Another ldap login failure

All about webserver configurations, PHP and databases.

Moderator: Thorsten

Post Reply
offthedeepnd
Posts: 3
Joined: Tue Nov 26, 2013 6:54 pm

Another ldap login failure

Post by offthedeepnd » Tue Nov 26, 2013 9:23 pm

Hi All,

I have gone through the list and looked at the various posts about LDAP issues but have not been able to get AD logins working. I'm running phpmyfaq 2.8.3 on php 5.3.27.

When I try to log in I get the usual "Wrong login name or password."

I have verified ldap connectivity to the AD server from the command line using ldapsearch.

Below are my configs:
ldap.php:

<?php
// Main LDAP server
$PMF_LDAP['ldap_server'] = '10.0.1.2';
$PMF_LDAP['ldap_port'] = 389;
$PMF_LDAP['ldap_user'] = 'Administrator';
$PMF_LDAP['ldap_password'] = 'password';
$PMF_LDAP['ldap_base'] = 'ou=company,dc=company,dc=com';

cat constants_ldap.php | grep -v ^'/' | sed '/^$/d'
<?php

$PMF_LDAP['ldap_mapping'] = array (
'name' => 'cn',
'username' => 'sAMAccountName',
'mail' => 'mail'
);
$PMF_LDAP['ldap_use_domain_prefix'] = false;
$PMF_LDAP["ldap_options"] = array (
LDAP_OPT_PROTOCOL_VERSION => 3,
LDAP_OPT_REFERRALS => 0
);
$PMF_LDAP['ldap_use_memberOf'] = true;
$PMF_LDAP['ldap_mapping']['memberOf'] = '';
$PMF_LDAP['ldap_use_sasl'] = false;
$PMF_LDAP['ldap_use_multiple_servers'] = false;
$PMF_LDAP['ldap_use_anonymous_login'] = false;


I noticed in quite a few of the replies it was suggested to enable DEBUG in the inc/Init.php file. I don't have that file in that location. I do have inc/PMF/Init.php but I don't see how to enable DEBUG in it, there is no mention of debug in the file. Can someone tell me to activate this DEBUG mode?

Thanks in advance,

Aaron

offthedeepnd
Posts: 3
Joined: Tue Nov 26, 2013 6:54 pm

Re: Another ldap login failure

Post by offthedeepnd » Wed Nov 27, 2013 7:34 pm

So I found turned on debugging in the inc/Bootstap.ini and now when trying to login I get the following errors.

phpMyFAQ warning [2]: ldap_bind() [function.ldap-bind]: Unable to bind to server: Invalid credentials in /var/www/phpmyfaq/inc/PMF/Ldap.php on line 137

phpMyFAQ warning [2]: ldap_search(): supplied argument is not a valid ldap link resource in /var/www/phpmyfaq/inc/PMF/Ldap.php on line 236

phpMyFAQ warning [2]: ldap_errno() expects parameter 1 to be resource, boolean given in /var/www/phpmyfaq/inc/PMF/Ldap.php on line 239

phpMyFAQ warning [2]: ldap_error() expects parameter 1 to be resource, boolean given in /var/www/phpmyfaq/inc/PMF/Ldap.php on line 243

phpMyFAQ warning [2]: ldap_first_entry() expects parameter 1 to be resource, boolean given in /var/www/phpmyfaq/inc/PMF/Ldap.php on line 247

phpMyFAQ warning [2]: ldap_errno() expects parameter 1 to be resource, boolean given in /var/www/phpmyfaq/inc/PMF/Ldap.php on line 250

phpMyFAQ warning [2]: ldap_error() expects parameter 1 to be resource, boolean given in /var/www/phpmyfaq/inc/PMF/Ldap.php on line 253

phpMyFAQ warning [2]: ldap_get_values() expects parameter 1 to be resource, boolean given in /var/www/phpmyfaq/inc/PMF/Ldap.php on line 257

I have verified that the credentials i'm using are correct from the command line, in the following command, and even tried my own AD login as the bind user.
ldapsearch -LLL -h 10.0.1.2 -x -v -D "cn=Administrator,cn=Users,dc=company,dc=com" -b "ou=CompanyStaff,ou=Company,dc=company,dc=com" -W

I can't tell how the system forms the binddn, as you can see from my ldapsearch command, the binddn is different than the base.

Any thoughts?

Thorsten
Posts: 14811
Joined: Tue Sep 25, 2001 11:14 am
Location: #phpmyfaq
Contact:

Re: Another ldap login failure

Post by Thorsten » Thu Nov 28, 2013 7:43 pm

Hi,

I checked the code and this warning
offthedeepnd wrote:phpMyFAQ warning [2]: ldap_bind() [function.ldap-bind]: Unable to bind to server: Invalid credentials in /var/www/phpmyfaq/inc/PMF/Ldap.php on line 137
occurs if the LDAP bind does not work with the user credentials added in config/ldap.php. The connect to LDAP server is working, though.

bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist

offthedeepnd
Posts: 3
Joined: Tue Nov 26, 2013 6:54 pm

Re: Another ldap login failure

Post by offthedeepnd » Wed Dec 04, 2013 9:23 pm

Hi Thorsten,

I have verified and re-verified the credentials. I am also using 2 other php web applications that use ldap/AD authentication and both are using the Administrator user to bind to the Active directory.

I did however change the ldap_user parameter from "Administrator" to "Administrator@company.com". The "unable to bind" error has gone away now but I now get a different error when trying to log in, as seen below:

phpMyFAQ warning [2]: ldap_get_values() expects parameter 2 to be resource, boolean given in /var/www/phpmyfaq/inc/PMF/Ldap.php on line 257

I'm using my AD login that I use on a daily basis so I know the username and password are correct.

I tried logging in with apmartinez@netnumber.com as well which also didn't work.

Any ideas?

Thanks in advance.

Aaron

Post Reply