Loading...
 
LDAP / Active directory

LDAP / Active directory


Tiki LDAP auth -> Open LDAP password encoding - SSHA? SSH? MD5? SMD5? CRYPT?

United States

I am having trouble getting my Tiki sites to authenticate off of an OpenLDAP server. Originally I had them authenticating off of the OpenLDAP implementation that comes with the Zimbra email and collaboration server however I'm trying to get to an OpenLDAP solution for single sign on across web, jabber, Linux hosts, windows hosts, email, etc. Zimbra does some non-standard things with their LDAP which effects use with Samba so I'm switching to a standard OpenLDAP for centralized auth. The Tiki sites were working perfectly authenticating off of the Zimbra OpenLDAP but now pointing them to a standard OpenLDAP I keep getting the "Invalid username or password".

Setup

VMware Ubuntu 6-06 LTS Linux virtual machine
MySQL 5

VMware Ubuntu 6-06 LTS Linux virtual machine
Apache 2.x
Tiki 1.9.9
with change made to ..\lib\userslib.php
$options"version" = $tikilib->get_preference("auth_ldap_version", "3");

VMware Ubuntu 7-10 Linux virtual machine
OpenLDAP (slapd 2.3.35)

The parameters in Tiki match perfectly the parameters in OpenLDAP (as far as I can tell). The only thing I can think of is that the passwords in OpenLDAP are SSHA encoded. Does Tiki require them to be encoded in a particular way? SSHA? SHA? MD5? SMD5? CRYPT? It is unclear how the passwords were being encoded in the Zimbra OpenLDAP.

I've set up a non-administrative bind user in LDAP and tried that in the Tiki - according to the syslog entries for ldap, Tiki is binding as this user and authentication is transferred - but somehow it is breaking.

Thanks in advance for any advice offered.

Eric

United States

Eric, thanks for posting. Hope I can help.

Can you try running slapd in debug mode? I started it with the option -d 256 so bind attempts would be logged and got the following:

Copy to clipboard
conn=0 fd=14 ACCEPT from IP=192.168.10.104:60587 (IP=0.0.0.0:636) conn=0 fd=14 TLS established tls_ssf=256 ssf=256 conn=0 op=0 BIND dn="cn=Search,ou=People,dc=gmartin,dc=org" method=128 conn=0 op=0 BIND dn="cn=Search,ou=People,dc=gmartin,dc=org" mech=SIMPLE ssf=0 conn=0 op=0 RESULT tag=97 err=0 text= conn=0 op=1 SRCH base="ou=people,dc=gmartin,dc=org" scope=2 deref=0 filter="(&(cn=gmartin)(objectClass=inetOrgPerson))" conn=0 op=1 SRCH attr=displayName conn=0 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= conn=0 op=2 BIND anonymous mech=implicit ssf=0 //this is the beginning of the login bind conn=0 op=2 BIND dn="cn=gmartin,ou=People,dc=gmartin,dc=org" method=128 conn=0 op=2 BIND dn="cn=gmartin,ou=People,dc=gmartin,dc=org" mech=SIMPLE ssf=0 //This is the results. What error do you get? conn=0 op=2 RESULT tag=97 err=0 text= conn=0 op=3 UNBIND conn=0 fd=14 closed


Perhaps you'll get an error code we can run with.

\\Greg


Upcoming Events

1)  18 Apr 2024 14:00 GMT-0000
Tiki Roundtable Meeting
2)  16 May 2024 14:00 GMT-0000
Tiki Roundtable Meeting
3)  20 Jun 2024 14:00 GMT-0000
Tiki Roundtable Meeting
4)  18 Jul 2024 14:00 GMT-0000
Tiki Roundtable Meeting
5)  15 Aug 2024 14:00 GMT-0000
Tiki Roundtable Meeting
6)  19 Sep 2024 14:00 GMT-0000
Tiki Roundtable Meeting
7) 
Tiki birthday
8)  17 Oct 2024 14:00 GMT-0000
Tiki Roundtable Meeting
9)  21 Nov 2024 14:00 GMT-0000
Tiki Roundtable Meeting
10)  19 Dec 2024 14:00 GMT-0000
Tiki Roundtable Meeting