search

meeting-room-booking-system / mrbs-code

MRBS application code
Other
127 stars 62 forks source link

ldap_search(): Search: Operations error #3048

Open jberanek opened 3 years ago

jberanek commented 3 years ago

Hi everyone I have problem of LDAP authentication. The error is "ldap_search(): Search: Operations error". I have tried to use LDAP authentication in the lateset version of MRBS 1.9.3, and I also encounter the same error.

Here is my setting in config.ini:

$auth["type"] = "ldap";
$ldap_host = "*";
$ldap_port = 389;
$ldap_v3 = true;
$ldap_tls = false;

$ldap_base_dn = "dc=company,dc=com";
$ldap_user_attrib = "sAMAccountName";
$ldap_dn_search_attrib = "sAMAccountName";
$ldap_dn_search_dn = "cn=*,cn=users,dc=company,dc=com"; 
$ldap_filter="dc=*,dc=com";

$ldap_dn_search_password = "*"; 
$debug = true;

Error:

##### E_WARNING in C:\xampp\htdocs\mrbs\web\lib\MRBS\Auth\AuthLdap.php at line 587
##### ldap_search(): Search: Operations error
##### MRBS GET: Array
##### (
##### )
##### MRBS POST: Array
##### (
#####     [csrf_token] => b7b5a1a6721c46e0aeef8a2360c9bcbda6bfca98966b75fcb83e9bec75ea0fb2
#####     [returl] =>
######     [target_url] => index.php
######     [action] => SetName
######     [username] => ****
######     [password] => ****
###### )
###### MRBS SESSION: Array
###### (
#####     [csrf_token] => b7b5a1a6721c46e0aeef8a2360c9bcbda6bfca98966b75fcb83e9bec75ea0fb2
##### )
##### 
#####  MRBS\generate_backtrace() called at [C:\xampp\htdocs\mrbs\web\functions_error.inc:152]
#####  MRBS\output_error() called at [C:\xampp\htdocs\mrbs\web\functions_error.inc:182]
#####  MRBS\error_handler(2, ldap_search(): Search: Operations error, C:\xampp\htdocs\mrbs\web\lib\MRBS\Auth\AuthLdap.php, 587, array)
#####  ldap_search(resource, dc=*,dc=com, (sAMAccountName=Wayne.Yu)) called at [C:\xampp\htdocs\mrbs\web\lib\MRBS\Auth\AuthLdap.php:587]
#####  MRBS\Auth\AuthLdap->action(validateUserCallback, *, array) called at [C:\xampp\htdocs\mrbs\web\lib\MRBS\Auth\AuthLdap.php:209]
#####  MRBS\Auth\AuthLdap->validateUser(*, *) called at [C:\xampp\htdocs\mrbs\web\lib\MRBS\Session\SessionWithLogin.php:136]
#####  MRBS\Session\SessionWithLogin->getValidUser(*, *) called at [C:\xampp\htdocs\mrbs\web\lib\MRBS\Session\SessionWithLogin.php:114]
#####  MRBS\Session\SessionWithLogin->processForm() called at [C:\xampp\htdocs\mrbs\web\mrbs_auth.inc:26]
#####  require_once(C:\xampp\htdocs\mrbs\web\mrbs_auth.inc) called at [C:\xampp\htdocs\mrbs\web\defaultincludes.inc:32]
#####  require(C:\xampp\htdocs\mrbs\web\defaultincludes.inc) called at [C:\xampp\htdocs\mrbs\web\admin.php:16]

Here is my environment:

MRBS: 1.9.2 
Windows Server 2012 R2
MySQL: 8
PHP: 7.3.28

Reported by: wante98

Original Ticket: mrbs/support-requests/2359

jberanek commented 3 years ago

Is this a brand new installation, or are you upgrading from 1.9.2? If upgrading, was it working in 1.9.2?

Original comment by: campbell-m

jberanek commented 3 years ago 
$ldap_dn_search_dn = "cn=*,cn=users,dc=company,dc=com";

Was this just you obscuring personal details, as it doesn't look like a valid DN to me...

