Posted by erasmo83 on May 30, 2012 at 9:12am
7 followers
| Project: | Lightweight Directory Access Protocol (LDAP) |
| Version: | 7.x-1.0-beta10 |
| Component: | Miscellaneous |
| Category: | support request |
| Priority: | major |
| Assigned: | Unassigned |
| Status: | closed (fixed) |
Issue Summary
Hi at all,
I've a problem with ldap authentication, I've follow documentation and search in auth issue, but I cannot find solution.
I get this error when test LDAP server configuration
Result Messages
Binding with DN for non-anonymous search (cn=public-ldap,ou=Garda1UserTS,ou=service accounts,dc=garda1,dc=tlc). Using password entered in form.
Binding with DN for non-anonymous search (cn=public-ldap,ou=Garda1UserTS,ou=service accounts,dc=garda1,dc=tlc). Using password entered in form.
Failed to bind to server. ldap error #49 Invalid credentialsthis is my ldap server configuration:
Server Properties
sid = garda1pdc
name = garda1pdc
status = 1
ldap_type = ad
address = 192.168.21.1
port = 389
tls = 0
bind_method = 1
basedn = Array ( )
binddn = cn=public-ldap,ou=Garda1UserTS,ou=service accounts,dc=garda1,dc=tlc
user_dn_expression =
user_attr = sAMAccountName
mail_attr = mail
mail_template =
unique_persistent_attr = objectsid
allow_conflicting_drupal_accts = 0
ldap_to_drupal_user =
testing_drupal_username = public-ldap
group_object_category =
search_pagination = 0
search_page_size = 1000
thanks for help
Comments
#1
I would do the following:
- to make sure the credentials are correct and the binding is not restricted to a certain ip address: install an ldap client on the server such as apache's ldap client and try to bind with those credentials. This can also be done with a couple lines of php if you are a coder.
- if you are using option #4 for the binding method, try 7.x-1.x-dev as a patch was recently committed for this.
#2
Thanks for reply
I try with this lines of code:
<?php$ldap = ldap_connect("garda1.tlc");
$username="public-ldap@garda1.tlc";
$password="xxxxxx";
if($bind = ldap_bind($ldap, $username,$password ))
echo "logged in";
else
echo "fail";
echo "<br/>done";
?>
and I logged in!
In LDAP Server configuration --> BINDING METHOD, I use "Service Account Bind."
#3
Maybe it doesn't help at all, but in my case the credentials were correct but the basedn was incorrect. I had it working in a Drupal 6 install and it failed with the exact same config in Drupal 7.
The old basedn config was:
DN=Users,DC=upx,DC=edu,DC=beOU=Usuarios,DC=upx,DC=edu,DC=be
which, again, worked in D6.
I then tried connecting to my LDAP server with a small command-line tool (shelldap) and the DN=users was nowhere to be found (but OU=Usuarios was there), so I decided to remove that line completely.
OU=Usuarios,DC=upx,DC=edu,DC=beFrom then, it started working.
The only plausible explanation I found is that in D6 it uses the last line of a multiple-line basedn while in D7 it uses all of them or just the first one (for the connection, that is).
In your case you don't have two lines, but maybe updating your basedn a little would fix it?
