LDAP Fails To Work
Moderator: Thorsten
LDAP Fails To Work
Active Directory via Windows Server 2012 using phpMyFAQ 2.8.0-alpha2
I already know LDAP works via PHP using a test script (I'll include it at the bottom). I turned on LDAP and created ldap.php:
<?php
// Main LDAP server
$PMF_LDAP['ldap_server'] = '10.10.10.204';
$PMF_LDAP['ldap_port'] = 389;
$PMF_LDAP['ldap_user'] = 'jemlay';
$PMF_LDAP['ldap_password'] = '********';
$PMF_LDAP['ldap_base'] = '??????'; <- what is this?
I don't understand why a username and password are needed. Shouldn't that be provided when the user logs in?
Now, when I attempt to login I get he following error no matter what I specify in the ldap_base (I tried "OU=Admin Users & Computers,DC=domain,DC=com"):
Fatal error: Call to a member function getLdapConfig() on a non-object in G:\KB\inc\Auth\Ldap.php on line 72
Here's my test script:
<?php
$ds = ldap_connect( 'ldap://10.10.10.204/' );
// try anonymous login to test connection
$anon = @ldap_bind( $ds );
if ( !$anon ) {
print("Failed");
}
else {
print("It Worked!");
}
// now try a real login
$login = @ldap_bind( $ds, 'jemlay@domain.com', '********' );
print("<br><br>");
if ( !$login ) {
print("Auth Failed");
}
else {
print("Auth Worked!");
}
?>
I already know LDAP works via PHP using a test script (I'll include it at the bottom). I turned on LDAP and created ldap.php:
<?php
// Main LDAP server
$PMF_LDAP['ldap_server'] = '10.10.10.204';
$PMF_LDAP['ldap_port'] = 389;
$PMF_LDAP['ldap_user'] = 'jemlay';
$PMF_LDAP['ldap_password'] = '********';
$PMF_LDAP['ldap_base'] = '??????'; <- what is this?
I don't understand why a username and password are needed. Shouldn't that be provided when the user logs in?
Now, when I attempt to login I get he following error no matter what I specify in the ldap_base (I tried "OU=Admin Users & Computers,DC=domain,DC=com"):
Fatal error: Call to a member function getLdapConfig() on a non-object in G:\KB\inc\Auth\Ldap.php on line 72
Here's my test script:
<?php
$ds = ldap_connect( 'ldap://10.10.10.204/' );
// try anonymous login to test connection
$anon = @ldap_bind( $ds );
if ( !$anon ) {
print("Failed");
}
else {
print("It Worked!");
}
// now try a real login
$login = @ldap_bind( $ds, 'jemlay@domain.com', '********' );
print("<br><br>");
if ( !$login ) {
print("Auth Failed");
}
else {
print("Auth Worked!");
}
?>
-
- Posts: 7
- Joined: Wed Oct 17, 2012 5:58 pm
Re: LDAP Fails To Work
I am having the same problem, I've configured it as per the below:
$PMF_LDAP['ldap_server'] = 'x.x.x.x';
$PMF_LDAP['ldap_port'] = 389;
$PMF_LDAP['ldap_user'] = 'domain\user';
$PMF_LDAP['ldap_password'] = 'password';
$PMF_LDAP['ldap_base'] = 'OU=test,DC=domain,DC=ca';
Any ideas as to what I'm doing wrong??
$PMF_LDAP['ldap_server'] = 'x.x.x.x';
$PMF_LDAP['ldap_port'] = 389;
$PMF_LDAP['ldap_user'] = 'domain\user';
$PMF_LDAP['ldap_password'] = 'password';
$PMF_LDAP['ldap_base'] = 'OU=test,DC=domain,DC=ca';
Any ideas as to what I'm doing wrong??
Re: LDAP Fails To Work
I tried:
domain\user
user
user@domain.com
I've tried turning on/off the domain required variable in constants_ldap.php.
Nothing I've tried works.
Did you try my test script to make sure LDAP in PHP is working?
domain\user
user
user@domain.com
I've tried turning on/off the domain required variable in constants_ldap.php.
Nothing I've tried works.
Did you try my test script to make sure LDAP in PHP is working?
Re: LDAP Fails To Work
Hi,
looks like an programming issue in the alpha2, I'll check it.
bye
Thorsten
looks like an programming issue in the alpha2, I'll check it.
bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
amazon.de Wishlist
Re: LDAP Fails To Work
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
amazon.de Wishlist
-
- Posts: 7
- Joined: Wed Oct 17, 2012 5:58 pm
Re: LDAP Fails To Work
Perfect, thanks Thorsten!
Re: LDAP Fails To Work
Thanks very much Thorsen.
Now, users from the OU "Users" can log in. However, I'm noticing a problem. Those are the ONLY users that can login. We have users in other OUs on the same root as Users and none of them can login. It says, "Wrong login name or password.".
Even if I specify those OUs in the ldap_base it still ignores them.
