LDAP authentication - Error
Moderators: Developer, Contributor
-
- Posts: 44
- Joined: 31 May 2017, 12:45
LDAP authentication - Error
Hi,
We are trying LDAP authentication. In this proces we are getting error as attached. Could you please suggest. Thanks
We are trying LDAP authentication. In this proces we are getting error as attached. Could you please suggest. Thanks
- Attachments
-
- ref-15062020.jpg (133.93 KiB) Viewed 12159 times
Re: LDAP authentication - Error
What version of MantisBT?
What version of adLogin plugin?
What version of PHP?
What operating system and version?
What version of adLogin plugin?
What version of PHP?
What operating system and version?
-
- Posts: 44
- Joined: 31 May 2017, 12:45
Re: LDAP authentication - Error
Hi,
Please find below details
Mantis version: 2.15.0
adLogin plugin: I am not using the plugin. I am trying as in this https://www.mantisbt.org/docs/master/en ... .auth.ldap
PHP version: 5.5.15
OS:Windows
Please find below details
Mantis version: 2.15.0
adLogin plugin: I am not using the plugin. I am trying as in this https://www.mantisbt.org/docs/master/en ... .auth.ldap
PHP version: 5.5.15
OS:Windows
-
- Posts: 44
- Joined: 31 May 2017, 12:45
Re: LDAP authentication - Error
Hi,
I created a separate page for this.
I am using the code as below. Using this code LDAP bind is working. But LDAP search is not working. I am getting error as - Warning: ldap_search(): Search: No such object. Could you please suggest.
$server = "ldap://xxx.xxx.x.xxx/"; //this is the LDAP server you're connecting with
$ds = ldap_connect($server, 389); //always connect securely via LDAPS when possible
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
$ldap_bind_dn = 'corpxxxxxx\xxxxxxxxxadmin';
$pass = "xxxxxx";
$ldapbind = ldap_bind($ds, $ldap_bind_dn, $pass); //this is the point we are authenticating
$dn = "uid=xxxxxadmin,ou=Users,dc=corp,dc=xxxxxx,dc=com";
$filter = "uid=*"; //don't filter anyone out (every user has a uid)
$sr = ldap_search($ds, $dn, $filter) or die ("bummer"); //define your search scope
I created a separate page for this.
I am using the code as below. Using this code LDAP bind is working. But LDAP search is not working. I am getting error as - Warning: ldap_search(): Search: No such object. Could you please suggest.
$server = "ldap://xxx.xxx.x.xxx/"; //this is the LDAP server you're connecting with
$ds = ldap_connect($server, 389); //always connect securely via LDAPS when possible
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
$ldap_bind_dn = 'corpxxxxxx\xxxxxxxxxadmin';
$pass = "xxxxxx";
$ldapbind = ldap_bind($ds, $ldap_bind_dn, $pass); //this is the point we are authenticating
$dn = "uid=xxxxxadmin,ou=Users,dc=corp,dc=xxxxxx,dc=com";
$filter = "uid=*"; //don't filter anyone out (every user has a uid)
$sr = ldap_search($ds, $dn, $filter) or die ("bummer"); //define your search scope
-
- Posts: 44
- Joined: 31 May 2017, 12:45
Re: LDAP authentication - Error
Hi,
I checked further on this as below. But still I am not able to login. I am getting error as 'Your account may be disabled or blocked or the username/password you entered is incorrect.'
Could you please help.
I created a test PHP page to test LDAP access and this is working fine
$server = "ldap://123.123.0.200/"; //this is the LDAP server you're connecting with
$ds = ldap_connect($server, 389); //always connect securely via LDAPS when possible
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
$ldap_bind_dn = 'corpcompany\testadmin';
$pass = "test123";
$ldapbind = ldap_bind($ds, $ldap_bind_dn, $pass); //this is the point we are authenticating
$dn = "OU=COMPANYCORP,DC=corp,DC=companytec,DC=com";
$t_ldap_uid_field = 'sAMAccountName';
$c_username="name.g";
$filter = $t_ldap_uid_field . '=' . $c_username;
$sr = ldap_search($ds, $dn, $filter); //define your search scope
$results = ldap_get_entries($ds, $sr); //here we are pulling the actual entries from the search we just defined
var_dump($results); //will give you all results is array form.
Same setting I used in Mantis and tested. I am able to get value for t_ldap_data in the function ldap_get_field_from_username as highlighted below. But my mantis login page shows error as - Your account may be disabled or blocked or the username/password you entered is incorrect.
function ldap_get_field_from_username( $p_username, $p_field ) {
log_event( LOG_LDAP, "Retrieving field '$p_field' for '$p_username'" );
$t_ldap_data = ldap_cache_user_data( $p_username );
var_dump($t_ldap_data);exit;
......
