Loading...
 

LDAP / Active directory


LDAP Sync Broken in 12.x

Hi all,

We attempted an upgrade to the latest tiki source and ran into the problem of the LDAP no longer syncing with the AD.

When a user attempts to log in on the upgraded version they receive an 'Invalid Username or Password" error and the system cannot seem to identify them as a user. Even the default admin profile cannot be identified — but when reverting back to the older version the log in process appears to work fine for both admin and normal users.

I have verified that none of the login files have been altered and that the database hasn't been changed in any way.

Has anyone else been having this problem when upgrading to 12.x?

If so, can anyone help with offering a solution to this problem?

United States

I'm having the same problem going from 9.6 to 12.2 in my development instance. Logging tells me that the LDAP connection is failing to start TLS: "Error: TLS could not be started: Connect error: Unknown Net_LDAP2 Error (-11) at line 236 in /var/www/devtiki/lib/auth/ldap.php". When I uncheck "Use TLS" in Admin > Log in > LDAP, the logins work as expected. I don't want to lose the security of TLS when authenticating to AD, so I'm not sure I can bring this version into production until this bug is fixed.

When I comment out the error checking routine in lib/auth/ldap.php, the logins work and I don't get errors in the log, but I'm not confident that TLS is actually working (haven't tested this yet). I noticed that the Pear library files are no longer included in 12.x as they were in 9.x and earlier versions of Tiki, and that the requirement for these libraries has been removed. When I put the Pear libraries from 9.x back in and replaced the lib/auth/ldap.php file in 12.x with the one from 9.x, logins broke completely, even though these files are virtually identical (with the main exception being the Pear library file requirement). Not sure how to troubleshoot the problem beyond this point.


I would like to test unchecking the "Use TLS" option on my site, but I am unable to even login to an admin account after the upgrade. How did you go about unchecking the security measures and get your login to work as expected?
United States
My Tiki is configured to "Use Tiki authentication for Admin login", as I use the local built-in Admin account. It sounds like you have painted yourself into a corner by disabling local accounts and requiring LDAP to log in, and if this is the case, you can comment out the error checking routine in lib/auth/ldap.php (lines 235-239) as I mentioned before and it will probably let you log in.
Unfortunately, my Tiki is configured to "Use Tiki authentication for Admin login" as well. This is why not being able to login with even the default admin account is so baffling. I will try commenting out the error checking routine and report back with my results. Thank you

So, I tried commenting out the error checking routine inside lib/auth/ldap.php, and yes it did allow me to log in after the upgrade. However, it allows me to log in with incorrect credentials now. For example, I use a correct user account name, but can enter any password I choose and it allows me to log in.

If I uncomment the error routine, and attempt to log in again, it simply reroutes me to a blank white screen. Have you encountered this before?

United States
Sorry, I have not expended the time to perform extensive troubleshooting on this issue. I am sorry to hear that the workaround I offered presented you with a list of different problems. I was not suggesting that it would fix anything, only that it would allow you to access your site. TLS and perhaps LDAP authentication itself is clearly broken in version 12. I would recommend you revert to your previous version of Tiki and wait to implement 12.x until after the development team has sorted out these bugs. That's all I'm prepared to do myself.

This was my suspicion. And it did let me access the site, but not properly unfortunately. Thanks for helping out however.

I believe the solution may lie within the PEAR.php, or Auth.php files, but perhaps it is a bug that the developers need to work out. I'll keep this thread updated if I figure anything out.

Marc,

I attempted using the Daily Build but ran into the same problem. After unpacking the zip file into my development site, I ran the composer and installer as usual and came to the login screen. When I enter my credentials, it tells me "Invalid Username or Password."

Afterward, I submitted a Bug Report describing my problem with this latest version of the Tiki. Hopefully this issue can be resolved for anyone having this issue!

Thanks


Why Register?

Register at tiki.org and you'll be able to use the account at any *.tiki.org site, thanks to the InterTiki feature. A valid email address is required to receive site notifications and occasional newsletters. You can opt out of these items at any time.