search

meeting-room-booking-system / mrbs-code

MRBS application code
Other
127 stars 64 forks source link

"Bind to... failed" on auth_ldap to MS AD #1707

Open jberanek opened 8 years ago

jberanek commented 8 years ago

Hi all,

I'm trying to configure MRBS to authenticate against a Windows 2003 Server Active Directory via LDAP auth, I think connection establish well, bit when tries to bind to the user, it fails, and I don't understand why.

The error trace is:

[Mon May 30 14:06:08.140257 2016] [:error] [pid 18585] [client 127.0.0.1:41113] authLdapAction: Got LDAP connection, referer: https://myorg/admin.php
[Mon May 30 14:06:08.142357 2016] [:error] [pid 18585] [client 127.0.0.1:41113] authLdapAction: Result of initial bind is 1, referer: https://myorg/admin.php
[Mon May 30 14:06:08.143361 2016] [:error] [pid 18585] [client 127.0.0.1:41113] authLdapAction: Found one entry using 'sAMAccountName', referer: https://myorg/admin.php
[Mon May 30 14:06:08.143798 2016] [:error] [pid 18585] [client 127.0.0.1:41113] authLdapAction: base_dn 'DC=domain,DC=com' user fulano dn CN=Fulano,OU=Sistemas,OU=Informatica,DC=domain,DC=com, referer: https://myorg/admin.php
[Mon May 30 14:06:08.143897 2016] [:error] [pid 18585] [client 127.0.0.1:41113] authValidateUserCallback: base_dn 'DC=domain,DC=com' dn 'CN=Fulano,OU=Sistemas,OU=Informatica,DC=domain,DC=com' user 'fulano', referer: https://myorg/admin.php
[Mon May 30 14:06:08.144373 2016] [:error] [pid 18585] [client 127.0.0.1:41113] authValidateUserCallback: Bind to 'CN=Fulano,OU=Sistemas,OU=Informatica,DC=domain,DC=com' failed, referer: https://myorg/admin.php

I've tested that the user credentials are OK, as it can login to a PC in the domain.

My actual config is:

$auth["type"] = "ldap";
$ldap_host = "myhost_ip";
$ldap_port = 389;
$ldap_v3 = true;
$ldap_debug = true;
$ldap_dn_user_attrib = "sAMAccountName";
$ldap_dn_search_attrib = "sAMAccountName";
$ldap_dn_search_dn = "cn=Administrador,cn=Users,DC=domain,DC=com";
$ldap_dn_search_password = "crupt_password";
$ldap_base_dn = "DC=domain,DC=com";
$ldap_disable_referrals = TRUE;
$ldap_get_user_email = TRUE;
$ldap_email_attrib = 'mail';
$ldap_group_member_attrib = 'memberof';
$ldap_unbind_between_attempts = false;

I'm using the latest release of MRBS.

Any ideas?

Reported by: *anonymous

Original Ticket: mrbs/support-requests/984

jberanek commented 8 years ago

I think the problem may come from this lines:

$ldap_dn_search_dn = "cn=Administrador,cn=Users,DC=domain,DC=com"; $ldap_dn_search_password = "crupt_password";

Please double check the username and password carefully.

Original comment by: *anonymous

jberanek commented 7 years ago

https://sourceforge.net/p/mrbs/support-requests/1143/ Try this if it can fix your problem.

Original comment by: tranngocson9999