Loading...
 
LDAP / Active directory

LDAP / Active directory


Problem with LDAP Pear::Auth Settings With Microsoft Active Directory Services (ADS) And TikiWiki 1.9.7 - URGENT

Hi,

I am trying to integrate my TikiWiki application (windows, easyPHP) with the ADS with following LDAP settings:
Auth Type: LDAP
IMAP/POP3/LDAP Host: Valid ADS name
IMAP/POP3/LDAP Port: 389
IMAP/POP3 BaseDSN: -
Create user if not in Tiki? Checked
Create user if not in Auth? Not Checked
Just use Tiki auth for admin? Checked
LDAP URL: -
LDAP Scope: sub
LDAP Base DN: dc=my-domain,dc=com
LDAP User DN: -
LDAP User Attribute: sAMAccountName
LDAP User OC: *
LDAP Group DN: -
LDAP Group Attribute: cn
LDAP Group OC: groupOfUniqueNames
LDAP Member Attribute: uniqueMember
LDAP Member Is DN: n
LDAP Admin User: cn=LDAPReader, dc=my-domain, dc=com
LDAP Admin Pwd: valid password

I have made necessary changes to "userslib.php".

I am not able to login with any valid LDAP user. But the login works only if OU is mentioned in Base DB or User DN. As this application should be accessed by users belonging to multiple OUs, I can't stick to single OU. I used ldp.exe to connect to LDAP server and I was able to search the users just by using "dc=my-domain,dc=com". I am not sure why it is not working in TikiWiki. Are there any additional settings required?

I tried to debug in LDAP.php by setting debug=true in options in userslib.php. But I am not getting any debug statements in EasyPHP.log. I tried givin echo and print in various places but I am not seeing any output in any logs. As I am new to PHP, please let me know how to debug PHP.

Canada
I doubt many people run servers on Windows.
United States

> I doubt many people run servers on Windows.

That's not the issue. AD does provide directory services on a huge number of corporate networks. Using AD as a LDAP server for Tiki makes a lot of sense in that environment.

Well, I do. Running Windows Server 2003 R2 x64 Standard edition, with the new FastCGI DLL installed and MySQL. It took a lot of tries to get it to work, but its does — and nicely. Windows Server 2008 will have the FastCGI support built in. IIS 7 will be a technically viable platform for running PHP apps out of the box. I'm not intending to start a debate regarding Windows vs. Linux, or IIS vs. Apache. I'm just saying that finally IIS runs PHP nicely, at least from my experience. So if you're already running a Windows server, for whatever reason, adding Tikiwiki to that environment is just as viable.

Furthermore, having checked out Tikiwiki 1.10, I was able to get ADS authentication to work without any modifications to Tikiwiki code. This is great.

Now the question is whether I can get ADS groups mapped to TW groups, so that I don't have to assign users to groups in both places. I'll ask that in a separate thread.


I fixed this issue, the problem was in LDAP.php. The function _setDefaults() needs to be changed. I made following changes:
$this->options 'version' = 3;
$this->options 'referrals' = false;
which was previously:
$this->options 'version' = 2;
$this->options 'referrals' = true;

This will ensure the search will happen from the root.


I have tried the same above, using 1.10 with your change listed above, but still have invalid login, any help guys?

United States

Two things:
-- Can you post your config
-- Do you see any entries in the security log on the domain controller? Would be good to know what AD is seeing.

\\Greg


Upcoming Events

1)  18 Apr 2024 14:00 GMT-0000
Tiki Roundtable Meeting
2)  16 May 2024 14:00 GMT-0000
Tiki Roundtable Meeting
3)  20 Jun 2024 14:00 GMT-0000
Tiki Roundtable Meeting
4)  18 Jul 2024 14:00 GMT-0000
Tiki Roundtable Meeting
5)  15 Aug 2024 14:00 GMT-0000
Tiki Roundtable Meeting
6)  19 Sep 2024 14:00 GMT-0000
Tiki Roundtable Meeting
7) 
Tiki birthday
8)  17 Oct 2024 14:00 GMT-0000
Tiki Roundtable Meeting
9)  21 Nov 2024 14:00 GMT-0000
Tiki Roundtable Meeting
10)  19 Dec 2024 14:00 GMT-0000
Tiki Roundtable Meeting