• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    LDAP Plugin

    Scheduled Pinned Locked Moved Solved
    FOG Problems
    3
    19
    4.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • george1421G
      george1421 Moderator
      last edited by

      The first thing I might do is use the IP address of your DC.

      The binddn and bind password needs to point to a valid user that only needs read only access to AD. The password should not be encrypted with fogcrypt. The page does that automatically.

      in the group home_it, that contains the names of the users you want to login to FOG?

      Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

      1 Reply Last reply Reply Quote 0
      • I
        iyoung
        last edited by

        If @george1421’s suggestion doesn’t work, in my setup of the plugin, I left the ‘Bind DN’ and ‘Bind Password’ fields blank, from reading this post. But my AD might be set up wrong.

        george1421G 1 Reply Last reply Reply Quote 0
        • george1421G
          george1421 Moderator @iyoung
          last edited by george1421

          @iyoung if you do not supply a bind dn, then the code will use a blind bind. Windows AD doesn’t allow blind binds to ldap.

          OK lets take a step back. I believe if you set use group matching to No and save the configuration, as long as the user is a valid ldap user he/she should be able to login. That’s not the final go only a stepping stone.

          If that doesn’t work then we need to look at the apache error log. That will tell us what the plugin is having an issue with

          Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

          george1421G 1 Reply Last reply Reply Quote 0
          • george1421G
            george1421 Moderator @george1421
            last edited by george1421

            @george1421 Lets confirm that you are attempting to login using the NT style user ID correct? (username) and not (domain\username).

            Also one of the developers just IM’d me that the plugin doesn’t use blind binds (userid/password less queries) since that isn’t allowed in AD anyway.

            Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

            1 Reply Last reply Reply Quote 0
            • T
              TaTa
              last edited by TaTa

              @george1421 I set it to no but still can’t login. How do I check Apache error log?

              george1421G 1 Reply Last reply Reply Quote 0
              • george1421G
                george1421 Moderator @TaTa
                last edited by george1421

                @TaTa said in LDAP Plugin:

                @george1421 I set it to now but still can’t login. How do I check Apache error log?

                Fog Configuration (wrench on tool bar)->Log Viewer->Select Apache error log (error_log) from drop down list. New errors at the bottom.

                Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                1 Reply Last reply Reply Quote 0
                • T
                  TaTa
                  last edited by

                  I’m getting “Unable to open file for reading”.

                  george1421G 1 Reply Last reply Reply Quote 0
                  • george1421G
                    george1421 Moderator @TaTa
                    last edited by george1421

                    @TaTa can you post that section of the log? It almost sounds like your don’t have the php-ldap module installed.

                    Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                    1 Reply Last reply Reply Quote 0
                    • T
                      TaTa
                      last edited by

                      This is what I got

                      alt text

                      1 Reply Last reply Reply Quote 0
                      • T
                        TaTa
                        last edited by

                        FOG Log Viewer can open any other logs except for Apache logs.

                        george1421G 1 Reply Last reply Reply Quote 0
                        • george1421G
                          george1421 Moderator @TaTa
                          last edited by george1421

                          @TaTa Well that sounds like a programmer’s issue.

                          For this issue you will have to go to the fog server and the linux command line.

                          For ubuntu I think (sorry I’m a rhel guy) the error.log file is in /etc use this command to find it.
                          find /etc -name error.log

                          Once you find the location use this command
                          tail <the path found using find>.

                          For rhel the apache error log is in /var/log/httpd/error_log

                          Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                          1 Reply Last reply Reply Quote 0
                          • T
                            TaTa
                            last edited by TaTa

                            I found it. It’s in /var/apache2 folder:

