Thread:Extension talk:LDAP Authentication/Having two problems with the LDAP authentication plugin/reply (2)

Thanks, Ryan. The second problem is resolved. The first one remains. I have added D:\PHP to the PATH environment variable and confirmed that both libeay32.dll and ssleay32.dll are in that directory. I've added the ldap.conf file to C:\openldap\sysconfig and placed the CA certs, in pem format, in C:\openldap\CA\. Yet the problem remains.

When I enable SSL, the login appears at first but then fails with a "Login error Incorrect password entered. Please try again." error message. Here's the debug log: 2010-02-24 16:59:48 iswiki-iswiki_: Entering validDomain 2010-02-24 16:59:48 iswiki-iswiki_: User is using a valid domain. 2010-02-24 16:59:48 iswiki-iswiki_: Setting domain as: UTDLDAP 2010-02-24 16:59:48 iswiki-iswiki_: Entering getCanonicalName 2010-02-24 16:59:48 iswiki-iswiki_: Username isn't empty. 2010-02-24 16:59:48 iswiki-iswiki_: Munged username: Pauls 2010-02-24 16:59:48 iswiki-iswiki_: Entering authenticate 2010-02-24 16:59:48 iswiki-iswiki_: 2010-02-24 16:59:48 iswiki-iswiki_: Entering Connect 2010-02-24 16:59:48 iswiki-iswiki_: Using SSL 2010-02-24 16:59:48 iswiki-iswiki_: Using servers:  ldaps://nsldap.utdallas.edu ldaps://nsldap1.utdallas.edu 2010-02-24 16:59:48 iswiki-iswiki_: Connected successfully 2010-02-24 16:59:48 iswiki-iswiki_: Entering getSearchString 2010-02-24 16:59:48 iswiki-iswiki_: Doing an anonymous bind 2010-02-24 16:59:48 iswiki-iswiki_: Failed to bind as 2010-02-24 16:59:48  iswiki-iswiki_: Failed to bind 2010-02-24 16:59:48 iswiki-iswiki_: User DN is blank 2010-02-24 16:59:48 iswiki-iswiki_: Entering strict. 2010-02-24 16:59:48 iswiki-iswiki_: Returning false in strict. 2010-02-24 16:59:48 iswiki-iswiki_: Entering allowPasswordChange 2010-02-24 16:59:48 iswiki-iswiki_: Entering modifyUITemplate 2010-02-24 16:59:48 iswiki-iswiki_: Allowing the local domain, adding it to the list.

Now here's the log using clear authentication: 2010-02-24 16:54:17 iswiki-iswiki_: Entering validDomain 2010-02-24 16:54:17 iswiki-iswiki_: User is using a valid domain. 2010-02-24 16:54:17 iswiki-iswiki_: Setting domain as: UTDLDAP 2010-02-24 16:54:17 iswiki-iswiki_: Entering getCanonicalName 2010-02-24 16:54:17 iswiki-iswiki_: Username isn't empty. 2010-02-24 16:54:17 iswiki-iswiki_: Munged username: Pauls 2010-02-24 16:54:17 iswiki-iswiki_: Entering authenticate 2010-02-24 16:54:17 iswiki-iswiki_: 2010-02-24 16:54:17 iswiki-iswiki_: Entering Connect 2010-02-24 16:54:17 iswiki-iswiki_: Using TLS or not using encryption. 2010-02-24 16:54:17 iswiki-iswiki_: Using servers:  ldap://nsldap.utdallas.edu ldap://nsldap1.utdallas.edu 2010-02-24 16:54:17 iswiki-iswiki_: Connected successfully 2010-02-24 16:54:17 iswiki-iswiki_: Entering getSearchString 2010-02-24 16:54:17 iswiki-iswiki_: Doing an anonymous bind 2010-02-24 16:54:17 iswiki-iswiki_: Entering getUserDN 2010-02-24 16:54:17 iswiki-iswiki_: Created a regular filter: (uid=Pauls) 2010-02-24 16:54:17 iswiki-iswiki_: Entering getBaseDN 2010-02-24 16:54:17 iswiki-iswiki_: basedn is not set for this type of entry, trying to get the default basedn. 2010-02-24 16:54:17 iswiki-iswiki_: Entering getBaseDN 2010-02-24 16:54:17 iswiki-iswiki_: basedn is ou=people,dc=utdallas,dc=edu 2010-02-24 16:54:17 iswiki-iswiki_: Using base: ou=people,dc=utdallas,dc=edu 2010-02-24 16:54:17 iswiki-iswiki_: Fetched username is not a string (check your hook code...). This message can be safely ignored if you do not have the SetUsernameAttributeFromLDAP hook defined. 2010-02-24 16:54:17 iswiki-iswiki_: userdn is: jamsid=1000001627,ou=people,dc=utdallas,dc=edu 2010-02-24 16:54:17 iswiki-iswiki_: 2010-02-24 16:54:17 iswiki-iswiki_: Binding as the user 2010-02-24 16:54:17 iswiki-iswiki_: Bound successfully 2010-02-24 16:54:17 iswiki-iswiki_: Entering getGroups 2010-02-24 16:54:17 iswiki-iswiki_: Entering checkGroups 2010-02-24 16:54:17 iswiki-iswiki_: Entering getPreferences 2010-02-24 16:54:17 iswiki-iswiki_: Entering synchUsername 2010-02-24 16:54:17 iswiki-iswiki_: Authentication passed 2010-02-24 16:54:17 iswiki-iswiki_: Entering updateUser

As you can see, the SSL session fails to bind for some reason.