#4
Thank's for your reply, I've try to change in "SERVICE ACCOUNT BINDING CREDENTIALS" --> "DN for non-anonymous search"
From:
cn=public-ldap,ou=Garda1UserTS,ou=service accounts,dc=garda1,dc=tlcto:
ou=Garda1UserTS,ou=service accounts,dc=garda1,dc=tlcbut I get always the same error: "Failed to bind to server. ldap error #49 Invalid credentials"
in attached my current configuration
#5
Sorry, I think I made a mistake,
I've made test with ldap test tool
d:\project\LDAPTest>LDAPTest.exe public-ldapLDAP DefaultNamingContext: LDAP://DC=GARDA1,DC=TLC
objectClass = 'top'
cn = 'public-ldap'
givenName = 'public-ldap'
distinguishedName = 'CN=public-ldap,OU=service accounts,OU=Garda1UserTS,DC=GARDA1,DC=TLC'
displayName = 'public-ldap'
memberOf = 'CN=Domain Admins,CN=Users,DC=GARDA1,DC=TLC'
name = 'public-ldap'
sAMAccountName = 'public-ldap'
userPrincipalName = 'public-ldap@GARDA1.TLC'
objectCategory = 'CN=Person,CN=Schema,CN=Configuration,DC=GARDA1,DC=TLC'
I've invert the Organization Unit (though in my domain controller the groups are Garda1UserTS -->service accounts)
my new ldap configuration is:
binddn = cn=public-ldap,ou=service accounts,ou=Garda1UserTS,dc=garda1,dc=tlcbut I get a strange error:
Result Messages:Binding with DN for non-anonymous search (cn=public-ldap,ou=service accounts,ou=Garda1UserTS,dc=garda1,dc=tlc). Using password stored in configuration
Binding with DN for non-anonymous search (cn=public-ldap,ou=service accounts,ou=Garda1UserTS,dc=garda1,dc=tlc). Using password stored in configuration
Successfully bound to server
Failed to find test user public-ldap by searching on sAMAccountName = public-ldap. Error Message: Success
#6
Sounds like it can't find the user in the search. In your php, can you do an ldap search (see. http://us3.php.net/ldap_search) where the filter is
(&(sAMAccountName="public-ldap")successfully?#7
I've try with this code:
<?php
$SearchFor="public-ldap"; //What string do you want to find?
$SearchField="sAMAccountName"; //In what Active Directory field do you want to search for the string?
$LDAPHost = "192.168.21.1"; //Your LDAP server DNS Name or IP Address
$dn = "OU=service accounts,OU=Garda1UserTS,DC=GARDA1,DC=TLC"; //Put your Base DN here
$LDAPUserDomain = "@garda1.tlc"; //Needs the @, but not always the same as the LDAP server domain
$LDAPUser = "public-ldap"; //A valid Active Directory login
$LDAPUserPassword = "xxxxxx";
$LDAPFieldsToFind = array("cn", "givenname", "samaccountname", "homedirectory", "telephonenumber", "mail");
$cnx = ldap_connect($LDAPHost) or die("Could not connect to LDAP");
ldap_set_option($cnx, LDAP_OPT_PROTOCOL_VERSION, 3); //Set the LDAP Protocol used by your AD service
ldap_set_option($cnx, LDAP_OPT_REFERRALS, 0); //This was necessary for my AD to do anything
ldap_bind($cnx,$LDAPUser.$LDAPUserDomain,$LDAPUserPassword) or die("Could not bind to LDAP");
error_reporting (E_ALL ^ E_NOTICE); //Suppress some unnecessary messages
$filter="($SearchField=$SearchFor*)"; //Wildcard is * Remove it if you want an exact match
$sr=ldap_search($cnx, $dn, $filter, $LDAPFieldsToFind);
$info = ldap_get_entries($cnx, $sr);
for ($x=0; $x<$info["count"]; $x++) {
$sam=$info[$x]['samaccountname'][0];
$giv=$info[$x]['givenname'][0];
$tel=$info[$x]['telephonenumber'][0];
$email=$info[$x]['mail'][0];
$nam=$info[$x]['cn'][0];
$dir=$info[$x]['homedirectory'][0];
$dir=strtolower($dir);
$pos=strpos($dir,"home");
$pos=$pos+5;
print "\nActive Directory says that:<br />";
print "CN is: $nam <br />";
print "SAMAccountName is: $sam <br />";
print "Given Name is: $giv <br />";
print "Telephone is: $tel <br />";
print "Home Directory is: $dir <br />";
}
if ($x==0) { print "Oops, $SearchField $SearchFor was not found. Please try again.\n"; }
?>
I get this:
Active Directory says that:CN is: public-ldap
SAMAccountName is: public-ldap
Given Name is: public-ldap
Telephone is:
Home Directory is:
#8
Well, the error seems clear to me:
#9
Hi, I've made these tests without success
cn=public-ldap,ou=service accounts,ou=Garda1UserTS,dc=garda1,dc=tlc
Result Messages
Binding with DN for non-anonymous search (cn=public-ldap,ou=service accounts,ou=Garda1UserTS,dc=garda1,dc=tlc). Using password stored in configuration
