Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.I need anyone's help on this one.
The overall picture is that I am trying to authenticate my externally hosted Drupal 6 site off off our University LDAP server using SSL. The site worked fine when hosted internally, but moving to an external hosting solution, there is no authentication is taking place.
Now for the specifics, the site is Drupal 6.26 running the MERCI module (http://drupal.org/project/merci) for reserving equipment. We are using LDAP_Integration 6.x-1.0-beta3. The external host is Dreamhost. I am trying to authenticate off of Windows 2008 R2 server running Windows 2003 Active Directory. We have pin-holed the the traffic coming from Dreamhost through our firewall so it can access the LDAP server.
The following are the LDAP Details:
LDAP Server: ldaps://rodc1.ad.example.edu
LDAP Port: 636
Uncheck Start-TLS
LDAP Password Encryption Type: Clear
Base DNS: dc=ad, dc=example, dc=edu
Username Attribute: sAMAccountName
DN FOR NON-ANONYMOUS SEARCH:cn=webldap,ou=ServiceAccounts,ou=people,dc=ad,dc=example,dc=edu
So, if anyone has any thoughts on why the authentication is not working, I would be very appreciative to hear them. Thank you in advance.
Andy
Comments
Comment #1
DHDee CreditAttribution: DHDee commentedAndy,
Are you by any chance familiar with what you are trying to do here? I have advised one of our supervisors to investigate this as well.
Also, have you tried speaking with one of techs through live chat? You can actually contact our support team through your panel.
https://panel.dreamhost.com/index.cgi?tree=support.msg&
Will update you ASAP!
Thanks,
Daniela J.
DreamHost Staff
Comment #2
aanschut CreditAttribution: aanschut commentedWe have setup this Drupal 6.28 instance on Dreamhost VPS now so SSL traffic can transmit over port 636. Our server admin is seeing traffic hitting the LDAP server but still "Authentication with LDAP server has failed." Below is the information provided from the LDAPHelp module. Any ideas on what else to try or fix to get this to authenticate? Thank you ahead of time.
Andy
================================================
SERVER AND LDAP MODULES
================================================
SERVER_SOFTWARE:
Apache
------------------------------------------------
PHP version:
5.3.13
------------------------------------------------
PHP ldap extension data:
LDAP Support: enabled
RCS Version: $Id$
Total Links: 0/unlimited
API Version: 3001
Vendor Name: OpenLDAP
Vendor Version: 20423
Directive: Local Value
ldap.max_links: Unlimited
------------------------------------------------
Drupal:
6.28
------------------------------------------------
ldapauth:
status: 1, schema_version: 6006, v: 6.x-1.0-beta3+17-dev
------------------------------------------------
ldapgroups:
status: 1, schema_version: 6001, v: 6.x-1.0-beta3+17-dev
------------------------------------------------
ldapdata:
status: 1, schema_version: 6002, v: 6.x-1.0-beta3+17-dev
------------------------------------------------
ldaphelp:
status: 1, schema_version: 0, v: 6.x-1.0
------------------------------------------------
ldapsync:
status: 0, schema_version: -1, v: 6.x-1.0-beta3+17-dev
------------------------------------------------
================================================
LDAP AUTHENTICATION SETTINGS
================================================
Authentication mode:
Mixed Mode (0)
------------------------------------------------
Conflict Resolve Feature:
Associate local account with the ldap entry (1)
------------------------------------------------
Security: Store Passwords:
Do not store users' passwords during sessions.
------------------------------------------------
Security: Sync Passwords:
Do not sync LDAP password with the Drupal password
------------------------------------------------
Security: New Users:
Do not create new Drupal users if not present.
------------------------------------------------
UI: Username Field:
Do nothing ( 0 )
------------------------------------------------
UI: Password Field:
Remove password change fields from user edit form
------------------------------------------------
UI: Email Field:
Remove email field from form ( 1 )
------------------------------------------------
UI: Picture Field:
Do not Remove picture change fields from user edit form
------------------------------------------------
================================================
LDAP SERVER: LDAP DIRECTORY LDAP (SID=1)
================================================
Server Settings :
server: ldaps://ldap.ad.domain.edu/
port: 636
tls: 0
encrypted:
------------------------------------------------
Login Procedure :
user_attr: sAMAccountName
mail_attr: mail
------------------------------------------------
Advanced Configuration :
binddn: cn=web,ou=misc,ou=people,dc=ad,dc=domain,dc=edu
bindpw:
------------------------------------------------
Server Bind Test:
Bind Type: non-anon
Bind Result?: Fail
LDAP Error: Can't contact LDAP server
LDAP Error Number: -1
------------------------------------------------
================================================
RAW ADMIN SETTINGS
================================================
ldapauth_login_process: 0
ldapauth_login_conflict: 1
ldapauth_debug: 1
ldapauth_forget_passwords: 1
ldapauth_sync_passwords: 0
ldapauth_create_users: 1
ldapauth_alter_username_field: 0
ldapauth_disable_pass_change: 1
ldapauth_alter_email_field: 1
LDAP sid=1
sid: 1
name: LDAP Directory
machine_name: ldap_directory
server: ldaps://ldap.ad.domain.edu/
port: 636
tls: 0
enc_type: 0
basedn: ou=people,dc=ad,dc=domain,dc=edu
user_attr: sAMAccountName
mail_attr: mail
puid_attr:
binary_puid: 0
login_php:
filter_php:
binddn: cn=web,ou=misc,ou=people,dc=ad,dc=domain,dc=edu
test: Test
Comment #3
kenorb CreditAttribution: kenorb commentedYou should check your ldap logs if you have access to it, if there is any communication. Also check for watchdog logs (drush watchdog-show --tail).
Comment #4
kenorb CreditAttribution: kenorb commented