My PHP error log says as below
[26-Jun-2020 13:50:01 Europe/Berlin] 2020-06-26 13:50 CEST LDAP ldap_api.php:124 ldap_connect_bind() Bind to ldap server successful
[26-Jun-2020 13:50:01 Europe/Berlin] 2020-06-26 13:50 CEST LDAP ldap_api.php:237 ldap_cache_user_data() Searching for sAMAccountName=name.g
[26-Jun-2020 13:50:01 Europe/Berlin] 2020-06-26 13:50 CEST LDAP ldap_api.php:269 ldap_cache_user_data() Unbinding from LDAP server
Thanks
I checked further on this as below. But still I am not able to login. I am getting error as 'Your account may be disabled or blocked or the username/password you entered is incorrect.'
Could you please help.
I created a test PHP page to test LDAP access and this is working fine
$server = "ldap://123.123.0.200/"; //this is the LDAP server you're connecting with
$ds = ldap_connect($server, 389); //always connect securely via LDAPS when possible
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
$ldap_bind_dn = 'corpcompany\testadmin';
$pass = "test123";
$ldapbind = ldap_bind($ds, $ldap_bind_dn, $pass); //this is the point we are authenticating
$dn = "OU=COMPANYCORP,DC=corp,DC=companytec,DC=com";
$t_ldap_uid_field = 'sAMAccountName';
$c_username="name.g";
$filter = $t_ldap_uid_field . '=' . $c_username;
$sr = ldap_search($ds, $dn, $filter); //define your search scope
$results = ldap_get_entries($ds, $sr); //here we are pulling the actual entries from the search we just defined
var_dump($results); //will give you all results is array form.
Same setting I used in Mantis and tested. I am able to get value for t_ldap_data in the function ldap_get_field_from_username as highlighted below. But my mantis login page shows error as - Your account may be disabled or blocked or the username/password you entered is incorrect.
function ldap_get_field_from_username( $p_username, $p_field ) {
log_event( LOG_LDAP, "Retrieving field '$p_field' for '$p_username'" );
$t_ldap_data = ldap_cache_user_data( $p_username );
var_dump($t_ldap_data);exit;
......
My PHP error log says as below
[26-Jun-2020 13:50:01 Europe/Berlin] 2020-06-26 13:50 CEST LDAP ldap_api.php:124 ldap_connect_bind() Bind to ldap server successful
[26-Jun-2020 13:50:01 Europe/Berlin] 2020-06-26 13:50 CEST LDAP ldap_api.php:237 ldap_cache_user_data() Searching for sAMAccountName=name.g
[26-Jun-2020 13:50:01 Europe/Berlin] 2020-06-26 13:50 CEST LDAP ldap_api.php:269 ldap_cache_user_data() Unbinding from LDAP server
Thanks
-
- Posts: 44
- Joined: 31 May 2017, 12:45
Re: LDAP authentication - Error
Hi,
I checked further and please find below details
I am getting correct email id in $t_email
function user_get_email( $p_user_id ) {
$t_email = '';
if( LDAP == config_get_global( 'login_method' ) && ON == config_get( 'use_ldap_email' ) ) {
$t_email = ldap_email( $p_user_id );
....
....
}
But getting error as Your account may be disabled or blocked or the username/password you entered is incorrect. This because of the below 'login_error' in line No. 127 of login_page.php
if( $f_error || $f_cookie_error ) {
echo '<div class="alert alert-danger">';
# Only echo error message if error variable is set
if( $f_error ) {
echo '<p>' . lang_get( 'login_error' ) . '</p>';
}
....
....
Could you please suggest what may be issue
Thanks
I checked further and please find below details
I am getting correct email id in $t_email
function user_get_email( $p_user_id ) {
$t_email = '';
if( LDAP == config_get_global( 'login_method' ) && ON == config_get( 'use_ldap_email' ) ) {
$t_email = ldap_email( $p_user_id );
....
....
}
But getting error as Your account may be disabled or blocked or the username/password you entered is incorrect. This because of the below 'login_error' in line No. 127 of login_page.php
if( $f_error || $f_cookie_error ) {
echo '<div class="alert alert-danger">';
# Only echo error message if error variable is set
if( $f_error ) {
echo '<p>' . lang_get( 'login_error' ) . '</p>';
}
....
....
Could you please suggest what may be issue
Thanks
-
- Posts: 44
- Joined: 31 May 2017, 12:45
Re: LDAP authentication - Error
Hi,
Could any one help with this please
Thanks
Could any one help with this please
Thanks
Re: LDAP authentication - Error
Sorry, we use the AdLogin plugin and it works great for us. I suggest you get that plugin and simply look at the code. It is *very* small, just a few lines, and might tell you what you need to do to make your situation work.
