Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Can't Authenticate Users Against LDAP
23-Sep-2013, 08:28 PM
Post: #1
Can't Authenticate Users Against LDAP
Hello,

I'm testing Precurio on my ClearOS 5.2 Enterprise server. It's based on Centos 5 with Samba 3 as the domain controller. I've keenly browsed through all the threads on here that mentions LDAP, and none of the solutions that seems to have worked for others are working for me.

Specifically, I followed one of the threads and replaced the LdapAuth.php file. With both the original and replacement file, the login page is returning the following error: "Invalid Password".

I've read some of the threads that talk about making changes to the adLDAP.php file, but all the links are broken so I can't get the modified file.

Any assistance would be helpful please. It looks like most people here are running Microsoft AD - but I need help integrating with a Samba using OpenLDAP.

PS. I'll be happy to post snapshots of my config files if need-be.
Find all posts by this user
Quote this message in a reply
24-Sep-2013, 12:50 AM
Post: #2
RE: Can't Authenticate Users Against LDAP
In most cases, the logs will contain useful information as to why it says "invalid password". Check your "logs" table in the precurio database.
Go through the last few records and send me the message.
Find all posts by this user
Quote this message in a reply
24-Sep-2013, 03:05 AM
Post: #3
RE: Can't Authenticate Users Against LDAP
(24-Sep-2013 12:50 AM)mayorbrain Wrote:  In most cases, the logs will contain useful information as to why it says "invalid password". Check your "logs" table in the precurio database.
Go through the last few records and send me the message.

Thanks for responding so quickly. Attached is the log. I am authenticating my domain users against this LDAP server, and I am also able to use LDAPAdmin to browse the database without any problems.

Below is the content of my config file - as far as it relates to LDAP:

Code:
[ldap]
ldap.server1.host = "localhost"
ldap.server1.port = "389"
ldap.server1.useSsl = "0"
ldap.server1.accountDomainName = "CENTRALTRUCK.NET"
ldap.server1.accountDomainNameShort = ""
ldap.server1.baseDn = "cn=Accounts,cn=Users,dc=centraltruck,dc=net"
ldap.server1.username = "winadmin"
ldap.server1.password = "myPassWord"
ldap.server1.bindRequiresDn = "1"


Attached File(s)
.txt  log.txt (Size: 35.09 KB / Downloads: 283)
Find all posts by this user
Quote this message in a reply
24-Sep-2013, 08:42 AM
Post: #4
RE: Can't Authenticate Users Against LDAP
So, I've been doing some digging and came upon this thread which talked about the need to modify the adLDAP.php file to properly reference the directory structure of OpenLDAP. So I made the necessary changes.

I also decided to modify my precurio.ini file to use the LDAP bind information provided in the Webconfig of my server (those using ClearOS will know what I'm talking about).

My Current precurio.ini file:
Code:
[ldap]
ldap.server1.host = "localhost"
ldap.server1.port = "389"
ldap.server1.useSsl = "0"
ldap.server1.accountDomainName = "centraltruck.net"
ldap.server1.accountDomainNameShort = ""
ldap.server1.baseDn = "ou=Accounts,dc=centraltruck,dc=net"
ldap.server1.username = "cn=manager,cn=internal,dc=centraltruck,dc=net"
ldap.server1.password = "LDAP_Password_From_Webconfig"
ldap.server1.bindRequiresDn = "1"

It seems like I'm now making some progress. From the logs I'm seeing that LDAP authentication is working, but something it causing the Bind to fail after authentication. I'm getting the following page:

[Image: ldap_error.jpg]
Find all posts by this user
Quote this message in a reply
24-Sep-2013, 10:32 AM
Post: #5
RE: Can't Authenticate Users Against LDAP
Glad you are making progress.
Your baseDn should be "dc=centraltruck,dc=net".
Find all posts by this user
Quote this message in a reply
24-Sep-2013, 10:35 AM
Post: #6
RE: Can't Authenticate Users Against LDAP
Also, since your username is "cn=manager,cn=internal,dc=centraltruck,dc=net", I assume "manager" is a user and NOT a group?
Find all posts by this user
Quote this message in a reply
24-Sep-2013, 10:42 AM
Post: #7
RE: Can't Authenticate Users Against LDAP
(24-Sep-2013 10:32 AM)mayorbrain Wrote:  Glad you are making progress.
Your baseDn should be "dc=centraltruck,dc=net".

It didn't work. I changed the baseDN as you suggested, but got the following error:

[Image: ldap_error2.jpg]

