Configuring LDAP Authentication
-
@astrugatch said in Configuring LDAP Authentication:
Both Search Base DN and Group Base DN should be OU’s not CN’s.
Good catch! The search bases should be a path not an entity. So in other words stop the path at the users OU.
The log file still says its using ldaps. Yet your configuration in your first post is using ldap.
If your groups and users are in the users OU then your search scope of base only is OK. If you have sub OUs below users then you will need to change the search scope.
-
@astrugatch How do I create a Group/OU in AD that restricts access to FOG to just those in the group? No matter how I try, I always get groups with CN’s. and when I create a new OU, and try to add a user to it, it says it already exists.
-
@anwoke8204 please also install the dev-branch version of fog. Apparently the php 8.1 is also requiring a bind object instead of a handler. This should be addressed as far I can tell.
-
@Tom-Elliott how do I tell it to install the dev version? Also would I loose any registrations or things already setup?
-
ok, I got it switched over to the dev branch, and here is the new log errors I am getting:
[Sun Aug 06 19:30:52.251791 2023] [mpm_event:notice] [pid 2231:tid 140720057064768] AH00489: Apache/2.4.56 (Debian) configured – resuming normal operations
[Sun Aug 06 19:30:52.252004 2023] [core:notice] [pid 2231:tid 140720057064768] AH00094: Command line: ‘/usr/sbin/apache2’
[Sun Aug 06 19:32:53.721269 2023] [mpm_event:notice] [pid 2231:tid 140720057064768] AH00492: caught SIGWINCH, shutting down gracefully
[Sun Aug 06 19:32:53.800758 2023] [mpm_prefork:notice] [pid 15542] AH00163: Apache/2.4.56 (Debian) configured – resuming normal operations
[Sun Aug 06 19:32:53.801014 2023] [core:notice] [pid 15542] AH00094: Command line: ‘/usr/sbin/apache2’
[Sun Aug 06 19:32:54.085464 2023] [mpm_prefork:notice] [pid 15542] AH00170: caught SIGWINCH, shutting down gracefully
[Sun Aug 06 19:32:54.221866 2023] [mpm_prefork:notice] [pid 15583] AH00163: Apache/2.4.56 (Debian) configured – resuming normal operations
[Sun Aug 06 19:32:54.221984 2023] [core:notice] [pid 15583] AH00094: Command line: ‘/usr/sbin/apache2’
[Sun Aug 06 19:34:47.821763 2023] [mpm_prefork:notice] [pid 15583] AH00170: caught SIGWINCH, shutting down gracefully
[Sun Aug 06 19:35:03.529765 2023] [mpm_prefork:notice] [pid 25041] AH00163: Apache/2.4.56 (Debian) OpenSSL/1.1.1n configured – resuming normal operations
[Sun Aug 06 19:35:03.529963 2023] [core:notice] [pid 25041] AH00094: Command line: ‘/usr/sbin/apache2’
[Sun Aug 06 20:25:54.324902 2023] [mpm_prefork:notice] [pid 25041] AH00170: caught SIGWINCH, shutting down gracefully
[Sun Aug 06 20:33:40.014130 2023] [mpm_prefork:notice] [pid 531] AH00163: Apache/2.4.56 (Debian) OpenSSL/1.1.1n configured – resuming normal operations
[Sun Aug 06 20:33:40.018076 2023] [core:notice] [pid 531] AH00094: Command line: ‘/usr/sbin/apache2’
[Sun Aug 06 21:16:32.086362 2023] [proxy_fcgi:error] [pid 1795] [client 10.4.47.20:64615] AH01071: Got error ‘PHP message: PHP Warning: count(): Parameter must be an array or an object that implements Countable in /var/www/fog/lib/plugins/accesscontrol/pages/accesscontrolmanagementpage.class.php on line 1842’, referer: https://10.4.47.15/fog/management/index.php?node=accesscontrol&sub=edit&id=1
[Sun Aug 06 21:16:39.710985 2023] [proxy_fcgi:error] [pid 2036] [client 10.4.47.20:64776] AH01071: Got error ‘PHP message: PHP Warning: count(): Parameter must be an array or an object that implements Countable in /var/www/fog/lib/plugins/accesscontrol/pages/accesscontrolmanagementpage.class.php on line 1774’, referer: https://10.4.47.15/fog/management/index.php?node=accesscontrol&sub=membership&id=1
[Sun Aug 06 21:16:47.843843 2023] [proxy_fcgi:error] [pid 2227] [client 10.4.47.20:64954] AH01071: Got error ‘PHP message: PHP Warning: count(): Parameter must be an array or an object that implements Countable in /var/www/fog/lib/plugins/accesscontrol/pages/accesscontrolmanagementpage.class.php on line 1774’, referer: https://10.4.47.15/fog/management/index.php?node=accesscontrol&sub=membership&id=1
[Sun Aug 06 21:17:04.639901 2023] [proxy_fcgi:error] [pid 2227] [client 10.4.47.20:65261] AH01071: Got error ‘PHP message: PHP Warning: count(): Parameter must be an array or an object that implements Countable in /var/www/fog/lib/plugins/accesscontrol/pages/accesscontrolmanagementpage.class.php on line 1567’, referer: https://10.4.47.15/fog/management/index.php?node=accesscontrol&sub=edit&id=2
