• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

LDAP 1.6 plugin password

Scheduled Pinned Locked Moved
General Problems
5
14
1.4k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • T
    TaTa @george1421
    last edited by Nov 19, 2019, 7:11 PM

    @george1421 I went to FOG settings and put in AD password in FOG_AD_DEFAULT_PASSWORD under Active Directory Defaults. The password gets encrypted automatically in the web UI. LDAP doesn’t do that. Should it get encrypted the same way?

    G 1 Reply Last reply Nov 19, 2019, 7:21 PM Reply Quote 0
    • G
      george1421 Moderator @TaTa
      last edited by Nov 19, 2019, 7:21 PM

      @TaTa I guess I don’t know what to tell you. In the ldap setup screen you just enter the bind password as you would key in it. This bind user account should be the lowest level user account, because it only need to have access to see if a user exists. It doesn’t need any rights other than to see if a user exists.

      Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

      T 1 Reply Last reply Nov 19, 2019, 8:15 PM Reply Quote 0
      • T
        TaTa @george1421
        last edited by Nov 19, 2019, 8:15 PM

        @george1421 I have a working server running FOG 1.5.6.2 on Debian with the same settings using an older version of LDAP plugin with an encrypted password and it’s working fine. I tested my bind user account un-encrypted password and it’s working fine. The only differences are encrypted pw vs none. I’ll do more tests to see why it’s not working. My apologies for being a pest and thank you very much for all the help.

        G 1 Reply Last reply Nov 19, 2019, 8:32 PM Reply Quote 0
        • G
          george1421 Moderator @TaTa
          last edited by Nov 19, 2019, 8:32 PM

          @TaTa Well this maybe a bug then if you have two different installs with the same settings and they are acting differently. Its possible that something external to the plugin has changed causing the plugin to act poorly. If I remember correctly the ldap plugin logged messages to the FOG log file, but I don’t remember which one at the moment.

          Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

          T 1 Reply Last reply Nov 20, 2019, 4:16 PM Reply Quote 0
          • T
            TaTa @george1421
            last edited by Nov 20, 2019, 4:16 PM

            @george1421 Do you we an older version of LDAP plugin somewhere I can try? Thanks.

            1 Reply Last reply Reply Quote 0
            • S
              Sebastian Roth Moderator
              last edited by Nov 20, 2019, 4:45 PM

              @TaTa It’s all on github. Though I am not sure it’s wise to mix up plugin source from an older version with a newer version of FOG. It’s up to you. We won’t support this.

              https://github.com/FOGProject/fogproject/tree/1.5.7/packages/web/lib/plugins/ldap
              https://github.com/FOGProject/fogproject/tree/1.5.6/packages/web/lib/plugins/ldap
              https://github.com/FOGProject/fogproject/tree/1.5.5/packages/web/lib/plugins/ldap
              https://github.com/FOGProject/fogproject/tree/working-1.6/packages/web/lib/plugins/ldap
              https://github.com/FOGProject/fogproject/tree/dev-branch/packages/web/lib/plugins/ldap

              Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

              Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

              1 Reply Last reply Reply Quote 0
              • S
                Sebastian Roth Moderator
                last edited by Nov 20, 2019, 4:47 PM

                @Fernando-Gietz Can we get you involved here? I don’t know the LDAP plugin much but I am wondering if it ever used crypted password??!

                Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                T 1 Reply Last reply Nov 20, 2019, 5:53 PM Reply Quote 0
                • T
                  Tom Elliott @Sebastian Roth
                  last edited by Nov 20, 2019, 5:53 PM

                  @Sebastian-Roth LDAP used to store the bind password in encrypted form, similar to how we stored the ad default password in encrypted form. So there’s some back end work to verify if the password is in an encrypted form and if so, to decrypt it and pass it along. Otherwise just use the base text.

                  Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                  Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                  Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                  1 Reply Last reply Reply Quote 2
                  • F
                    Fernando Gietz Developer
                    last edited by Nov 22, 2019, 12:05 PM

                    Hi,
                    sorry for my late answer. I can confirm that Tom said.
                    The password is saved encrypted in the database, and you can´not see it in plain text anywhere. If you access to web form, either FOG Settings-AD Settings or host->AD Settings, you see the encripted password. Only is decripted in the clients.

                    1 Reply Last reply Reply Quote 0
                    • T
                      TaTa
                      last edited by Dec 3, 2019, 5:41 PM

                      Thanks all. You are right. LDAP uses plain text password. I had ‘&’ symbol in the password and that breaks it. I set up a test RHEL server and was able to make it work by removing ‘&’ symbol. My “controlled” server however is till not working. No error in /var/log/php-fpm/www-error.log. Apache detected when I tried to login. Re-installing -php-ldap but no go. Does anyone know how to debug it? Thanks!

                      1 Reply Last reply Reply Quote 0
                      • 1 / 1
                      • First post
                        Last post

                      216

                      Online

                      12.0k

                      Users

                      17.3k

                      Topics

                      155.2k

                      Posts
                      Copyright © 2012-2024 FOG Project