LDAP authentication against Windows AD
Hi Janos,
I tried to enable ldap auth against my Windows AD. This is what I've put in the config.php: $config['ENABLE_LDAP_AUTH'] = 1; $config['LDAP_HOST'] = 'sys-dc05.shared.local'; $config['LDAP_HELPER_DN'] = 'cn=SYS-PILER-HELPER,ou=Users,ou=SYS,dc=shared,dc=local'; $config['LDAP_HELPER_PASSWORD'] = 'SYS-PILER-HELPER'; $config['LDAP_MAIL_ATTR'] = 'mail'; $config['LDAP_ACCOUNT_OBJECTCLASS'] = 'user'; $config['LDAP_BASE_DN'] = 'ou=hosted,dc=shared,dc=local';
However, after I put my credentials in the login form, I get an empty page from login.php. Am I missing something??
Thanks! Ronald
Comments (5)
-
repo owner -
reporter Hi Janos,
I installed the package, however, no matter what I type as user and pass (valid and invalid) after hitting ‘submit’, I see that the url changes to ‘http://sys-piler01.shared.local/search.php’ but I see still the login form (please see attachment). I use google chrome to access piler.
Do you know where ldap stuff is logged? And if my config.php is allright (objectclass etc) (note that the last two lines are commented out)?
It’s like below:
$config['ENABLE_LDAP_AUTH'] = 1; //enable $config['LDAP_HOST'] = 'sys-dc05.shared.local'; // my dc $config['LDAP_HELPER_DN'] = 'cn=SYS-PILER-HELPER,ou=Users,ou=SYS,dc=shared,dc=local'; //dsn of my helper $config['LDAP_HELPER_PASSWORD'] = 'SYS-PILER-HELPER'; // it’s password $config['LDAP_MAIL_ATTR'] = 'mail'; // mail attribute of the logged on user $config['LDAP_ACCOUNT_OBJECTCLASS'] = 'user'; //objectclass $config['LDAP_BASE_DN'] = 'ou=hosted,dc=shared,dc=local'; //base DN, all users are in sub ou’s underneath this one //$config['LDAP_DISTRIBUTIONLIST_OBJECTCLASS'] = 'zimbraDistributionList'; //commented out //$config['LDAP_DISTRIBUTIONLIST_ATTR'] = 'zimbraMailForwardingAddress'; //commented out
Thanks! Ronald
-
repo owner Hello Ronald,
The login related ldap stuff also goes to /var/log/mail.log. In general look for "piler-webui" to get the syslog messages the gui creates. Please check that the helper account can actually connect to the AD server, and show me the syslog entries related to the login. You may send them to my email address, see "piler -V"
-
reporter OK, thanks, see your mail!
-
repo owner - changed status to resolved
OK, I think we've solved this issue.
- Log in to comment
Hello Ronald, I believe that you miss the php-ldap package.