[Tue Aug 08 00:00:01.815318 2023] [mpm_prefork:notice] [pid 531] AH00171: Graceful restart requested, doing restart
[Tue Aug 08 00:00:01.984166 2023] [mpm_prefork:notice] [pid 531] AH00163: Apache/2.4.56 (Debian) OpenSSL/1.1.1n configured – resuming normal operations
[Tue Aug 08 00:00:01.984214 2023] [core:notice] [pid 531] AH00094: Command line: ‘/usr/sbin/apache2’
[Wed Aug 09 00:00:02.016463 2023] [mpm_prefork:notice] [pid 531] AH00171: Graceful restart requested, doing restart
[Wed Aug 09 00:00:02.100553 2023] [mpm_prefork:notice] [pid 531] AH00163: Apache/2.4.56 (Debian) OpenSSL/1.1.1n configured – resuming normal operations
[Wed Aug 09 00:00:02.100688 2023] [core:notice] [pid 531] AH00094: Command line: ‘/usr/sbin/apache2’
[Wed Aug 09 04:31:27.811881 2023] [mpm_prefork:notice] [pid 540] AH00163: Apache/2.4.56 (Debian) OpenSSL/1.1.1n configured – resuming normal operations
[Wed Aug 09 04:31:27.817907 2023] [core:notice] [pid 540] AH00094: Command line: ‘/usr/sbin/apache2’
[Thu Aug 10 00:00:09.901297 2023] [mpm_prefork:notice] [pid 540] AH00171: Graceful restart requested, doing restart
[Thu Aug 10 00:00:09.998560 2023] [mpm_prefork:notice] [pid 540] AH00163: Apache/2.4.56 (Debian) OpenSSL/1.1.1n configured – resuming normal operations
[Thu Aug 10 00:00:09.998670 2023] [core:notice] [pid 540] AH00094: Command line: ‘/usr/sbin/apache2’
[Fri Aug 11 00:00:09.735719 2023] [mpm_prefork:notice] [pid 540] AH00171: Graceful restart requested, doing restart
[Fri Aug 11 00:00:09.921163 2023] [mpm_prefork:notice] [pid 540] AH00163: Apache/2.4.56 (Debian) OpenSSL/1.1.1n configured – resuming normal operations
[Fri Aug 11 00:00:09.921299 2023] [core:notice] [pid 540] AH00094: Command line: ‘/usr/sbin/apache2’
[Fri Aug 11 21:39:53.916653 2023] [proxy_fcgi:error] [pid 240583] [client 10.4.47.20:53244] AH01071: Got error ‘PHP message: Plugin LDAP::authLDAP() Cannot bind to the LDAP server ldaps://10.4.47.11:636’, referer: https://imaging.starshipfrontier.org/fog/management/index.php
[Fri Aug 11 21:40:06.251910 2023] [proxy_fcgi:error] [pid 243872] [client 10.4.47.20:53294] AH01071: Got error ‘PHP message: Plugin LDAP::authLDAP() Cannot bind to the LDAP server ldaps://10.4.47.11:636’, referer: https://imaging.starshipfrontier.org/fog/management/index.php?node=home
[Fri Aug 11 21:48:05.584313 2023] [proxy_fcgi:error] [pid 241157] [client 10.4.47.20:53488] AH01071: Got error ‘PHP message: Plugin LDAP::authLDAP() Cannot bind to the LDAP server ldaps://10.4.47.11:636’, referer: https://imaging.starshipfrontier.org/fog/management/index.php?node=home
[Fri Aug 11 21:50:21.604921 2023] [proxy_fcgi:error] [pid 240581] [client 10.4.47.20:53634] AH01071: Got error ‘PHP message: Plugin LDAP::_result(). Search Method: read; Filter: (&(|(objectcategory=person)(objectclass=person))(samaccountname=testuser)); Result: 0PHP message: Plugin LDAP::authLDAP() Search results returned false. Search DN: cn=fog access,cn=users,dc=starshipfrontier,dc=org; Filter: (&(|(objectcategory=person)(objectclass=person))(samaccountname=testuser))’, referer: https://imaging.starshipfrontier.org/fog/management/index.php?node=home
[Sat Aug 12 00:00:08.991748 2023] [mpm_prefork:notice] [pid 540] AH00171: Graceful restart requested, doing restart
[Sat Aug 12 00:00:09.063853 2023] [mpm_prefork:notice] [pid 540] AH00163: Apache/2.4.56 (Debian) OpenSSL/1.1.1n configured – resuming normal operations
[Sat Aug 12 00:00:09.063902 2023] [core:notice] [pid 540] AH00094: Command line: ‘/usr/sbin/apache2’
[Sat Aug 12 15:06:48.571781 2023] [proxy_fcgi:error] [pid 384269] [client 10.4.47.112:59086] AH01071: Got error ‘PHP message: Plugin LDAP::authLDAP() Cannot bind to the LDAP server ldaps://10.4.47.11:636’, referer: https://imaging.starshipfrontier.org/fog/management/index.php
[Sat Aug 12 15:07:31.079594 2023] [proxy_fcgi:error] [pid 384272] [client 10.4.47.112:59193] AH01071: Got error ‘PHP message: Plugin LDAP::authLDAP() Cannot bind to the LDAP server ldaps://10.4.47.11:636’, referer: https://imaging.starshipfrontier.org/fog/management/index.php?node=home
[Sat Aug 12 15:08:33.554488 2023] [proxy_fcgi:error] [pid 384270] [client 10.4.47.112:59344] AH01071: Got error ‘PHP message: Plugin LDAP::authLDAP() Cannot bind to the LDAP server ldaps://10.4.47.11:636’, referer: https://imaging.starshipfrontier.org/fog/management/index.php?node=home
