Problem with login via LDAP



  • Hi. Dosn’t work login via LDAP. When i try connect to webGUI using ldap, doesn’t happen anything. only url change.
    It’s before login http://10.0.0.148/fog/management/index.php?
    It’s after try to login http://10.0.0.148/fog/management/index.php?node=home.
    and don’t redirect to main page(dashboard). local login works fine.

    and /var/log/php-fpm/www-error.log doesn’t show any errors. Please, help


  • Developer

    @egorhan Must have been blind when I looked at this the first time. Now I see something that makes me wonder.
    Search Base DN: ou=administrators,ou=pm_users,dc=parimatch,dc=local
    Bind DN: cn=administrator,ou=pm_users,ou=administrator,dc=parimatch,dc=local

    The OU pm_users seems to be on different levels of your LDAP tree. That doesn’t make sense to me. Please double and triple check all the settings. Better you copy & paste the settings from some LDAP browser tool instead of typing those in.


  • Moderator

    @egorhan said in Problem with login via LDAP:

    cn=administrator,dc=parimatch,dc=local

    Just a comment for the bind DN it needs to be the fully qualified path to the account.

    For example my bind dn (anonymized) is like
    cn=fogbinduser,ou=nyc,ou=domain serviceacc,dc=domain,dc=com

    Disclosure, I’m using windows AD for authentication.
    From your bind dn, I would assume the administrator account is not in any container but hanging right off the root of domain.com, which is suspicious. Also I would strongly urge you to NOT use the administrator account for this bind. Create a generic, low level user that isn’t even a member of domain users account. All the bind account needs is read access to your ldap server.


  • Senior Developer

    I wonder if having the mobilegroup and admingroup set to the same thing could be causing an issue. It shouldn’t as the admin side would prevail, but just a though.

    If I were you I’d start simple:

    For LDAP Server, ensure 10.0.0.201 is accessible from FOG Server.

    Search Base DN should simply be dc=parimatch,dc=local
    Group Search DN should simply be dc=parimatch,dc=local
    Admin Group should be administrators

    You could try removing the Bind DN and password and see if it works that way too!



  • @Sebastian-Roth just tried removing space. BindDN is now cn=administrator,dc=parimatch,dc=local. no fresh news.
    and tried KDirADm. It’s works fine. but still don’t work via webGUI


  • Developer

    @egorhan Have you tried removing the spaces in the BindDN? Do you have some other LDAP tool to test if that bind credentials really work? https://ldapwiki.com/wiki/LDAP Browsers



  • @Tom-Elliott same result. just refreshed main page, added ?node=home at the end of url <fog-ip-address>/management/fog.index.php and displayed mane page with username and password form.
    still nothing in apache error logs


  • Senior Developer

    @egorhan Your admin Group should NOT have ou= in it.

    Why are you limiting the search base and group search?

    You might have more success if you do:
    Search Base DN: dc=parimatch,dc=local (notice no spaces)
    Group Search DN: ou=pm_users,dc=parimatch,dc=local
    Admin Group: administrators



  • fog version 1.5.7. open-ldap v. 2.4.44.
    that’s my configuration. config.PNG.
    no errors at /var/log/php-fpm.www-error.log and /etc/httpd/logs/error_log


  • Developer

    @egorhan Which version of FOG do you use? What LDAP backend server do you use? Can you take a picture of the settings you used and post here? Anything in apache error logs?


Log in to reply
 

435
Online

6.4k
Users

13.8k
Topics

130.0k
Posts