Page 1 of 2
IIS / PHP 5.4 / LDAP / SSO Problem
Posted: Mon Jun 10, 2013 4:48 pm
by funsurfer
Hy Guys,
I had a Setup with Server 2008 R2 / IIS / MSSQL & PHPMyfaq 2.8 and the LDAP connect is working correctly.
But if i activate SSO it will not work.
I'll see the auth on the DC, and all will work correct, but the PHPMyFAQ say that the login is incorrect:
Following error in AdminLog:
Es ist eine ungültige Loginkombination versucht worden.\nLogin: DOMAIN\xxxx\nErrors: No authentication method specified. , Specified password is not correct.
Can anyone Help me?
Thnaks
Brgds
Re: IIS / PHP 5.4 / LDAP / SSO Problem
Posted: Tue Jun 11, 2013 10:04 am
by Thorsten
Hi,
do you use the login or account name?
bye
Thorsten
Re: IIS / PHP 5.4 / LDAP / SSO Problem
Posted: Tue Jun 11, 2013 4:06 pm
by funsurfer
In LDAP it is the samAccountName
Re: IIS / PHP 5.4 / LDAP / SSO Problem
Posted: Tue Jun 11, 2013 6:17 pm
by Thorsten
Re: IIS / PHP 5.4 / LDAP / SSO Problem
Posted: Thu Jun 13, 2013 2:32 pm
by funsurfer
Hm.... Not really the right.
Ill explain it a litte bit more:
Real Active Directory:
samAccountName: 9999
UPN:
t.user@domain.com
Mail:
t.user@domain.com
CN: Test User
if i activate LDAP and login to phpMyFAQ this userentry is created:
ID: 2
STATUS: ACTIVE
Your NAME: Test User
Username: 9999
EMAIL:
t.user@domain.com
The LDAP login is working fine.
the file constants_ldap:
Code: Select all
// Datamapping - in this example for an ADS
$PMF_LDAP['ldap_mapping'] = array (
'name' => 'cn',
'username' => 'samAccountName',
'mail' => 'mail'
);
// In a multi-domain environment, users may enter a prefix as domain, e.g. "DOMAIN\username"
// If possible, you should use the Microsoft Global Catalog as LDAP-Server, which comes
// with every ADS-Installation.
$PMF_LDAP['ldap_use_domain_prefix'] = false;
Now, that ill be sure that the LDAP is working i want to activate SSO
(Browser NTLM auth in Firefox is working)
But if i turn the feature on, the FAQ comes up with the login Promt and won't log in correctly.
But i see the login on the domeincontroller correctly and in the same way.
Brgds
Re: IIS / PHP 5.4 / LDAP / SSO Problem
Posted: Thu Jun 13, 2013 6:14 pm
by Thorsten
Hi,
okay, LDAP works, SSO not? I never tested LDAP and SSO, normally the login should work with each of both.
I'll check it
bye
Thorsten
Re: IIS / PHP 5.4 / LDAP / SSO Problem
Posted: Wed Jun 26, 2013 1:52 pm
by funsurfer
Hi,
Any news?
Brgds
Re: IIS / PHP 5.4 / LDAP / SSO Problem
Posted: Thu Jun 27, 2013 5:54 pm
by Thorsten
Hi,
I cannot reproduce this because I don't have a LDAP and SSO powered environment for testing and debugging... I checked the code and it should work...
bye
Thorsten
Re: IIS / PHP 5.4 / LDAP / SSO Problem
Posted: Thu Jun 27, 2013 8:25 pm
by funsurfer
Okay... it should, but it dont work
If you want we can make a teamviewer session.
Brgds
Re: IIS / PHP 5.4 / LDAP / SSO Problem
Posted: Fri Jun 28, 2013 3:21 pm
by Thorsten
Hi,
that'll be hard for debugging
bye
Thorsten
Re: IIS / PHP 5.4 / LDAP / SSO Problem
Posted: Thu Jul 11, 2013 3:01 pm
by funsurfer
Okay, then please tell me wich are the recommends for SSO or what is checked.
Wich files are in use?
Brgds
Re: IIS / PHP 5.4 / LDAP / SSO Problem
Posted: Thu Jul 11, 2013 7:05 pm
by Thorsten
Hi,
it's in
inc/PMF/Auth.php
inc/PMF/Auth/Ldap.php
inc/PMF/Auth/Sso.php
inc/PMF/User.php
inc/PMF/User/CurrentUser.php
index.php
bye
Thorsten
Re: IIS / PHP 5.4 / LDAP / SSO Problem
Posted: Wed Aug 21, 2013 9:39 am
by faqn00b
I can confirm i'm having the same problem with IIS / LDAP and SSO.
I'm able to login to AD but once i enable SSO in the phpmyfaq config page it does not let me login.
Re: IIS / PHP 5.4 / LDAP / SSO Problem
Posted: Wed Aug 21, 2013 9:44 am
by Thorsten
Hi,
is there a possibilty to debug it on your machine?
bye
Thorsten
Re: IIS / PHP 5.4 / LDAP / SSO Problem
Posted: Wed Aug 21, 2013 11:03 pm
by faqn00b
Yeah no problem.
I turned debug to true in the bootstrap.php but i didn't see any extra messages when I refresh the page, i can see the debug messages after i enable SSO in the admin section.
I can see the service account hitting Active Directory but the web interface just states wrong user name and password, if i enter a username and password in it doesn't work either.
I have to manually change the SSO option back to disable in the database.
Let me know how i can help.
Thank you.