LDAP user sync issues

Hi, i'm running the latest version of multiotp (upgraded the VM available from www.multiotp.net) and am getting the following error when I try running
/usr/local/bin/multiotp/multiotp -display-log -ldap-users-sync
PHP Notice: Undefined index: count in /usr/local/bin/multiotp/multiotp.php on line 56
PHP Warning: ldap_next_entry() expects parameter 2 to be resource, null given in /usr/local/bin/multiotp/multiotp.php on line 56
PHP Warning: ldap_get_attributes() expects parameter 2 to be resource, null given in /usr/local/bin/multiotp/multiotp.php on line 56
PHP Warning: ldap_get_dn() expects parameter 2 to be resource, null given in /usr/local/bin/multiotp/multiotp.php on line 56

This repeats for a while until an abort message appears.

Running
root@multiotp:/tmp# /usr/local/bin/multiotp/multiotp -display-log -ldap-check
gives
LOG 2017-03-30 12:37:47 debug Debug Debug: *parameter(s) received: -display-log -ldap-check
19 *INFO: Requested operation successfully done
from /usr/local/bin/multiotp/log/multiotp.log I get

multiotp 5.0.3.7
Your script is running from /usr/local/bin/multiotp/
2017-03-30 11:43:12 debug Debug Debug: *parameter(s) received: -display-log -ldap-users-sync
2017-03-30 11:43:12 debug LDAP Debug: *AD/LDAP synchronization started at 11:43:12 / Memory used: 6.9MB / Peak: 7MB
2017-03-30 11:43:12 info LDAP Info: AD/LDAP synchronization started
2017-03-30 11:43:12 debug System Debug: *LDAP cache folder value: /tmp/.ldap_cache/

/tmp/.ldap_cache has loads of (small) ldap_rgroup....cache files

When setting up ldap access I entered
/usr/local/bin/multiotp/multiotp -config ldap-cn-identifier="sAMAccountName"
/usr/local/bin/multiotp/multiotp -config ldap-group-cn-identifier="sAMAccountName"
/usr/local/bin/multiotp/multiotp -config ldap-group-attribute="memberOf"
/usr/local/bin/multiotp/multiotp -config ldap-ssl=0
/usr/local/bin/multiotp/multiotp -config ldap-port=389
/usr/local/bin/multiotp/multiotp -config ldap-domain-controllers=ldap://its.york.ac.uk
/usr/local/bin/multiotp/multiotp -config ldap-base-dn="OU=Users,OU=UoY,DC=its,DC=york,DC=ac,DC=uk"
/usr/local/bin/multiotp/multiotp -config ldap-bind-dn="CN=service_multiotpldap,OU=ServiceAccounts,OU=UoY,DC=its,DC=york,DC=ac,DC=uk"
/usr/local/bin/multiotp/multiotp -config ldap-server-password="apasword"
/usr/local/bin/multiotp/multiotp -config ldap-in-group="somegroup"
/usr/local/bin/multiotp/multiotp -config ldap-activated=1

Have I missed a config parameter?

Comments

  • o.k by reverting things back version by version, Vsn 5.0.3.0 actually gets ./multiotp -display-log -debug -ldap-users-sync to complete, but I do get a message of ...... LOG 2017-03-31 14:01:30 warning LDAP Debug: *The requested group idm-ugrad is not in cache. LOG 2017-03-31 14:01:30 warning LDAP Debug: *The requested group idm-ugrad is not in cache. LOG 2017-03-31 14:01:30 info LDAP Info: No update for the 0 LDAP synced users, based on 51660 LDAP entries (processed in 00:00:29) Interestingly enough, the command /usr/local/bin/multiotp/multiotp -display-log -ldap-users-list returns with ... lots of messages of the form... LOG 2017-03-31 14:05:14 warning LDAP Debug: *The requested group g0000pg is not in cache. LOG 2017-03-31 14:05:14 warning LDAP Debug: *The requested group g0000all is not in cache. LOG 2017-03-31 14:05:14 warning LDAP Debug: *The requested group ITS-Safecom-Tracking is not in cache. LOG 2017-03-31 14:05:14 warning LDAP Debug: *The requested group chem is not in cache. LOG 2017-03-31 14:05:14 warning LDAP Debug: *The requested group idm-rgrad is not in cache. then ... 39 *ERROR: Requested operation aborted
  • Also, can anyone tell me what the difference is between ldap config values

    ldap_in_group
    and
    ldap_groups_dn
  • Hello, If you want to upgrade the VM provided on www.multiotp.net, using the last build 5.0.3.7, please extract the following files from /raspberry/boot-part/multiotp-tree/usr/local/bin/multiotp and put them into /usr/local/bin/multiotp:
    • index.php
    • multiotp.class.php
    • multiotp.php
    • multiotp.proxy.php
    Thanks to keep us in touch. Regards, Andre
  • ldap_in_group : the user must be at least in one of these groups to be synchroniued. Leave empty if you want every users of the baseDN
    ldap_groups_dn : is not used yet, for future use, to give another DN for the groups the users are in (now the groups must be in the baseDN)
  • edited April 2017

    HOW CAN I UPGRADE FROM A PREVIOUS VERSION ?

    !!! Be careful when you upgrade your multiOTP open source Virtual Appliance !!!
    The multiOTP open source Virtual Appliance is using the files in raspberry/boot-part/multiotp-tree/usr/local/bin/multiotp, with config and backend folders defined to be located in /etc/multiotp/

    If you are currently using the multiOTP open source Virtual Appliance, you can upgrade the multiOTP version by copying the extracted content of the folder and subfolders from raspberry/boot-part/multiotp-tree/usr/local/bin/multiotp to /usr/local/bin/multiotp An update through the web interface should be available in the future

    If you are currently using the multiOTP open source linux files, you can upgrade your installation by copying the extracted content of the folder and subfolders from linux to your current multiOTP folder

    If you are currently using the multiOTP open source windows files, you can upgrade your installation by copying the extracted content of the folder and subfolders from windows to your current multiOTP folder
  • Hi,
    Thanks for the comments, managed to get AD synching working by reverting to version 5.0.3.0. Any release after this fails for AD synchronisation.
    I also started from scratch running Ubuntu 16.04.2, which is our standard image here and after correcting a coup,e of ldap config settings, everything works (as I said previously) in 5.0.3.0
    Need to test FreeRadius integration now.
  • Hello Alex, Starting with version 5.0.4.6, if multiOTP files are installed on a Linux machine, the data folders will always be under /etc/multiotp/ (/etc/multiotp/config, /etc/multiotp/users/, ...) The last version 5.0.4.8 is available here: http://download.multiotp.net Regards, Andre
This discussion has been closed.