LDAP connection failed (trying to connect a Sun LDAP server)
Hi there,
after configuring the mysql back-end (works flawless in 4.2.4), I am trying to configure ldap accounts in multiotp with this command:
./multiotp.php -config \ldap-activated=1 \ldap-account-suffix="dc=...,dc=..." \ldap-base-dn="ou=people,dc=...,dc=..." \ldap-bind-dn="uid=admin,dc=...,dc=..." \ldap-cn-identifier="cn" \ldap-domain-controllers="..url.." \ldap-group-attribute="objectClass" \ldap-in-group="INETORGPERSON" \ldap-port=389 \ldap-server-password="password" \ldap-ssl=0 \ldap-network-timeout=100 \ldap-time-limit=300
the output is "19 INFO: Requested operation successfully done".
When checking the ldap with:
./multiotp.php -ldap-check
the output is also "19 INFO: Requested operation successfully done".
But when I provide:
./multiotp.php -ldap-users-sync
the output is :
LOG 2014-03-31 16:08:59 warning LDAP Error: LDAP connection failedLOG 2014-03-31 16:08:59 warning LDAP Info: LDAP access error99 ERROR: Authentication failed (and other possible unknown errors)
Is this any wrong configuration of mine?
How can I find more info for the success of the connection (is there a successful bind or not)?
thanks in advance
This discussion has been closed.
Comments
The ldap-account-suffix is optional and is added as a suffix of the ldap-bind-dn. If the ldap-bind-dn is already complete, the appended ldap-account-suffix will result in a bad binding information.
The -ldap-check option is not using the ldap-account-suffix yet (a bug to be fixed), that's why it works in your case! (last beta version is already corrected, see http://download.multiotp.net/beta/)
Just set the value of ldap-account-suffix to empty and it should work flawlessly.
Regards,
Andre
The good news is that multiOTP can now reach your LDAP server ;-)
Do you know exactly which kind of LDAP server is installed on your Sun machine ?
Currently I have only done intensive tests for the AD/LDAP server provided by Windows, but I haven't done other tests.
Regards,
Andre
I will have a look at the documentation of Oracle (http://docs.oracle.com/cd/E19199-01/816-6699-10/ax_ldurl.html) later.
For sure, we will have to adapt the filter.
Regards,
Andre
It's exactly what open source is for, try to tweak a little bit just to see if it works for specific needs!
Thanks to give us the hardcoded ldap search filter you changed in function users_info(), and I will think about one or more additional parameters to customize the LDAP connection.
I think I have found an LDAP server that is more or less corresponding to yours to make some tests.
Regards,
Andre
Generic LDAP support should be added in the 4.3.x version of multiOTP.
Best regards,
Andre