search

meeting-room-booking-system / mrbs-code

MRBS application code
Other
121 stars 59 forks source link

LDAP User Account No binding, #534

Open jberanek opened 9 years ago

jberanek commented 9 years ago

Dear MRBS Team, Please support me, I am tried a lot for configure MRBS LDAP AD authentication But its not succeed, I have mentioned below my config file settings and log.

I hope this below error log will helpfull to understand by you to rectify the config error.

Please respond me and rectify my problem as I facing this issue since 20 Days. I have spend more time to execute this.

$auth["session"] = "php"; $auth["type"] = "ldap";

$auth["realm"] = "mrbs"; $ldap_host = "servername"; $ldap_port = 389; $ldap_v3 = true; $ldap_tls = TRUE; $ldap_base_dn [] = "CN=Person,CN=Schema,CN=Configuration,DC=domain,DC=com"; $ldap_user_attrib [] = "uid"; $ldap_dn_search_attrib = "sAMAccountName"; $ldap_dn_search_dn = "ou=users,ou=domain,DC=domain,DC=com"; $ldap_dn_search_password = "password"; $ldap_filter = "CN=Person,CN=Schema,CN=Configuration,DC=domain,DC=com"; $ldap_filter = "CN=Person,CN=Schema,CN=Configuration,DC=domain,DC=com"; $ldap_disable_referrals = TRUE; $ldap_get_user_email = TRUE; $ldap_email_attrib = 'mail'; $ldap_admin_group_dn = 'memberof=CN=Person,CN=Schema,CN=Configuration,DC=domain,DC=com'; $ldap_group_member_attrib = 'memberof=CN=Person,CN=Schema,CN=Configuration,DC=domain,DC=com'; $ldap_unbind_between_attempts = false; $ldap_debug = TRUE;

[Mon Mar 23 14:03:20.414222 2015] [:error] [pid 143048:tid 1780] [client 192.168.1.10:54655] authLdapAction: Constructed dn 'uid=abc,CN=Person,CN=Schema,CN=Configuration,DC=domain,DC=com' and user_search 'uid=abc' using 'uid', referer: http://mrbs.in/admin.php

[Mon Mar 23 14:03:20.414222 2015] [:error] [pid 143048:tid 1780] [client 192.168.1.10:54655] authValidateUserCallback: base_dn 'CN=Person,CN=Schema,CN=Configuration,DC=domain,DC=com' dn 'uid=abc,CN=Person,CN=Schema,CN=Configuration,DC=domain,DC=com' user 'abc', referer: http://mrbs.in/admin.php

[Mon Mar 23 14:03:20.415222 2015] [:error] [pid 143048:tid 1780] [client 192.168.1.10:54655] authValidateUserCallback: Bind to 'uid=abc,CN=Person,CN=Schema,CN=Configuration,DC=domain,DC=com' failed, referer: http://mrbs.in/admin.php

Reported by: *anonymous

Original Ticket: mrbs/bugs/327

jberanek commented 9 years ago

You've got way too much LDAP configuration in there, I'd start with the basics, and remove everything else:

$ldap_host = "servername";
$ldap_port = 389;
$ldap_v3 = true;
$ldap_tls = TRUE;
$ldap_base_dn = "DC=domain,DC=com";
$ldap_dn_search_attrib = "sAMAccountName"; 
$ldap_disable_referrals = TRUE;
$ldap_get_user_email = TRUE;
$ldap_email_attrib = 'mail';

Here I have assumed that users will exist under "DC=domain,DC=com", I have also assumed that anonymous searches are allowed in your AD. If they aren't you can specify the bind credentials:

$ldap_dn_search_dn = "cn=Joe Bloggs,ou=Users,dc=domain,dc=com";
$ldap_dn_search_password = "joespassword";

Original comment by: jberanek

jberanek commented 9 years ago

Hi John, Thank you so much for support me. I have tried as per your instruction, but count not succeed. Please check my config and log.

$ldap_host = "server"; $ldap_port = 389; $ldap_v3 = true; $ldap_tls = false; $ldap_base_dn = "ou=users,ou=domain,dc=domain,dc=com"; $ldap_user_attrib = "uid"; $ldap_dn_search_attrib = "sAMAccountName"; $ldap_disable_referrals = TRUE; $ldap_get_user_email = TRUE; $ldap_email_attrib = 'mail'; $ldap_unbind_between_attempts = FALSE; $ldap_debug = TRUE;

