View ProjeQtOr On SourceForge.net
ProjeQtOr - Project Management Tool
Support us on Capterra
OIN - Open Invention Network
ProjeQtOr free project management software - Problem ldap authentication - Page 2 - ProjeQtOr
 
 

Problem ldap authentication

More
02 Jan 2014 13:44 #7 by babynus
Replied by babynus on topic Problem ldap authentication
Hi,

I ran several tests and never could connect witrhout password.
Maybe it is due to your Active Directory configuration, alowing anonymous connections or at least connections without password.
(on my side I use OpenLdap)

I tried with :

incorrect LDAP base DN => error
incorrect LDAP host => error
incorrect LDAP port => error
incorrect LDAP version => error
incorrect LDAP user => error
incorrect LDAP password => error
LDAP filter "uid=%USERNAME%", correct password => login OK (new user created with uid)
LDAP filter "uid=%USERNAME%", incorrect password => "invalid login parameters"
LDAP filter "uid=%USERNAME%", no password => "invalid login parameters"
LDAP filter "cn=%USERNAME%", no password => login OK (new user created with common name)
LDAP filter "cn=%USERNAME%", incorrect password => "invalid login parameters"
LDAP filter "cn=%USERNAME%", no password => "invalid login parameters"
LDAP filter "xx=%USERNAME%", correct password => "invalid login parameters" (no match for filter)

So what you are facing does not seem to be a programming issue.
I guess it is an AD issue : allowing anonymous access or access with no password.
Babynus
Administrator of ProjeQtOr web site

Please Log in or Create an account to join the conversation.

More
02 Jan 2014 14:18 - 02 Jan 2014 14:19 #8 by babynus
Replied by babynus on topic Problem ldap authentication
Hi,

To try and debug, could you please try to :
- download and unzip attached file
- copy this User.php file into /model directory
- set debugLevel="3"
- try again without password

You should retrieve in the log file something like :

2014-01-02 14:12:40

DEBUG
***** trace binding admin *****
2014-01-02 14:12:40
DEBUG
user='cn=Manager,dc=maxcrc,dc=com'
2014-01-02 14:12:40
DEBUG
password='secret'
2014-01-02 14:12:40
DEBUG
binding OK
2014-01-02 14:12:40
DEBUG
result:
2014-01-02 14:12:40
DEBUG
1
2014-01-02 14:12:40
DEBUG
filter=uid=other
2014-01-02 14:12:40
DEBUG
dn=uid=other,ou=People,dc=maxcrc,dc=com
2014-01-02 14:12:40
DEBUG
ldap_user_dn='uid=other,ou=People,dc=maxcrc,dc=com'
2014-01-02 14:12:40
DEBUG
parampassword=''
2014-01-02 14:12:40 ***** ERROR ***** ERROR *****
2014-01-02 14:12:40 ***** ERROR ***** on file 'D:\Programmes\EasyPHP.12.1\www\projeqtor\model\User.php' at line (782)
2014-01-02 14:12:40 ***** ERROR ***** cause = ldap_bind(): Unable to bind to server: Server is unwilling to perform
2014-01-02 14:12:40
DEBUG
result bind user:
2014-01-02 14:12:40
DEBUG
2014-01-02 14:12:40
DEBUG
incorrect binding


Please post your own result here (after hiding password with stars)
Babynus
Administrator of ProjeQtOr web site
Attachments:
Last edit: 02 Jan 2014 14:19 by babynus.

Please Log in or Create an account to join the conversation.

More
03 Jan 2014 15:08 #9 by soji
Replied by soji on topic Problem ldap authentication
Hello Babynus,

My question is stupid but how to set debugLevel=3 ? :P

Please Log in or Create an account to join the conversation.

More
03 Jan 2014 15:29 #10 by babynus
Replied by babynus on topic Problem ldap authentication
In your parameters.php file.
The location of this file is defined in file /tool/parametersLocation.php.
By defaut, it is "../files/config/parameters.php", but it is highly advised to move it outside web access.


The only stupid question is the one that is not asked ;)
Babynus
Administrator of ProjeQtOr web site

Please Log in or Create an account to join the conversation.