[Sat Aug 12 15:29:30.445273 2023] [proxy_fcgi:error] [pid 388359] [client 10.4.47.20:54038] AH01071: Got error ‘PHP message: PHP Warning: count(): Parameter must be an array or an object that implements Countable in /var/www/fog/lib/plugins/accesscontrol/pages/accesscontrolmanagementpage.class.php on line 1842’, referer: https://imaging.starshipfrontier.org/fog/management/index.php?node=accesscontrol&sub=edit&id=2
[Sat Aug 12 19:08:25.574792 2023] [mpm_prefork:notice] [pid 652] AH00163: Apache/2.4.56 (Debian) OpenSSL/1.1.1n configured – resuming normal operations
[Sat Aug 12 19:08:25.575124 2023] [core:notice] [pid 652] AH00094: Command line: ‘/usr/sbin/apache2’
[Sun Aug 13 00:00:07.544817 2023] [mpm_prefork:notice] [pid 652] AH00171: Graceful restart requested, doing restart
[Sun Aug 13 00:00:07.613117 2023] [mpm_prefork:notice] [pid 652] AH00163: Apache/2.4.56 (Debian) OpenSSL/1.1.1n configured – resuming normal operations
[Sun Aug 13 00:00:07.613159 2023] [core:notice] [pid 652] AH00094: Command line: ‘/usr/sbin/apache2’
[Sun Aug 13 16:21:16.796515 2023] [mpm_prefork:notice] [pid 652] AH00170: caught SIGWINCH, shutting down gracefully
[Sun Aug 13 16:21:33.268305 2023] [mpm_prefork:notice] [pid 102477] AH00163: Apache/2.4.56 (Debian) OpenSSL/1.1.1n configured – resuming normal operations
[Sun Aug 13 16:21:33.268427 2023] [core:notice] [pid 102477] AH00094: Command line: ‘/usr/sbin/apache2’
[Sun Aug 13 16:34:08.058378 2023] [proxy_fcgi:error] [pid 102486] [client 10.4.47.11:57720] AH01071: Got error ‘PHP message: PHP Warning: ldap_unbind() expects parameter 1 to be resource, null given in /var/www/fog/lib/plugins/ldap/class/ldap.class.php on line 124PHP message: Plugin LDAP::authLDAP() Cannot bind to the LDAP server ldaps://10.4.47.11:636’, referer: https://imaging.starshipfrontier.org/fog/management/index.php
[Sun Aug 13 16:35:59.989466 2023] [proxy_fcgi:error] [pid 102486] [client 10.4.47.11:58387] AH01071: Got error ‘PHP message: PHP Warning: ldap_unbind() expects parameter 1 to be resource, null given in /var/www/fog/lib/plugins/ldap/class/ldap.class.php on line 124PHP message: Plugin LDAP::_result(). Search Method: search; Filter: (&(|(objectcategory=person)(objectclass=person))(samaccountname=testuser)); Result: 0PHP message: Plugin LDAP::authLDAP() Search results returned false. Search DN: ou=fog access,dc=starshipfrontier,dc=org; Filter: (&(|(objectcategory=person)(objectclass=person))(samaccountname=testuser))’, referer: https://imaging.starshipfrontier.org/fog/management/index.php
[Sun Aug 13 16:36:09.290338 2023] [proxy_fcgi:error] [pid 102488] [client 10.4.47.11:58475] AH01071: Got error ‘PHP message: PHP Warning: ldap_unbind() expects parameter 1 to be resource, null given in /var/www/fog/lib/plugins/ldap/class/ldap.class.php on line 124PHP message: Plugin LDAP::_result(). Search Method: search; Filter: (&(|(objectcategory=person)(objectclass=person))(samaccountname=testuser)); Result: 0PHP message: Plugin LDAP::authLDAP() Search results returned false. Search DN: ou=fog access,dc=starshipfrontier,dc=org; Filter: (&(|(objectcategory=person)(objectclass=person))(samaccountname=testuser))’, referer: https://imaging.starshipfrontier.org/fog/management/index.php?node=homeso it sounds like it is at least searching now, but not finding anyone, even though I have added people to the OU. I have created a group under the OU called fog access and added everyone who needs access to thata group. I have it set to the following image:
Any ideas?
-
@anwoke8204 Do you have multiple LDAP entries?
I ask because it’s still looking at ldaps at port 636 which might be confusing some things when looking at logs. This isn’t hte main issue of course, but just a thought.
Next, your Search base DN is generally the base level to begin searching.
So, just for example,
If your group search is
ou=fog acces,dc=starshipfrontier,dc=org
Your search base DN is most likely
dc=starshipfrontier,dc=org
Why?
becase it’s looking for an OU in FOG Access OU for OU FOG Access (you see the issue?)
Similarly, you have Base Only for search scope. I would recommend having this set to subtree and below.
-
I think you’re misunderstanding what those fields are asking for. Those fields are asking which OU in which fog should look for the groups and users. Then you specify the groups with access in the admin group field.
