Error when attempting login

[GeekSage]

This is in reference to the "LDAP Authentication and Lookup" plugin. All files are up to date as of right now from git. I have filled in the "Default Domain" and "DNS Servers" from the Microsoft AD section at the top (which is says is all that is required for authentication and I get the following error when attempting a login: Fatal error: Call to a member function bind() on a non-object in /var/www/ostpreview/include/plugins/auth-ldap/authentication.php on line 205

I've tried filling in the search user and password as well with no change.

I also noticed that when skipping filling in the information for the "Generic configuration for LDAP" section (which shouldn't be needed since I filled in the fields at the top) it always shows the following error message under the "LDAP Servers" field (but it still allows the save to continue): Unable to find LDAP servers for this domain. Try giving an address of one of the DNS servers or manually specify the LDAP servers for this domain below.

[ntozier]

Just checking, but you do know that this is unofficial, unreleased, not even alpha software yet... right?

[GeekSage]

Yes, I do... But if it was a bug I figured it might be good to mention it before it does hit that stage. Though if I was incorrect in doing so I apologize. I was just testing it all out to see how it was working.

[ntozier]

No its actually awesome that you posted about it, I was just making sure that your expectation levels were in line with reality. :) I played with 1.8.1 and the plugins a little last night. I had to delete the storage-fs plugin because I was getting this error:

[14-Jan-2014 04:18:16 UTC] PHP Fatal error: Class 'FileStorageBackend' not found in C:\Inetpub\wwwroot\support\include\plugins\storage-fs\plugin.php on line 9

After I did that it let me actually install the LDAP plugin which I can get to save the data, but all I'm seeing is failed login attempts in the osTicket System Logs. Did you see a similar behavior?

[GeekSage]

Actually, yes, I noticed the exact same thing. Sorry, I meant to mention that as well. I did have to remove the directory for the storage-fs plugin entirely just to get to where I could use the LDAP plugin as well.

[ntozier]

Well then we're both awaiting the pleasure of the devs then. :)

I'm wondering if its something simple like some where in the back end not setting LDAP_OPT_PROTOCOL_VERSION to 3. I'll email the devs and let them know that we're available to help troubleshoot for AD.

[GeekSage]

Absolutely, I would be willing to do whatever is needed if I'm not in a meeting or extremely busy on code at work. I'm a developer myself ... Just not a PHP developer by trade. I mostly do all .NET development.

I was able to get the LDAP mod for 1.7.x working, just not this one as of yet. Haven't had too much time today to mess with it yet because of other stuff I'm working on here.

[greezybacon]

Have you tried leaving the DNS servers blank? Or verifying that the web server can access those DNS servers? You can also put the names or IPs of the AD servers into the LDAP servers box

[GeekSage]

Ok, got it... I removed the DNS server as you suggested and tried that but it didn't work. I then entered the server into the LDAP server box and that worked. I guess it won't work with just the default MS AD domain entered without the server info in the LDAP section as well.

[greezybacon]

Would you mind adding a var_dump at authentication.php line 107:

102         // Sort servers by priority ASC, then weight DESC
103         usort($servers, function($a, $b) {
104             return ($a['priority'] << 15) - $a['weight']
105                 - ($b['priority'] << 15) + $b['weight'];
106         });
107         var_dump($servers);
108         return $servers;

Then, (temporarily) unset the servers in the LDAP servers box and offer the output from the var_dump? It might be useful to also repeat this with one or more DNS servers in the "DNS Servers" box too.

[ntozier]

I removed the LDAP servers from the field. I added the var_dump($servers); on line 107. When I try to log in I now get

Fatal error: Call to a member function bind() on a non-object in C:\Inetpub\wwwroot\support\include\plugins\auth-ldap\authentication.php on line 206

On Tue, Jan 14, 2014 at 2:10 PM, Jared Hancock notifications@github.comwrote:

Would you mind adding a var_dump at authentication.php line 107:

102 // Sort servers by priority ASC, then weight DESC103 usort($servers, function($a, $b) {104 return ($a['priority'] << 15) - $a['weight']105 - ($b['priority'] << 15) + $b['weight'];106 });107 var_dump($servers);108 return $servers;

Then, (temporarily) unset the servers in the LDAP servers box and offer the output from the var_dump?

