self-service-password icon indicating copy to clipboard operation
self-service-password copied to clipboard

Published 20 hours ago verified publisher icon ltb-project

Cannot access LDAP directory

Open thisisusernameforgithub opened this issue 3 years ago • 13 comments

hi! I can't set up a connection to my ldap in any way

$ ldap_url = "ldap://localhost:389";
$ ldap_starttls = false;
$ ldap_binddn = "";
$ ldap_bindpw = "";
$ ldap_base = "ou=users,dc=test,dc=com";
$ ldap_login_attribute = "uid";
$ ldap_fullname_attribute = "cn";
$ ldap_filter = "($ldap_login_attribute={login})";

$ who_change_password = "user";

with this configuration, an error appears that there is no connection to the ldap directory. maybe I configured ldap_filter incorrectly? I tried different options. the screenshot shows the user whose password I want to change, but I just can't get the configuration right. ldap and self-service-password are on the same server

image

thisisusernameforgithub avatar Mar 30 '21 09:03 thisisusernameforgithub

You did not define $ldap_binddn, can you browse your LDAP directory anonymously?

coudot avatar Mar 30 '21 09:03 coudot

You did not define $ldap_binddn, can you browse your LDAP directory anonymously?

when I set

$ ldap_url = "ldap://localhost:389"; $ ldap_starttls = false; $ ldap_binddn = "cn=dmin,dc=test,dc=com"; $ ldap_bindpw = "PASS"; $ ldap_base = "ou=users,dc=test,dc=com"; $ ldap_login_attribute = "uid"; $ ldap_fullname_attribute = "cn"; $ ldap_filter = "($ldap_login_attribute={login})";

$ who_change_password = "manager";

the error is the same

thisisusernameforgithub avatar Mar 30 '21 10:03 thisisusernameforgithub

You should set $debug to true and see the logs.

coudot avatar Mar 30 '21 11:03 coudot

You should set $debug to true and see the logs.

yes, I set $debug = true, but where I can see debug logs?

thisisusernameforgithub avatar Mar 30 '21 11:03 thisisusernameforgithub

You should set $debug to true and see the logs.

I see in httpd logs

[Tue Mar 30 13:11:00.188877 2021] [php7:notice] [pid 23048:tid 23048] [client 10.2.10.16:0] PHP Notice:  Undefined variable: use_recaptcha in /usr/share/self-service-password/index.php on line 30, referer: http://ldap.loc/
[Tue Mar 30 13:11:00.189113 2021] [php7:notice] [pid 23048:tid 23048] [client 10.2.10.16:0] PHP Notice:  Undefined variable: use_pwnedpasswords in /usr/share/self-service-password/index.php on line 35, referer: http://ldap.loc/
[Tue Mar 30 13:11:00.196064 2021] [php7:notice] [pid 23048:tid 23048] [client 10.2.10.16:0] LDAP - Search error 2  (Protocol error), referer: http://ldap.loc/

thisisusernameforgithub avatar Mar 30 '21 11:03 thisisusernameforgithub

Can you add in your config file:

ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);

And in the logs if you have more details about LDAP operations?

coudot avatar Mar 30 '21 14:03 coudot

Can you add in your config file:

ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);

And in the logs if you have more details about LDAP operations?

added this parameter to config next to $debug = true

$ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);

and where else can I see the logs? I have enabled debug, but where can I see them?

thisisusernameforgithub avatar Mar 30 '21 14:03 thisisusernameforgithub

In the apache error logs.

coudot avatar Mar 30 '21 14:03 coudot

In the apache error logs.

in apache also enabled debug of logs. these are all the logs that are in the apache....

[Tue Mar 30 17:59:48.848861 2021] [authz_core:debug] [pid 25183:tid 25183] mod_authz_core.c(818): [client 10.2.10.16:0] AH01626: authorization result of Require all granted: granted, referer: http://ldap.loc/
[Tue Mar 30 17:59:48.848946 2021] [authz_core:debug] [pid 25183:tid 25183] mod_authz_core.c(818): [client 10.2.10.16:0] AH01626: authorization result of <RequireAny>: granted, referer: http://ldap.loc/
[Tue Mar 30 17:59:48.852473 2021] [php7:notice] [pid 25183:tid 25183] [client 10.2.10.16:0] PHP Notice:  Undefined variable: use_recaptcha in /usr/share/self-service-password/index.php on line 30, referer: http://ldap.loc/
[Tue Mar 30 17:59:48.852641 2021] [php7:notice] [pid 25183:tid 25183] [client 10.2.10.16:0] PHP Notice:  Undefined variable: use_pwnedpasswords in /usr/share/self-service-password/index.php on line 35, referer: http://ldap.loc/
[Tue Mar 30 17:59:48.859858 2021] [php7:notice] [pid 25183:tid 25183] [client 10.2.10.16:0] LDAP - Search error 2  (Protocol error), referer: http://ldap.loc/

thisisusernameforgithub avatar Mar 30 '21 15:03 thisisusernameforgithub

There should be other logs.

Please provide your full config file.

coudot avatar Mar 30 '21 15:03 coudot

There should be other logs.

Please provide your full config file.

config.inc.php.txt

thisisusernameforgithub avatar Mar 30 '21 15:03 thisisusernameforgithub

ldap_set_option is a function, so set this in the file:

$debug = true;
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);

Check also that you don't have a config.inc.local.php in the same directory, or if you have one, prefer to edit this file to set your own configuration settings.

coudot avatar Mar 30 '21 15:03 coudot

ldap_set_option is a function, so set this in the file:

$debug = true;
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);

Check also that you don't have a config.inc.local.php in the same directory, or if you have one, prefer to edit this file to set your own configuration settings.

ok i did as you said image

I have no other files in /conf

thisisusernameforgithub avatar Mar 30 '21 15:03 thisisusernameforgithub