Logs show this:
Code:
Ldap: 0:
Ldap: 2: host=localhost,port=389,useSsl=0,accountDomainName=centraltruck.net,accountDomainNameShort=,baseDn=dc=centraltruck,dc=net,username=cn=manager,cn​=internal,dc=centraltruck,dc=net,password=*****,bindRequiresDn=1
Ldap: 3: [email protected] authentication successful
exception 'adLDAPException' with message 'Bind to Active Directory failed. Check the login credentials and/or server details. AD said: Unknown error' in /var/www/html/precurio/application/default/helpers/adLDAP.php:383
Stack trace:
#0 /var/www/html/precurio/application/default/helpers/adLDAP.php(341): adLDAP->connect()
#1 /var/www/html/precurio/application/default/helpers/LdapAuth.php(350): adLDAP->__construct(Array)
#2 /var/www/html/precurio/application/default/helpers/LdapAuth.php(70): Precurio_Helper_LdapAuth->getUserEmail('kagbasi')
#3 /var/www/html/precurio/application/default/controllers/LoginController.php(97): Precurio_Helper_LdapAuth->validate('kagbasi', 'hannah#2')
#4 /var/www/html/precurio/library/Zend/Controller/Action.php(513): LoginController->submitAction()
#5 /var/www/html/precurio/library/Zend/Controller/Dispatcher/Standard.php(289): Zend_Controller_Action->dispatch('submitAction')
#6 /var/www/html/precurio/library/Zend/Controller/Front.php(954): Zend_Controller_Dispatcher_Standard->dispatch(Object(Zend_Controller_Request_Http), Object(Zend_Controller_Response_Http))
#7 /var/www/html/precurio/library/Zend/Application/Bootstrap/Bootstrap.php(97): Zend_Controller_Front->dispatch()
#8 /var/www/html/precurio/library/Zend/Application.php(366): Zend_Application_Bootstrap_Bootstrap->run()
#9 /var/www/html/precurio/public/index.php(42): Zend_Application->run()
#10 {main}
exception 'Precurio_Exception' in /var/www/html/precurio/library/Precurio/Session.php:58
Stack trace:
#0 /var/www/html/precurio/application/Bootstrap.php(283): Precurio_Session::getCurrentUserId()
#1 /var/www/html/precurio/library/Zend/Application/Bootstrap/BootstrapAbstract.php(665): Bootstrap->_initLanguages()
#2 /var/www/html/precurio/library/Zend/Application/Bootstrap/BootstrapAbstract.php(625): Zend_Application_Bootstrap_BootstrapAbstract->_executeResource('languages')
#3 /var/www/html/precurio/library/Zend/Application/Bootstrap/BootstrapAbstract.php(582): Zend_Application_Bootstrap_BootstrapAbstract->_bootstrap('languages')
#4 /var/www/html/precurio/application/Bootstrap.php(31): Zend_Application_Bootstrap_BootstrapAbstract->bootstrap('languages')
#5 /var/www/html/precurio/library/Zend/Application/Bootstrap/BootstrapAbstract.php(665): Bootstrap->_initView()
#6 /var/www/html/precurio/library/Zend/Application/Bootstrap/BootstrapAbstract.php(625): Zend_Application_Bootstrap_BootstrapAbstract->_executeResource('view')
#7 /var/www/html/precurio/library/Zend/Application/Bootstrap/BootstrapAbstract.php(582): Zend_Application_Bootstrap_BootstrapAbstract->_bootstrap('view')
#8 /var/www/html/precurio/application/Bootstrap.php(13): Zend_Application_Bootstrap_BootstrapAbstract->bootstrap('view')
#9 /var/www/html/precurio/library/Zend/Application/Bootstrap/BootstrapAbstract.php(665): Bootstrap->_initPlugin()
#10 /var/www/html/precurio/library/Zend/Application/Bootstrap/BootstrapAbstract.php(618): Zend_Application_Bootstrap_BootstrapAbstract->_executeResource('plugin')
#11 /var/www/html/precurio/library/Zend/Application/Bootstrap/BootstrapAbstract.php(582): Zend_Application_Bootstrap_BootstrapAbstract->_bootstrap(NULL)
#12 /var/www/html/precurio/library/Zend/Application.php(355): Zend_Application_Bootstrap_BootstrapAbstract->bootstrap(NULL)
#13 /var/www/html/precurio/public/index.php(41): Zend_Application->bootstrap()
#14 {main}

When I login, I'm simply using the username kagbasi. What am I still missing?

Also, to answer your question - yes, MANAGER is not a group. Below is a screenshot of my ldap structure:
[Image: ldap_structure.jpg]
Find all posts by this user
Quote this message in a reply
24-Sep-2013, 10:47 AM
Post: #8
RE: Can't Authenticate Users Against LDAP
Bind to Active Directory failed means it couldn't login with the following details.

username = "cn=manager,cn=internal,dc=centraltruck,dc=net"
password = "LDAP_Password_From_Webconfig"
bindRequiresDn = "1"

Before a user is authenticated on the AD, it has to first bind/login with a "master" user. The error indicates the master user is wrong. Confirm the user is correct (are you sure manager is a user ?), also try changing bindRequiresDn to "0"
Find all posts by this user
Quote this message in a reply
24-Sep-2013, 11:14 AM
Post: #9
RE: Can't Authenticate Users Against LDAP
Thanks for your response.

Yes, I'm sure that "manager" is a user. In fact, that's the bind credentials supplied by the ClearOS system (screenshot below).

[Image: ldap_bind_credentials.jpg]

[Image: ldap_structure_expanded.jpg]


Also, when I set bindRequiresDn = "0" I get a blank page after login. When I set it back, I immediately got the usual error page but this time it said "Undedined attribute type"
Find all posts by this user
Quote this message in a reply
24-Sep-2013, 11:20 AM
Post: #10
RE: Can't Authenticate Users Against LDAP
Ok, empty your logs table. Now set bindRequiresDn to "0". When you see the blank page, check the logs, paste message here.
Find all posts by this user
Quote this message in a reply
Post Reply 


Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  Unable to Create Users feroz365 5 6,616 26-Jan-2014 03:29 AM
Last Post: akhasis
  Switching to LDAP from Database limbeaux 2 22,840 26-Sep-2013 12:13 AM
Last Post: thong.lam
  0x7002: LDAP extension not loaded sports 12 46,750 09-Jul-2012 03:09 AM
Last Post: Kimanibob
  Installation - Failed connect LDAP Server greenbuto 0 15,301 21-Dec-2011 11:38 PM
Last Post: greenbuto

Forum Jump: