LDAP query failed
Moderator: Thorsten
LDAP query failed
Hi guys,
may I please ask for your help here: version 3.0.9; I have configured LDAP to an AD 2019 server.
I see on a running trace on that AD machine the binding request successful, then the search request when trying to authenticate on the FaQ but then the answer comes with 0 results. Message displayed is "Wrong login name or password."
I am trying also to auth on the FaQ with the service account - no joy.
Tried also with or without adding the user to a group (memberOf) again with no success.
I see in the trace the query is: "Filter: (&(samAccountName=php)(memberOf:1.2.840.113556.1.4.1941:=wiki))"
Bootstrap DEBUG is on I see no error upper screen.
What am I doing wrong?
Many thanks!
may I please ask for your help here: version 3.0.9; I have configured LDAP to an AD 2019 server.
I see on a running trace on that AD machine the binding request successful, then the search request when trying to authenticate on the FaQ but then the answer comes with 0 results. Message displayed is "Wrong login name or password."
I am trying also to auth on the FaQ with the service account - no joy.
Tried also with or without adding the user to a group (memberOf) again with no success.
I see in the trace the query is: "Filter: (&(samAccountName=php)(memberOf:1.2.840.113556.1.4.1941:=wiki))"
Bootstrap DEBUG is on I see no error upper screen.
What am I doing wrong?
Many thanks!
Re: LDAP query failed
Hi,
can you please post your LDAP configuration here?
bye
Thorsten
can you please post your LDAP configuration here?
bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
amazon.de Wishlist
Re: LDAP query failed
Hi,
here you go - some values below substituted
// Main LDAP server
$PMF_LDAP['ldap_server'] = 'srv-ip';
$PMF_LDAP['ldap_port'] = 389;
$PMF_LDAP['ldap_user'] = 'netbios\scheduling';
$PMF_LDAP['ldap_password'] = 'mypass';
$PMF_LDAP['ldap_base'] = 'dc=netbios,dc=local';
and
config_name config_value
ldap.ldapSupport true
ldap.ldap_dynamic_login_attribute uid
ldap.ldap_mapping.mail mail
ldap.ldap_mapping.memberOf wiki
ldap.ldap_mapping.name cn
ldap.ldap_mapping.username samAccountName
ldap.ldap_options.LDAP_OPT_PROTOCOL_VERSION 3
ldap.ldap_options.LDAP_OPT_REFERRALS 0
ldap.ldap_use_anonymous_login false
ldap.ldap_use_domain_prefix false
ldap.ldap_use_dynamic_login false
ldap.ldap_use_memberOf true
ldap.ldap_use_multiple_servers false
ldap.ldap_use_sasl false
Thanks!
here you go - some values below substituted
// Main LDAP server
$PMF_LDAP['ldap_server'] = 'srv-ip';
$PMF_LDAP['ldap_port'] = 389;
$PMF_LDAP['ldap_user'] = 'netbios\scheduling';
$PMF_LDAP['ldap_password'] = 'mypass';
$PMF_LDAP['ldap_base'] = 'dc=netbios,dc=local';
and
config_name config_value
ldap.ldapSupport true
ldap.ldap_dynamic_login_attribute uid
ldap.ldap_mapping.mail mail
ldap.ldap_mapping.memberOf wiki
ldap.ldap_mapping.name cn
ldap.ldap_mapping.username samAccountName
ldap.ldap_options.LDAP_OPT_PROTOCOL_VERSION 3
ldap.ldap_options.LDAP_OPT_REFERRALS 0
ldap.ldap_use_anonymous_login false
ldap.ldap_use_domain_prefix false
ldap.ldap_use_dynamic_login false
ldap.ldap_use_memberOf true
ldap.ldap_use_multiple_servers false
ldap.ldap_use_sasl false
Thanks!
