LDAP Error

[Elie Akl]

Hi,
i recently installed wikindx latest version on oracle linux and everything is installed and configured, once in the admin panel configuring LDAP authentication when i check the box that says enable ldap auth and enter the details server name, username and password etc and i click proceed i get with http 500 error. i tried to look into my logs in /var/log/error_log and the ssl error logs but i couldnt find anything related it just loads the primary page but whenever i try to login i stumble across the 500 error.

any help is appreciated thank you.

[Elie Akl]

update i have enabled debugging from the portal and this error came up

[Mark Grimshaw]

Hi Elie,

Sorry to hear you are having problems. We will do our best to solve the issue.

Have you installed and enabled LDAP in your PHP?
See: https://www.php.net/manual/en/ldap.requirements.php

The function that is thrown up in the error message is not a WIKINDX function but part of the PHP LDAP library. If ldap_connect() cannot be found then it is likely that LDAP is not installed as part of your PHP.

I'll pass this to Stéphane who is more familiar with LDAP than I am.

Regards,

Mark

[Stéphane Aulery]

Hello Elie,

You need to install and enable the PHP LDAP extension PHP LDAP Doc in php.ini.

Something like : yum -y install php-ldap
+ adding "extension=ldap.so" to php.ini

But take this with a grain of salt because it depends on how the distribution works and PHP have been packaged, and I have never used Oracle.

Regards,

[Elie Akl]

hey guys,
thank you for your quick reply i installed php-ldap and it works great, i installed sendmail as well but it seems not sending email too does it need any extension as well?
one more question i entered the LDAP base DN as my full Domain controller but it seems its looking for a bind user and will not accept any other login is this my side of config ? or did i miss something ?

[Stéphane Aulery]

The best response is in the code :

   41     private function ldapCheckPassword($usersUsername, $pwdInput)
   40     {
   39         if (!in_array("ldap", get_loaded_extensions())) {
   38             return FALSE;
   37         }
   36         if (($ds = ldap_connect(WIKINDX_LDAP_SERVER, WIKINDX_LDAP_PORT)) === FALSE) {
   35             $this->session->setVar("misc_ErrorMessage", $this->errors->text("inputError", "ldapConnect"));
   34 
   33             return FALSE;
   32         }
   31         ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, WIKINDX_LDAP_PROTOCOL_VERSION);
   30         if (($ldapbind = @ldap_bind($ds)) === FALSE) {
   29             $this->session->setVar("misc_ErrorMessage", $this->errors->text("inputError", "ldapBind"));
   28 
   27             return FALSE;
   26         }
   25         $sr = @ldap_search($ds, WIKINDX_LDAP_DN, '(uid=' . $usersUsername . ')');
   24         $info = @ldap_get_entries($ds, $sr);
   23         if ($info['count'] > 1) {
   22             $this->session->setVar("misc_ErrorMessage", $this->errors->text("inputError", "ldapTooManyUsers"));
   21 
   20             return FALSE;
   19         }
   18         if ($info['count'] == 1) {
   17             $ldaprdn = $info[0]['dn'];
   16         } else {
   15             $ldaprdn = "cn=" . $usersUsername . "," . WIKINDX_LDAP_DN;
   14         }
   13         // Connexion au serveur LDAP
   12         $ldappass = $pwdInput;
   11         $ldapbind = @ldap_bind($ds, $ldaprdn, $ldappass);
   10         if ($ldapbind) {
                           // AUTH OK
                           } else {
                               //AUTH KO
                           }

[Mark Grimshaw]

Thanks for getting back to us Elie with the solution – we'll add some more helpful messages to that part of the configuration for future users.

I'll leave Stéphane to answer the other questions but you can test the email configuration – if not email is being sent, can you post here the response from the SMTP server?

Regards,

Mark

[Elie Akl]

hey Mark,
i will run some tests and get back to you with logs i am not using an smtp i am using a relay.

[Stéphane Aulery]

If your host relays to an other server, use the sendmail option and customize the sendmail path according to your distribution.

[Elie Akl]

hey guys again,

i noticed that whenever i enable the ldap auth i can no longer login using the super user i created once i configured wikindx the first time, any suggestions ?

[Stéphane Aulery]

Hi Elie,

To date it's all or nothing. There is no ldap -> native auth fallback or special case for the super administrator account. A fallback takes interest away from ldap. But I think that the super administrator should always identify himself with the native method or have a fallback just for him. To discuss with Mark.

Regards,

[Elie Akl]

so basically if i want to use the LDAP function the super administrator should be authenticated with AD for now ?

[Stéphane Aulery]

In the last stable version yes.

[Elie Akl]

maybe a suggestion to create a seperate admin login that has its own table in DB for auth instead of being globaly integrated ?

[Elie Akl]

and if possible to add CN as a group instead of an OU in the DN feild but its just an idea.

[Stéphane Aulery]

This code was contributed by a user. I know that there are several ways to do it, but I am not sufficiently informed to produce a code which allows all these forms.

[Stéphane Aulery]

After a ldap auth, the user is registered in wikindx and the super-admin is always registered in the wikindx db. It's just a matter of choising and documenting the right or least surprising behavior.

[Stéphane Aulery]

The next release will include a native fallback auth for the Super Adin, only.