PHP AD LDAP Authenticator

Discussion in 'LoginShare' started by koltzc, Oct 20, 2010.

Thread Status:
Not open for further replies.
  1. Technocrat

    Technocrat Established Member

    Have you upgraded to the most recent version?

    Well I am not sure what to say. I dont have two domains to test against, so I can only try with what limited resources I have. I am willing to look at any system that someone wants to give me access to. But I understand that is a lot to ask.

    I don't know about the PM. You can start a conversation with me if you want. Then I will send you my email address.
  2. pallytank09

    pallytank09 Member

    trying to get this up and running. read through the instructions you have posted, which are pretty good. authentication isnt working for me and i have logging enabled but its not actually writing any logs. also I was trying to figure out if I need to actually configure adLDAP or are you passing it variables from the config.php file you have listed for editing.
  3. Technocrat

    Technocrat Established Member

    The config handles everything you don't need to do anything else to adLDAP. I assume you have logging set to true? Is the file even being made in the log folder? If not is the folder writable?
  4. pallytank09

    pallytank09 Member

    yes logging is set to true. no file is being written to the log folder. its completely empty. log folder has permissions of drwxr-xr-x
  5. pallytank09

    pallytank09 Member

    also I have noticed that adLDAP calls for an administrative user to be able to search AD. the config.php files has no where to specifiy this. i assume then that its binding anonymously to AD?
  6. Technocrat

    Technocrat Established Member

    Well if I had to take a guess 755 or drwxr-xr-x is not enough permissions on your server for PHP to write to that folder. Try 777.

    You can also do:
    http://forge.kayako.com/projects/ad-ldap-authenticator/wiki/Troubleshooting
    Enable testing. Then you should see some more information

    In this case you are not searching you are simply trying to authenticate. So you don't need a admin AD account for adLDAP. If say you wanted to see if the user existed without authenticating them then that would be an example where you would need that.
  7. pallytank09

    pallytank09 Member

    did a chmod 777 on the log folder, still nothing. I did try the ldap.html page and here is the error it spit out.

    Warning: include(/var/www/ldap/kayako_ldap.php): failed to open stream: Permission denied in /var/www/ldap.php on line 28 Warning: include(): Failed opening '/var/www/ldap/kayako_ldap.php' for inclusion (include_path='.:/usr/share/php:/usr/share/pear') in /var/www/ldap.php on line 28 Fatal error: Class 'Kayako_LDAP' not found in /var/www/ldap.php on line 90
  8. pallytank09

    pallytank09 Member

    ok so i just did a 777 on everything in the directory where kayako and all the ldap auth files are stored and its now writing log files and ldap.html is working like it should. seems to be a permissions issue somewhere. I will figure out where after I get a working test up and running
  9. pallytank09

    pallytank09 Member

    so my next question is, what is the correct login name that a user or staff should use? What exactly is it querying AD for? Email address, samAccountName?
  10. Technocrat

    Technocrat Established Member

    The correct login is simply their AD username (without the suffix) and password. It only queries their info when they authenticate.
  11. pallytank09

    pallytank09 Member

    Ok. So i have tried username and password. The page returns "invalid username or password" the log reads as follows:

    [06-21-12 - 13:45] ldap_account_suffix: '@si.lan'
    [06-21-12 - 13:45] ldap_base_dn: 'DC=si,DC=lan'
    [06-21-12 - 13:45] ldap_domain_controllers: array (
    0 => '10.1.132.5',
    )
    [06-21-12 - 13:45] KAYAKO_LDAP_TEST: true
    [06-21-12 - 13:45] Authenticated: true
    [06-21-12 - 13:45] Type: Empty
    [06-21-12 - 13:45] No special user restrictions, user logged in
    [06-21-12 - 13:45] Session End
  12. Technocrat

    Technocrat Established Member

    Is that all the log says? Because as you can see from the second to last line, it logs you in. Are you still in test mode?
  13. pallytank09

    pallytank09 Member

    i have tried both in test mode and with test mode set to false. yes, thats the only output in the log. There is nothing else. I do not get logged in either and thats the part that is really confusing. the log says successful, the website says its not.
  14. pallytank09

    pallytank09 Member

    the staff page returns "Invalid data provided:5"
  15. Technocrat

    Technocrat Established Member

    Test mode doesn't let you login, it just will show you information on the page. So if you are trying to login with Kayako you want to turn it off.

    If you are getting Invalid data provided:5 then that means something in PHP is causing an error which is causing your XML to screw up. You can test that by using the html file provided and switch it to staff
  16. pallytank09

    pallytank09 Member

    here is the output from the test: (*=placeholder for censored data)

    <loginshare>
    <result>1</result>
    <user>
    <usergroup>Registered</usergroup>
    <fullname>A***** P****</fullname>
    <designation>IT</designation>
    <emails>
    <email>a****@si.lan</email>
    </emails>
    <phone>3**-2**-4****</phone>
    </user>
    </loginshare>
  17. pallytank09

    pallytank09 Member

    The lack of native AD authentication in this product really amazes me. It really limits the use of it to anyone that is willing to take the time to populate an entire user base by hand. I appreciate all the help you are providing Technocrat and hopefully we can figure this stuff out.
    GuyO likes this.
  18. pallytank09

    pallytank09 Member

    Ok I got the customer side of the auth working. Figured our there was another place you have to tell the software to use LoginShare, Templates>Groups>Default

    So i can login to the customer side of the portal. The staff side still fails with the invalid data error
  19. Technocrat

    Technocrat Established Member

    Once you get this working it works well. Its just the initial setup. If you dont follow all the steps laid out in the wiki then you can run into issues.

    Was the XML you posted from the staff? Did you enable login share for the staff per the directions on the wiki?
    http://forge.kayako.com/projects/ad-ldap-authenticator/wiki/Setup
  20. Jesse Adams

    Jesse Adams Member

    I'm super close to getting this off the ground but can't get around this last bit. I think I'm missing something.
    The ldap.html works just great, outputs as I'd expect, and logs correctly!

    But modifying config.php into test mode (and supplying the same user/pass) I only get errors in the log
    Code:
    [06-21-12 - 23:13] UNKNOWN: [2] ldap_bind(): Unable to bind to server: Invalid credentials
    
    And consequently, Kayako is only giving me Invalid data provided: 1 And the dashboard's error log reads "empty data received for user loginshare plugin".

    Works for the test, but fails everywhere else. Sadface. Any help would be GREATLY appreciated!
Thread Status:
Not open for further replies.

Share This Page