We are in a large organization and every time someone authenticated to the network goes to our mantis webpage it logs them in automatically and they don't have to think about it. Perhaps the plugin code will show you what you need? Good luck!
We are in a large organization and every time someone authenticated to the network goes to our mantis webpage it logs them in automatically and they don't have to think about it. Perhaps the plugin code will show you what you need? Good luck!
-
- Posts: 44
- Joined: 31 May 2017, 12:45
Re: LDAP authentication - Error
Hi mushu,
Can you please share AdLogin plugin link
Thanks
Can you please share AdLogin plugin link
Thanks
-
- Posts: 44
- Joined: 31 May 2017, 12:45
Re: LDAP authentication - Error
Hi,
I am using the LDAP configurations as per below link
https://squeakyspacebar.github.io/2011/ ... -ants.html
And as suggested in this link https://www.mantisbt.org/wiki/doku.php/ ... %20purpose, I am able to fetch the email id.
LDAP logs FYR
[17-Dec-2020 05:49:55 Europe/Berlin] 2020-12-17 05:49 CET LDAP ldap_api.php:114 ldap_connect_bind() Bind to ldap server successful
[17-Dec-2020 05:49:55 Europe/Berlin] 2020-12-17 05:49 CET LDAP ldap_api.php:249 ldap_get_field_from_username() Searching for sAMAccountName=xxxx
[17-Dec-2020 05:49:55 Europe/Berlin] 2020-12-17 05:49 CET LDAP ldap_api.php:269 ldap_get_field_from_username() Unbinding from LDAP server
[17-Dec-2020 05:49:55 Europe/Berlin] 2020-12-17 05:49 CET LDAP ldap_api.php:283 ldap_get_field_from_username() Found value 'xxxx@xxxx.com' for field 'mail'.
But when I try to login using Mantis interface, I am getting alert as 'Your account may be disabled or blocked or the username/password you entered is incorrect'. Please help to fix this
Thanks
I am using the LDAP configurations as per below link
https://squeakyspacebar.github.io/2011/ ... -ants.html
And as suggested in this link https://www.mantisbt.org/wiki/doku.php/ ... %20purpose, I am able to fetch the email id.
LDAP logs FYR
[17-Dec-2020 05:49:55 Europe/Berlin] 2020-12-17 05:49 CET LDAP ldap_api.php:114 ldap_connect_bind() Bind to ldap server successful
[17-Dec-2020 05:49:55 Europe/Berlin] 2020-12-17 05:49 CET LDAP ldap_api.php:249 ldap_get_field_from_username() Searching for sAMAccountName=xxxx
[17-Dec-2020 05:49:55 Europe/Berlin] 2020-12-17 05:49 CET LDAP ldap_api.php:269 ldap_get_field_from_username() Unbinding from LDAP server
[17-Dec-2020 05:49:55 Europe/Berlin] 2020-12-17 05:49 CET LDAP ldap_api.php:283 ldap_get_field_from_username() Found value 'xxxx@xxxx.com' for field 'mail'.
But when I try to login using Mantis interface, I am getting alert as 'Your account may be disabled or blocked or the username/password you entered is incorrect'. Please help to fix this
Thanks
Re: LDAP authentication - Error
It is also available for Mantis 2.x, see my website www.nuy.info/mantis2
-
- Posts: 44
- Joined: 31 May 2017, 12:45
Re: LDAP authentication - Error
Hi mushu and cas
I tried downloaded the plugin from these links https://github.com/mantisbt-plugins/Sim ... ee/initial and https://github.com/mantisbt-plugins/SampleAuth and placed then in Mantis -> plugins folder.
But the details are not available in Manage -> Manage Plugins -> Installed Plugins
Not sure what I am doing wrong
Please suggest
Thanks
I tried downloaded the plugin from these links https://github.com/mantisbt-plugins/Sim ... ee/initial and https://github.com/mantisbt-plugins/SampleAuth and placed then in Mantis -> plugins folder.
But the details are not available in Manage -> Manage Plugins -> Installed Plugins
Not sure what I am doing wrong
Please suggest
Thanks
Re: LDAP authentication - Error
when you download, you get the name "SampleAuth-master".
When you move this to the plugin directory, ensure to change the name of the directory to "SampleAuth"
That will do the trick
When you move this to the plugin directory, ensure to change the name of the directory to "SampleAuth"
That will do the trick
Re: LDAP authentication - Error
You might also need to edit the Core version as explained in my link above.