-
@Tom-Elliott Ok I made those changes, as shown below:
here is the current logs:
[Sun Aug 06 19:30:52.251791 2023] [mpm_event:notice] [pid 2231:tid 140720057064768] AH00489: Apache/2.4.56 (Debian) configured – resuming normal operations
[Sun Aug 06 19:30:52.252004 2023] [core:notice] [pid 2231:tid 140720057064768] AH00094: Command line: ‘/usr/sbin/apache2’
[Sun Aug 06 19:32:53.721269 2023] [mpm_event:notice] [pid 2231:tid 140720057064768] AH00492: caught SIGWINCH, shutting down gracefully
[Sun Aug 06 19:32:53.800758 2023] [mpm_prefork:notice] [pid 15542] AH00163: Apache/2.4.56 (Debian) configured – resuming normal operations
[Sun Aug 06 19:32:53.801014 2023] [core:notice] [pid 15542] AH00094: Command line: ‘/usr/sbin/apache2’
[Sun Aug 06 19:32:54.085464 2023] [mpm_prefork:notice] [pid 15542] AH00170: caught SIGWINCH, shutting down gracefully
[Sun Aug 06 19:32:54.221866 2023] [mpm_prefork:notice] [pid 15583] AH00163: Apache/2.4.56 (Debian) configured – resuming normal operations
[Sun Aug 06 19:32:54.221984 2023] [core:notice] [pid 15583] AH00094: Command line: ‘/usr/sbin/apache2’
[Sun Aug 06 19:34:47.821763 2023] [mpm_prefork:notice] [pid 15583] AH00170: caught SIGWINCH, shutting down gracefully
[Sun Aug 06 19:35:03.529765 2023] [mpm_prefork:notice] [pid 25041] AH00163: Apache/2.4.56 (Debian) OpenSSL/1.1.1n configured – resuming normal operations
[Sun Aug 06 19:35:03.529963 2023] [core:notice] [pid 25041] AH00094: Command line: ‘/usr/sbin/apache2’
[Sun Aug 06 20:25:54.324902 2023] [mpm_prefork:notice] [pid 25041] AH00170: caught SIGWINCH, shutting down gracefully
[Sun Aug 06 20:33:40.014130 2023] [mpm_prefork:notice] [pid 531] AH00163: Apache/2.4.56 (Debian) OpenSSL/1.1.1n configured – resuming normal operations
[Sun Aug 06 20:33:40.018076 2023] [core:notice] [pid 531] AH00094: Command line: ‘/usr/sbin/apache2’
[Sun Aug 06 21:16:32.086362 2023] [proxy_fcgi:error] [pid 1795] [client 10.4.47.20:64615] AH01071: Got error ‘PHP message: PHP Warning: count(): Parameter must be an array or an object that implements Countable in /var/www/fog/lib/plugins/accesscontrol/pages/accesscontrolmanagementpage.class.php on line 1842’, referer: https://10.4.47.15/fog/management/index.php?node=accesscontrol&sub=edit&id=1
[Sun Aug 06 21:16:39.710985 2023] [proxy_fcgi:error] [pid 2036] [client 10.4.47.20:64776] AH01071: Got error ‘PHP message: PHP Warning: count(): Parameter must be an array or an object that implements Countable in /var/www/fog/lib/plugins/accesscontrol/pages/accesscontrolmanagementpage.class.php on line 1774’, referer: https://10.4.47.15/fog/management/index.php?node=accesscontrol&sub=membership&id=1
[Sun Aug 06 21:16:47.843843 2023] [proxy_fcgi:error] [pid 2227] [client 10.4.47.20:64954] AH01071: Got error ‘PHP message: PHP Warning: count(): Parameter must be an array or an object that implements Countable in /var/www/fog/lib/plugins/accesscontrol/pages/accesscontrolmanagementpage.class.php on line 1774’, referer: https://10.4.47.15/fog/management/index.php?node=accesscontrol&sub=membership&id=1
[Sun Aug 06 21:17:04.639901 2023] [proxy_fcgi:error] [pid 2227] [client 10.4.47.20:65261] AH01071: Got error ‘PHP message: PHP Warning: count(): Parameter must be an array or an object that implements Countable in /var/www/fog/lib/plugins/accesscontrol/pages/accesscontrolmanagementpage.class.php on line 1567’, referer: https://10.4.47.15/fog/management/index.php?node=accesscontrol&sub=edit&id=2
[Tue Aug 08 00:00:01.815318 2023] [mpm_prefork:notice] [pid 531] AH00171: Graceful restart requested, doing restart
[Tue Aug 08 00:00:01.984166 2023] [mpm_prefork:notice] [pid 531] AH00163: Apache/2.4.56 (Debian) OpenSSL/1.1.1n configured – resuming normal operations
[Tue Aug 08 00:00:01.984214 2023] [core:notice] [pid 531] AH00094: Command line: ‘/usr/sbin/apache2’
[Wed Aug 09 00:00:02.016463 2023] [mpm_prefork:notice] [pid 531] AH00171: Graceful restart requested, doing restart
[Wed Aug 09 00:00:02.100553 2023] [mpm_prefork:notice] [pid 531] AH00163: Apache/2.4.56 (Debian) OpenSSL/1.1.1n configured – resuming normal operations
[Wed Aug 09 00:00:02.100688 2023] [core:notice] [pid 531] AH00094: Command line: ‘/usr/sbin/apache2’
[Wed Aug 09 04:31:27.811881 2023] [mpm_prefork:notice] [pid 540] AH00163: Apache/2.4.56 (Debian) OpenSSL/1.1.1n configured – resuming normal operations
[Wed Aug 09 04:31:27.817907 2023] [core:notice] [pid 540] AH00094: Command line: ‘/usr/sbin/apache2’
[Thu Aug 10 00:00:09.901297 2023] [mpm_prefork:notice] [pid 540] AH00171: Graceful restart requested, doing restart
[Thu Aug 10 00:00:09.998560 2023] [mpm_prefork:notice] [pid 540] AH00163: Apache/2.4.56 (Debian) OpenSSL/1.1.1n configured – resuming normal operations
[Thu Aug 10 00:00:09.998670 2023] [core:notice] [pid 540] AH00094: Command line: ‘/usr/sbin/apache2’
[Fri Aug 11 00:00:09.735719 2023] [mpm_prefork:notice] [pid 540] AH00171: Graceful restart requested, doing restart
[Fri Aug 11 00:00:09.921163 2023] [mpm_prefork:notice] [pid 540] AH00163: Apache/2.4.56 (Debian) OpenSSL/1.1.1n configured – resuming normal operations
[Fri Aug 11 00:00:09.921299 2023] [core:notice] [pid 540] AH00094: Command line: ‘/usr/sbin/apache2’
