Loading...
 
LDAP / Active directory

LDAP / Active directory

Forum List Topic List

Forums » LDAP / Active directory » LDAP Auth working for some, not for others...
 
Thread actions
PDF Print this page
  • Print all pages

    • LDAP Auth working for some, not for others...

    Posted by nickallen

    Hi,

    PHPInfo reports "Using Apache/2.0.54 (Win32) PHP/5.0.4 DAV/2".
    I'm running on a Windows 2000 Pro workstation.

    I was running TikiWiki 1.9.10.1 and using LDAP auth against Novell's eDirectory.
    It's always worked fine (including previous versions of TikiWiki).

    Recently though, a new guy in our department couldn't log in and for the life of me I couldn't get it working.
    The odd thing is that the LDAP server reports a login successful but it doesn't login.

    For this new guy who doesn't yet exist in TikiWiki it just says:
    "Invalid username or password"

    (There's no firewall in the way by the way)

    I tried:
    - resetting his password (didn't work)
    - logging into other services that use the same LDAP to authenticate (they work just fine indicating that this is purely a tikiwiki problem)
    - comparing his user object ldap attribute by ldap attribute to a known working user (all the same values are set)
    - recreating his user account (didn't work)
    - upgrading to TikiWiki 1.9.11 (didn't work and now it's worse - I can't login either!)

    As above, I now can't login either, but I don't get a "Invalid username or password" error - I just get kicked back to the same page I tried to login to - with no error message or anything.

    I can still login as the admin user (ie. non-LDAP) and the other guys in my team can also still login using LDAP.

    I'm finding it really difficult to troubleshoot.

    My LDAP Server keeps reporting a login success which means the authentication request was successful.

    With TikiWiki, I tried switching debug on as follows...
    $this->options'debug' = true;
    ...in lib\pear\auth\container\ldap.php

    but it doesn't seem to do anything. I stopped and restarted Apache even though I don't think that should be necessary. I also cleared out the tiki caches but I never seem to get any debug information.

    If anyone can point me in the direction of what I need to do to pinpoint the error that'd be great. My PHP skills aren't terrible but they're not great either - given time I can probably work out what's going wrong, but at the moment I can't even narrow it down, so any help gratefully received.

    Thanks in advance.

    Nick.

    Reads: 2500
    Link
    Posted by Greg Martin United States

    @Nick

    I have a couple thoughts
    - Does the new user have a tiki account already? Don't know how you have it configured, but it may need to be created ahead of time

    - If you specify an LDAP Base DN or a User DN? Is the new user within this structure?

    \\Greg

    Link

    Posted by nickallen

    Thanks Greg for the reply.

    Having hours on this on and off over the last few weeks, I've now sorted it in 2 stages and think I've indentified a bug in TikiWiki.
    STAGE 1) Last night I upgraded to PHP 5.2.6 and that seemed to solve the issue of ME not being able to login. Not sure why that worked but it does!

    STAGE 2) However I still had the issue with a new user not being able to login.
    The new user doesn't have an account already. I've used mysql from the command line to query the tables too just in case he actually was in there, but he's not.
    To answer your question, his user account existed below the base DN I'd specified.

    My LDAP settings are:
    Image

    I knew the credentials were correct but kept getting the error "Invalid username or password".

    See my settings above and note that the "Create user if not in tiki" option is ticked.
    Previously this has always worked fine but your comment make me think about that a bit more.

    So, I manually created the account in Tiki - the password couldn't be blank but that password was irrelevant anyway since it would use LDAP to authenticate anyway.
    HOWEVER, all our usernames are "Firstname Lastname" and tikiwiki wouldn't let me create a username with a space in it.

    So I created the account using FirstNameLastnName instead and then using MySQL command line, altered it as follows:
    mysql> update users_users set login="John Smith" where login="JohnSmith";
    Query OK, 1 row affected (0.00 sec)
    Rows matched: 1 Changed: 1 Warnings: 0

    Refreshing the user listing in Tiki showed that that change worked ok.

    And the best part - he can now login just fine.

    So, I think it's a bug in TikiWiki that one of the previous upgrades I did (I suspect the previous upgrade to 1.9.10.1) broke the ability to "Create user if not in tiki" for usernames that contain spaces.

    I'm not sure if this isn't actually a bug though and I'm also not sure if this is a PEAR thing or a TikiWiki thing.
    Any advice on reporting that bug?

    Nick.

    Link

    Posted by mparlikar

    Nick - were you able to find a solution to this? I am struggling with the same problem. Active Directory shows that I have logged in, but I am getting an "Invalid Password" error. The user is new - and I have selected "Create users not in tiki".

    I received the same errors even if I created the user and repeated the same attempts to login. Furthermore - after many many attempts I received the "too many invalid logins" message from TikiWiki.

    My PhP version is 5.1.6 on Apache 2.2.3(Centos)

    Any help would be greatly appreciated.

    Link