campbell-m
commented
1 month ago I don't know. Does this post help?
Open jolosan opened 1 month ago
campbell-m
commented
1 month ago I don't know. Does this post help?
jberanek
commented
1 month ago You've confused LDAP settings. Instead of
$ldap_user_attrib = 'SAMAccountName';You want:
$ldap_dn_search_attrib = 'SAMAccountName';What you have is instructing MRBS to login a user as:
Samaccountname=[TYPEDUSER],[BASEDN]instead of a discovered DN for the user.
jberanek
commented
1 month ago By the way the giveaway in the debug is the phrase "constructed dn..."
jolosan
commented
1 month ago Thanks for your help, but I'm not been able to make it work. After doing your suggested changes, the log raises a language error. Anyway I've changed authentication to the one based on a DB. So I won't need by now the Ldap authentication.
frmoronari
commented
3 weeks ago Hi guys,
I have same problem, and i needed one solution for this.
In troubleshooting, i detect error on ldap debug informing message:
No username found. Check the value of $ldap_user_attrib in the MRBS config file. It is currently set to 'uid'.
With this, i replace $ldap_user_attrib = "uid"; for $ldap_user_attrib = "userPrincipalName"; in file systemdefaults.inc.php.
Now i have full Active Directory LDAP integration.
Hello, I'm using MRBS version 1.11.14
I'm trying to validate users against one corporate LDAP server, but the configuration I have doesn't work. I also have the ldap debug option activated. The output in the apache error log is:
[Tue Sep 24 08:10:03.216427 2024] [php:notice] [pid 3074] [client 172.21.4.72:48896] [MRBS DEBUG] MRBS\Auth\AuthLdap->action(730): got LDAP connection using ldap://ldapad.edu.gva.es:389, referer: http://172.21.4.245/web/admin.php [Tue Sep 24 08:10:03.216596 2024] [php:notice] [pid 3074] [client 172.21.4.72:48896] [MRBS DEBUG] MRBS\Auth\AuthLdap->action(794): constructed dn 'sAMAccountName=jf.lopezsanchezmon,ou=EDUCACION,dc=edu,dc=gva,dc=es' and user_search 'sAMAccountName=jf.lopezsanchezmon' using 'sAMAccountName', referer: http://172.21.4.245/web/admin.php [Tue Sep 24 08:10:03.216704 2024] [php:notice] [pid 3074] [client 172.21.4.72:48896] [MRBS DEBUG] MRBS\Auth\AuthLdap::validateUserCallback(247): base_dn 'ou=EDUCACION,dc=edu,dc=gva,dc=es' dn 'sAMAccountName=jf.lopezsanchezmon,ou=EDUCACION,dc=edu,dc=gva,dc=es' user 'jf.lopezsanchezmon', referer: http://172.21.4.245/web/admin.php [Tue Sep 24 08:10:03.252637 2024] [php:notice] [pid 3074] [client 172.21.4.72:48896] [MRBS DEBUG] MRBS\Auth\AuthLdap::validateUserCallback(319): bind to 'sAMAccountName=jf.lopezsanchezmon,ou=EDUCACION,dc=edu,dc=gva,dc=es' failed: Invalid credentials [80090308: LdapErr: DSID-0C09050F, comment: AcceptSecurityContext error, data 52e, v4563], referer: http://172.21.4.245/web/admin.php
The ldap configuration section I have is: $ldap_host = "ldapad.edu.gva.es"; $ldap_v3 = true; $ldap_tls = false; $ldap_base_dn = "ou=EDUCACION,dc=edu,dc=gva,dc=es"; $ldap_dn_search_dn = "cn=consulta_DA,ou=EDUCACION,dc=edu,dc=gva,dc=es"; $ldap_dn_search_password = "**"; $ldap_user_attrib = "sAMAccountName";
And if I use the ldapsearch command I get a valid response: ldapsearch -x -b "OU=EDUCACION,DC=edu,DC=gva,DC=es" -D consulta_DA@edu.gva.es -w ** -H ldap://ldapad.edu.gva.es '(&(memberof=CN=GRP_12001231,OU=EDUCACION,dc=edu,dc=gva,dc=es)(memberof=CN=DOCENTE_A3,OU=EDUCACION,dc=edu,dc=gva,dc=es))'| grep sAMAccountName
Perharps I'm missing something in the ldap configuration section.
Thanks in advance.