• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

Problem with login via LDAP

Scheduled Pinned Locked Moved Solved
FOG Problems
4
10
609
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • E
    egorhan
    last edited by Dec 3, 2019, 8:33 AM

    Hi. Dosn’t work login via LDAP. When i try connect to webGUI using ldap, doesn’t happen anything. only url change.
    It’s before login http://10.0.0.148/fog/management/index.php?
    It’s after try to login http://10.0.0.148/fog/management/index.php?node=home.
    and don’t redirect to main page(dashboard). local login works fine.

    and /var/log/php-fpm/www-error.log doesn’t show any errors. Please, help

    1 Reply Last reply Reply Quote 0
    • S
      Sebastian Roth Moderator
      last edited by Dec 4, 2019, 10:51 PM

      @egorhan Must have been blind when I looked at this the first time. Now I see something that makes me wonder.
      Search Base DN: ou=administrators,ou=pm_users,dc=parimatch,dc=local
      Bind DN: cn=administrator,ou=pm_users,ou=administrator,dc=parimatch,dc=local

      The OU pm_users seems to be on different levels of your LDAP tree. That doesn’t make sense to me. Please double and triple check all the settings. Better you copy & paste the settings from some LDAP browser tool instead of typing those in.

      Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

      Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

      1 Reply Last reply Reply Quote 0
      • S
        Sebastian Roth Moderator
        last edited by Dec 3, 2019, 1:39 PM

        @egorhan Which version of FOG do you use? What LDAP backend server do you use? Can you take a picture of the settings you used and post here? Anything in apache error logs?

        Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

        Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

        1 Reply Last reply Reply Quote 0
        • E
          egorhan
          last edited by Dec 3, 2019, 6:19 PM

          fog version 1.5.7. open-ldap v. 2.4.44.
          that’s my configuration. config.PNG.
          no errors at /var/log/php-fpm.www-error.log and /etc/httpd/logs/error_log

          T 1 Reply Last reply Dec 3, 2019, 6:44 PM Reply Quote 0
          • T
            Tom Elliott @egorhan
            last edited by Dec 3, 2019, 6:44 PM

            @egorhan Your admin Group should NOT have ou= in it.

            Why are you limiting the search base and group search?

            You might have more success if you do:
            Search Base DN: dc=parimatch,dc=local (notice no spaces)
            Group Search DN: ou=pm_users,dc=parimatch,dc=local
            Admin Group: administrators

            Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

            Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

            Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

            E 1 Reply Last reply Dec 3, 2019, 6:56 PM Reply Quote 0
            • E
              egorhan @Tom Elliott
              last edited by Dec 3, 2019, 6:56 PM

              @Tom-Elliott same result. just refreshed main page, added ?node=home at the end of url <fog-ip-address>/management/fog.index.php and displayed mane page with username and password form.
              still nothing in apache error logs

              1 Reply Last reply Reply Quote 0
              • S
                Sebastian Roth Moderator
                last edited by Dec 4, 2019, 5:57 AM

                @egorhan Have you tried removing the spaces in the BindDN? Do you have some other LDAP tool to test if that bind credentials really work? https://ldapwiki.com/wiki/LDAP Browsers

                Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                E 1 Reply Last reply Dec 4, 2019, 6:43 PM Reply Quote 0
                • E
                  egorhan @Sebastian Roth
                  last edited by Dec 4, 2019, 6:43 PM

                  @Sebastian-Roth just tried removing space. BindDN is now cn=administrator,dc=parimatch,dc=local. no fresh news.
                  and tried KDirADm. It’s works fine. but still don’t work via webGUI

                  G 1 Reply Last reply Dec 4, 2019, 9:57 PM Reply Quote 0
                  • T
                    Tom Elliott
                    last edited by Dec 4, 2019, 8:55 PM

                    I wonder if having the mobilegroup and admingroup set to the same thing could be causing an issue. It shouldn’t as the admin side would prevail, but just a though.

                    If I were you I’d start simple:

                    For LDAP Server, ensure 10.0.0.201 is accessible from FOG Server.

                    Search Base DN should simply be dc=parimatch,dc=local
                    Group Search DN should simply be dc=parimatch,dc=local
                    Admin Group should be administrators

                    You could try removing the Bind DN and password and see if it works that way too!

                    Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                    Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                    Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                    1 Reply Last reply Reply Quote 0
                    • G
                      george1421 Moderator @egorhan
                      last edited by george1421 Dec 4, 2019, 4:00 PM Dec 4, 2019, 9:57 PM

                      @egorhan said in Problem with login via LDAP:

                      cn=administrator,dc=parimatch,dc=local

                      Just a comment for the bind DN it needs to be the fully qualified path to the account.

                      For example my bind dn (anonymized) is like
                      cn=fogbinduser,ou=nyc,ou=domain serviceacc,dc=domain,dc=com

                      Disclosure, I’m using windows AD for authentication.
                      From your bind dn, I would assume the administrator account is not in any container but hanging right off the root of domain.com, which is suspicious. Also I would strongly urge you to NOT use the administrator account for this bind. Create a generic, low level user that isn’t even a member of domain users account. All the bind account needs is read access to your ldap server.

                      Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                      1 Reply Last reply Reply Quote 2
                      • S
                        Sebastian Roth Moderator
                        last edited by Dec 4, 2019, 10:51 PM

                        @egorhan Must have been blind when I looked at this the first time. Now I see something that makes me wonder.
                        Search Base DN: ou=administrators,ou=pm_users,dc=parimatch,dc=local
                        Bind DN: cn=administrator,ou=pm_users,ou=administrator,dc=parimatch,dc=local

                        The OU pm_users seems to be on different levels of your LDAP tree. That doesn’t make sense to me. Please double and triple check all the settings. Better you copy & paste the settings from some LDAP browser tool instead of typing those in.

                        Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                        Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                        1 Reply Last reply Reply Quote 0
                        • 1 / 1
                        1 / 1
                        • First post
                          1/10
                          Last post

                        238

                        Online

                        12.1k

                        Users

                        17.3k

                        Topics

                        155.3k

                        Posts
                        Copyright © 2012-2024 FOG Project