PHP AD LDAP Authenticator

Discussion in 'LoginShare' started by koltzc, Oct 20, 2010.

Thread Status:
Not open for further replies.
  1. Technocrat

    Technocrat Established Member

    So just to be clear, you are disabling test mode and you have enabled LoginShare with the AD as per:
    http://forge.kayako.com/projects/ad-ldap-authenticator/wiki/Setup
    Any you cannot login? When you enter a username/password into Kayako you are using your AD username and password just like test?

    The error you are getting is pretty straightforward the credentials are not working. So there is something messing it up. You can also check and make sure the username and password being passed to AD is valid from Kayako by uncommenting it. I just added it to the wiki under logging:
    http://forge.kayako.com/projects/ad-ldap-authenticator/wiki/Troubleshooting
     
  2. Jesse Adams

    Jesse Adams Member

    Aye, test mode is off in config.php - and login share is enabled via the wiki instructions. Also (not sure if this is superfluous) Admin CP - Templates - Groups - Default - enabled Loginshare here.
    Thank you for those additions to the troubleshooting. I'll give it a whirl!

    UPDATE - I can now see the username/pass that AD is getting correctly in log, if I use the test ldap.html. Kayako doesn't log anything tho'. I must be pathing in the loginshare incorrectly.

    ldap.php is in the root of my kayako site (http://helpdesk), with the ldap folder therein as well. ldap.html in the root as well, and it works. I'll keep at it!
     
  3. Jesse Adams

    Jesse Adams Member

    UPDATE! Fixed!
    I updated the Loginshare URL to the IP address of the host, not using the virtual host at all. SO best I understand it, my server is internal 172.16.16.153, I created a virtual host for "http://helpdesk" to /var/www/help. Once I changed the loginshare URL to http://172.16.16.153/help/ldap.php it works just fine!
     
  4. Technocrat

    Technocrat Established Member

  5. pallytank09

    pallytank09 Member

    OK I think I am almost there. The staff login page now returns a different error, which is "Invalid data provided:Invalid Group" Any idea what this is referring to? What group needs to be returned by AD?
     
  6. pallytank09

    pallytank09 Member

    If I manually create a staff account and then try to login with that accounts AD credentials it works, regardless of what password was manually set within Kayako. Is this normal? Did I miss the part where you have to manually create staff members before AD auth will work?
     
  7. Help! I am new and running a Trial version to test for our help desk. My error is Invalid Data Provided - No Emails - I have viewed this forum, but didn't see a solution for that one... can someone assist?
     
  8. Jamie Edwards

    Jamie Edwards Chief Limey Staff Member

    Would it help if we start a new thread in lieu of the changes contributed by Technocrat?
     
  9. This is my error log...

    LoginShare
    22 June 2012 07:22 PM (
    16m 44s
    )​

    Invalid XML Received for User LoginShare Plugin (No Emails)<BR /><BR />&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt;
    &lt;loginshare&gt;
    &lt;result&gt;1&lt;/result&gt;
    &lt;user&gt;
    &lt;usergroup&gt;Registered&lt;/usergroup&gt;
    &lt;fullname&gt;directory2&lt;/fullname&gt;
    &lt;designation&gt;&lt;/designation&gt;
    &lt;emails&gt;
    &lt;email&gt;&lt;/email&gt;
    &lt;/emails&gt;
    &lt;phone&gt;&lt;/phone&gt;
    &lt;/user&gt;
    &lt;/loginshare&gt;
     
  10. Technocrat

    Technocrat Established Member

    Ok so the issue here is in order for staff to work they MUST be in a AD group that you have to then set in the config. The reason for that is if not then anyone in AD could login to the staff area. The other part of it is you need to have at least 1 working Kayako staff teams to assign them to.
    So what I did in my environment was to create an AD group called Kayako Staff. Assign users to it. Then in Kayako I just had the standard Staff team. Then set it in the config.
    I am not sure off hand why manually creating them is working. Perhaps because they are getting put into groups.

    I believe your issue is email address are not in your AD, which is a requirement with Kayako (guess I should add that to the wiki).
     
  11. Technocrat

    Technocrat Established Member

    Probably a good idea
     
  12. Our email addresses are in AD. I am looking at the mail attribute...
     
  13. Technocrat

    Technocrat Established Member

    Does the account you are trying to login with? Because as you can see from the XML its missing.
     
  14. It does. It is my own regular user account...
     
  15. Technocrat

    Technocrat Established Member

    What version of AD do you have?
     
  16. Jamie Edwards

    Jamie Edwards Chief Limey Staff Member

    I have locked this thread - feel free to create another and I'll post the link to it here and update the OP :)
     
  17. Jamie Edwards

    Jamie Edwards Chief Limey Staff Member

Thread Status:
Not open for further replies.

Share This Page