LDAP user sync issues
Hi,
i'm running the latest version of multiotp (upgraded the VM available from www.multiotp.net) and am getting the following error when I try running
/usr/local/bin/multiotp/multiotp -display-log -ldap-users-sync
PHP Notice: Undefined index: count in /usr/local/bin/multiotp/multiotp.php on line 56
PHP Warning: ldap_next_entry() expects parameter 2 to be resource, null given in /usr/local/bin/multiotp/multiotp.php on line 56
PHP Warning: ldap_get_attributes() expects parameter 2 to be resource, null given in /usr/local/bin/multiotp/multiotp.php on line 56
PHP Warning: ldap_get_dn() expects parameter 2 to be resource, null given in /usr/local/bin/multiotp/multiotp.php on line 56
This repeats for a while until an abort message appears.
Running
root@multiotp:/tmp# /usr/local/bin/multiotp/multiotp -display-log -ldap-check
gives
LOG 2017-03-30 12:37:47 debug Debug Debug: *parameter(s) received: -display-log -ldap-check
19 *INFO: Requested operation successfully done
from /usr/local/bin/multiotp/log/multiotp.log I get
multiotp 5.0.3.7
Your script is running from /usr/local/bin/multiotp/
2017-03-30 11:43:12 debug Debug Debug: *parameter(s) received: -display-log -ldap-users-sync
2017-03-30 11:43:12 debug LDAP Debug: *AD/LDAP synchronization started at 11:43:12 / Memory used: 6.9MB / Peak: 7MB
2017-03-30 11:43:12 info LDAP Info: AD/LDAP synchronization started
2017-03-30 11:43:12 debug System Debug: *LDAP cache folder value: /tmp/.ldap_cache/
/tmp/.ldap_cache has loads of (small) ldap_rgroup....cache files
When setting up ldap access I entered
/usr/local/bin/multiotp/multiotp -config ldap-cn-identifier="sAMAccountName"
/usr/local/bin/multiotp/multiotp -config ldap-group-cn-identifier="sAMAccountName"
/usr/local/bin/multiotp/multiotp -config ldap-group-attribute="memberOf"
/usr/local/bin/multiotp/multiotp -config ldap-ssl=0
/usr/local/bin/multiotp/multiotp -config ldap-port=389
/usr/local/bin/multiotp/multiotp -config ldap-domain-controllers=ldap://its.york.ac.uk
/usr/local/bin/multiotp/multiotp -config ldap-base-dn="OU=Users,OU=UoY,DC=its,DC=york,DC=ac,DC=uk"
/usr/local/bin/multiotp/multiotp -config ldap-bind-dn="CN=service_multiotpldap,OU=ServiceAccounts,OU=UoY,DC=its,DC=york,DC=ac,DC=uk"
/usr/local/bin/multiotp/multiotp -config ldap-server-password="apasword"
/usr/local/bin/multiotp/multiotp -config ldap-in-group="somegroup"
/usr/local/bin/multiotp/multiotp -config ldap-activated=1
Have I missed a config parameter?
/usr/local/bin/multiotp/multiotp -display-log -ldap-users-sync
PHP Notice: Undefined index: count in /usr/local/bin/multiotp/multiotp.php on line 56
PHP Warning: ldap_next_entry() expects parameter 2 to be resource, null given in /usr/local/bin/multiotp/multiotp.php on line 56
PHP Warning: ldap_get_attributes() expects parameter 2 to be resource, null given in /usr/local/bin/multiotp/multiotp.php on line 56
PHP Warning: ldap_get_dn() expects parameter 2 to be resource, null given in /usr/local/bin/multiotp/multiotp.php on line 56
This repeats for a while until an abort message appears.
Running
root@multiotp:/tmp# /usr/local/bin/multiotp/multiotp -display-log -ldap-check
gives
LOG 2017-03-30 12:37:47 debug Debug Debug: *parameter(s) received: -display-log -ldap-check
19 *INFO: Requested operation successfully done
from /usr/local/bin/multiotp/log/multiotp.log I get
multiotp 5.0.3.7
Your script is running from /usr/local/bin/multiotp/
2017-03-30 11:43:12 debug Debug Debug: *parameter(s) received: -display-log -ldap-users-sync
2017-03-30 11:43:12 debug LDAP Debug: *AD/LDAP synchronization started at 11:43:12 / Memory used: 6.9MB / Peak: 7MB
2017-03-30 11:43:12 info LDAP Info: AD/LDAP synchronization started
2017-03-30 11:43:12 debug System Debug: *LDAP cache folder value: /tmp/.ldap_cache/
/tmp/.ldap_cache has loads of (small) ldap_rgroup....cache files
When setting up ldap access I entered
/usr/local/bin/multiotp/multiotp -config ldap-cn-identifier="sAMAccountName"
/usr/local/bin/multiotp/multiotp -config ldap-group-cn-identifier="sAMAccountName"
/usr/local/bin/multiotp/multiotp -config ldap-group-attribute="memberOf"
/usr/local/bin/multiotp/multiotp -config ldap-ssl=0
/usr/local/bin/multiotp/multiotp -config ldap-port=389
/usr/local/bin/multiotp/multiotp -config ldap-domain-controllers=ldap://its.york.ac.uk
/usr/local/bin/multiotp/multiotp -config ldap-base-dn="OU=Users,OU=UoY,DC=its,DC=york,DC=ac,DC=uk"
/usr/local/bin/multiotp/multiotp -config ldap-bind-dn="CN=service_multiotpldap,OU=ServiceAccounts,OU=UoY,DC=its,DC=york,DC=ac,DC=uk"
/usr/local/bin/multiotp/multiotp -config ldap-server-password="apasword"
/usr/local/bin/multiotp/multiotp -config ldap-in-group="somegroup"
/usr/local/bin/multiotp/multiotp -config ldap-activated=1
Have I missed a config parameter?
This discussion has been closed.
Comments
ldap_in_group
and
ldap_groups_dn
-
index.php
-
multiotp.class.php
-
multiotp.php
-
multiotp.proxy.php
Thanks to keep us in touch. Regards, Andreldap_groups_dn : is not used yet, for future use, to give another DN for the groups the users are in (now the groups must be in the baseDN)
HOW CAN I UPGRADE FROM A PREVIOUS VERSION ?
!!! Be careful when you upgrade your multiOTP open source Virtual Appliance !!!The multiOTP open source Virtual Appliance is using the files in raspberry/boot-part/multiotp-tree/usr/local/bin/multiotp, with config and backend folders defined to be located in /etc/multiotp/
If you are currently using the multiOTP open source Virtual Appliance, you can upgrade the multiOTP version by copying the extracted content of the folder and subfolders from raspberry/boot-part/multiotp-tree/usr/local/bin/multiotp to /usr/local/bin/multiotp An update through the web interface should be available in the future
If you are currently using the multiOTP open source linux files, you can upgrade your installation by copying the extracted content of the folder and subfolders from linux to your current multiOTP folder
If you are currently using the multiOTP open source windows files, you can upgrade your installation by copying the extracted content of the folder and subfolders from windows to your current multiOTP folder
Thanks for the comments, managed to get AD synching working by reverting to version 5.0.3.0. Any release after this fails for AD synchronisation.
I also started from scratch running Ubuntu 16.04.2, which is our standard image here and after correcting a coup,e of ldap config settings, everything works (as I said previously) in 5.0.3.0
Need to test FreeRadius integration now.