Loading...
 
LDAP / Active directory

LDAP / Active directory


LDAP & Active Directory

I am using CentOS 5, Apache 2.2.3, PHP 5.1.6, MySQL 5.0, TikiWiki 2.0 RC2 and I am trying to setup LDAP to a Windows Server 2003 LDAP server which is an Active Directory domain controller. I have tried several versions of TikiWiki with the same results of “Invalid password”. Any help would be appreciated. My PEAR::Auth settings are below:

Create User if not in Tiki? Checked
Create User if not in Auth? Not checked
Just use Tiki auth for admin? Checked
LDAP URL: blank
LDAP Host: IP of LDAP server
LDAP Port: 389
LDAP Scope: sub
LDAP Base DN: DC=home,DC=domain
LDAP User DN: CN=Users
LDAP User Attribute: sAMAccountName
LDAP User OC: *
LDAP Group Attribute: cn
LDAP Group OC: uniqueMember
LDAP Group OC: uniqueMember
LDAP Member Is DN: n
LDAP Admin User: user
LDAP Admin Pwd: password
LDAP Version: 3
LDAP Realname Attribute: displayName

United States

Try specifying the LDAP admin user as the dn of a user in active directory. (no need for the user to have admin privileges).

\\Greg


I apologize I should have mentioned we are using a username and password on the domain that we are using for other LDAP queries to the same server. I just put in user/password in those fields for security reasons.

United States

I did understand you were obscurring the credentials. Can you confirm that in your config you are using the
cn=user,ou=something, dc=company,dc=com
convention to specify the user account?

\\Greg


I entered the LDAP Admin User as DN=user,CN=Users,DC=home,DC=domain and still gives Invalid password when you login as a domain user.

United States

npoulos, not to harp on this, but I recently built a tiki server at work to make sure tiki worked with AD. It took me 4-5 tries to get the settings correct for the admin user and ou settings. the DN is complicated and I made typo after typo. I wound up using adsiedit to verify the DN of the admin user.

I would check your DN
"DN=user,CN=Users,DC=home,DC=domain"

the leftmost item may be CN=user, not DN. Multiple CN= are ok.

If logons are being logged on the AD server, you may see something in the security log.

\\Greg


Upcoming Events

1)  18 Apr 2024 14:00 GMT-0000
Tiki Roundtable Meeting
2)  16 May 2024 14:00 GMT-0000
Tiki Roundtable Meeting
3)  20 Jun 2024 14:00 GMT-0000
Tiki Roundtable Meeting
4)  18 Jul 2024 14:00 GMT-0000
Tiki Roundtable Meeting
5)  15 Aug 2024 14:00 GMT-0000
Tiki Roundtable Meeting
6)  19 Sep 2024 14:00 GMT-0000
Tiki Roundtable Meeting
7) 
Tiki birthday
8)  17 Oct 2024 14:00 GMT-0000
Tiki Roundtable Meeting
9)  21 Nov 2024 14:00 GMT-0000
Tiki Roundtable Meeting
10)  19 Dec 2024 14:00 GMT-0000
Tiki Roundtable Meeting