Loading...
 

LDAP / Active directory


LDAP connection issues when moving from TikiWiki 14.2 to 15

Host: Windows Server 2012R2
PHP version: 7.0.7

I'm having an oddball issue while trying to upgrade from 14.2 to the current Tiki release of 15. My 14.2 installation was perfectly happy interacting with LDAP, but the moment I moved to 15, changing nothing else about the server other than the Tiki folder within "inetpub," I can no longer successfully make LDAP queries. I've checked the PHP logs and am not seeing anything indicating any errors. I also see nothing in the Tiki logs related to an error. It's as though the transactions are just hanging after the initial LDAP search attempt.

When attempting to authenticate using LDAP I see only the following in the Tiki logs:

-UserLib::validate_user_ldap()
-Connect Host: ldap://host.blah.com:389. Binddn: user at blah.com at line 225
in C:\inetpub\wwwroot\tiki\lib\auth\ldap.php

Following those two messages I see absolutely nothing else in the Tiki logs. The only errors I have to work with are 1) an extremely unhelpful 500 error in any browser used in a login attempt and, 2) I did ONCE see a "Net_LDAP2 not found" error in a browser window, but I can't repeat that.

I've verified using LDP.exe that the service account used by Tiki can bind to the DC from the webserver and perform searches with no issue. I can also swap out the new install directory for Tiki 15 with the old folder for Tiki 14.2 (making no other changes to the server whatsoever, just renaming the directories) and that instance of Tiki can access LDAP without issue. I've even tried pulling the following directories from my 14.2 install and placed them in the directory for 15 to no avail:

-/lib/auth
-/lib/ldap

I can access the wiki using the Tiki local admin logon and interact with the site with no issues.

Any thoughts? This issue is going to keep me on Tiki 14.2 until I (we) can get the issue solved.

Thanks.


Why Register?

Register at tiki.org and you'll be able to use the account at any *.tiki.org site, thanks to the InterTiki feature. A valid email address is required to receive site notifications and occasional newsletters. You can opt out of these items at any time.