Authenticating through AD
we downloaded the virtualbox and configure the config-site.php file as instructed. We have the site running and able to log in as the local admin account. but when we enable ldap authentication, we get a server error code 500. we can't even sign in as the local admin account. see attachment for our ldap config.
thanks,
Comments (16)
-
repo owner -
reporter thanks! Now after the update and reboot, i can sign in as admin@local but still can't sign in using an AD account. says invalid email and password.
-
repo owner - is there anything in the maillog file regarding the login?
I take that LDAP_HELPER_DN is a correct LDAP DN (please verify in the ADSI Edit utility). A helper account is required for ldap based login to work.
-
reporter yes, the ldap helper account is correct. i've even use the built-in AD admin account but had no luck. should i be using ldap_sync.php? i read on one issue, you said not to use ldap_sync.
p.s. this is what's happening in maillog.
19 Aug 23 20:19:44 piler piler-webui[882]: sphinx query: 'SELECT id FROM main1 WHERE MATCH('@to **X**** Xorg') ORDER BY
sent
DESC LIMIT 0,1000 OPTION max_matches=1000' in 0.00 s, 0 hits -
repo owner Please edit model/user/auth.php, search for private function checkLoginAgainstLDAP(), and make sure it has
if(isset($query->row['dn']) && $query->row['dn']) {
and not only
if(isset($query->row)) {
I think it will do the trick
-
reporter I did as you instructed, no luck.
-
repo owner How about if I make an OVA file for you tomorrow with the latest possible build?
-
reporter that would be great. thank you for your help!
-
repo owner The ova is ready, please check http://www.mailpiler.org/download/piler-master-branch-2013-08-24.ova
If you experience problem, then reopen this issue.
-
repo owner - changed status to resolved
-
reporter - changed status to open
LDAP isn't working still. here is what i did...
- download and load the ova file you provided.
- update the resolv.conf file to search our domain and change the ip for the nameserver (dns).
- update the hosts file to the ip of piler server and update the dns name
- change the interfaces to match the ip of step
#3 - update timezone
- change all the config as instructed for the config-site.php
- update server_name in piler.conf to match the server name of config-site.php
- add the ldap authentication to the config-ste.php (see original screenshot)
let me know if i am doing something wrong. thanks.
-
reporter looking through the mail.log file now, it is saying
"ldap query, base dn='', filter='(&(objectClass=user) (mail=xxxx@xxxxx.org))', attr='', 0 hits"
-
reporter got it. issue close
-
reporter - changed status to resolved
-
repo owner was it the base dn?
-
reporter yup. a typo on the base dn line.
thanks for all your help
- Log in to comment
Do you have the php ldap package installed? If not, then please execute apt-get update, then apt-get install php5-ldap, then restart the webserver.
Btw. it's now a bit older release, I'll make a vmware version (ova file) available next week.