<?php
// Main LDAP server
$PMF_LDAP['ldap_server'] = '10.10.10.204';
$PMF_LDAP['ldap_port'] = 389;
$PMF_LDAP['ldap_user'] = 'DOMAIN\username';
$PMF_LDAP['ldap_password'] = 'password';
$PMF_LDAP['ldap_base'] = 'OU=Admin Users & Computers,DC=domain,DC=com';
If I only specify "$PMF_LDAP['ldap_base'] = 'DC=domain,DC=com';" ....shouldn't that be the entire domain? That works but only users in the USER OU are accepted.
Any ideas? Thanks again!
Now, users from the OU "Users" can log in. However, I'm noticing a problem. Those are the ONLY users that can login. We have users in other OUs on the same root as Users and none of them can login. It says, "Wrong login name or password.".
Even if I specify those OUs in the ldap_base it still ignores them.
<?php
// Main LDAP server
$PMF_LDAP['ldap_server'] = '10.10.10.204';
$PMF_LDAP['ldap_port'] = 389;
$PMF_LDAP['ldap_user'] = 'DOMAIN\username';
$PMF_LDAP['ldap_password'] = 'password';
$PMF_LDAP['ldap_base'] = 'OU=Admin Users & Computers,DC=domain,DC=com';
If I only specify "$PMF_LDAP['ldap_base'] = 'DC=domain,DC=com';" ....shouldn't that be the entire domain? That works but only users in the USER OU are accepted.
Any ideas? Thanks again!
Re: LDAP Fails To Work
Hi,
is this DN base working with other systems?
bye
Thorsten
is this DN base working with other systems?
bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
amazon.de Wishlist
Re: LDAP Fails To Work
Yes, using the test script I posted above I can login via PHP using LDAP with any user in my domain.
Re: LDAP Fails To Work
So it all comes down to this. In order for any user to login the "displayName" much match the "sAMAccountName".
cn = thisis atest
name = thisis atest
givenName = thisis
sn = atest
userPrincipalName = hello5555@domain.com
displayName = hello1234
sAMAccountName = hello4321
That user can NOT log in. If you change the displayName to hello4321, then the user can login.
However, that's problematic because Windows auto creates the displayName to be a concatenation of the first and last names so the displayName will never match the login name unless I manually change every single user.
What I can't figure out is why does the PHP code even care about the displayName? I don't see it being used anywhere. You use "cn" to display the users name. ldap_bind certainly doesn't use it.
Thanks again for the chat Thorsten, I appreciate it!
cn = thisis atest
name = thisis atest
givenName = thisis
sn = atest
userPrincipalName = hello5555@domain.com
displayName = hello1234
sAMAccountName = hello4321
That user can NOT log in. If you change the displayName to hello4321, then the user can login.
However, that's problematic because Windows auto creates the displayName to be a concatenation of the first and last names so the displayName will never match the login name unless I manually change every single user.
What I can't figure out is why does the PHP code even care about the displayName? I don't see it being used anywhere. You use "cn" to display the users name. ldap_bind certainly doesn't use it.
Thanks again for the chat Thorsten, I appreciate it!
Re: LDAP Fails To Work
Hi,
I'll try to fix the issue with the whitespaces in Windows usernames, should be fixable. Thanks for your help!
bye
Thorsten
I'll try to fix the issue with the whitespaces in Windows usernames, should be fixable. Thanks for your help!
bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
amazon.de Wishlist
Re: LDAP Fails To Work
Are you sure it's a white space issue? This user can't login:
displayName = hello1234
sAMAccountName = hello4321
There's no space. Those two fields must match each other. If I change either field to match then it works.
displayName = hello1234
sAMAccountName = hello4321
There's no space. Those two fields must match each other. If I change either field to match then it works.
Re: LDAP Fails To Work
Hi,
phpMyFAQ checks only the "samAccountName" by default, this is what you can change in config/constants_ldap.php
bye
Thorsten
phpMyFAQ checks only the "samAccountName" by default, this is what you can change in config/constants_ldap.php
bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
amazon.de Wishlist
Re: LDAP Fails To Work
It has to be checking the displayName somewhere.
can not login:
displayName = hello1234
sAMAccountName = hello4321
can login:
displayName = hello4321
sAMAccountName = hello4321
can not login:
displayName = Justin Emlay
sAMAccountName = jemlay
can login:
displayName = jemlay
sAMAccountName = jemlay
Yes, the sAMAccountName must be used to perform the login however it only works if the those two fields equal each other. Where else would this check be coming from?
One of my buddies agreed to install your faq within his own domain. He's still on on 2008 R2 and he found the same problem. None of his users can login unless the displayName matches the sAMAccountName.
can not login:
displayName = hello1234
sAMAccountName = hello4321
can login:
displayName = hello4321
sAMAccountName = hello4321
can not login:
displayName = Justin Emlay
sAMAccountName = jemlay
can login:
displayName = jemlay
sAMAccountName = jemlay
Yes, the sAMAccountName must be used to perform the login however it only works if the those two fields equal each other. Where else would this check be coming from?
One of my buddies agreed to install your faq within his own domain. He's still on on 2008 R2 and he found the same problem. None of his users can login unless the displayName matches the sAMAccountName.
Re: LDAP Fails To Work
Hi,
thanks for checking this out, I'll work on it!
Cheers
Thorsten
thanks for checking this out, I'll work on it!
Cheers
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
amazon.de Wishlist