Page 1 of 2

IIS / PHP 5.4 / LDAP / SSO Problem

Posted: Mon Jun 10, 2013 4:48 pm
by funsurfer
Hy Guys,

I had a Setup with Server 2008 R2 / IIS / MSSQL & PHPMyfaq 2.8 and the LDAP connect is working correctly.
But if i activate SSO it will not work.
I'll see the auth on the DC, and all will work correct, but the PHPMyFAQ say that the login is incorrect:

Following error in AdminLog:

Es ist eine ung├╝ltige Loginkombination versucht worden.\nLogin: DOMAIN\xxxx\nErrors: No authentication method specified. , Specified password is not correct.

Can anyone Help me?

Thnaks

Brgds

Re: IIS / PHP 5.4 / LDAP / SSO Problem

Posted: Tue Jun 11, 2013 10:04 am
by Thorsten
Hi,

do you use the login or account name?

bye
Thorsten

Re: IIS / PHP 5.4 / LDAP / SSO Problem

Posted: Tue Jun 11, 2013 4:06 pm
by funsurfer
In LDAP it is the samAccountName

Re: IIS / PHP 5.4 / LDAP / SSO Problem

Posted: Tue Jun 11, 2013 6:17 pm
by Thorsten
Hi,

please try this: viewtopic.php?f=7&t=14814&start=15#p41307

bye
Thorsten

Re: IIS / PHP 5.4 / LDAP / SSO Problem

Posted: Thu Jun 13, 2013 2:32 pm
by funsurfer
Hm.... Not really the right.

Ill explain it a litte bit more:

Real Active Directory:

samAccountName: 9999
UPN: t.user@domain.com
Mail: t.user@domain.com
CN: Test User

if i activate LDAP and login to phpMyFAQ this userentry is created:
ID: 2
STATUS: ACTIVE
Your NAME: Test User
Username: 9999
EMAIL: t.user@domain.com

The LDAP login is working fine.

the file constants_ldap:

Code: Select all

// Datamapping - in this example for an ADS
$PMF_LDAP['ldap_mapping'] = array (
    'name'     => 'cn',
    'username' => 'samAccountName',
    'mail'     => 'mail'
);

// In a multi-domain environment, users may enter a prefix as domain, e.g. "DOMAIN\username"
// If possible, you should use the Microsoft Global Catalog as LDAP-Server, which comes
// with every ADS-Installation.
$PMF_LDAP['ldap_use_domain_prefix'] = false;
Now, that ill be sure that the LDAP is working i want to activate SSO
(Browser NTLM auth in Firefox is working)

But if i turn the feature on, the FAQ comes up with the login Promt and won't log in correctly.
But i see the login on the domeincontroller correctly and in the same way.

Brgds

Re: IIS / PHP 5.4 / LDAP / SSO Problem

Posted: Thu Jun 13, 2013 6:14 pm
by Thorsten
Hi,

okay, LDAP works, SSO not? I never tested LDAP and SSO, normally the login should work with each of both.

I'll check it

bye
Thorsten

Re: IIS / PHP 5.4 / LDAP / SSO Problem

Posted: Wed Jun 26, 2013 1:52 pm
by funsurfer
Hi,

Any news?

Brgds

Re: IIS / PHP 5.4 / LDAP / SSO Problem

Posted: Thu Jun 27, 2013 5:54 pm
by Thorsten
Hi,

I cannot reproduce this because I don't have a LDAP and SSO powered environment for testing and debugging... I checked the code and it should work...

bye
Thorsten

Re: IIS / PHP 5.4 / LDAP / SSO Problem

Posted: Thu Jun 27, 2013 8:25 pm
by funsurfer
Okay... it should, but it dont work

If you want we can make a teamviewer session.

Brgds

Re: IIS / PHP 5.4 / LDAP / SSO Problem

Posted: Fri Jun 28, 2013 3:21 pm
by Thorsten
Hi,

that'll be hard for debugging :)

bye
Thorsten

Re: IIS / PHP 5.4 / LDAP / SSO Problem

Posted: Thu Jul 11, 2013 3:01 pm
by funsurfer
Okay, then please tell me wich are the recommends for SSO or what is checked.
Wich files are in use?

Brgds

Re: IIS / PHP 5.4 / LDAP / SSO Problem

Posted: Thu Jul 11, 2013 7:05 pm
by Thorsten
Hi,

it's in

inc/PMF/Auth.php
inc/PMF/Auth/Ldap.php
inc/PMF/Auth/Sso.php
inc/PMF/User.php
inc/PMF/User/CurrentUser.php
index.php

bye
Thorsten

Re: IIS / PHP 5.4 / LDAP / SSO Problem

Posted: Wed Aug 21, 2013 9:39 am
by faqn00b
I can confirm i'm having the same problem with IIS / LDAP and SSO.

I'm able to login to AD but once i enable SSO in the phpmyfaq config page it does not let me login.

Re: IIS / PHP 5.4 / LDAP / SSO Problem

Posted: Wed Aug 21, 2013 9:44 am
by Thorsten
Hi,

is there a possibilty to debug it on your machine?

bye
Thorsten

Re: IIS / PHP 5.4 / LDAP / SSO Problem

Posted: Wed Aug 21, 2013 11:03 pm
by faqn00b
Yeah no problem.

I turned debug to true in the bootstrap.php but i didn't see any extra messages when I refresh the page, i can see the debug messages after i enable SSO in the admin section.

I can see the service account hitting Active Directory but the web interface just states wrong user name and password, if i enter a username and password in it doesn't work either.

I have to manually change the SSO option back to disable in the database.

Let me know how i can help.

Thank you.