[Tue Mar 24 09:59:58.759320 2015] [:error] [pid 143048:tid 1804] [client 192.168.1.10:47465]

authLdapAction: Got LDAP connection, referer: http://mrbs.in/admin.php

[Tue Mar 24 09:59:58.761320 2015] [:error] [pid 143048:tid 1804] [client 192.168.1.10:47465]

authLdapAction: Result of initial bind is 1, referer: http://mrbs.in/admin.php

[Tue Mar 24 09:59:58.761320 2015] [:error] [pid 143048:tid 1804] [client 192.168.1.10:47465]

authLdapAction: Didn't find entry using 'sAMAccountName', referer: http://mrbs.in/admin.php

[Tue Mar 24 09:59:58.761320 2015] [:error] [pid 143048:tid 1804] [client 192.168.1.10:47465]

authLdapAction: base_dn 'ou=users,ou=domain,dc=domain,dc=com' user mister dn , referer:

http://mrbs.in/admin.php

[Tue Mar 24 09:59:58.761320 2015] [:error] [pid 143048:tid 1804] [client 192.168.1.10:47465]

authValidateUserCallback: base_dn 'ou=users,ou=domain,dc=domain,dc=com' dn '' user 'mister', referer:

http://mrbs.in/admin.php

[Tue Mar 24 09:59:58.761320 2015] [:error] [pid 143048:tid 1804] [client 192.168.1.10:47465]

authValidateUserCallback: Bind to '' failed, referer: http://mrbs.in/admin.php

Original comment by: *anonymous

jberanek commented 9 years ago

Hi John, Please hlep to solve above problem.If you could help me is a great treat for me. Waiting for your reply.

Original comment by: *anonymous

jberanek commented 9 years ago

Your latest debug output is at least a lot more clear. MRBS connects to your AD and performs a search, which doesn't find the user you specified. This could be due to a few things:

1) Your base_dn is wrong, so the user isn't found 2) Your AD doesn't allow anonymous searches. If this is the case, you'll need to set config variables, e.g.:

$ldap_dn_search_dn = "cn=Joe Bloggs,ou=Users,dc=domain,dc=com";
$ldap_dn_search_password = "joespassword";

Where the dn variable is the DN of a user that can search AD.

Original comment by: jberanek

jberanek commented 9 years ago

Hi John, I Appreciate your response & gave useful advice. Please find below config after your suggestion, I tried even with this setting could not connect MRBS through AD.
Looks still has bugs in config file.

$ldap_host = "server"; $ldap_port = 389; $ldap_v3 = true; $ldap_tls = false; $ldap_base_dn = "OU=Users,OU=domain,DC=domain,DC=com"; $ldap_user_attrib = "uid"; $ldap_dn_search_attrib = "sAMAccountName"; $ldap_dn_search_dn = "CN=Admin,OU=Users,DC=domain,DC=com"; $ldap_dn_search_password = "password"; $ldap_disable_referrals = TRUE; $ldap_get_user_email = TRUE; $ldap_email_attrib = 'mail'; $ldap_unbind_between_attempts = FALSE; $ldap_debug = TRUE;

[Mon Mar 30 14:51:25.391274 2015] [:error] [pid 211132:tid 1748] [client 192.168.1.10:65183] authLdapAction: Got LDAP connection, referer: http://mrbs.in/admin.php

[Mon Mar 30 14:51:25.391274 2015] [:error] [pid 211132:tid 1748] [client 192.168.1.10:65183] authLdapAction: Constructed dn '=admin,OU=Users,OU=domain,DC=domain,DC=com' and user_search '=admin' using '', referer: http://mrbs.in/admin.php

[Mon Mar 30 14:51:25.391274 2015] [:error] [pid 211132:tid 1748] [client 192.168.1.10:65183] authValidateUserCallback: base_dn 'OU=Users,OU=domain,DC=domain,DC=com' dn '=admin,OU=Users,OU=domain,DC=domain,DC=com' user 'admin', referer: http://mrbs.in/admin.php

[Mon Mar 30 14:51:25.402275 2015] [:error] [pid 211132:tid 1748] [client 192.168.1.10:65183] authValidateUserCallback: Bind to '=admin,OU=Users,OU=domain,DC=domain,DC=com' failed, referer: http://mrbs.in/admin.php

Why its not binding... is it required any config in ldap_auth.inc

Original comment by: *anonymous

jberanek commented 9 years ago

Hi John, Still I am waiting your respond, above previous ticket for your reference. I am very much appreciate if you could help me to resolve login with LDAP credent.

Original comment by: *anonymous

jberanek commented 9 years ago

The modification in auth_ldap.inc made the trick http://sourceforge.net/p/mrbs/support-requests/635/

Original comment by: *anonymous

jberanek commented 8 years ago

not sure why this is happening but some users are able to authenticate using ldap, some are not (same OU but synced to O365)?

apache error log: authValidateUserCallback: Bind to '' failed

Original comment by: *anonymous