More
06 Jan 2014 10:23 #11 by soji
Replied by soji on topic Problem ldap authentication
Hello Babynus,

Here are logs file:

I try to connect with AD account without password: connection successfull

2014-01-06 10:12:28
DEBUG
***** trace binding admin *****
2014-01-06 10:12:28
DEBUG
user='cn=s_projeqtor,ou=Projeqtor,dc=domain,dc=local'
2014-01-06 10:12:28
DEBUG
password='mypassword'
2014-01-06 10:12:28
DEBUG
binding OK
2014-01-06 10:12:28
DEBUG
result:
2014-01-06 10:12:28
DEBUG
1
2014-01-06 10:12:28
DEBUG
filter=(&(objectCategory=user)(memberof=CN=APP_Projeqtor,OU=Projeqtor,DC=domain,DC=local))
2014-01-06 10:12:28
DEBUG
dn=CN=s_projeqtor,OU=Projeqtor,DC=domain,DC=local
2014-01-06 10:12:28
DEBUG
ldap_user_dn='CN=s_projeqtor,OU=Projeqtor,DC=domain,DC=local'
2014-01-06 10:12:28
DEBUG
parampassword=''
2014-01-06 10:12:28
DEBUG
result bind user:
2014-01-06 10:12:28
DEBUG
1
2014-01-06 10:12:28
DEBUG
***** end trace binding *****
2014-01-06 10:12:28 ===== TRACE ===== NEW CONNECTED USER 'user1'

Then, I try to connect with AD account with password:
2014-01-06 10:19:02
DEBUG
***** trace binding admin *****
2014-01-06 10:19:02
DEBUG
user='cn=s_projeqtor,ou=Projeqtor,dc=domain,dc=local'
2014-01-06 10:19:02
DEBUG
password='mypassword'
2014-01-06 10:19:02
DEBUG
binding OK
2014-01-06 10:19:02
DEBUG
result:
2014-01-06 10:19:02
DEBUG
1
2014-01-06 10:19:02
DEBUG
filter=(&(objectCategory=user)(memberof=CN=APP_Projeqtor,OU=Projeqtor,DC=domain,DC=local))
2014-01-06 10:19:02
DEBUG
dn=CN=s_projeqtor,OU=Projeqtor,DC=domain,DC=local
2014-01-06 10:19:02
DEBUG
ldap_user_dn='CN=s_projeqtor,OU=Projeqtor,DC=domain,DC=local'
2014-01-06 10:19:02
DEBUG
parampassword='mypassword'
2014-01-06 10:19:02
DEBUG
result bind user:
2014-01-06 10:19:02
DEBUG
1
2014-01-06 10:19:02
DEBUG
***** end trace binding *****
2014-01-06 10:19:02 ===== TRACE ===== NEW CONNECTED USER 'user1'


User1 added in user list on Projeqtor but the name is s_projeqtor (it's service account).

Please Log in or Create an account to join the conversation.

More
06 Jan 2014 12:26 - 06 Jan 2014 12:27 #12 by babynus
Replied by babynus on topic Problem ldap authentication
Hi,

The issue is on your filter.

filter=(&(objectCategory=user)(memberof=CN=APP_Projeqtor,OU=Projeqtor,DC=domain,DC=local))


It retrieves exactly the dn of your admin user :

dn=CN=s_projeqtor,OU=Projeqtor,DC=domain,DC=local

The unexpected behavior is that as you are already connected with this user, the binding with no password works.
It explains why user1 is created with service name (s_projeqtor).

You must define a filter that will retrieve the user that tries to connect, using the %USERNAME% parameter.
("user1" does not appear in the logged filter)
Babynus
Administrator of ProjeQtOr web site
Last edit: 06 Jan 2014 12:27 by babynus.

Please Log in or Create an account to join the conversation.

Moderators: babynusprotion
Time to create page: 0.042 seconds

Cookies settings

×

Functional Cookies

Ce site utilise des cookies pour assurer son bon fonctionnement et ne peuvent pas être désactivés de nos systèmes. Nous ne les utilisons pas à des fins publicitaires. Si ces cookies sont bloqués, certaines parties du site ne pourront pas fonctionner.

Session

Please login to see yours activities!

Other cookies

Ce site web utilise un certain nombre de cookies pour gérer, par exemple, les sessions utilisateurs.

Login Form