Loading...
 
LDAP / Active directory

LDAP / Active directory


LDAP Authentication

I have configured tikiwiki to auhthenticate company users with the Windows Active directory 2003. I followed all the steps described in the urls.

http://tikiwiki.org/tiki-index.php?page=LdapAuthenticationAdmin&highlight=LDAP
http://tikiwiki.org/tiki-view_faq.php?faqId=10

It always returns the user is invalid/password. As I am new to php it is difficult to find out
what is wrong with my configuration. It is clear to me that the method call _connect() in ldap.php
returning true. It means it got the first lookup succeeded. Can any one suggest where the problem
lies. Is any one using autentication with Active directory 2003.

regards
segar

I did succeed in setting up ldap auth once with openldap.
But my hard drive crashed and now I cannot make it work any more. My symtom is a blank page after login.

I'd recommand that you use an ldap browser and browse your active directory to see the structure.

I think you need a bind dn, when I did try the ldap server debug messages, I saw that pear first search for a user, then it launch a bind process.

United States

> I did succeed in setting up ldap auth once with openldap.
> But my hard drive crashed and now I cannot make it work any more. My symtom is a blank page after login.
>
> I'd recommand that you use an ldap browser and browse your active directory to see the structure.
>
> I think you need a bind dn, when I did try the ldap server debug messages, I saw that pear first search for a user, then it launch a bind process.


Hi,
I'm trying to setup TIKI on Windows with ADS and have no luck

XAMPP 1.6.4 = Apache/2.2.6 (Win32) DAV/2 mod_ssl/2.2.6 OpenSSL/0.9.8e mod_autoindex_color PHP/5.2.4
TIKIWIKI 1.9.8.3

I read all entries( let say the most), but it didn't help.
- I setup as per doc
- I added :
$options%22adminuser%22 = $tikilib->get_preference("auth_ldap_adminuser", "");
$options%22adminpass%22 = $tikilib->get_preference("auth_ldap_adminpass", "");


Also for a comments from willdyke, could not find proper spot, lines 188-191 in 1.9.8.3 are comments and was not sure what lines to change.

Is there somebody that did it or at least can suggest steps to troubleshoot it?


> Also for a comments from willdyke, could not find proper spot, lines 188-191 in 1.9.8.3 are comments and was not sure what lines to change.

Yeah, well his post was from 2/05. The code has changed since then. I hope someone can help us. This is a real blocker for me when everything else about TikiWiki looks fantastic.

-Jeremy


United Kingdom

I have been working on this exact problem today.

If you know how to patch your wiki installation, there is a patch attached.

cd $tiki_base
patch -p5 < wiki.patch

The problem is in $tiki_base/lib/pear/Auth/Container/LDAP.php, where the ldap_bind occurs. I believe that an anonymous ldap_bind will not work for all Active Directories - it certainly doesn't work for mine.

In lib/userslib.php, I added the following two lines:

Image
$options["adminuser"] = $tikilib->get_preference("auth_ldap_adminuser", "");
        $options["adminpass"] = $tikilib->get_preference("auth_ldap_adminpass", "");
after line 370


In lib/pear/Auth/Container/LDAP.php, I changed the lines 188-191 to be:

Image
// bind anonymously for searching
        if ($this->options['adminuser']) {
            $bindresult = @ldap_bind($this->conn_id, $this->options['adminuser'], $this->options['adminpass']);
        } else {
            $bindresult = @ldap_bind($this->conn_id);
        }
                                                                                                                                                                                                                 
        if ($bindresult == false) {
            return PEAR::raiseError("Auth_Container_LDAP: Could not connect and bind to LDAP server.", 41, PEAR_ERROR_DIE);
        }

Give it a go, and let me know of any problems.


United Kingdom

I couldn't get the patch file to attach to my message.

I have created a new thread called LDAP Active Directory patch.


Good news. I checked 1.10 out from CVS, and there seem to have been substantial modifications to the authentication code. By using the 1.10 code and following the instructions at the tiki docs EXACTLY, it works. I was never able to get it to work in 1.9.8.3. I found Microsoft's Netmon 3.1 to be an invaluable tool to find out the LDAP server's responses to troubleshoot my own mistakes. But like I said, follow the instructions for LDAP in the auth docs, and it should work without any modifications to the 1.10 code.

-Jeremy