funsurfer
Posts: 6
Joined: Mon Jun 10, 2013 4:16 pm

IIS / PHP 5.4 / LDAP / SSO Problem

Post by funsurfer » Mon Jun 10, 2013 4:48 pm

Hy Guys,

I had a Setup with Server 2008 R2 / IIS / MSSQL & PHPMyfaq 2.8 and the LDAP connect is working correctly.
But if i activate SSO it will not work.
I'll see the auth on the DC, and all will work correct, but the PHPMyFAQ say that the login is incorrect:

Following error in AdminLog:

Es ist eine ungültige Loginkombination versucht worden.\nLogin: DOMAIN\xxxx\nErrors: No authentication method specified. , Specified password is not correct.

Can anyone Help me?

Thnaks

Brgds

Thorsten
Posts: 15051
Joined: Tue Sep 25, 2001 11:14 am
Location: #phpmyfaq
Contact:

Re: IIS / PHP 5.4 / LDAP / SSO Problem

Post by Thorsten » Tue Jun 11, 2013 10:04 am

Hi,

do you use the login or account name?

bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist

funsurfer
Posts: 6
Joined: Mon Jun 10, 2013 4:16 pm

Re: IIS / PHP 5.4 / LDAP / SSO Problem

Post by funsurfer » Tue Jun 11, 2013 4:06 pm

In LDAP it is the samAccountName

Thorsten
Posts: 15051
Joined: Tue Sep 25, 2001 11:14 am
Location: #phpmyfaq
Contact:

Re: IIS / PHP 5.4 / LDAP / SSO Problem

Post by Thorsten » Tue Jun 11, 2013 6:17 pm

Hi,

please try this: viewtopic.php?f=7&t=14814&start=15#p41307

bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist

funsurfer
Posts: 6
Joined: Mon Jun 10, 2013 4:16 pm

Re: IIS / PHP 5.4 / LDAP / SSO Problem

Post by funsurfer » Thu Jun 13, 2013 2:32 pm

Hm.... Not really the right.

Ill explain it a litte bit more:

Real Active Directory:

samAccountName: 9999
UPN: t.user@domain.com
Mail: t.user@domain.com
CN: Test User

if i activate LDAP and login to phpMyFAQ this userentry is created:
ID: 2
STATUS: ACTIVE
Your NAME: Test User
Username: 9999
EMAIL: t.user@domain.com

The LDAP login is working fine.

the file constants_ldap:

Code: Select all

// Datamapping - in this example for an ADS
$PMF_LDAP['ldap_mapping'] = array (
    'name'     => 'cn',
    'username' => 'samAccountName',
    'mail'     => 'mail'
);

// In a multi-domain environment, users may enter a prefix as domain, e.g. "DOMAIN\username"
// If possible, you should use the Microsoft Global Catalog as LDAP-Server, which comes
// with every ADS-Installation.
$PMF_LDAP['ldap_use_domain_prefix'] = false;
Now, that ill be sure that the LDAP is working i want to activate SSO
(Browser NTLM auth in Firefox is working)

But if i turn the feature on, the FAQ comes up with the login Promt and won't log in correctly.
But i see the login on the domeincontroller correctly and in the same way.

Brgds

Thorsten
Posts: 15051
Joined: Tue Sep 25, 2001 11:14 am
Location: #phpmyfaq
Contact:

Re: IIS / PHP 5.4 / LDAP / SSO Problem

Post by Thorsten » Thu Jun 13, 2013 6:14 pm

Hi,

okay, LDAP works, SSO not? I never tested LDAP and SSO, normally the login should work with each of both.

I'll check it

bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist

funsurfer
Posts: 6
Joined: Mon Jun 10, 2013 4:16 pm

Re: IIS / PHP 5.4 / LDAP / SSO Problem

Post by funsurfer » Wed Jun 26, 2013 1:52 pm

Hi,

Any news?

Brgds

Thorsten
Posts: 15051
Joined: Tue Sep 25, 2001 11:14 am
Location: #phpmyfaq
Contact:

Re: IIS / PHP 5.4 / LDAP / SSO Problem

Post by Thorsten » Thu Jun 27, 2013 5:54 pm

Hi,

I cannot reproduce this because I don't have a LDAP and SSO powered environment for testing and debugging... I checked the code and it should work...

bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist

funsurfer
Posts: 6
Joined: Mon Jun 10, 2013 4:16 pm

Re: IIS / PHP 5.4 / LDAP / SSO Problem

Post by funsurfer » Thu Jun 27, 2013 8:25 pm

Okay... it should, but it dont work

If you want we can make a teamviewer session.

Brgds

Thorsten
Posts: 15051
Joined: Tue Sep 25, 2001 11:14 am
Location: #phpmyfaq
Contact:

Re: IIS / PHP 5.4 / LDAP / SSO Problem

Post by Thorsten » Fri Jun 28, 2013 3:21 pm

Hi,

that'll be hard for debugging :)

bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist

funsurfer
Posts: 6
Joined: Mon Jun 10, 2013 4:16 pm

Re: IIS / PHP 5.4 / LDAP / SSO Problem

Post by funsurfer » Thu Jul 11, 2013 3:01 pm

Okay, then please tell me wich are the recommends for SSO or what is checked.
Wich files are in use?

Brgds

Thorsten
Posts: 15051
Joined: Tue Sep 25, 2001 11:14 am
Location: #phpmyfaq
Contact:

Re: IIS / PHP 5.4 / LDAP / SSO Problem

Post by Thorsten » Thu Jul 11, 2013 7:05 pm

Hi,

it's in

inc/PMF/Auth.php
inc/PMF/Auth/Ldap.php
inc/PMF/Auth/Sso.php
inc/PMF/User.php
inc/PMF/User/CurrentUser.php
index.php

bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist

faqn00b
Posts: 5
Joined: Wed Aug 21, 2013 9:37 am

Re: IIS / PHP 5.4 / LDAP / SSO Problem

Post by faqn00b » Wed Aug 21, 2013 9:39 am

I can confirm i'm having the same problem with IIS / LDAP and SSO.

I'm able to login to AD but once i enable SSO in the phpmyfaq config page it does not let me login.

Thorsten
Posts: 15051
Joined: Tue Sep 25, 2001 11:14 am
Location: #phpmyfaq
Contact:

Re: IIS / PHP 5.4 / LDAP / SSO Problem

Post by Thorsten » Wed Aug 21, 2013 9:44 am

Hi,

is there a possibilty to debug it on your machine?

bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist

faqn00b
Posts: 5
Joined: Wed Aug 21, 2013 9:37 am

Re: IIS / PHP 5.4 / LDAP / SSO Problem

Post by faqn00b » Wed Aug 21, 2013 11:03 pm

Yeah no problem.

I turned debug to true in the bootstrap.php but i didn't see any extra messages when I refresh the page, i can see the debug messages after i enable SSO in the admin section.

I can see the service account hitting Active Directory but the web interface just states wrong user name and password, if i enter a username and password in it doesn't work either.

I have to manually change the SSO option back to disable in the database.

Let me know how i can help.

Thank you.

Post Reply