Forum GLPI-Project

jwrobbins

Member

Registered: 2007-11-28

Posts: 27

Upgrading from 0.68-3 to 0.7 active directory issues

When I upgraded from 0.68-3 to the shiny new 0.7 everything went smoothly until I tried to log in. For some reason I it would not accept my Active Directory (AD) login information, in 0.68-3 Active Directory authentication worked correctly.

I am able to log in with GLPI users, but none of the Active Directory users can login now. I tested the LDAP connection and it says 'connection successful' but the logs say 'connection failed' when I try to login with my (or anyone's) AD information. Tried in Firefox 2 and Internet Explorer 7

Any ideas? Thanks,

GLPI 0.7
Ubuntu 6.06.1
Apache 2.0.55
PHP 5.1.2
MySQL 5.0.22

Last edited by jwrobbins (2007-12-27 23:12:29)

tsmr

GLPI-DEV

From: Rennes

Registered: 2005-08-26

Posts: 11,632

Website

Re: Upgrading from 0.68-3 to 0.7 active directory issues

put you ad-ldap config here

---

Xavier Caillaud
Blog GLPI Infotel

jwrobbins

Member

Registered: 2007-11-28

Posts: 27

Re: Upgrading from 0.68-3 to 0.7 active directory issues

Hello, thank you for your reply.

Here is the AD configuration I currently have working in GLPI 0.68-3 but does not work in 0.70. It is essentially verbatim from the AD-LDAP tutorial on the wiki.
---
BaseDN: DC=company,DC=local
LDAP port: 389
RootDN: CN=ITSupport,CN=Users,DC=company,DC=local
Connection Filter: (&(objectClass=user)(objectCategory=person))
Login Field: uid
Use TLS: No
---
Search type: In users
Use DN in the search: Yes
---
First Name: sn
Last Name: givenName
Phone: telephonenumber
email: mail
---
I get "Test successful" when I test the connection to the LDAP server. But in debug mode when I try to login with my AD creds I get:

ldap_bind() [function.ldap-bind]: Unable to bind to server: Invalid credentials in /srv/default/helpdesk_test/inc/auth.class.php at line 159

I have checked and double checked the baseDN and pass, they are definitely correct.

I am open to suggestions. Thanks in advance..

jwrobbins

Member

Registered: 2007-11-28

Posts: 27

Re: Upgrading from 0.68-3 to 0.7 active directory issues

After reading the lengthy thread on what appears to be almost the same issue with Active Directory and 0.70 I tried changing 'Login Field' to be 'samaccountname'. Now when I try to login with my AD creds the login page seems to simply refresh, no debug output other than the ordinary and no login error message.

I encountered similar behavior when the session directory was not writable in the 0.68-3 installation, but alas, I checked that and it does not appear to be the issue here since the directory (glpi/files/_sessions/) is world writable (777).

Suggestions welcome..

Last edited by jwrobbins (2008-01-02 18:08:25)

tsmr

GLPI-DEV

From: Rennes

Registered: 2005-08-26

Posts: 11,632

Website

Re: Upgrading from 0.68-3 to 0.7 active directory issues

http://glpi-project.org/forum/viewtopic.php?id=8665 ?

---

Xavier Caillaud
Blog GLPI Infotel

jwrobbins

Member

Registered: 2007-11-28

Posts: 27

Re: Upgrading from 0.68-3 to 0.7 active directory issues

Thank you again for your reply, I followed the thread you linked to very closely. Here is my current AD configuration:
---
Server:             ldap://192.168.0.8
LDAP Port:        389
Basedn:           DC=mydomain,DC=local
rootdn:            CN=ITSupport,CN=users,DC=mydomain,DC=local
Connection Filter:    (&(objectClass=user)(objectCategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
Login Field:      samaccountname
Use TLS:        no
Timezone       GMT -5
---
Belonging to groups
Search type:  In Users
User attribute containing its groups: memberof
Filter to search in groups:   (&(objectClass=user)(objectCategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
Use DN in search   Yes
---
GLPI/LDAP Links
Surname:       sn
Firstname:      givenname
Location:       empty
E-Mail:           mail
Phone:           telephonenumber
Phone 2:        homephone
Mobile:          Mobile
---

The LDAP Connection test returns success, but when I try to login with a users AD creds the login page simply seems to refresh, there is no notice of a failed login. There is nothing out of the ordinary in debug messages except for:

Cannot modify header information - headers already sent by (output started at /srv/default/helpdesk_test/inc/auth.class.php:47) in /srv/default/helpdesk_test/index.php at line 56

When I check the logs my login attempts with the AD user appears to authenticate successfully, but again, they are never taken to the home page. This is the log entry for the user that appears to authenticate but the login pages simply refreshed:

ADUser IP connection : 192.168.50.127

Is there a way to turn up the logging a bit more to see what is going on?

tsmr

GLPI-DEV

From: Rennes

Registered: 2005-08-26

Posts: 11,632

Website

Re: Upgrading from 0.68-3 to 0.7 active directory issues

connect with user glpi. Go to /front/ldap.php.

Can you import users ?

if you can..the ad connection is good.
And after you must create rules for profile affectation.

---

Xavier Caillaud
Blog GLPI Infotel

jwrobbins

Member

Registered: 2007-11-28

Posts: 27

Re: Upgrading from 0.68-3 to 0.7 active directory issues

My apologies for delayed response. I believe that the problem is solved now.

When I first upgraded my test database to 0.7 I had an issue logging in, this was solved by changing the 'Login Field' to 'samaccountname', however I still had the problem of when a valid user attempted to log in the the login page would appear to refresh.

When I first began having problems signing in I deleted all the users and attempted to reimport them, the problem was that when I did an import it would only find some of the users, but none of the users that had initially been in the system. Then I tried manually adding them '...from external source', but when I tried this I would tell me the user already exists. That is when I check the user screen again and to my surprise, the users has been deleted but not purged (an option I didn't even know existed). I restored all the users and now everyone can login successfully.

So my solution is this:
Use this thread to get you Active Directory config correct: http://glpi-project.org/forum/viewtopic.php?id=8665

Then make sure your users aren't deleted :-)

tsmr

GLPI-DEV

From: Rennes

Registered: 2005-08-26

Posts: 11,632

Website

Re: Upgrading from 0.68-3 to 0.7 active directory issues

cool for you

---

Xavier Caillaud
Blog GLPI Infotel