[Fri Aug 11 21:39:53.916653 2023] [proxy_fcgi:error] [pid 240583] [client 10.4.47.20:53244] AH01071: Got error ‘PHP message: Plugin LDAP::authLDAP() Cannot bind to the LDAP server ldaps://10.4.47.11:636’, referer: https://imaging.starshipfrontier.org/fog/management/index.php
[Fri Aug 11 21:40:06.251910 2023] [proxy_fcgi:error] [pid 243872] [client 10.4.47.20:53294] AH01071: Got error ‘PHP message: Plugin LDAP::authLDAP() Cannot bind to the LDAP server ldaps://10.4.47.11:636’, referer: https://imaging.starshipfrontier.org/fog/management/index.php?node=home
[Fri Aug 11 21:48:05.584313 2023] [proxy_fcgi:error] [pid 241157] [client 10.4.47.20:53488] AH01071: Got error ‘PHP message: Plugin LDAP::authLDAP() Cannot bind to the LDAP server ldaps://10.4.47.11:636’, referer: https://imaging.starshipfrontier.org/fog/management/index.php?node=home
[Fri Aug 11 21:50:21.604921 2023] [proxy_fcgi:error] [pid 240581] [client 10.4.47.20:53634] AH01071: Got error ‘PHP message: Plugin LDAP::_result(). Search Method: read; Filter: (&(|(objectcategory=person)(objectclass=person))(samaccountname=testuser)); Result: 0PHP message: Plugin LDAP::authLDAP() Search results returned false. Search DN: cn=fog access,cn=users,dc=starshipfrontier,dc=org; Filter: (&(|(objectcategory=person)(objectclass=person))(samaccountname=testuser))’, referer: https://imaging.starshipfrontier.org/fog/management/index.php?node=home
[Sat Aug 12 00:00:08.991748 2023] [mpm_prefork:notice] [pid 540] AH00171: Graceful restart requested, doing restart
[Sat Aug 12 00:00:09.063853 2023] [mpm_prefork:notice] [pid 540] AH00163: Apache/2.4.56 (Debian) OpenSSL/1.1.1n configured – resuming normal operations
[Sat Aug 12 00:00:09.063902 2023] [core:notice] [pid 540] AH00094: Command line: ‘/usr/sbin/apache2’
[Sat Aug 12 15:06:48.571781 2023] [proxy_fcgi:error] [pid 384269] [client 10.4.47.112:59086] AH01071: Got error ‘PHP message: Plugin LDAP::authLDAP() Cannot bind to the LDAP server ldaps://10.4.47.11:636’, referer: https://imaging.starshipfrontier.org/fog/management/index.php
[Sat Aug 12 15:07:31.079594 2023] [proxy_fcgi:error] [pid 384272] [client 10.4.47.112:59193] AH01071: Got error ‘PHP message: Plugin LDAP::authLDAP() Cannot bind to the LDAP server ldaps://10.4.47.11:636’, referer: https://imaging.starshipfrontier.org/fog/management/index.php?node=home
[Sat Aug 12 15:08:33.554488 2023] [proxy_fcgi:error] [pid 384270] [client 10.4.47.112:59344] AH01071: Got error ‘PHP message: Plugin LDAP::authLDAP() Cannot bind to the LDAP server ldaps://10.4.47.11:636’, referer: https://imaging.starshipfrontier.org/fog/management/index.php?node=home
[Sat Aug 12 15:29:30.445273 2023] [proxy_fcgi:error] [pid 388359] [client 10.4.47.20:54038] AH01071: Got error ‘PHP message: PHP Warning: count(): Parameter must be an array or an object that implements Countable in /var/www/fog/lib/plugins/accesscontrol/pages/accesscontrolmanagementpage.class.php on line 1842’, referer: https://imaging.starshipfrontier.org/fog/management/index.php?node=accesscontrol&sub=edit&id=2
[Sat Aug 12 19:08:25.574792 2023] [mpm_prefork:notice] [pid 652] AH00163: Apache/2.4.56 (Debian) OpenSSL/1.1.1n configured – resuming normal operations
[Sat Aug 12 19:08:25.575124 2023] [core:notice] [pid 652] AH00094: Command line: ‘/usr/sbin/apache2’
[Sun Aug 13 00:00:07.544817 2023] [mpm_prefork:notice] [pid 652] AH00171: Graceful restart requested, doing restart
[Sun Aug 13 00:00:07.613117 2023] [mpm_prefork:notice] [pid 652] AH00163: Apache/2.4.56 (Debian) OpenSSL/1.1.1n configured – resuming normal operations
[Sun Aug 13 00:00:07.613159 2023] [core:notice] [pid 652] AH00094: Command line: ‘/usr/sbin/apache2’
[Sun Aug 13 16:21:16.796515 2023] [mpm_prefork:notice] [pid 652] AH00170: caught SIGWINCH, shutting down gracefully
[Sun Aug 13 16:21:33.268305 2023] [mpm_prefork:notice] [pid 102477] AH00163: Apache/2.4.56 (Debian) OpenSSL/1.1.1n configured – resuming normal operations
[Sun Aug 13 16:21:33.268427 2023] [core:notice] [pid 102477] AH00094: Command line: ‘/usr/sbin/apache2’
[Sun Aug 13 16:34:08.058378 2023] [proxy_fcgi:error] [pid 102486] [client 10.4.47.11:57720] AH01071: Got error ‘PHP message: PHP Warning: ldap_unbind() expects parameter 1 to be resource, null given in /var/www/fog/lib/plugins/ldap/class/ldap.class.php on line 124PHP message: Plugin LDAP::authLDAP() Cannot bind to the LDAP server ldaps://10.4.47.11:636’, referer: https://imaging.starshipfrontier.org/fog/management/index.php
[Sun Aug 13 16:35:59.989466 2023] [proxy_fcgi:error] [pid 102486] [client 10.4.47.11:58387] AH01071: Got error ‘PHP message: PHP Warning: ldap_unbind() expects parameter 1 to be resource, null given in /var/www/fog/lib/plugins/ldap/class/ldap.class.php on line 124PHP message: Plugin LDAP::_result(). Search Method: search; Filter: (&(|(objectcategory=person)(objectclass=person))(samaccountname=testuser)); Result: 0PHP message: Plugin LDAP::authLDAP() Search results returned false. Search DN: ou=fog access,dc=starshipfrontier,dc=org; Filter: (&(|(objectcategory=person)(objectclass=person))(samaccountname=testuser))’, referer: https://imaging.starshipfrontier.org/fog/management/index.php