That field is the LDAP Distinguished Name to login as, so for a Active Directory system perhaps: cn=queryuser,ou=users,dc=example,dc=com

Original comment by: jberanek

jberanek commented 3 years ago

On latest version 1.9.3. upgraded from 1.7.1 (which was working fine on new Ubuntu VM and cannot load index page after successful login (seen in Apache log : MRBS\Auth\AuthLdap::getUserCallback(440): ldap_read() succeeded, taking 0.00060915946960449 seconds, referer: https://bookings......) Upgrade seemed to go well seen by database versions displayed as complete, returning to login screen, but no login to see good old index page. Just goes back in a loop to login page, even after login success - why?

Original comment by: *anonymous

jberanek commented 3 years ago

Is this the same problem? I thought you were getting "ldap_search(): Search: Operations error"?

Original comment by: campbell-m

jberanek commented 3 years ago

no error in Apache log, it says "succeeded" but I am still on the same login page, not loading index page with usual layout. Ldap is correctly configured, however it appears not to make any progress from login page. Before upgrade it worked well. I can still install old version 1.7.1 migrating from old opensuse vm to new ubuntu vm and it will work, but why is the latest version stuck at login page, even after successful login? Looks like new ticket to me?

Original comment by: *anonymous

jberanek commented 3 years ago
  1. Are you still getting the "ldap_search(): Search: Operations error" message? If not, have you changed something?
  2. What have you got $auth['session'] set to?

Original comment by: campbell-m

jberanek commented 3 years ago
  1. I was never getting ldap error message, only "succeeded" message in Apache log
  2. Could not find the string $auth['session'] in config.inc.php file.

Original comment by: *anonymous

jberanek commented 3 years ago

correction:

  1. $auth["session"] = "cookie"

single speech marks issue ( " instead of ')

Original comment by: *anonymous

jberanek commented 3 years ago

Ah, I assume you didn't raise the ticket originally? If not, then yes, a new ticket would be helpful.

Original comment by: campbell-m

jberanek commented 3 years ago

Try setting 

$auth['session'] = 'php';

Original comment by: campbell-m

jberanek commented 3 years ago

already did - still the same login screen with no progress. in Apache log: PHP Notice: parseLocale: could not parse subtag '' in /var/www/html/web/lib/MRBS/Locale.php on line 224, referer: https://bookings.... PHP Notice: Server failed to set locale to [".UTF-8"] for language tag ''. in /var/www/html/web/language.inc on line 221, referer: https://bookings..... [php7:notice] [pid 5393] [client 192.168.x.x:53127] \nE_WARNING in /var/www/html/web/lib/MRBS/Session/SessionPhp.php at line 61\nsession_destroy(): Session object destruction failed\nMRBS GET: Array\n(\n)\nMRBS POST: Array\n(\n [csrf_token] => 255c308d78064167e4c3343d77ed49b5a0b149972b5dbad86604bae672c85c09\n [returl] => \n [target_url] =>

Original comment by: *anonymous

jberanek commented 3 years ago

I always had : $auth["session"] = "cookie" $auth["type"] = "ldap"; and it was working fine..

Original comment by: *anonymous

jberanek commented 3 years ago

I can only get in if: $auth["session"] = "nt"; $auth["type"] = "none"; but that is not the point as users are not authenticated against AD (ldap was fine though) ?

Original comment by: *anonymous

jberanek commented 3 years ago

What happens if you set

$auth["session"] = "php";
$auth["type"] = "db";

I know it's not what you want, but it's a test that will help narrow the problem down.

Original comment by: campbell-m

jberanek commented 3 years ago

yes thanks, that works ok, first create user, then log in as that user. what about cookie sessions plus lpdap auth?

Original comment by: *anonymous

jberanek commented 3 years ago

... continued at https://sourceforge.net/p/mrbs/support-requests/2363/

Original comment by: campbell-m

jberanek commented 3 years ago

Hi Campbell Currently I am using MRBS 1.9.2 version.

Hi John I have checked with the AD. The follwoing dn is correct. is the Window AD admin acoount. $ldap_dn_search_dn = "cn=,cn=users,dc=company,dc=com";

After I removed the following code, I can log in MRBS using LDAP authentication. Thanks a lot. $ldap_filter="dc=*,dc=com";

Original comment by: wante98