IIS / PHP 5.4 / LDAP / SSO Problem
Moderator: Thorsten
IIS / PHP 5.4 / LDAP / SSO Problem
Hy Guys,
I had a Setup with Server 2008 R2 / IIS / MSSQL & PHPMyfaq 2.8 and the LDAP connect is working correctly.
But if i activate SSO it will not work.
I'll see the auth on the DC, and all will work correct, but the PHPMyFAQ say that the login is incorrect:
Following error in AdminLog:
Es ist eine ungültige Loginkombination versucht worden.\nLogin: DOMAIN\xxxx\nErrors: No authentication method specified. , Specified password is not correct.
Can anyone Help me?
Thnaks
Brgds
I had a Setup with Server 2008 R2 / IIS / MSSQL & PHPMyfaq 2.8 and the LDAP connect is working correctly.
But if i activate SSO it will not work.
I'll see the auth on the DC, and all will work correct, but the PHPMyFAQ say that the login is incorrect:
Following error in AdminLog:
Es ist eine ungültige Loginkombination versucht worden.\nLogin: DOMAIN\xxxx\nErrors: No authentication method specified. , Specified password is not correct.
Can anyone Help me?
Thnaks
Brgds
Re: IIS / PHP 5.4 / LDAP / SSO Problem
Hi,
do you use the login or account name?
bye
Thorsten
do you use the login or account name?
bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
amazon.de Wishlist
Re: IIS / PHP 5.4 / LDAP / SSO Problem
In LDAP it is the samAccountName
Re: IIS / PHP 5.4 / LDAP / SSO Problem
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
amazon.de Wishlist
Re: IIS / PHP 5.4 / LDAP / SSO Problem
Hm.... Not really the right.
Ill explain it a litte bit more:
Real Active Directory:
samAccountName: 9999
UPN: t.user@domain.com
Mail: t.user@domain.com
CN: Test User
if i activate LDAP and login to phpMyFAQ this userentry is created:
ID: 2
STATUS: ACTIVE
Your NAME: Test User
Username: 9999
EMAIL: t.user@domain.com
The LDAP login is working fine.
the file constants_ldap:
Now, that ill be sure that the LDAP is working i want to activate SSO
(Browser NTLM auth in Firefox is working)
But if i turn the feature on, the FAQ comes up with the login Promt and won't log in correctly.
But i see the login on the domeincontroller correctly and in the same way.
Brgds
Ill explain it a litte bit more:
Real Active Directory:
samAccountName: 9999
UPN: t.user@domain.com
Mail: t.user@domain.com
CN: Test User
if i activate LDAP and login to phpMyFAQ this userentry is created:
ID: 2
STATUS: ACTIVE
Your NAME: Test User
Username: 9999
EMAIL: t.user@domain.com
The LDAP login is working fine.
the file constants_ldap:
Code: Select all
// Datamapping - in this example for an ADS
$PMF_LDAP['ldap_mapping'] = array (
'name' => 'cn',
'username' => 'samAccountName',
'mail' => 'mail'
);
// In a multi-domain environment, users may enter a prefix as domain, e.g. "DOMAIN\username"
// If possible, you should use the Microsoft Global Catalog as LDAP-Server, which comes
// with every ADS-Installation.
$PMF_LDAP['ldap_use_domain_prefix'] = false;
(Browser NTLM auth in Firefox is working)
But if i turn the feature on, the FAQ comes up with the login Promt and won't log in correctly.
But i see the login on the domeincontroller correctly and in the same way.
Brgds
Re: IIS / PHP 5.4 / LDAP / SSO Problem
Hi,
okay, LDAP works, SSO not? I never tested LDAP and SSO, normally the login should work with each of both.
I'll check it
bye
Thorsten
okay, LDAP works, SSO not? I never tested LDAP and SSO, normally the login should work with each of both.
I'll check it
bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
amazon.de Wishlist
Re: IIS / PHP 5.4 / LDAP / SSO Problem
Hi,
Any news?
Brgds
Any news?
Brgds
Re: IIS / PHP 5.4 / LDAP / SSO Problem
Hi,
I cannot reproduce this because I don't have a LDAP and SSO powered environment for testing and debugging... I checked the code and it should work...
bye
Thorsten
I cannot reproduce this because I don't have a LDAP and SSO powered environment for testing and debugging... I checked the code and it should work...
bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
amazon.de Wishlist
Re: IIS / PHP 5.4 / LDAP / SSO Problem
Okay... it should, but it dont work
If you want we can make a teamviewer session.
Brgds
If you want we can make a teamviewer session.
Brgds
Re: IIS / PHP 5.4 / LDAP / SSO Problem
Hi,
that'll be hard for debugging
bye
Thorsten
that'll be hard for debugging
bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
amazon.de Wishlist
Re: IIS / PHP 5.4 / LDAP / SSO Problem
Okay, then please tell me wich are the recommends for SSO or what is checked.
Wich files are in use?
Brgds
Wich files are in use?
Brgds
Re: IIS / PHP 5.4 / LDAP / SSO Problem
Hi,
it's in
inc/PMF/Auth.php
inc/PMF/Auth/Ldap.php
inc/PMF/Auth/Sso.php
inc/PMF/User.php
inc/PMF/User/CurrentUser.php
index.php
bye
Thorsten
it's in
inc/PMF/Auth.php
inc/PMF/Auth/Ldap.php
inc/PMF/Auth/Sso.php
inc/PMF/User.php
inc/PMF/User/CurrentUser.php
index.php
bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
amazon.de Wishlist
Re: IIS / PHP 5.4 / LDAP / SSO Problem
I can confirm i'm having the same problem with IIS / LDAP and SSO.
I'm able to login to AD but once i enable SSO in the phpmyfaq config page it does not let me login.
I'm able to login to AD but once i enable SSO in the phpmyfaq config page it does not let me login.
Re: IIS / PHP 5.4 / LDAP / SSO Problem
Hi,
is there a possibilty to debug it on your machine?
bye
Thorsten
is there a possibilty to debug it on your machine?
bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
amazon.de Wishlist
Re: IIS / PHP 5.4 / LDAP / SSO Problem
Yeah no problem.
I turned debug to true in the bootstrap.php but i didn't see any extra messages when I refresh the page, i can see the debug messages after i enable SSO in the admin section.
I can see the service account hitting Active Directory but the web interface just states wrong user name and password, if i enter a username and password in it doesn't work either.
I have to manually change the SSO option back to disable in the database.
Let me know how i can help.
Thank you.
I turned debug to true in the bootstrap.php but i didn't see any extra messages when I refresh the page, i can see the debug messages after i enable SSO in the admin section.
I can see the service account hitting Active Directory but the web interface just states wrong user name and password, if i enter a username and password in it doesn't work either.
I have to manually change the SSO option back to disable in the database.
Let me know how i can help.
Thank you.