— Reply to this email directly or view it on GitHubhttps://github.com/osTicket/core-plugins/issues/3#issuecomment-32296474 .

[GeekSage]

Yea, I get the same thing and ended up with the same result (which is back to my OP). I'm not real familiar with PHP so I had looked up the var_dump and see it's supposed to dump to the screen so I was wondering if it was possibly dumping to the screen but the code continued and when it hit the error was removing it too quick for me to see it so I added a pause and still no luck. I then attempted to take that var_dump and make it write to a text file but that didn't seem to work either so I'm wondering if it's bombing before that code is reached?

[greezybacon]

What about inside the exception block on line 92? Maybe var_dump the exception, $e?

[GeekSage]

Yea, when I do that I get an "array(0) { }" right before the fatal exception message.

[greezybacon]

What about the exception? I'm not logging it, so I'm interested in what the exception is. Can you do?

var_dump($e);

[ntozier]

Here is my $e with some security edits to obfuscate my companies details, my account, and my password.

object(Net_DNS2_Exception)#23 (9) { ["_request":"Net_DNS2_Exception":private]=> NULL ["_response":"Net_DNS2_Exception":private]=> NULL ["message":protected]=> string(65) "every name server provided has failed: invalid address type: hhia" ["string":"Exception":private]=> string(0) "" ["code":protected]=> int(202) ["file":protected]=> string(65) "C:\Inetpub\wwwroot\support\include\pear\Net\DNS2.php" ["line":protected]=> int(864) ["trace":"Exception":private]=> array(7) { [0]=> array(6) { ["file"]=> string(74) "C:\Inetpub\wwwroot\support\include\pear\Net\DNS2\Resolver.php" ["line"]=> int(212) ["function"]=> string(10) "sendPacket" ["class"]=> string(8) "Net_DNS2" ["type"]=> string(2) "->" ["args"]=> array(2) { [0]=> object(Net_DNS2_Packet_Request)#19 (9) { ["rdata"]=> NULL ["rdlength"]=> NULL ["offset"]=> int(35) ["header"]=> object(Net_DNS2_Header)#20 (15) { ["id"]=> int(45628) ["qr"]=> int(0) ["opcode"]=> int(0) ["aa"]=> int(0) ["tc"]=> int(0) ["rd"]=> int(1) ["ra"]=> int(0) ["z"]=> int(0) ["ad"]=> int(0) ["cd"]=> int(0) ["rcode"]=> int(0) ["qdcount"]=> int(1) ["ancount"]=> int(0) ["nscount"]=> int(0) ["arcount"]=> int(0) } ["question"]=> array(1) { [0]=> object(Net_DNS2_Question)#21 (3) { ["qname"]=> string(17) "_ldap._tcp.RENAMEDDOMAIN\" ["qtype"]=> string(3) "SRV" ["qclass"]=> string(2) "IN" } } ["answer"]=> array(0) { } ["authority"]=> array(0) { } ["additional"]=> array(0) { } ["_compressed":"Net_DNS2_Packet":private]=> array(3) { ["_ldap._tcp.RENAMEDDOMAIN\"]=> int(12) ["_tcp.RENAMEDDOMAIN\"]=> int(18) ["RENAMEDDOMAIN\"]=> int(23) } } [1]=> bool(false) } } [1]=> array(6) { ["file"]=> string(84) "C:\Inetpub\wwwroot\support\include\plugins\auth-ldap\authentication.php" ["line"]=> int(89) ["function"]=> string(5) "query" ["class"]=> string(17) "Net_DNS2_Resolver" ["type"]=> string(2) "->" ["args"]=> array(2) { [0]=> string(17) "_ldap._tcp.RENAMEDDOMAIN\" [1]=> string(3) "SRV" } } [2]=> array(6) { ["file"]=> string(84) "C:\Inetpub\wwwroot\support\include\plugins\auth-ldap\authentication.php" ["line"]=> int(117) ["function"]=> string(12) "autodiscover" ["class"]=> string(18) "LDAPAuthentication" ["type"]=> string(2) "->" ["args"]=> array(2) { [0]=> &string(6) "RENAMEDDOMAIN\" [1]=> &array(1) { [0]=> string(4) "hhia" } } } [3]=> array(6) { ["file"]=> string(84) "C:\Inetpub\wwwroot\support\include\plugins\auth-ldap\authentication.php" ["line"]=> int(150) ["function"]=> string(10) "getServers" ["class"]=> string(18) "LDAPAuthentication" ["type"]=> string(2) "->" ["args"]=> array(0) { } } [4]=> array(6) { ["file"]=> string(84) "C:\Inetpub\wwwroot\support\include\plugins\auth-ldap\authentication.php" ["line"]=> int(180) ["function"]=> string(13) "getConnection" ["class"]=> string(18) "LDAPAuthentication" ["type"]=> string(2) "->" ["args"]=> array(0) { } } [5]=> array(6) { ["file"]=> string(62) "C:\Inetpub\wwwroot\support\include\class.auth.php" ["line"]=> int(80) ["function"]=> string(12) "authenticate" ["class"]=> string(18) "LDAPAuthentication" ["type"]=> string(2) "->" ["args"]=> array(2) { [0]=> &string(8) "USERNAME" [1]=> &string(11) "PASSWORD" } } [6]=> array(6) { ["file"]=> string(53) "C:\Inetpub\wwwroot\support\scp\login.php" ["line"]=> int(30) ["function"]=> string(7) "process" ["class"]=> string(21) "AuthenticationBackend" ["type"]=> string(2) "::" ["args"]=> array(3) { [0]=> &string(8) "USERNAME" [1]=> &string(11) "PASSWORD" [2]=> &NULL } } } ["previous":"Exception":private]=> NULL } Fatal error: Call to a member function bind() on a non-object in C:\Inetpub\wwwroot\support\include\plugins\auth-ldap\authentication.php on line 207

