Loading...
 
LDAP / Active directory

LDAP / Active directory


AD in 18.1 (comming from 3.8) Error 500 after login.

Spain

Hi all,

I had to upgrade a 3.8 tiki installation . I decided to jump to 18.1 as it's the latest LTS available. My box runs RH 7.4 + remi repo enabled (to install php 5.6).

I followed the upgrade process (the doc does not mention version 15 or 18) and, after adding the admin group, I managed to login as admin. So far so good.

The problem arrived when I tried to log as regular user. Using the AD/LDAP configuration "imported" from version 3.8 the auth did not work. The page returned error 500.

As in 3.8 it was using annoymous bind I decided to set the auth to use AD authentication. Nothing worked. The last logs message was always:

Connect Host: ldap://LDAP_SERVER:PORT. Binddn: sAMAccountName=USER,DC=DOMAIN,DC=com at line 230 in /var/www/html/tiki-18.1/lib/auth/ldap.php


(LDAP_SERVER:PORT and USER were valida values).

So I went into the php code I found some things that were breaking the AD auth:

  1. I had to remove system php56-pear package (duplicated declaratio of PEAR functions)
  2. Had to link the pear from tiki-wiki to system's pear path (to make tiki-wiki pear available to the php)
  3. Had to add in lib/auth/ldap.php
require_once 'vendor_extra/pear/Net/LDAP2.php';
  1. Had to hardcore the bind_type to "ad" in lib/auth/ldap.php:186:
#switch ($this->options['bind_type']) {
switch (ad) {

Whatever you set in the "LDAP Bind Type" in the admin/login configureation is ignored. The bind_type is always set to "full".

With all the above modification the AD auth started to work.

Anyone in 18.1 having the same issue? what did you do in order to make AD work?

Best,
Arnau

Why Register?

Register at tiki.org and you'll be able to use the account at any *.tiki.org site, thanks to the InterTiki feature. A valid email address is required to receive site notifications and occasional newsletters. You can opt out of these items at any time.