Confused – can’t authenticate

  • Resolved Steve Cliff

    (@stevecliff)


    6 years, 11 months ago

    Hi,

    I’m being very cheeky here as it isn’t your plugin that’s failing but I’m at my wits end so hoping you don’t mind ??

    I’ve been using wpDirAuth for quite a while now and it’s working fine on the server I have running. However, for a number of reasons I’m having to rebuild on a new server and for the life of me I can’t get LDAP to bind correctly. I’m currently trying to figure out whether LDAP is reliant on anything other than php-ldap to work correctly (I.E. have I not installed/configured something right!)

    Any guidance you can give would be much appreciated!

    Extra Info:

    Working server is a CentOS 7.4 box running a Docker container based on PHP7 version of WordPress (https://github.com/SteveCliff/wpstandard/blob/master/Dockerfile)

    Non-working server is a non-Docker CentOS 7.4 box running Nginx but again on PHP7 (remi release)

    I’ve migrated the WordPress site over to the new server and wpDirAuth initially raised an error saying there wasn’t LDAP support. (I’d forgotten to install php-ldap but after I did that the error went away). Whatever I try though I keep getting a bind error.

    I’ve gone through each dirAuth entry in wp_options to make sure that the settings are the same but no joy. I can telnet through to my LDAP server ok though so the network routing is fine.

    Because I was having so many issues I downloaded your LDAP PHP test code to try with and that won’t bind either (so definitely not your plugin ?? )

    NB. I don’t think your test code would work all the way for me anyway as I have some odd filtering to get our LDAP working correctly – but I was hoping for it to get past the bind and then fail on the search.

    Are there any general hints/tips you can give me to check up on at all given your experience of LDAP?

    Thanks!
    Steve.

Viewing 6 replies - 1 through 6 (of 6 total)
  • Thread Starter Steve Cliff

    (@stevecliff)

    Addendum:

    I’ve also spun up a local uwamp box based on PHP 7.1 with php-ldap configured and getting the same issue ??

    Plugin Author Paul Gilzow

    (@gilzow)

    which specific error message are you receiving?

    Also, do you have openssl installed and configured? If you have ssl/tls enabled, and openssl isnt working, that could create a bind failure as well.

    Thread Starter Steve Cliff

    (@stevecliff)

    Hi Paul,

    Many thanks for the reply!

    The error is: “wpDirAuth config error: No directory server available for authentication, OR pre-binding credentials denied.”. I can’t spot anything else in the Apache logs.

    php_openssl.php is enabled
    Apache ssl_module is enabled (not sure if I need this or not though)

    phpinfo returns the following around openssl:

    OpenSSL support	enabled
OpenSSL Library Version	OpenSSL 1.0.2f 28 Jan 2016
OpenSSL Header Version	OpenSSL 1.0.2m 2 Nov 2017
Openssl default config	/apache24/conf/openssl.cnf

    I’ve just re-created the issue again to make sure, I.E.:

    Download & unzipped uwamp: (from https://www.uwamp.com/file/UwAmp.zip)
    Run uwamp – changed drop down from PHP 5.4 to PHP 7.1
    Download & unzipped WordPress
    Created a user/db
    Run the WordPress install
    Deleted all initial plugins and installed/activated wpDirAuth
    Added in same settings as on the working server

    I think I’ve done the right things here ….. but having worked on this for 3 days now I’m starting to lose the plot – lol!

    Steve.

    Thread Starter Steve Cliff

    (@stevecliff)

    Also, running your LDAP test PHP gives the following:
    https://myhub.devcloud.guru/index.php/s/P21cPQ8Aj6elaSY

    NB. I got the same error on 7.1 but this happened to be 7.0.3 – I was just trying a different PHP version in case that helped.

    Thread Starter Steve Cliff

    (@stevecliff)

    Hi Paul – I have no idea why but it now works …… ! I decided to rebuild another “proper” server (the 4th now!) and used the same scripts as before and LDAP went straight in fine. I am elated that it’s up and working (as I have staff coming in to work tomorrow) but confused as hell as to why it didn’t work initially – lol!

    However, thank you for your comments and willingness to try and help … and once again for a brilliant plugin.

    Once I get over this I may even investigate more around uwamp and why that didn’t work!

    Plugin Author Paul Gilzow

    (@gilzow)

    In looking at your screenshot, normally the bind account at line 304 should just be the samAccountName (or in your case, aoLdapKey), but yours is combined with what appears to be an LDAP filter. So from that, I would have suggested you change line 20 of the test script from (I’m guessing)
    'bindaccount' => '(aoLdapKey=aaa217308,ou=people,dc=*****,dc=com)',
    to
    'bindaccount' => 'aaa217308',
    and then change line 45 from
    'uidfilter' => 'sAMAccountName=',
    to
    'uidfilter' => 'aoLdapKey=',

    But if you didnt change the test script and now everything’s working, then I’m stumped. But glad it’s working.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Confused – can’t authenticate’ is closed to new replies.