I have been able to make further progress by changing these two settings:
LDAP_BASE_DN = "DC=PDI,DC=com"
LDAP_AUTH_USER = "CN=ldapclient,CN=Users,DC=PDI,DC=com"
Now when I try to log in as any user that is in the active directory I get:
USER_AUTH_ORDER: => LDAP => Forbidden,
But if I use anything that doesn't exist in the active directory I get:
USER_AUTH_ORDER: => LDAP (nosuchuser) => Forbidden,
So at the very least I do know that it is connecting and properly
checking if the users exist. However I am still not able to log in with
a valid user name and password
William Leader wrote:
> I have been able to make some progress on the problem. I started by
> reverting the config.ini file and configuring it again. This time is was
> able to get a Call to undefined function: ldap_connect() in LDAP.php
> line 16. This is good because it never did that before so. It seems that
> I was missing something in my config.ini to start with. So to get past
> this problem, I had to uncomment extension=php_ldap.dll in my php.ini.
> So now it seems that it is really trying to use LDAP, but I am still not
> completely there. With the debug set to 65 in config.ini, I can now get
> something like this when logging in:
>
> DEBUG: ALLOW_ANON_EDIT = false, ALLOW_BOGO_LOGIN = false,
> ALLOW_USER_PASSWORDS = true, ENABLE_PAGEPERM = true, USER_AUTH_ORDER: =>
> LDAP (nosuchuser) => Forbidden, USER_AUTH_POLICY: first-only,
> PASSWORD_LENGTH_MINIMUM: 0
>
> Correct me if I am wrong, but that tells me that the LDAP code was
> unable to verify that the supplied user name doesn't exist. I am basing
> this assumption from the part that reads "USER_AUTH_ORDER: => LDAP
> (nosuchuser) => Forbidden" meaning LDAP reported that no such user
> exists, and since LDAP is the only allowed option on my wiki, failing
> that the only choice remaining was Forbidden user.
>
> Upon double checking the config.ini, I found that the configurator.php
> script commented out the LDAP settings. I uncommented and changed what I
> think is correct, based on the hints in the config.ini:
>
> *LDAP_AUTH_HOST = "ldap://12.161.32.40:389";
> ;**12.161.32.40** is the address of the Active Directory server as it is
> seen from the webserver.
> ;it does run on port 389, because I have been able to configure other
> programs to connect on that port.
>
> LDAP_BASE_DN = "ou=Users,o=WikiUsers,dc=pdi.com"
> ;I don't know enough about LDAP to know if this is right.
> ;the origional config had o=developement
> ;not being sure what that was I guessed that it is supposed to be the group.
> ;WikiUsers is the group on Active Directory that contains the users that
> should have access to the wiki.
> ;pdi.com is the name of the domain.
>
> LDAP_SET_OPTION = "LDAP_OPT_PROTOCOL_VERSION=3:LDAP_OPT_REFERRALS=0"
> ;I've heard somewhere active directory needs these, so I just
> uncommented this line.
>
> LDAP_AUTH_USER = "CN=ldapclient,ou=Users,o=WikiUsers,dc=pdi.com"
> ;I also know that active directory needs a user to log in as to query
> the directory
> ;ldapclient is a user in my domain created just for that purpose, the
> rest of the line
> ;was similar to Base_DN so this was also modified in the same way as base_DN
>
> LDAP_AUTH_PASSWORD = secret
> ;the password was changed to match what is in active directory.
>
> LDAP_SEARCH_FIELD = sAMAccountName
> ;i've also heard somewhere that active directory needs this line to
> search by the old style username (will instead of will@xxxxxxx)
>
> LDAP_OU_USERS = ou=Users
> LDAP_OU_GROUP = ou=Groups
> ;i don't know what these last two do. so I just uncommented them.
>
> *With all these changes I now get an error when loggin into the wiki:
>
> lib\WikiUser\LDAP.php:28: Warning[2]: ldap_bind() [<a
> href='function.ldap-bind'>function.ldap-bind</a>]: Unable to bind to
> server: Invalid credentials
> lib\WikiUser\LDAP.php:37: Warning[512]: Unable to bind LDAP server
> ldap://12.161.32.40:389 using
> CN=ldapclient,ou=Users,o=WikiUsers,dc=pdi.com secret
>
> And this is where I am stuck.
>
> -Will
>
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Phpwiki-talk mailing list
> Phpwiki-talk@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/phpwiki-talk
>
>
>
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
|
