phpMyFAQ

Hi All,

I have gone through the list and looked at the various posts about LDAP issues but have not been able to get AD logins working. I'm running phpmyfaq 2.8.3 on php 5.3.27.

When I try to log in I get the usual "Wrong login name or password."

I have verified ldap connectivity to the AD server from the command line using ldapsearch.

Below are my configs:
ldap.php:

<?php
// Main LDAP server
$PMF_LDAP['ldap_server'] = '10.0.1.2';
$PMF_LDAP['ldap_port'] = 389;
$PMF_LDAP['ldap_user'] = 'Administrator';
$PMF_LDAP['ldap_password'] = 'password';
$PMF_LDAP['ldap_base'] = 'ou=company,dc=company,dc=com';

cat constants_ldap.php | grep -v ^'/' | sed '/^$/d'
<?php

$PMF_LDAP['ldap_mapping'] = array (
'name' => 'cn',
'username' => 'sAMAccountName',
'mail' => 'mail'
);
$PMF_LDAP['ldap_use_domain_prefix'] = false;
$PMF_LDAP["ldap_options"] = array (
LDAP_OPT_PROTOCOL_VERSION => 3,
LDAP_OPT_REFERRALS => 0
);
$PMF_LDAP['ldap_use_memberOf'] = true;
$PMF_LDAP['ldap_mapping']['memberOf'] = '';
$PMF_LDAP['ldap_use_sasl'] = false;
$PMF_LDAP['ldap_use_multiple_servers'] = false;
$PMF_LDAP['ldap_use_anonymous_login'] = false;


I noticed in quite a few of the replies it was suggested to enable DEBUG in the inc/Init.php file. I don't have that file in that location. I do have inc/PMF/Init.php but I don't see how to enable DEBUG in it, there is no mention of debug in the file. Can someone tell me to activate this DEBUG mode?

Thanks in advance,

Aaron

So I found turned on debugging in the inc/Bootstap.ini and now when trying to login I get the following errors.

phpMyFAQ warning [2]: ldap_bind() [function.ldap-bind]: Unable to bind to server: Invalid credentials in /var/www/phpmyfaq/inc/PMF/Ldap.php on line 137

phpMyFAQ warning [2]: ldap_search(): supplied argument is not a valid ldap link resource in /var/www/phpmyfaq/inc/PMF/Ldap.php on line 236

phpMyFAQ warning [2]: ldap_errno() expects parameter 1 to be resource, boolean given in /var/www/phpmyfaq/inc/PMF/Ldap.php on line 239

phpMyFAQ warning [2]: ldap_error() expects parameter 1 to be resource, boolean given in /var/www/phpmyfaq/inc/PMF/Ldap.php on line 243

phpMyFAQ warning [2]: ldap_first_entry() expects parameter 1 to be resource, boolean given in /var/www/phpmyfaq/inc/PMF/Ldap.php on line 247

phpMyFAQ warning [2]: ldap_errno() expects parameter 1 to be resource, boolean given in /var/www/phpmyfaq/inc/PMF/Ldap.php on line 250

phpMyFAQ warning [2]: ldap_error() expects parameter 1 to be resource, boolean given in /var/www/phpmyfaq/inc/PMF/Ldap.php on line 253

phpMyFAQ warning [2]: ldap_get_values() expects parameter 1 to be resource, boolean given in /var/www/phpmyfaq/inc/PMF/Ldap.php on line 257

I have verified that the credentials i'm using are correct from the command line, in the following command, and even tried my own AD login as the bind user.
ldapsearch -LLL -h 10.0.1.2 -x -v -D "cn=Administrator,cn=Users,dc=company,dc=com" -b "ou=CompanyStaff,ou=Company,dc=company,dc=com" -W

I can't tell how the system forms the binddn, as you can see from my ldapsearch command, the binddn is different than the base.

Any thoughts?

Hi,

I checked the code and this warning

offthedeepnd wrote:phpMyFAQ warning [2]: ldap_bind() [function.ldap-bind]: Unable to bind to server: Invalid credentials in /var/www/phpmyfaq/inc/PMF/Ldap.php on line 137

occurs if the LDAP bind does not work with the user credentials added in config/ldap.php. The connect to LDAP server is working, though.

bye
Thorsten

Hi Thorsten,

I have verified and re-verified the credentials. I am also using 2 other php web applications that use ldap/AD authentication and both are using the Administrator user to bind to the Active directory.

I did however change the ldap_user parameter from "Administrator" to "Administrator@company.com". The "unable to bind" error has gone away now but I now get a different error when trying to log in, as seen below:

phpMyFAQ warning [2]: ldap_get_values() expects parameter 2 to be resource, boolean given in /var/www/phpmyfaq/inc/PMF/Ldap.php on line 257

I'm using my AD login that I use on a daily basis so I know the username and password are correct.

I tried logging in with apmartinez@netnumber.com as well which also didn't work.

Any ideas?

Thanks in advance.

Aaron