[GeekSage]

Sorry this paste is a bit ugly but this was the output (except I scrubbed our personal data out):

.#.#.### = IP for DNS Server

ourdomain = domain name aduser = my AD user name adpassword = my AD password

Here's the string that was returned: object(Net_DNS2_Exception)#27 (9) { ["_request":"Net_DNS2_Exception":private]=> object(Net_DNS2_Packet_Request)#19 (9) { ["rdata"]=> NULL ["rdlength"]=> NULL ["offset"]=> int(33) ["header"]=> object(Net_DNS2_Header)#20 (15) { ["id"]=> int(21566) ["qr"]=> int(0) ["opcode"]=> int(0) ["aa"]=> int(0) ["tc"]=> int(0) ["rd"]=> int(1) ["ra"]=> int(0) ["z"]=> int(0) ["ad"]=> int(0) ["cd"]=> int(0) ["rcode"]=> int(0) ["qdcount"]=> int(1) ["ancount"]=> int(0) ["nscount"]=> int(0) ["arcount"]=> int(0) } ["question"]=> array(1) { [0]=> object(Net_DNS2_Question)#21 (3) { ["qname"]=> string(15) "_ldap._tcp.ourdomain" ["qtype"]=> string(3) "SRV" ["qclass"]=> string(2) "IN" } } ["answer"]=> array(0) { } ["authority"]=> array(0) { } ["additional"]=> array(0) { } ["_compressed":"Net_DNS2_Packet":private]=> array(3) { ["_ldap._tcp.ourdomain"]=> int(12) ["_tcp.ourdomain"]=> int(18) ["ourdomain"]=> int(23) } } ["_response":"Net_DNS2_Exception":private]=> object(Net_DNS2_Packet_Response)#23 (11) { ["answer_from"]=> string(10) "##.#.#.###" ["answer_socket_type"]=> int(2) ["rdata"]=> string(108) "T>ƒ

_ldap_tcpourdomain!

