Problem with login via LDAP
-
Hi. Dosn’t work login via LDAP. When i try connect to webGUI using ldap, doesn’t happen anything. only url change.
It’s before login http://10.0.0.148/fog/management/index.php?
It’s after try to login http://10.0.0.148/fog/management/index.php?node=home.
and don’t redirect to main page(dashboard). local login works fine.and /var/log/php-fpm/www-error.log doesn’t show any errors. Please, help
-
@egorhan Must have been blind when I looked at this the first time. Now I see something that makes me wonder.
Search Base DN:ou=administrators,ou=pm_users,dc=parimatch,dc=local
Bind DN:cn=administrator,ou=pm_users,ou=administrator,dc=parimatch,dc=localThe OU
pm_usersseems to be on different levels of your LDAP tree. That doesn’t make sense to me. Please double and triple check all the settings. Better you copy & paste the settings from some LDAP browser tool instead of typing those in. -
@egorhan Which version of FOG do you use? What LDAP backend server do you use? Can you take a picture of the settings you used and post here? Anything in apache error logs?
-
fog version 1.5.7. open-ldap v. 2.4.44.
that’s my configuration.
.
no errors at /var/log/php-fpm.www-error.log and /etc/httpd/logs/error_log -
@egorhan Your admin Group should NOT have ou= in it.
Why are you limiting the search base and group search?
You might have more success if you do:
Search Base DN: dc=parimatch,dc=local (notice no spaces)
Group Search DN: ou=pm_users,dc=parimatch,dc=local
Admin Group: administrators -
@Tom-Elliott same result. just refreshed main page, added ?node=home at the end of url <fog-ip-address>/management/fog.index.php and displayed mane page with username and password form.
still nothing in apache error logs -
@egorhan Have you tried removing the spaces in the BindDN? Do you have some other LDAP tool to test if that bind credentials really work? https://ldapwiki.com/wiki/LDAP Browsers
-
@Sebastian-Roth just tried removing space. BindDN is now cn=administrator,dc=parimatch,dc=local. no fresh news.
and tried KDirADm. It’s works fine. but still don’t work via webGUI -
I wonder if having the mobilegroup and admingroup set to the same thing could be causing an issue. It shouldn’t as the admin side would prevail, but just a though.
If I were you I’d start simple:
For LDAP Server, ensure 10.0.0.201 is accessible from FOG Server.
Search Base DN should simply be dc=parimatch,dc=local
Group Search DN should simply be dc=parimatch,dc=local
Admin Group should be administratorsYou could try removing the Bind DN and password and see if it works that way too!
-
@egorhan said in Problem with login via LDAP:
cn=administrator,dc=parimatch,dc=local
Just a comment for the bind DN it needs to be the fully qualified path to the account.
For example my bind dn (anonymized) is like
cn=fogbinduser,ou=nyc,ou=domain serviceacc,dc=domain,dc=comDisclosure, I’m using windows AD for authentication.
From your bind dn, I would assume the administrator account is not in any container but hanging right off the root of domain.com, which is suspicious. Also I would strongly urge you to NOT use the administrator account for this bind. Create a generic, low level user that isn’t even a member of domain users account. All the bind account needs is read access to your ldap server. -
@egorhan Must have been blind when I looked at this the first time. Now I see something that makes me wonder.
Search Base DN:ou=administrators,ou=pm_users,dc=parimatch,dc=local
Bind DN:cn=administrator,ou=pm_users,ou=administrator,dc=parimatch,dc=localThe OU
pm_usersseems to be on different levels of your LDAP tree. That doesn’t make sense to me. Please double and triple check all the settings. Better you copy & paste the settings from some LDAP browser tool instead of typing those in.