Re: LDAP query failed
Hi,
please try to set ldap.ldap_use_dynamic_login to true.
bye
Thorsten
please try to set ldap.ldap_use_dynamic_login to true.
bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
amazon.de Wishlist
Re: LDAP query failed
hi
now I get
phpMyFAQ warning [2]: ldap_bind(): Unable to bind to server: Invalid credentials in /var/www/html/src/phpMyFAQ/Ldap.php on line 170
with the above value to false, binding was successful:
LDAP 91 bindRequest(1) "netbios_domain\scheduling" simple
and after the change:
LDAP 113 bindRequest(1) "uid=netbios_domain\scheduling,dc=netbios_domain,dc=local" simple
LDAP 164 bindResponse(1) invalidCredentials (80090308: LdapErr: DSID-0C090439, comment: AcceptSecurityContext error, data 52e, v4563)
thanks
now I get
phpMyFAQ warning [2]: ldap_bind(): Unable to bind to server: Invalid credentials in /var/www/html/src/phpMyFAQ/Ldap.php on line 170
with the above value to false, binding was successful:
LDAP 91 bindRequest(1) "netbios_domain\scheduling" simple
and after the change:
LDAP 113 bindRequest(1) "uid=netbios_domain\scheduling,dc=netbios_domain,dc=local" simple
LDAP 164 bindResponse(1) invalidCredentials (80090308: LdapErr: DSID-0C090439, comment: AcceptSecurityContext error, data 52e, v4563)
thanks
Re: LDAP query failed
Hi,
with the change above you now try to bind with the user credentials. Maybe your AD admin can help here.
bye
Thorsten
with the change above you now try to bind with the user credentials. Maybe your AD admin can help here.
bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
amazon.de Wishlist
Re: LDAP query failed
Hi
Thorsten, credentials were not changed. The binding was working when it was set to false, with true not anymore and that was the only change.
This is a lab environment and I am the admin of that AD domain.
With the proposed change the FAQ sends now something that a vanilla ADDS 2019 (one domain, single forest, users in the same OU, functional level for both is 2016) does not accept.
I guess I the question is, is it supposed to be working with Active Directory?
If the answer for the above is yes, can you please share a config that works with Windows Server AD?
Many thanks!
Thorsten, credentials were not changed. The binding was working when it was set to false, with true not anymore and that was the only change.
This is a lab environment and I am the admin of that AD domain.
With the proposed change the FAQ sends now something that a vanilla ADDS 2019 (one domain, single forest, users in the same OU, functional level for both is 2016) does not accept.
I guess I the question is, is it supposed to be working with Active Directory?
If the answer for the above is yes, can you please share a config that works with Windows Server AD?
Many thanks!
Re: LDAP query failed
Hi,
the problem could the LDAP query: is there a way this can be customised?
thank you
the problem could the LDAP query: is there a way this can be customised?
thank you
Re: LDAP query failed
Hi,
the queries are in this class: https://github.com/thorsten/phpMyFAQ/bl ... Q/Ldap.php
Thanks in advance!
bye
Thorsten
the queries are in this class: https://github.com/thorsten/phpMyFAQ/bl ... Q/Ldap.php
Thanks in advance!
bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
amazon.de Wishlist
Re: LDAP query failed
Hello,
First i want to say that i really love phpmyfaq, thank you for the hard work.
Sadly i do have the same problems like dorian with the binding to my AD via LDAP.
ldap.php seems to be correct, as when i set the password intnetionally wrong i get a error. With the right password there is no error, but users are still not able to login (Invalid user/Password). I am using version 3.1.2
I also have some basic understandig problems: What login-format is meant to be used for the users?
UPN (user@intra.company.com), Email-Address, Netbios-Name (cn) or Netbios Name with Domain (user\domain)?
I also dont understand if a user in phpmyfaq must be created prior he is able to make a LDAP login? If so, with what username?
If not, will the user be created if he successfully can log in? If not, how can i add him to a group?
Sorry for this many questions, but i could not find the information online.
