I am currently trying to authenticate tiki users against my Samba 4 active directory.
I am using Univention Corporate Server Core 4.3 as AD domain controller. (But I guess this issues solution applies to users of Netserver, Zentyal, etc. as well) I was already successful at joining Windows 10, Debian 9.6, Proxmox 5.2 and a Samba file share to my AD domain. Almost none of those of these worked right out of the box, so I wasn't too frustrated that this did not either. I followed the guide at https://doc.tiki.org/LDAP-authentication" class="wiki wikinew text-danger tips">https://doc.tiki.org/LDAP-authentication and I recieved an error, but one, which I was not too unhappy about. The authentication method was not strong enough. I read that Samba 4 does not accept insecure connections per default any longer, which I consider a good thing. I further derived from that (please tell me if that is a misconception), that the tiki-server did actually communicate with the domain controller (and I can also ping ad-controller.intranet.mydomain.tld, so DNS is fine).
In order to meet the security requirements of Samba 4 I assumed (please tell me if that's possibly wrong) that SSL encryption is required and changed following settings to:
- Port 636
- Use SSL enabled
The next login test resulted in following syslog message:
Error: Bind failed: Cant connect LDAP server: Unknown Net_LDAP2 Error (-1) at line 239 in /.../ldap.php
I'm not sure if I should expect this problem being caused by the auto-created SSL certificate of the Univention-server. None of my previous experiments with joining the Samba 4 ad resulted in trouble with the SSL certificate. On the other hand I never had PHP involved in the process before.
Can anybody share his knowledge (or some links) on how the communication between tiki and a Samba 4 AD-DC works with me?
Aah, and please let me know what additional data (configs) you need in order to get a proper picture of the situation.
Tanks a lot in advance!