I've got running SOPlanning with version 1.36 and for a few hours was
trying to change ldap connection from ldap to ldaps.
I was changing the config.inc file and /www/process/login.php file to
listen for port 636 and use ldap_connect with ldaps.
Additionally I've an outside active directory domain that needs to be used
during the login process.
After changing values, I see the login screen, I am putting in my usual
login credentials and I am receiving a login failed. Meanwhile logging I
have launched tcpdump to monitor if the server is responding on that port
636 and successfully it does.
This below is my function to log in with Active directory from file
~/www/process/login.php
function active_directory_login($username, $password){
global $ADServer, $ADDomain;
$ldap = ldap_connect($ADServer); << Here also I was trying values
to ($ADServer,636) to listen port 636
$ldaprdn = $ADDomain . "\" . $username;
#$ldaprdn = $username;
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
$bind = @ldap_bind($ldap, $ldaprdn, $password);
if ($bind) {
return true;
} else {
return false;
}
}
This code above works fine if I use unsecure ldap connection.
This code below are my variables set on vile config.inc
$ADLogin = true;
$ADServer = "ldap://[IP address]"; << There I was also trying to put
ldaps://[IP address] or ldaps://[IP address]:636"
$ADDomain = "[Domain]";
Did somebody successfully implement secure ldap connection for soplanning?
Hi Radek
Sorry but nobody reported a such case, or they probably fixed it by
themselves.
The LDAP connection is the "less" used for soplanning, so we didn't change
anything on it since the beginning.
We would like to help you, but we don't have a secure LDAP on our side and
can't make such tests.
moreover if you successfully connect on unsecure version, it seems it's
more a question of network/ssl than code.
Some small ideas :
are you sure your PHP setup allow ssl connection (module activated, etc) ?
isn't it a self signed certificate ? in this case i know PHP can cause
problems
don't you have any other logs in PHP/apache logs ?
Sorry but we can't do better in "blind" mode.
Best regards
I've got running SOPlanning with version 1.36 and for a few hours was
trying to change ldap connection from ldap to ldaps.
I was changing the config.inc file and /www/process/login.php file to
listen for port 636 and use ldap_connect with ldaps.
Additionally I've an outside active directory domain that needs to be used
during the login process.
After changing values, I see the login screen, I am putting in my usual
login credentials and I am receiving a login failed. Meanwhile logging I
have launched tcpdump to monitor if the server is responding on that port
636 and successfully it does.
This below is my function to log in with Active directory from file
~/www/process/login.php
function active_directory_login($username, $password){
global $ADServer, $ADDomain;
$ldap = ldap_connect($ADServer); << Here also I was trying values
to ($ADServer,636) to listen port 636
$ldaprdn = $ADDomain . "\" . $username;
This code above works fine if I use unsecure ldap connection.
This code below are my variables set on vile config.inc
$ADLogin = true;
$ADServer = "ldap://[IP address]"; << There I was also trying to put
ldaps://[IP address] or ldaps://[IP address]:636"
$ADDomain = "[Domain]";
Did somebody successfully implement secure ldap connection for soplanning?
Unfortunately logs doesn't show nothing useful. Website itself is working but I am unable to login (receiving login failed).
Tried with additional debugging taken from there https://gist.github.com/samueljon/f33fae69cb5eaab799faf84ed934f803 but still was only receiving an error that login failed.
Additionally I've replaced password and username with plain text of user and password that works on unsecure ldap connection and still "login failed"
I will try to something with SSL certificate but I believe that might be a small chance in success.
Last edit: Radoslaw Z 2022-08-18
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hello,
I've got running SOPlanning with version 1.36 and for a few hours was
trying to change ldap connection from ldap to ldaps.
I was changing the config.inc file and /www/process/login.php file to
listen for port 636 and use ldap_connect with ldaps.
Additionally I've an outside active directory domain that needs to be used
during the login process.
After changing values, I see the login screen, I am putting in my usual
login credentials and I am receiving a login failed. Meanwhile logging I
have launched tcpdump to monitor if the server is responding on that port
636 and successfully it does.
This below is my function to log in with Active directory from file
~/www/process/login.php
function active_directory_login($username, $password){
global $ADServer, $ADDomain;
$ldap = ldap_connect($ADServer); << Here also I was trying values
to ($ADServer,636) to listen port 636
$ldaprdn = $ADDomain . "\" . $username;
#$ldaprdn = $username;
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
$bind = @ldap_bind($ldap, $ldaprdn, $password);
if ($bind) {
return true;
} else {
return false;
}
}
This code above works fine if I use unsecure ldap connection.
This code below are my variables set on vile config.inc
$ADLogin = true;
$ADServer = "ldap://[IP address]"; << There I was also trying to put
ldaps://[IP address] or ldaps://[IP address]:636"
$ADDomain = "[Domain]";
Did somebody successfully implement secure ldap connection for soplanning?
Best Regards
Radoslaw
Hi Radek
Sorry but nobody reported a such case, or they probably fixed it by
themselves.
The LDAP connection is the "less" used for soplanning, so we didn't change
anything on it since the beginning.
We would like to help you, but we don't have a secure LDAP on our side and
can't make such tests.
moreover if you successfully connect on unsecure version, it seems it's
more a question of network/ssl than code.
Some small ideas :
are you sure your PHP setup allow ssl connection (module activated, etc) ?
isn't it a self signed certificate ? in this case i know PHP can cause
problems
don't you have any other logs in PHP/apache logs ?
Sorry but we can't do better in "blind" mode.
Best regards
Le mer. 17 août 2022 à 16:36, Radoslaw Z radekz@users.sourceforge.net a
écrit :
Unfortunately logs doesn't show nothing useful. Website itself is working but I am unable to login (receiving login failed).
Tried with additional debugging taken from there https://gist.github.com/samueljon/f33fae69cb5eaab799faf84ed934f803 but still was only receiving an error that login failed.
Additionally I've replaced password and username with plain text of user and password that works on unsecure ldap connection and still "login failed"
I will try to something with SSL certificate but I believe that might be a small chance in success.
Last edit: Radoslaw Z 2022-08-18