Binding with DN for non-anonymous search (cn=public-ldap,ou=service accounts,ou=Garda1UserTS,dc=garda1,dc=tlc). Using password stored in configuration
Successfully bound to server
Failed to find test user public-ldap by searching on sAMAccountName = public-ldap. Error Message: Success
cn=public-ldap,dc=garda1,dc=tlc
Result Messages
Binding with DN for non-anonymous search (cn=public-ldap,dc=garda1,dc=tlc). Using password stored in configuration
Binding with DN for non-anonymous search (cn=public-ldap,dc=garda1,dc=tlc). Using password stored in configuration
Failed to bind to server. ldap error #49 Invalid credentials
cn=public-ldap,ou=Garda1UserTS,dc=garda1,dc=tlc
Result Messages
Binding with DN for non-anonymous search (cn=public-ldap,ou=Garda1UserTS,dc=garda1,dc=tlc). Using password stored in configuration
Binding with DN for non-anonymous search (cn=public-ldap,ou=Garda1UserTS,dc=garda1,dc=tlc). Using password stored in configuration
Failed to bind to server. ldap error #49 Invalid credentials
cn=public-ldap,ou=Garda1UserTS,ou=service accounts,dc=garda1,dc=tlc
Result Messages
Binding with DN for non-anonymous search (cn=public-ldap,ou=Garda1UserTS,ou=service accounts,dc=garda1,dc=tlc). Using password stored in configuration
Binding with DN for non-anonymous search (cn=public-ldap,ou=Garda1UserTS,ou=service accounts,dc=garda1,dc=tlc). Using password stored in configuration
Failed to bind to server. ldap error #49 Invalid credentials
#10
Ho trovato la causa del problema: WampServer Version 2.1
Con la stessa configurazione su una macchina linux tutto è andato a buon fine.
Drupal non aveva colpe, vi ringrazio per il supporto
#11
vi ringrazio per la finitura fuori il problema. LDAP è un dolore.
#12
Translation: the problem was due to WampServer Version 2.1. On a Linux server, it ran fine. The Drupal module was not the problem.
#13
Automatically closed -- issue fixed for 2 weeks with no activity.
#14
Just installed the latest stable version for Drupal 7 ldap-7.x-1.0-beta11.
I'm getting this same error on the "Test LDAP Server Configuraion" (just saw the missing T) --
Binding with DN for non-anonymous search (cn=ldapsearch,dc=bus,dc=local). Using password entered in form.Binding with DN for non-anonymous search (cn=ldapsearch,dc=bus,dc=local). Using password entered in form.
Failed to bind to server. ldap error #49 Invalid credentials
Server Properties
Apparently, the LDAP is configured that there is an entry for user "ldapsearch" that authentication must occur through to actually bind the server. I think I understand that correctly?
Yet, LDAP is going to be both for individual authentication, as well as control access to Active Directory documents that the individuals will see.
Sounded like a simple project, at the beginning.
#15
In the ldap configuration, an "ldap server" is just a server configuration. If you need different bindings for different use case (authentication, provisioning, etc.) you are probably using the correct approach. Just add additional ldap server configurations with different base dns and binding methods and account as appropriate.
Does this make sense for what you are trying to do? It really depends on how your ldap is setup.
#16
Once I got sure my config was perfect and after hours of the same kind of problem driving me crazy, I followed the recommendation in http://drupal.org/node/1623008#comment-6099148 (by John) to completely remove the module and it suddendly started working.
Just saying... it might not work, but it's definitely worth a shot.
#17
Hi all,
I am the beginner of Drupal community, and I am researching configured network. When I am trying to configure LDAP in Drupal 7, I followed the instruction from .
I tried to test by the LDAP test tool to the LDAP server, it connected, but when testing with the parameters in Configure Drupal picture, I tried to fill in the password with blank or the password from users in DC, it did not work and occured the result in result message picture.
I also had question, does it need to install Certificate Authority to configure LDAP successfully?
Please help me to solve it.
Thank you
P/S: Sorry if my English is not good.
#18
#19
Hi ,
Thank you for your support regarding LDAP server and Active Directory.