LDAP / Active directory

Hi,

same here. Theres seems to be no activity of the LDAP...

Also broken. Has anyone figured out what is going on?

I'm not sure if this is the place I belong or not... I'm recently setting up Tiki and I have ldap configured and tested using another app/page but Tiki will not work, the page goes blank and gives no output... and the ldap connect test page continuously gives me Invalid Credential errors (remember I have this working on other devices/applications).. so I am at a loss.

A better walk through would be great.

Following up, my settings are:

LDAP:
Host: ldap://myhost.domain.local
Port: 389
Ldap bind: Active Directory
Search scope: Subtree
LDAP version: 3
Base DN: dn=domain,dn=local
User attribute: sAMAccountName
User OC: person
Realname attribute: displayName
Email attribute: userPrincipalName
Admin user: user at domain.local
Admin Password: ***

LDAP extern groups
Host: ldap://myhost.domain.local
Port: 389
LDAP Bind: Active Directory
Search scope: subtree
LDAP version: 3
Base DN: dc=domain,dn=local
User attribute: sAMAccountName
Corresponding user attribute 1st directory: sAMAccountName
User OC: person
Group name attribute: sAMAccountName
Group description attribute: description
Group OC: group
Member attribute: member
Group attribute: memberOf
Group attribute in group entry: cn
Ldap Admin: user at domain.local
Admin Password: ***

I am having the same problem, with 500 server errors whenever I try to login using LDAP.
For me, I think the problem is that the PEAR php classes have been moved into the vendor_extra folder and php is having difficulty finding the LDAP2 classes.

Can you try to proceed to this edit in your instance?
http://sourceforge.net/p/tikiwiki/code/48271

It's a fix made for 12.x, and I will backport to 11.x (and thus for 11.2) after someone confirms it helps.

Thanks!

marclaporte, Making that change stopped my IIS 500.0 error, however now I have a white screen when attempting to login using AD credentials.

I renabled the line in the code but corrected the path to my Auth.php file. I set it to pear/pear/Auth.php
I'm still getting a white screen when logging in using AD credentials.

I got it working at my site. I had to add a couple of directories to the include_path in my php.ini file.

Specifically I had to add:

C:\PHP\PEAR\PEAR
C:\inetpub\intranet\vendor_extra\pear

Once I did this, LDAP authentication against Active Directory started working correctly.

I upgraded to 12 just now, and I am having the same issue. LDAP works fine in 10, but not 11 or 12. I am just getting a white screen after login. I was hoping some of the comments above would help, but I see that those commands are for IIS / Windows and I am on Linux.

Ok, after re-reading your post bconklin, I think I figured it out.

I went to:

/etc/php5/apache2/php.ini

and added the line

include_path = "/var/www/vendor_extra/pear"

After adding that line and restarting, it appears that LDAP is now working! I have to do a little more testing, but I think that is the solution since the DIR was moved to that extra folder.

Thanks everyone for the help!

12.1 should fix it.

Can you try a daily build of latest 12.x to confirm?
https://dev.tiki.org/Daily+Build

Thanks!

Hi Folks,

I'm hoping someone might have some ideas because I'm a bit stumped.

I have installed a copy of tikiwiki 12 on a random desktop computer lying around my office for testing with Ubuntu server 12.04. Everything works smoothly except for AD auth. Which is why I found this thread. I update the files to the daily build like suggested and everything is fixed and working as expected. Do a bit more testing and the department agrees to go ahead with the project.

So I setup a new VM on our server and try to do this again using the same daily build (and newer builds) and I'm getting the white screen whenever I try to login with an AD account. The desktop is still using the default php.ini file and I've tried configuring this as suggested earler to no avail. Does anyone have any further ideas for what to do to get around this? I can post more info if needed.

Thanks

Dave

Edit- Whoops, turns out I managed to forget php-ldap on the server!

This week (03/14/14) I downloaded and installed 12.0LTS on Debian Testing using standard Apache2, MySql and ran into Active Directory issues.

I had php5-ldap installed. I even added the custom path to php.ini but php would error out as unable to find the path.

The ONLY way I got it to work was adding the below to tiki-setup.php:

''//use of set_include_path per php site examples.
if ( ! defined( "PATH_SEPARATOR" ) ) {
define("PATH_SEPARATOR", ":" );
//windows users need different separator
}
set_include_path(get_include_path().PATH_SEPARATOR.'/mnt/your_dir/another_dir/port80/tiki-12'.PATH_SEPARATOR.'/mnt/your_dir/another_dir/port80/tiki-12/vendor_extra/pear');
''
Incomplete settings for Active Directory are:
Base DN: CN=Users,DC=yourdomain,DC=com
User DN: BLANK
User attribute: sAMAccountName
User OC: organizationalPerson
Realname attribute: givenName (you can use other attributes)
Email attribute: userPrincipalName

Admin User: CN=Permitted_lookups_user,CN=Users,DC=yourdomain,DC=com
Password: YourPassword

If you aren't familiar with Microsoft's broken LDAP implementation, then it's a steep learning curve that's assisted with the free-ish "AD Explorer" application. It's the only one that represents the tree well.

Can anyone take also a look here https://tiki.org/tiki-view_forum_thread.php?comments_parentId=51777&topics_offset=1 ?

PS: mine worked without hacks in tiki-setup.php