'@
aroot-serversnetnstldverisign-grscomx„ :€
Q€" ["rdlength"]=> int(108) ["offset"]=> int(108) ["header"]=> object(Net_DNS2_Header)#24 (15) { ["id"]=> int(21566) ["qr"]=> int(1) ["opcode"]=> int(0) ["aa"]=> int(0) ["tc"]=> int(0) ["rd"]=> int(1) ["ra"]=> int(1) ["z"]=> int(0) ["ad"]=> int(0) ["cd"]=> int(0) ["rcode"]=> int(3) ["qdcount"]=> int(1) ["ancount"]=> int(0) ["nscount"]=> int(1) ["arcount"]=> int(0) } ["question"]=> array(1) { [0]=> object(Net_DNS2_Question)#25 (3) { ["qname"]=> string(15) "_ldap._tcp.ourdomain" ["qtype"]=> string(3) "SRV" ["qclass"]=> string(2) "IN" } } ["answer"]=> array(0) { } ["authority"]=> array(1) { [0]=> object(Net_DNS2_RR_SOA)#26 (13) { ["mname"]=> string(18) "a.root-servers.net" ["rname"]=> string(22) "nstld.verisign-grs.com" ["serial"]=> int(2014011401) ["refresh"]=> int(1800) ["retry"]=> int(900) ["expire"]=> int(604800) ["minimum"]=> int(86400) ["name"]=> string(0) "" ["type"]=> string(3) "SOA" ["class"]=> string(2) "IN" ["ttl"]=> int(807) ["rdlength"]=> int(64) ["rdata"]=> string(64) "
aroot-serversnetnstldverisign-grscomx „ :€
Q€" } } ["additional"]=> array(0) { } ["_compressed":"Net_DNS2_Packet":private]=> array(0) { } } ["message":protected]=> string(75) "DNS request failed: The domain name referenced in the query does not exist." ["string":"Exception":private]=> string(0) "" ["code":protected]=> int(3) ["file":protected]=> string(45) "/var/www/ostpreview/include/pear/Net/DNS2.php" ["line":protected]=> int(1207) ["trace":"Exception":private]=> array(7) { [0]=> array(6) { ["file"]=> string(54) "/var/www/ostpreview/include/pear/Net/DNS2/Resolver.php" ["line"]=> int(212) ["function"]=> string(10) "sendPacket" ["class"]=> string(8) "Net_DNS2" ["type"]=> string(2) "->" ["args"]=> array(2) { [0]=> object(Net_DNS2_Packet_Request)#19 (9) { ["rdata"]=> NULL ["rdlength"]=> NULL ["offset"]=> int(33) ["header"]=> object(Net_DNS2_Header)#20 (15) { ["id"]=> int(21566) ["qr"]=> int(0) ["opcode"]=> int(0) ["aa"]=> int(0) ["tc"]=> int(0) ["rd"]=> int(1) ["ra"]=> int(0) ["z"]=> int(0) ["ad"]=> int(0) ["cd"]=> int(0) ["rcode"]=> int(0) ["qdcount"]=> int(1) ["ancount"]=> int(0) ["nscount"]=> int(0) ["arcount"]=> int(0) } ["question"]=> array(1) { [0]=> object(Net_DNS2_Question)#21 (3) { ["qname"]=> string(15) "_ldap._tcp.ourdomain" ["qtype"]=> string(3) "SRV" ["qclass"]=> string(2) "IN" } } ["answer"]=> array(0) { } ["authority"]=> array(0) { } ["additional"]=> array(0) { } ["_compressed":"Net_DNS2_Packet":private]=> array(3) { ["_ldap._tcp.ourdomain"]=> int(12) ["_tcp.ourdomain"]=> int(18) ["ourdomain"]=> int(23) } } [1]=> bool(false) } } [1]=> array(6) { ["file"]=> string(64) "/var/www/ostpreview/include/plugins/auth-ldap/authentication.php" ["line"]=> int(89) ["function"]=> string(5) "query" ["class"]=> string(17) "Net_DNS2_Resolver" ["type"]=> string(2) "->" ["args"]=> array(2) { [0]=> string(15) "_ldap._tcp.ourdomain" [1]=> string(3) "SRV" } } [2]=> array(6) { ["file"]=> string(64) "/var/www/ostpreview/include/plugins/auth-ldap/authentication.php" ["line"]=> int(117) ["function"]=> string(12) "autodiscover" ["class"]=> string(18) "LDAPAuthentication" ["type"]=> string(2) "->" ["args"]=> array(2) { [0]=> &string(4) "ourdomain" [1]=> &array(0) { } } } [3]=> array(6) { ["file"]=> string(64) "/var/www/ostpreview/include/plugins/auth-ldap/authentication.php" ["line"]=> int(150) ["function"]=> string(10) "getServers" ["class"]=> string(18) "LDAPAuthentication" ["type"]=> string(2) "->" ["args"]=> array(0) { } } [4]=> array(6) { ["file"]=> string(64) "/var/www/ostpreview/include/plugins/auth-ldap/authentication.php" ["line"]=> int(180) ["function"]=> string(13) "getConnection" ["class"]=> string(18) "LDAPAuthentication" ["type"]=> string(2) "->" ["args"]=> array(0) { } } [5]=> array(6) { ["file"]=> string(42) "/var/www/ostpreview/include/class.auth.php" ["line"]=> int(80) ["function"]=> string(12) "authenticate" ["class"]=> string(18) "LDAPAuthentication" ["type"]=> string(2) "->" ["args"]=> array(2) { [0]=> &string(7) "aduser" [1]=> &string(9) "adpassword" } } [6]=> array(6) { ["file"]=> string(33) "/var/www/ostpreview/scp/login.php" ["line"]=> int(30) ["function"]=> string(7) "process" ["class"]=> string(21) "AuthenticationBackend" ["type"]=> string(2) "::" ["args"]=> array(3) { [0]=> &string(7) "aduser" [1]=> &string(9) "adpassword" [2]=> &NULL } } } ["previous":"Exception":private]=> NULL }

