Loading...
 
LDAP / Active directory

LDAP / Active directory

Forum List Topic List

Forums » LDAP / Active directory » LDAP and Active Directory Problem
 
Thread actions
PDF Print this page
  • Print all pages

    • LDAP and Active Directory Problem

    Posted by Butane

    Hi all!

    I was just wondering if you could help me...

    I'm currently building a company intranet using tikiwiki and want to authenticate users via LPAD and active directory. I think i've configured tiki correctly, but the login simply will not work. It always says that i'm using an incorrect username/password. I've tried various different ways of putting the info in, but it just does'nt want to work!

    my tikiwiki LDAP configuration:

    Auth Type: LDAP
    IMAP/POP3/LDAP Host: 192.168.2.3
    IMAP/POP3/LDAP Port: 389
    IMAP/POP3 BaseDSN: _blank_
    Create user if not in Tiki? yes
    Create user if not in Auth? no
    Just use Tiki auth for admin? yes
    LDAP URL _blank_

    LDAP Scope: sub
    LDAP Base DN: DC=headoffice,DC=companyname,DC=com
    LDAP User DN: ou=users
    LDAP User Attribute: sAMAccountName
    LDAP User OC: *
    LDAP Group DN: _blank_
    LDAP Group Attribute: cn
    LDAP Group OC: groupOfUniqueNames
    LDAP Member Attribute: uniqueMember
    LDAP Member Is DN: n
    LDAP Admin User: cn=user.name
    LDAP Admin Pwd: password

    The Active Directory tree is configured similar to:

    Server (DC=companyname,DC=com)
    - dc=headoffice
    - ou=users
    + ou=Marketing
    + ou=External Sales
    - ou=Technical Support
    + cn=Joe Bloggs (companyname)
    - cn=Jimbo Mcgee (companyname)
    sAMAccountName=jimbo.mcgee
    cn=Jimbo Mcgee (SMTechnology)
    + cn=Julius Ceaser (companyname)


    I'm using TikiWiki v1.9.11, PHP 5.2.5 with OpenLDAP, MySQL 5.0.45, Apache 2.2.4, Windows XP SP2.

    Any ideas? Any help would be much appreciated!

    Thanks,

    Butane

    Reads: 3188
    Link
    Posted by Greg Martin United States

    Butane, AD requires the LDAP Admin user be defined because anonymous access via LDAP is not allowed by default. I see you've specified that, but I believe it needs to be a DN vs CN (perhaps we need to change the page to reflect the correct words.)

    Can you try converting it to something like
    cn=user.name,ou=users,DC=headoffice,DC=companyname,DC=com

    Also, if it still fails, can you look at the security log for the domain controller and see whether any entries apply to what you are trying to do.

    Either way, please post back with success or failure

    Thanks

    \\Greg

    Link

    Posted by Butane

    Thanks for the quick reply Greg!

    Thankfully, I've got it working now by using your suggestion and the tikiwiki 1.10 beta.

    For whatever reason, 1.9 just won't work. I even tried a slightly older version, and no luck! Looking at the event logs from Active Directory it seems that the 1.9 versions aren't binding correctly using the admin username and password...

    I'm not sure where the root of the problem was, but at least it works now.

    Cheers! biggrin

    Link

    Posted by Greg Martin United States

    Thanks for posting back. were you using 1.9.11 (the latest released code)? Perhaps I need to load this and try to make it work.

    Thanks again.

    \\Greg

    Link

    Posted by Butane

    Yeah, I tried using 1.9.11 and 1.9.10.1 and neither worked unfortunately. I'm not sure whether it was the way my active directory was setup or an error in tikiwiki itself. I used the same settings for all the versions I tried.

    I'm going to continue using 1.10 and see if I have any problems.

    Cheers again!

    Link