LDAP authentication problem with 0.68.3

franjb68 · 2007-11-21 21:10:38

Hi!

I'm a long term follower and I have a GLPI 0.68 running without big trouble for almost a year now.

All the users are authenticated with an OpenLDAP server. When a new user wants to open a ticket, the GLPI-LDAP bind adds the user to the database and everything goes fine. The users authenticate on their PCs, their mail accounts and their apps using the LDAP server.

But now I'm having trouble with a new user. Everything works fine for him: he can log on the PCs, he can receive and send mails and he can enter all the apps... but GLPI.

I've reviewed the GLPI configuration, and nothing has changed in the last year. And all the users but this one can access GLPI.

When he authenticates on GLPI he receives an error message:
User not found or several users found

I've tried to add the user from the 'Add user from external source' option, and... voilà! . But that way GLPI don't charge the name, phone, etc. fields.

I'm worried because I can manually insert a new user on GLPI, but I really don't want to insert all the new ones. And I think the LDAP authentication should work, as it is doing for all the rest of the users...

Any idea? Why the user can be retrieved with the 'Add user from external source' option but he can't authenticate with LDAP? Maybe the 200 results limit for OpenLDAP when opening a branch can be a problem?

Thanks for your great app, thanks in advance for your reply, and regards,
Francisco

MoYo · 2007-11-22 01:10:54

something specific in its login ?
duplicate item in the LDAP ?

franjb68 · 2007-11-22 12:51:19

Nothing different. Created just like the other ones.

No duplicate in the LDAP. I've verified it a couple of times.

In fact, I touched a bit the code of auth.class.php->ldap_get_dn function:
$info = ldap_get_entries ( $ds, $sr );
if ( $info["count"] != 1 )
{
$this->err.="User not found or several users found.<br>\n";
ldap_free_result ( $sr );
ldap_close ( $ds );
return false;
}

Just under
$info = ldap_get_entries ( $ds, $sr );
I've inserted
if ( $info["count"] == 0 )
{
$this->err.="User not found.<br>\n";
ldap_free_result ( $sr );
ldap_close ( $ds );
return false;
}

And I get the 'User not found message', so GLPI doesn't find the user as duplicate.

As I said, the user logs on other apps using the LDAP server without any problem.

Any idea?

Thank you very much,
Francisco

MoYo · 2007-11-22 18:57:29

do you trace the LDAP requests send to the LDAP server ?

franjb68 · 2007-11-22 20:43:19

MoYo wrote:

do you trace the LDAP requests send to the LDAP server ?

Mmmm, nope.

I really have no idea on how could I do that. Any tip, please?

Thank you again,
Francisco

MoYo · 2007-11-22 20:44:08

you can use software like ethereal to snif the network or activate log on you ldap server ?

franjb68 · 2007-11-29 09:24:20

Thank you for your help!

After some time bugging around, I found that the DNS name of the LDAP server was pointing to the old LDAP server, not the actual, so it was getting the old data, but not the new.

I'm sorry for the inconvenience.

Regards,
Francisco

Forum GLPI-Project

Announcement

#1 2007-11-21 21:10:38

LDAP authentication problem with 0.68.3

#2 2007-11-22 01:10:54

Re: LDAP authentication problem with 0.68.3

#3 2007-11-22 12:51:19

Re: LDAP authentication problem with 0.68.3

#4 2007-11-22 18:57:29

Re: LDAP authentication problem with 0.68.3

#5 2007-11-22 20:43:19

Re: LDAP authentication problem with 0.68.3

#6 2007-11-22 20:44:08

Re: LDAP authentication problem with 0.68.3

#7 2007-11-29 09:24:20

Re: LDAP authentication problem with 0.68.3

Board footer