• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    LDAP Plugin Troubles

    Scheduled Pinned Locked Moved Solved
    FOG Problems
    3
    12
    2.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      aparker
      last edited by aparker 

      [Wed Mar 15 11:01:20.401032 2017] [php7:warn] [pid 1887] [client 10.2.20.21:53857] PHP Warning:  sprintf(): Too few arguments in /var/www/fog/lib/plugins/ldap/class/ldap.class.php on line 829, referer: http://fogurl/fog/management/index.php
      1 Reply Last reply Reply Quote 0
      • A
        aparker
        last edited by 

        [Wed Mar 15 11:01:20.401092 2017] [php7:notice] [pid 1887] [client 10.2.20.21:53857] , referer: http://fogurl/fog/management/index.php
        george1421G 1 Reply Last reply Reply Quote 0
        • Tom ElliottT
          Tom Elliott @aparker
          last edited by

          @aparker Is samaccountname actually set to arparker on the ldap server?

          It’s making it that far, so connectivity speaking it’s working properly. At least from what I can see.

          The sprintf, while not “useful” shouldn’t be preventing issues. If you’re running 1.3.4 on all, then this error should present the same way on all systems.

          For what it’s worth I’ve found and hopefully corrected the issue of what you’ve presented here.

          Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

          Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

          Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

          A 1 Reply Last reply Reply Quote 0
          • A
            aparker @Tom Elliott
            last edited by

            @Tom-Elliott It is, yes. It’s the same domain across all sites and FOG servers, so samaccountname will match across all sites and domain controllers. Authentication via that same account works on the other two servers, but not this one.

            1 Reply Last reply Reply Quote 0
            • george1421G
              george1421 Moderator @aparker
              last edited by

              samaccountname is essentially the NT style account name.

              According to the error message the search DN MyDN (which I assume has been obfuscated) didn’t contain the user arparker

              Make sure you have the search scope setup correctly of subtree and below

              Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

              A 1 Reply Last reply Reply Quote 1
              • george1421G
                george1421 Moderator
                last edited by

                You’ve compared the two FOG server’s settings line by line and to two ldap setups are the same, except for the ldap server being used? Have you change the non-working fog server ldap server to another site’s that is working (just to rule out the DC being at fault)?

                Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                1 Reply Last reply Reply Quote 0
                • A
                  aparker @george1421
                  last edited by

                  @george1421 You are correct, I did obfuscate the DN. The actual DN does match that of the OU containing the group we are searching on.

                  I’ve compared the configs side by side via the GUI, but was curious where these settings actually get written to compare what is actually being saved. Where are these settings saved?

                  Great idea on the LDAP server, I haven’t tried that. I had been pointing it to the FQDN of the domain and letting DNS pick the closest DC. I’ll try pointing it a DC that I know works and see how that goes.

                  george1421G 1 Reply Last reply Reply Quote 0
                  • george1421G
                    george1421 Moderator @aparker
                    last edited by george1421

                    @aparker The settings are saved in the mysql/mariadb database, in the LDAPServers table.

                    Do you/are you using any non-ascii characters (umlaut or accent characters) in the search DN or user accounts?

                    As for the ldap server value, we have not tested using the fqdn of your AD. In my case I always used the IP address of the closest AD/DC server that way I “know” which server its querying.

                    Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                    A 1 Reply Last reply Reply Quote 0
                    • A
                      aparker @george1421
                      last edited by

                      @george1421 No non-ascii characters in the DN or user account. I just tested a known good LDAP server, but still no dice. I even went so far as to change one of the working FOG servers from the domain FQDN to the IP of a local DC and confirmed it worked. I then used that same DC in the non-working FOG LDAP config, but authentication still fails.

                      george1421G 1 Reply Last reply Reply Quote 0
                      • george1421G
                        george1421 Moderator @aparker
                        last edited by george1421

                        @aparker I just sent you an IM (little talk bubble on FOG Forum tool tray).

                        And your apache error log is still throwing the same error?

                        Is there any firewall between the fog server and AD?

                        But if that was the case, the ldap plugin should have thrown a different error before this point.

                        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                        A 1 Reply Last reply Reply Quote 2
                        • A
                          aparker @george1421
                          last edited by

                          @george1421 George hooked me up after sending him a screenshot. Turned out to be something incredibly simply on my part–search scope was set to “Base and Subtree” instead of “Subtree and below”. I seriously compared these side by side I don’t know how many times, but my brain was not seeing that difference for some reason.

                          Really appreciate the help!

                          1 Reply Last reply Reply Quote 2
                          • 1 / 1
                          • First post
                            Last post

                          162

                          Online

                          12.1k

                          Users

                          17.3k

                          Topics

                          155.4k

                          Posts
                          Copyright © 2012-2024 FOG Project