[Sun Aug 13 16:36:09.290338 2023] [proxy_fcgi:error] [pid 102488] [client 10.4.47.11:58475] AH01071: Got error ‘PHP message: PHP Warning: ldap_unbind() expects parameter 1 to be resource, null given in /var/www/fog/lib/plugins/ldap/class/ldap.class.php on line 124PHP message: Plugin LDAP::_result(). Search Method: search; Filter: (&(|(objectcategory=person)(objectclass=person))(samaccountname=testuser)); Result: 0PHP message: Plugin LDAP::authLDAP() Search results returned false. Search DN: ou=fog access,dc=starshipfrontier,dc=org; Filter: (&(|(objectcategory=person)(objectclass=person))(samaccountname=testuser))’, referer: https://imaging.starshipfrontier.org/fog/management/index.php?node=home
[Sun Aug 13 16:56:45.618531 2023] [proxy_fcgi:error] [pid 138547] [client 10.4.47.20:53666] AH01071: Got error ‘PHP message: PHP Warning: ldap_unbind() expects parameter 1 to be resource, null given in /var/www/fog/lib/plugins/ldap/class/ldap.class.php on line 124PHP message: Plugin LDAP::_result(). Search Method: read; Filter: (&(|(objectcategory=person)(objectclass=person))(samaccountname=testuser)); Result: 0PHP message: Plugin LDAP::authLDAP() Search results returned false. Search DN: ou=fog access,dc=starshipfrontier,dc=org; Filter: (&(|(objectcategory=person)(objectclass=person))(samaccountname=testuser))’, referer: https://imaging.starshipfrontier.org/fog/management/index.php
[Sun Aug 13 16:56:53.660659 2023] [proxy_fcgi:error] [pid 102484] [client 10.4.47.20:53752] AH01071: Got error ‘PHP message: PHP Warning: ldap_unbind() expects parameter 1 to be resource, null given in /var/www/fog/lib/plugins/ldap/class/ldap.class.php on line 124PHP message: Plugin LDAP::_result(). Search Method: read; Filter: (&(|(objectcategory=person)(objectclass=person))(samaccountname=testuser)); Result: 0PHP message: Plugin LDAP::authLDAP() Search results returned false. Search DN: ou=fog access,dc=starshipfrontier,dc=org; Filter: (&(|(objectcategory=person)(objectclass=person))(samaccountname=testuser))’, referer: https://imaging.starshipfrontier.org/fog/management/index.php?node=home
[Mon Aug 14 00:00:06.823626 2023] [mpm_prefork:notice] [pid 102477] AH00171: Graceful restart requested, doing restart
[Mon Aug 14 00:00:06.887470 2023] [mpm_prefork:notice] [pid 102477] AH00163: Apache/2.4.56 (Debian) OpenSSL/1.1.1n configured – resuming normal operations
[Mon Aug 14 00:00:06.887519 2023] [core:notice] [pid 102477] AH00094: Command line: ‘/usr/sbin/apache2’
[Mon Aug 14 18:51:17.243994 2023] [proxy_fcgi:error] [pid 180550] [client 10.4.47.138:59706] AH01071: Got error ‘PHP message: PHP Warning: ldap_unbind() expects parameter 1 to be resource, null given in /var/www/fog/lib/plugins/ldap/class/ldap.class.php on line 124PHP message: Plugin LDAP::_result(). Search Method: search; Filter: (&(|(name=fog admins))(member=CN=test user,CN=Users,DC=starshipfrontier,DC=org)); Result: 0PHP message: Plugin LDAP::_result(). Search Method: search; Filter: (&(|(name=))(member=CN=test user,CN=Users,DC=starshipfrontier,DC=org)); Result: 0PHP message: Plugin LDAP::authLDAP() Access level is still 0 or false. No access is allowed!’, referer: https://imaging.starshipfrontier.org/fog/management/index.php
[Mon Aug 14 18:51:23.839265 2023] [proxy_fcgi:error] [pid 218876] [client 10.4.47.138:59716] AH01071: Got error ‘PHP message: PHP Warning: ldap_unbind() expects parameter 1 to be resource, null given in /var/www/fog/lib/plugins/ldap/class/ldap.class.php on line 124PHP message: Plugin LDAP::authLDAP() User was not authorized by the LDAP server. User DN: CN=test user,CN=Users,DC=starshipfrontier,DC=org’, referer: https://imaging.starshipfrontier.org/fog/management/index.php?node=home
[Mon Aug 14 18:51:30.968838 2023] [proxy_fcgi:error] [pid 180553] [client 10.4.47.138:59725] AH01071: Got error ‘PHP message: PHP Warning: ldap_unbind() expects parameter 1 to be resource, null given in /var/www/fog/lib/plugins/ldap/class/ldap.class.php on line 124PHP message: Plugin LDAP::_result(). Search Method: search; Filter: (&(|(name=fog admins))(member=CN=test user,CN=Users,DC=starshipfrontier,DC=org)); Result: 0PHP message: Plugin LDAP::_result(). Search Method: search; Filter: (&(|(name=))(member=CN=test user,CN=Users,DC=starshipfrontier,DC=org)); Result: 0PHP message: Plugin LDAP::authLDAP() Access level is still 0 or false. No access is allowed!’, referer: https://imaging.starshipfrontier.org/fog/management/index.php?node=home
[Mon Aug 14 18:57:02.932809 2023] [proxy_fcgi:error] [pid 217297] [client 10.4.47.138:59915] AH01071: Got error ‘PHP message: PHP Warning: ldap_unbind() expects parameter 1 to be resource, null given in /var/www/fog/lib/plugins/ldap/class/ldap.class.php on line 124PHP message: Plugin LDAP::authLDAP() Cannot bind to the LDAP server ldap://10.4.47.11:389’, referer: https://imaging.starshipfrontier.org/fog/management/index.phpif im reading it right, it looks like its not getting access still. any ideas?
-
@anwoke8204 To @astrugatch as well:
So “Search Base” is where it’s going to begin searching for Users.
Group Base is where it’s going to being looking for all the groups.
Does the Group (your admin group) named fog admins, exist in the OU FOG Access of your domain tree?
Does testuser exist as “fog admins”?