[greezybacon]

So it looks like two completely different errors: @ntozier has an invalid address type hhia. No idea what that means, and @GeekSage has his AD dns server recurring to the world DNS root servers to look up records on "our domain".

@GeekSage idiotic question, but why are you recursing? @ntozier does your domain really end with a backslash?!

[greezybacon]

Better question: did you guys enter the fully qualified domain? Org.local or dept.company.com or similar?

[GeekSage]

@greezybacon No, didn't enter any special characters (no slash or backslash, etc). It's just a 4 letter domain used here on our internal network (ie. ABCD). I also tried to do the fully qualified name as ABCD.ourcompany.org as well and that didn't work. However, when I entered ABCD.ourcompany.org into the optional LDAP servers box that did work.

[ntozier]

I emailed Jared already but I suppose I should have also documented here. hhia is our AD server. I used the local fqdn. aka hhia.corp.DOMAINNAME.local, I also tried internal network IP address and NETBIOS/server name.

[GeekSage]

@ntozier Yea, I tried the same things and ended up with the same result as well

[greezybacon]

@GeekSage, wouldn't your domain be ourcompany.org if the ldap server is ABCD.ourcompany.org?

[GeekSage]

@greezybacon, In everything else we do when it asks for domain (regarding AD that is) we enter BCAD. I just tried entering just ourcompany.org though to see if that would work and unfortunately I ended up with the same result again.

[ntozier]

So for some reason I just found myself wondering why we don't echo the connection string to the screen to see what's coming up. :) It might be helpful for other people configuring in the future. (of course passwords if present should be sanitized). Just a thought.

[greezybacon]

@GeekSage I will add a validation error to the domain box to require a . to prevent this confusion. I cannot perform a DNS lookup on a domain that's not fully qualified. I am aware that Windows supports the short domain names. I'll have to do some more reading to see how I can turn that into a qualified domain name.

[greezybacon]

Hey, could you guys try changing line 43 of authentication.php to work with your short domains?

                'dn' => '{domain}\\{username}',

[GeekSage]

I typed up a comment a little bit ago but then realized I was on the wrong copy of OSTicket (I have a couple that I was playing with). Anyway, I tried your suggestion and it didn't have any effect unfortunately. I then became curious and tried removing that line completely but putting the FQDN in and I could log in. I then tried putting the line back in but changing it to:

'dn' => 'XXX',

Even just putting the XXX there and using the FQDN in there it still worked as if no matter what I change that line to it has no effect on the outcome at all.

[GeekSage]

Oh, and just to be sure my changes were actually in the right place I purposely cause a syntax error by removing the comma at the end of the line and that caused an error so now I'm a bit confused.