Thank you for your support,
-Olly
First i want to say that i really love phpmyfaq, thank you for the hard work.
Sadly i do have the same problems like dorian with the binding to my AD via LDAP.
ldap.php seems to be correct, as when i set the password intnetionally wrong i get a error. With the right password there is no error, but users are still not able to login (Invalid user/Password). I am using version 3.1.2
I also have some basic understandig problems: What login-format is meant to be used for the users?
UPN (user@intra.company.com), Email-Address, Netbios-Name (cn) or Netbios Name with Domain (user\domain)?
I also dont understand if a user in phpmyfaq must be created prior he is able to make a LDAP login? If so, with what username?
If not, will the user be created if he successfully can log in? If not, how can i add him to a group?
Sorry for this many questions, but i could not find the information online.
Thank you for your support,
-Olly
Re: LDAP query failed
Hi,
looks like we're having a LDAP issue in v3.1, see this thread as well: viewtopic.php?p=81384#p81384
Can you try to turn on the debug mode?
bye
Thorsten
looks like we're having a LDAP issue in v3.1, see this thread as well: viewtopic.php?p=81384#p81384
Can you try to turn on the debug mode?
bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
amazon.de Wishlist
Re: LDAP query failed
Thank you for your quick reply.
Debug is on, but i cant see any related errors. Just a lot of select statements.
What should i looking for?
Debug is on, but i cant see any related errors. Just a lot of select statements.
What should i looking for?
Re: LDAP query failed
Hi,
well, looks like there's an error in this class: https://github.com/thorsten/phpMyFAQ/bl ... Q/Ldap.php
bye
Thorsten
well, looks like there's an error in this class: https://github.com/thorsten/phpMyFAQ/bl ... Q/Ldap.php
bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
amazon.de Wishlist
Re: LDAP query failed
Hi,
I fixed the LDAP / AD issue.
Please use this code for the LDAP class: https://github.com/thorsten/phpMyFAQ/bl ... Q/Ldap.php
My config/ldap.php file looks like:
My LDAP-Configuration:
I used this Docker container for testing: https://github.com/dwimberger/ldap-ad-it
bye
Thorsten
I fixed the LDAP / AD issue.
Please use this code for the LDAP class: https://github.com/thorsten/phpMyFAQ/bl ... Q/Ldap.php
My config/ldap.php file looks like:
Code: Select all
$PMF_LDAP['ldap_server'] = 'ldap://192.168.2.163';
$PMF_LDAP['ldap_port'] = 10389;
$PMF_LDAP['ldap_user'] = 'uid=admin,ou=system';
$PMF_LDAP['ldap_password'] = 'secret';
$PMF_LDAP['ldap_base'] = 'ou=users,dc=wimpi,dc=net';
Code: Select all
ldap.ldapSupport
true
ldap.ldap_dynamic_login_attribute uid
ldap.ldap_mapping.mail
mail
ldap.ldap_mapping.memberOf
ldap.ldap_mapping.name
cn
ldap.ldap_mapping.username
samAccountName
ldap.ldap_options.LDAP_OPT_PROTOCOL_VERSION
3
ldap.ldap_options.LDAP_OPT_REFERRALS
0
ldap.ldap_use_anonymous_login
false
ldap.ldap_use_domain_prefix
false
ldap.ldap_use_dynamic_login
false
ldap.ldap_use_memberOf
false
ldap.ldap_use_multiple_servers
false
ldap.ldap_use_sasl
false
bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
amazon.de Wishlist
Re: LDAP query failed
Sorry no luck for me.
Same behaviour as before: The connection to the LDAP (AD) is successful, but he can not validate any correct credentials (Invalid User / Password).
Debug is on, but no error message.
-Olly
Same behaviour as before: The connection to the LDAP (AD) is successful, but he can not validate any correct credentials (Invalid User / Password).
Debug is on, but no error message.
-Olly