                            [Wed Jan 25 12:38:38.997061 2017] [php7:warn] [pid 7657] [client 192.168.1.164:58283] PHP Warning: fopen(/var/log/apache2/error.log): failed to open stream: Permission denied in /var/www/html/fog/status/logtoview.php on line 60, referer: http://192.168.1.110/fog/management/index.php?node=about&sub=logviewer
                            [Wed Jan 25 12:38:49.027418 2017] [php7:warn] [pid 7654] [client 192.168.1.164:58287] PHP Warning: fopen(/var/log/apache2/error.log): failed to open stream: Permission denied in /var/www/html/fog/status/logtoview.php on line 60, referer: http://192.168.1.110/fog/management/index.php?node=about&sub=logviewer
                            [Wed Jan 25 12:38:59.058214 2017] [php7:warn] [pid 5012] [client 192.168.1.164:58290] PHP Warning: fopen(/var/log/apache2/error.log): failed to open stream: Permission denied in /var/www/html/fog/status/logtoview.php on line 60, referer: http://192.168.1.110/fog/management/index.php?node=about&sub=logviewer
                            [Wed Jan 25 12:39:09.090039 2017] [php7:warn] [pid 7655] [client 192.168.1.164:58292] PHP Warning: fopen(/var/log/apache2/error.log): failed to open stream: Permission denied in /var/www/html/fog/status/logtoview.php on line 60, referer: http://192.168.1.110/fog/

                            1 Reply Last reply Reply Quote 0
                            • T
                              TaTa
                              last edited by

                              The time displays on my FOG website is wrong. It reads Wed Jan 25, 2017 18:34 pm but actual time right now is 1:32PM. How do I change it?

                              1 Reply Last reply Reply Quote 0
                              • T
                                TaTa
                                last edited by

                                I just installed php5-ldap and tried to login. This is what I see in apache2 error.log

                                [Wed Jan 25 13:49:36.733006 2017] [core:notice] [pid 1307] AH00094: Command line: ‘/usr/sbin/apache2’
                                [Wed Jan 25 13:49:54.996066 2017] [php7:warn] [pid 1324] [client 192.168.1.164:61012] PHP Warning: ldap_unbind() expects parameter 1 to be resource, null given in /var/www/html/fog/lib/plugins/ldap/class/ldap.class.php on line 118, referer: http://192.168.1.110/fog/management/index.php
                                [Wed Jan 25 13:50:53.236481 2017] [php7:warn] [pid 1327] [client 192.168.1.164:61052] PHP Warning: ldap_unbind() expects parameter 1 to be resource, null given in /var/www/html/fog/lib/plugins/ldap/class/ldap.class.php on line 118, referer: http://192.168.1.110/fog/management/index.php

                                george1421G 1 Reply Last reply Reply Quote 0
                                • george1421G
                                  george1421 Moderator @TaTa
                                  last edited by

                                  @TaTa I tweaked ldap plugin on my production server to provide more details of where the issue is failing. I’ll provide you with a link in the AM (here, about 8 hours) with instructions on patching your installation so we can figure out exactly what is wrong. The unbind warning, is just that its a warning. That isn’t the issue with your setup.

                                  Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                                  george1421G 1 Reply Last reply Reply Quote 0
                                  • george1421G
                                    george1421 Moderator @george1421
                                    last edited by

                                    @george1421 I just sent a link to you via direct messaging (little talk bubble on the tool tray in the browser)

                                    Save the file /var/www/html/fog/lib/plugins/ldap/class/ldap.class.php to a safe location and then copy the file downloaded file into that location. Then test your ldap login. The only thing added to this file over the standard ldap file is additional logging so we can understand what is going wrong.

                                    Post the messages logged at the tail of the apache error_log. This should tell us where the in code the plugin is not happy. I can say the plugin works fine in my environment so we just need to understand why it is misbehving in your environment.

                                    Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                                    1 Reply Last reply Reply Quote 0
                                    • T
                                      TaTa
                                      last edited by

                                      Thank you @george1421. I just tested it with and without user group matching but no luck. I sent you a private message of the error log. I can’t post it here. Bosses might not like it. I’m out of office today but If you need access to my server, I’m happy to do a teamviewer session tomorrow. Thanks again.

                                      1 Reply Last reply Reply Quote 0
                                      • T
                                        TaTa
                                        last edited by

                                        @george1421 I just changed search scope to subtree and below and magically I was able to login with domain user ID (no domain name is needed). I can’t thank you enough for your support. Thank you!!!

                                        1 Reply Last reply Reply Quote 1
                                        • 1 / 1
                                        • First post
                                          Last post

                                        167

                                        Online

                                        12.0k

                                        Users

                                        17.3k

                                        Topics

                                        155.2k

                                        Posts
                                        Copyright © 2012-2024 FOG Project