-
@Tom-Elliott yes the admin group exists. everything is in the Fog access OU, in the Fog access group we have regular technicians who need access (who are found in just the users OU), and in the Fog Admin group we have those who need Admin access to it. In the Fog Access group, there are 3 security groups that are listed in the users OU that I have added to the Fog Access group. test user is NOT in either group as is just a user that has been created in the OU
-
@Tom-Elliott @astrugatch @george1421 Anyone have any ideas? I can get other things like Openfire XMPP server using AD just fine, but am having issues with getting Fog going. could there be a plugin or php package I am missing that I need to install?
-
@anwoke8204 Lets start by taking the space out of the OU name for “Fog Access”, on the linux side that may require you to escape that space (more complicated then necessary). If your user account NT style naming for users have a space in the name get rid of that too. Looking at users and groups too, just get rid of spaces to eliminate that issue.
-
@anwoke8204 said in Configuring LDAP Authentication:
@george1421 here is what the apache error log says when i try to use a user in the AD:
[Sun Aug 06 19:30:52.251791 2023] [mpm_event:notice] [pid 2231:tid 140720057064768] AH00489: Apache/2.4.56 (Debian) configured – resuming normal operations
[Sun Aug 06 19:30:52.252004 2023] [core:notice] [pid 2231:tid 140720057064768] AH00094: Command line: ‘/usr/sbin/apache2’
[Sun Aug 06 19:32:53.721269 2023] [mpm_event:notice] [pid 2231:tid 140720057064768] AH00492: caught SIGWINCH, shutting down gracefully
[Sun Aug 06 19:32:53.800758 2023] [mpm_prefork:notice] [pid 15542] AH00163: Apache/2.4.56 (Debian) configured – resuming normal operations
[Sun Aug 06 19:32:53.801014 2023] [core:notice] [pid 15542] AH00094: Command line: ‘/usr/sbin/apache2’
[Sun Aug 06 19:32:54.085464 2023] [mpm_prefork:notice] [pid 15542] AH00170: caught SIGWINCH, shutting down gracefully
[Sun Aug 06 19:32:54.221866 2023] [mpm_prefork:notice] [pid 15583] AH00163: Apache/2.4.56 (Debian) configured – resuming normal operations
[Sun Aug 06 19:32:54.221984 2023] [core:notice] [pid 15583] AH00094: Command line: ‘/usr/sbin/apache2’
[Sun Aug 06 19:34:47.821763 2023] [mpm_prefork:notice] [pid 15583] AH00170: caught SIGWINCH, shutting down gracefully
[Sun Aug 06 19:35:03.529765 2023] [mpm_prefork:notice] [pid 25041] AH00163: Apache/2.4.56 (Debian) OpenSSL/1.1.1n configured – resuming normal operations
[Sun Aug 06 19:35:03.529963 2023] [core:notice] [pid 25041] AH00094: Command line: ‘/usr/sbin/apache2’
[Sun Aug 06 20:25:54.324902 2023] [mpm_prefork:notice] [pid 25041] AH00170: caught SIGWINCH, shutting down gracefully
[Sun Aug 06 20:33:40.014130 2023] [mpm_prefork:notice] [pid 531] AH00163: Apache/2.4.56 (Debian) OpenSSL/1.1.1n configured – resuming normal operations
[Sun Aug 06 20:33:40.018076 2023] [core:notice] [pid 531] AH00094: Command line: ‘/usr/sbin/apache2’
[Sun Aug 06 21:16:32.086362 2023] [proxy_fcgi:error] [pid 1795] [client 10.4.47.20:64615] AH01071: Got error ‘PHP message: PHP Warning: count(): Parameter must be an array or an object that implements Countable in /var/www/fog/lib/plugins/accesscontrol/pages/accesscontrolmanagementpage.class.php on line 1842’, referer: https://10.4.47.15/fog/management/index.php?node=accesscontrol&sub=edit&id=1
[Sun Aug 06 21:16:39.710985 2023] [proxy_fcgi:error] [pid 2036] [client 10.4.47.20:64776] AH01071: Got error ‘PHP message: PHP Warning: count(): Parameter must be an array or an object that implements Countable in /var/www/fog/lib/plugins/accesscontrol/pages/accesscontrolmanagementpage.class.php on line 1774’, referer: https://10.4.47.15/fog/management/index.php?node=accesscontrol&sub=membership&id=1
[Sun Aug 06 21:16:47.843843 2023] [proxy_fcgi:error] [pid 2227] [client 10.4.47.20:64954] AH01071: Got error ‘PHP message: PHP Warning: count(): Parameter must be an array or an object that implements Countable in /var/www/fog/lib/plugins/accesscontrol/pages/accesscontrolmanagementpage.class.php on line 1774’, referer: https://10.4.47.15/fog/management/index.php?node=accesscontrol&sub=membership&id=1
[Sun Aug 06 21:17:04.639901 2023] [proxy_fcgi:error] [pid 2227] [client 10.4.47.20:65261] AH01071: Got error ‘PHP message: PHP Warning: count(): Parameter must be an array or an object that implements Countable in /var/www/fog/lib/plugins/accesscontrol/pages/accesscontrolmanagementpage.class.php on line 1567’, referer: https://10.4.47.15/fog/management/index.php?node=accesscontrol&sub=edit&id=2
[Tue Aug 08 00:00:01.815318 2023] [mpm_prefork:notice] [pid 531] AH00171: Graceful restart requested, doing restart
[Tue Aug 08 00:00:01.984166 2023] [mpm_prefork:notice] [pid 531] AH00163: Apache/2.4.56 (Debian) OpenSSL/1.1.1n configured – resuming normal operations
[Tue Aug 08 00:00:01.984214 2023] [core:notice] [pid 531] AH00094: Command line: ‘/usr/sbin/apache2’
