Problem with login via LDAP

  • Hi. Dosn’t work login via LDAP. When i try connect to webGUI using ldap, doesn’t happen anything. only url change.
    It’s before login
    It’s after try to login
    and don’t redirect to main page(dashboard). local login works fine.

    and /var/log/php-fpm/www-error.log doesn’t show any errors. Please, help

  • Developer

    @egorhan Must have been blind when I looked at this the first time. Now I see something that makes me wonder.
    Search Base DN: ou=administrators,ou=pm_users,dc=parimatch,dc=local
    Bind DN: cn=administrator,ou=pm_users,ou=administrator,dc=parimatch,dc=local

    The OU pm_users seems to be on different levels of your LDAP tree. That doesn’t make sense to me. Please double and triple check all the settings. Better you copy & paste the settings from some LDAP browser tool instead of typing those in.

  • Moderator

    @egorhan said in Problem with login via LDAP:


    Just a comment for the bind DN it needs to be the fully qualified path to the account.

    For example my bind dn (anonymized) is like
    cn=fogbinduser,ou=nyc,ou=domain serviceacc,dc=domain,dc=com

    Disclosure, I’m using windows AD for authentication.
    From your bind dn, I would assume the administrator account is not in any container but hanging right off the root of, which is suspicious. Also I would strongly urge you to NOT use the administrator account for this bind. Create a generic, low level user that isn’t even a member of domain users account. All the bind account needs is read access to your ldap server.

  • Senior Developer

    I wonder if having the mobilegroup and admingroup set to the same thing could be causing an issue. It shouldn’t as the admin side would prevail, but just a though.

    If I were you I’d start simple:

    For LDAP Server, ensure is accessible from FOG Server.

    Search Base DN should simply be dc=parimatch,dc=local
    Group Search DN should simply be dc=parimatch,dc=local
    Admin Group should be administrators

    You could try removing the Bind DN and password and see if it works that way too!

  • @Sebastian-Roth just tried removing space. BindDN is now cn=administrator,dc=parimatch,dc=local. no fresh news.
    and tried KDirADm. It’s works fine. but still don’t work via webGUI

  • Developer

    @egorhan Have you tried removing the spaces in the BindDN? Do you have some other LDAP tool to test if that bind credentials really work? Browsers

  • @Tom-Elliott same result. just refreshed main page, added ?node=home at the end of url <fog-ip-address>/management/fog.index.php and displayed mane page with username and password form.
    still nothing in apache error logs

  • Senior Developer

    @egorhan Your admin Group should NOT have ou= in it.

    Why are you limiting the search base and group search?

    You might have more success if you do:
    Search Base DN: dc=parimatch,dc=local (notice no spaces)
    Group Search DN: ou=pm_users,dc=parimatch,dc=local
    Admin Group: administrators

  • fog version 1.5.7. open-ldap v. 2.4.44.
    that’s my configuration. config.PNG.
    no errors at /var/log/php-fpm.www-error.log and /etc/httpd/logs/error_log

  • Developer

    @egorhan Which version of FOG do you use? What LDAP backend server do you use? Can you take a picture of the settings you used and post here? Anything in apache error logs?

Log in to reply