Loading...
 
LDAP / Active directory

LDAP / Active directory


Can't get authentication via Active Directory to work.

Environment

Tikiwiki 1.9.8.3
PHP 5.2.5
MySQL 5.0.45
FastCGI (x64) on IIS 6
Windows Server 2003 R2 (64-bit)

Symptoms

When attempting to log in, after some time (apparently it is at least connecting to the AD server), the page refreshes with the following message:

Copy to clipboard
Error Invalid username or password

Notes

I've scoured the docs and this docs page and its nine comments. I think the problem may have to do with Active Directory's requirement to log in to the directory before it can return results. I tried the suggestions which look like they are hard coding the authentication into the Tiki code. But I think the code has changed somewhat since the line numbers differ. I dunno. Is there any way to debug this, or any logs which will show me what is being submitted and what is being returned from and to where? (Not sure how the PHP, MySQL and LDAP service interact here).

Any help will be much appreciated.

-Jeremy

Good news. I checked 1.10 out from CVS, and there seem to have been substantial modifications to the authentication code. By using the 1.10 code and following the instructions at the tiki docs EXACTLY, it works. I was never able to get it to work in 1.9.8.3. I found Microsoft's Netmon 3.1 to be an invaluable tool to find out the LDAP server's responses to troubleshoot my own mistakes. But like I said, follow the instructions for LDAP in the auth docs, and it should work without any modifications to the 1.10 code.

-Jeremy

United States

> Good news. I checked 1.10 out from CVS, and there seem to have been substantial modifications to the authentication code. By using the 1.10 code and following the instructions at the tiki docs EXACTLY, it works. I was never able to get it to work in 1.9.8.3. I found Microsoft's Netmon 3.1 to be an invaluable tool to find out the LDAP server's responses to troubleshoot my own mistakes. But like I said, follow the instructions for LDAP in the auth docs, and it should work without any modifications to the 1.10 code.
>
> -Jeremy

Jeremy, By default, AD doesn't allow anonymous searches. The LDAP library we use allows you to provide credentials for use with AD (or any other LDAP server that is similarly configured. We made the changes to 1.10 to make these fields accessible (which you've discovered) but did not backport them. Is that a big issue for you?

\\Greg


Upcoming Events

1)  18 Apr 2024 14:00 GMT-0000
Tiki Roundtable Meeting
2)  16 May 2024 14:00 GMT-0000
Tiki Roundtable Meeting
3)  20 Jun 2024 14:00 GMT-0000
Tiki Roundtable Meeting
4)  18 Jul 2024 14:00 GMT-0000
Tiki Roundtable Meeting
5)  15 Aug 2024 14:00 GMT-0000
Tiki Roundtable Meeting
6)  19 Sep 2024 14:00 GMT-0000
Tiki Roundtable Meeting
7) 
Tiki birthday
8)  17 Oct 2024 14:00 GMT-0000
Tiki Roundtable Meeting
9)  21 Nov 2024 14:00 GMT-0000
Tiki Roundtable Meeting
10)  19 Dec 2024 14:00 GMT-0000
Tiki Roundtable Meeting