[Wed Aug 09 00:00:02.016463 2023] [mpm_prefork:notice] [pid 531] AH00171: Graceful restart requested, doing restart
[Wed Aug 09 00:00:02.100553 2023] [mpm_prefork:notice] [pid 531] AH00163: Apache/2.4.56 (Debian) OpenSSL/1.1.1n configured – resuming normal operations
[Wed Aug 09 00:00:02.100688 2023] [core:notice] [pid 531] AH00094: Command line: ‘/usr/sbin/apache2’
[Wed Aug 09 04:31:27.811881 2023] [mpm_prefork:notice] [pid 540] AH00163: Apache/2.4.56 (Debian) OpenSSL/1.1.1n configured – resuming normal operations
[Wed Aug 09 04:31:27.817907 2023] [core:notice] [pid 540] AH00094: Command line: ‘/usr/sbin/apache2’
[Thu Aug 10 00:00:09.901297 2023] [mpm_prefork:notice] [pid 540] AH00171: Graceful restart requested, doing restart
[Thu Aug 10 00:00:09.998560 2023] [mpm_prefork:notice] [pid 540] AH00163: Apache/2.4.56 (Debian) OpenSSL/1.1.1n configured – resuming normal operations
[Thu Aug 10 00:00:09.998670 2023] [core:notice] [pid 540] AH00094: Command line: ‘/usr/sbin/apache2’
[Fri Aug 11 00:00:09.735719 2023] [mpm_prefork:notice] [pid 540] AH00171: Graceful restart requested, doing restart
[Fri Aug 11 00:00:09.921163 2023] [mpm_prefork:notice] [pid 540] AH00163: Apache/2.4.56 (Debian) OpenSSL/1.1.1n configured – resuming normal operations
[Fri Aug 11 00:00:09.921299 2023] [core:notice] [pid 540] AH00094: Command line: ‘/usr/sbin/apache2’
[Fri Aug 11 21:39:53.916653 2023] [proxy_fcgi:error] [pid 240583] [client 10.4.47.20:53244] AH01071: Got error ‘PHP message: Plugin LDAP::authLDAP() Cannot bind to the LDAP server ldaps://10.4.47.11:636’, referer: https://imaging.starshipfrontier.org/fog/management/index.php
[Fri Aug 11 21:40:06.251910 2023] [proxy_fcgi:error] [pid 243872] [client 10.4.47.20:53294] AH01071: Got error ‘PHP message: Plugin LDAP::authLDAP() Cannot bind to the LDAP server ldaps://10.4.47.11:636’, referer: https://imaging.starshipfrontier.org/fog/management/index.php?node=home
[Fri Aug 11 21:48:05.584313 2023] [proxy_fcgi:error] [pid 241157] [client 10.4.47.20:53488] AH01071: Got error ‘PHP message: Plugin LDAP::authLDAP() Cannot bind to the LDAP server ldaps://10.4.47.11:636’, referer: https://imaging.starshipfrontier.org/fog/management/index.php?node=home
[Fri Aug 11 21:50:21.604921 2023] [proxy_fcgi:error] [pid 240581] [client 10.4.47.20:53634] AH01071: Got error ‘PHP message: Plugin LDAP::_result(). Search Method: read; Filter: (&(|(objectcategory=person)(objectclass=person))(samaccountname=testuser)); Result: 0PHP message: Plugin LDAP::authLDAP() Search results returned false. Search DN: cn=fog access,cn=users,dc=starshipfrontier,dc=org; Filter: (&(|(objectcategory=person)(objectclass=person))(samaccountname=testuser))’, referer: https://imaging.starshipfrontier.org/fog/management/index.php?node=home
[Sat Aug 12 00:00:08.991748 2023] [mpm_prefork:notice] [pid 540] AH00171: Graceful restart requested, doing restart
[Sat Aug 12 00:00:09.063853 2023] [mpm_prefork:notice] [pid 540] AH00163: Apache/2.4.56 (Debian) OpenSSL/1.1.1n configured – resuming normal operations
[Sat Aug 12 00:00:09.063902 2023] [core:notice] [pid 540] AH00094: Command line: ‘/usr/sbin/apache2’
[Sat Aug 12 15:06:48.571781 2023] [proxy_fcgi:error] [pid 384269] [client 10.4.47.112:59086] AH01071: Got error ‘PHP message: Plugin LDAP::authLDAP() Cannot bind to the LDAP server ldaps://10.4.47.11:636’, referer: https://imaging.starshipfrontier.org/fog/management/index.php
[Sat Aug 12 15:07:31.079594 2023] [proxy_fcgi:error] [pid 384272] [client 10.4.47.112:59193] AH01071: Got error ‘PHP message: Plugin LDAP::authLDAP() Cannot bind to the LDAP server ldaps://10.4.47.11:636’, referer: https://imaging.starshipfrontier.org/fog/management/index.php?node=homeSuper Mario
[Sat Aug 12 15:08:33.554488 2023] [proxy_fcgi:error] [pid 384270] [client 10.4.47.112:59344] AH01071: Got error ‘PHP message: Plugin LDAP::authLDAP() Cannot bind to the LDAP server ldaps://10.4.47.11:636’, referer: https://imaging.starshipfrontier.org/fog/management/index.php?node=homeI think you should upgrade ldaps to the latest version. Hope to find a solution soon
-
@orborneee When I installed the new server on May, I had problems with the LDAP autentication. I don´t know if your problem is the same but you can test if works.
Edit the /var/www/html/fog/lib/plugins/ldap/class/ldap.class.php file and comment the line 235://@$this->unbind();
-
@Fernando-Gietz I tried this fix, restarted php8 and was able to log in via LDAP auth but the domain user that I logged in as does not appear in the Users list. I remember this part did populate the user as I would then assign the user to Technician or Administrator via Access Control.
-
@DBCountMan If I recall correctly, this is on purpose. It’s been a while since I looked at it, but we set LDAP users to a specific set of identifiers and filter those out of the view because things you can do with local users (change password, etc…) you should not be able to do with LDAP based users.