Yet another LDAP question:

In this board you can talk about general questions about phpMyFAQ

Moderator: Thorsten

Post Reply
RecoveryOne
Posts: 3
Joined: Tue Jan 07, 2020 7:04 pm

Yet another LDAP question:

Post by RecoveryOne »

Greetings everyone.
Was wondering if someone would be willing to share the how to to get LDAP users working. What steps are required, etc.
From system information:

Code: Select all

phpMyFAQ Version	2.9.13
phpMyFAQ API Version	1.1
Server Software	Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40 mod_wsgi/3.4 Python/2.7.5
Server Document Root	/var/www/html
phpMyFAQ Installation Path	/var/www/html/faq
PHP Version	5.6.40
Webserver Interface	APACHE2HANDLER
PHP Extensions	Core, date, ereg, libxml, openssl, pcre, zlib, filter, hash, Reflection, SPL, session, standard, apache2handler, apcu, bcmath, bz2, calendar, ctype, curl, dom, mbstring, fileinfo, ftp, gd, gettext, gmp, iconv, imap, intl, json, ldap, exif, mcrypt, mysql, mysqli, PDO, pdo_mysql, pdo_pgsql, pdo_sqlite, pgsql, Phar, posix, shmop, SimpleXML, snmp, soap, sockets, sqlite3, sysvmsg, sysvsem, sysvshm, tokenizer, xml, wddx, xmlreader, xmlrpc, xmlwriter, xsl, zip, mhash, apc
PHP Session path	/var/lib/php/session
Database Server	mysqli
Database Server Version	5.5.64-MariaDB
Database Client Version	5.5.64-MariaDB
Elasticsearch	n/a
I've searched the board here and I've installed phpMyFAQ with LDAP support from the initial setup page.
I've enable the LDAP Support in Configuration > Edit Configuration > Security.
I've verified that the ldap account configured is hitting the domain controller from the host running phpMyFAQ. I see the ldapfaq account logging in and off.
SELinux is in play, but for the time being currently disabled for testing.

I've not changed constants_ldap.php as various threads here mentioned that generally isn't necessary.
ldap.php was built with the following information from the setup page:

Code: Select all

$PMF_LDAP['ldap_server'] = 'ldap-ad.company.pri';
$PMF_LDAP['ldap_port'] = '389';
$PMF_LDAP['ldap_user'] = 'COMPANY\ldapfaq';
$PMF_LDAP['ldap_password'] = '<passwordgoeshere>';
$PMF_LDAP['ldap_base'] = 'CN=IS,OU=FS,OU=Groups,DC=COMPANY,DC=PRI';
So how are ldap users created/registered?
Any help would be greatly appreciated!

Thanks,
RO
Thorsten
Posts: 15560
Joined: Tue Sep 25, 2001 11:14 am
Location: #phpmyfaq
Contact:

Re: Yet another LDAP question:

Post by Thorsten »

Hi,

you cannot register LDAP users. LDAP users have to be registered through our LDAP server / Active Directory. If they're in LDAP, they can login into phpMyFAQ.

bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
RecoveryOne
Posts: 3
Joined: Tue Jan 07, 2020 7:04 pm

Re: Yet another LDAP question:

Post by RecoveryOne »

Thorsten,
Thank you for the reply.

When I am using an AD account that is part of the ldap_base, no luck. The error:

Code: Select all

Wrong login name or password.
(Specified login could not be found. Specified login could not be found. )
When I look at the AD logs, I'm not even seeing my AD account come in, just the bind account logging on and logging off successfully.
The ldap_bind I posted is working for another site that is using Apaches mod_ldap.
I even swapped the account my other site is using to the faq sites bind account/pass, no luck.
The ldap_base is the same for both sites.
(We like to have individual bind accounts to know where the request is coming in from)
For further testing, I modified the ldap_base to just DC=COMPANY,DC=PRI and tried again, still no luck.

Is there a way to use the apache mod_ldap and bypass the ldap.php?

Thank you again and take care,
RO
Thorsten
Posts: 15560
Joined: Tue Sep 25, 2001 11:14 am
Location: #phpmyfaq
Contact:

Re: Yet another LDAP question:

Post by Thorsten »

Hi,

do you use “username” or “COMPANY\username” to login?

bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
RecoveryOne
Posts: 3
Joined: Tue Jan 07, 2020 7:04 pm

Re: Yet another LDAP question:

Post by RecoveryOne »

Using COMPANY\name for login due to the

Code: Select all

$PMF_LDAP['ldap_use_domain_prefix'] = true;
setting in constants_ldap.php. Trying not to edit files unnecessarily, in order to isolate the issue.

I seen in another post here that 3.0 doesn't have the one login failure before preventing login retry, so may look at installing that branch.
I haven't had much time to investigate further today, but hope to get some time tomorrow.

Thank you again,
RO
Thorsten
Posts: 15560
Joined: Tue Sep 25, 2001 11:14 am
Location: #phpmyfaq
Contact:

Re: Yet another LDAP question:

Post by Thorsten »

Hi,

thank you very much!

bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
Post Reply