Loading...
 

LDAP / Active directory


LDAP "Bind Success" but Login fails

Germany

Hello there,

i’m sseking for help with my problem. I had a Tiki CMS 15.4 installation whitch worked fine after a few tries. Now I’m setting up a new installation but sadly I didn’t document all my settings.
After a fresh installation on my Windows Server 2012 R2 with IIS 8 and MySQL Iinstalled a fresh copy of Tiki CMS. Right after the initial setup I switch to the LDAP configuration an try my luck with these settings:

Authentication Method: TIKI & LDAP

SettingValuealternative
If user does not exist in TikiDeny Access
Create user if not in LDAPno
Use Tiki authentication for Admin login yes
HostMyADHost.domain.local
Port389
Debugyes
LDAP Bind TypeAD user@domain
SearchScopeSubtree
LDAP Version 3
Base DNdc=domain,dc=local
User DN-empty-
User attributesAMAccountNamesAMAccountName or default
User OCPersonsAMAccountName or default
Realname attributeName
|


The rest I left empty. This is what the log shows:

IDMessage
1UserLib::validate_user_ldap()
2Connect Host: ldap://MyADHost.domain.local:389. Binddn: user at domain.local at line 225 in C:\Wiki\lib\auth\ldap.php
3Searching for user information with filter: (sAMAccountName=user) at line 278 in C:\Wiki\lib\auth\ldap.php
4Connect Host: ldap://MyADHost.domain.local:389. Binddn: CN=user,OU=IT,OU=MyGroup,DC=domain,DC=local at line 225 in C:\FestWiki\lib\auth\ldap.php
5Bind successful.


Successful? Yes, the LDAP lookup seems to work fine. Still, the logged on “user” gets the error:

Error
Invalid username or password

I haven’t touched the “LDAP external groups” since I remember defaulting every value prior to my first success.
I’d appreciate every help since Tiki CMS is the perfect solution for my needs.
Kind regards.
Jan

Germany

Okay, I got it working.
My mistake was leaving out the User/Pass for a AD-Account and not selecting “If user does not exist in Tiki = Create User”

Now it works. Hope this helps anyone.


Why Register?

Register at tiki.org and you'll be able to use the account at any *.tiki.org site, thanks to the InterTiki feature. A valid email address is required to receive site notifications and occasional newsletters. You can opt out of these items at any time.