Topic on Project:Support desk

Can't connect to Ldap Server at log in screen

7 comments • 13:56, 25 July 2019 4 years ago
7
Tmhoskins (talkcontribs)

Cannot connect to my Ldap server when logging in . LocalSettings.php config for LdapAuth are as follows:

# LdapAuth config
wfLoadExtension( 'LdapAuth' );
$wgLdapAuthDomainNames = ['snrt.io'];
$wgLdapAuthServers = '172.16.1.248';
$wgLdapAuthBindDN = 'CN=ldap_lookup,DC=snrt,DC=io';
$wgLdapAuthBindPass = 'my_password';
$wgLdapAuthBaseDN = 'DC=snrt,DC=io';
//$wgLdapAuthEncryptionType = 'clear';
//$wgLdapAuthRequireDomain = false;
//$wgLdapAuthIsActiveDirectory = true;
//$wgLdapAuthUseLocal = true;
#Enable Scure Login
$wgSecureLogin = true;
# Disable reading by anonymous users
$wgGroupPermissions ['*']['read'] = false;
$wgWhitelistRead = array ("Special:Userlogin", "Special:Version");
# Disable anonymous editing
$wgGroupPermissions ['*']['edit'] = false;
# Prevent new user registrations except by sysops
$wgGroupPermissions ['*']['createaccount'] = false;
$wgShowExceptionDetails = true;

I can log in locally if I turn on that feature.

Reply Edited by MarkAHershberger 18:09, 24 July 2019 4 years ago
MarkAHershberger (talkcontribs)

Can you connect from the web server itself to the ldapserver using ldapsearch on the command line?

What error are you getting?

Reply 18:11, 24 July 2019 4 years ago
Tmhoskins (talkcontribs)

Error when entering Ldap credentials:

"Could not successfully connect to an LDAP server."

Reply 18:26, 24 July 2019 4 years ago
MarkAHershberger (talkcontribs)

What OS is the server running on? Is there something (firewall, selinux,etc) blocking the webserver from connecting to the ldap server?

Reply 18:52, 24 July 2019 4 years ago
Tmhoskins (talkcontribs)

Running on Ubuntu 19.04. UFW is disabled, iptables is set to accept all, and selinux is disabled on the webserver. Domain Controller isn't blocking LDAP connections because our entire environment is set to use LDAP. I can ping the DC from the webserver and vice versa. I am having trouble binding to the LDAP server with ldapsearch. I can search the naming contexts on the server so it's obviously talking to the LDAP server just won't bind because it won't accept the password for my users account. So that could be my issue LDAP server may be blocking it. When I try to bind to the LDAP server this is the error I get:

$ ldapsearch -H ldap://coruscant.snrt.io -x -D "cn=Administrator,cn=Users,dc=snrt,dc=io" -W

Enter LDAP Password:

# extended LDIF

#

# LDAPv3

# base <> (default) with scope subtree

# filter: (objectclass=*)

# requesting: ALL

#

# search result

search: 2

result: 32 No such object

text: 0000208D: NameErr: DSID-031001EE, problem 2001 (NO_OBJECT), data 0, best

match of:

''

# numResponses: 1


Reply 12:42, 25 July 2019 4 years ago
Tmhoskins (talkcontribs)

Also checked the firewall running on the DC that is also the LDAP/AD server and all the LDAP ports:389, 636 are open to any connection.


Reply 13:01, 25 July 2019 4 years ago
Tmhoskins (talkcontribs)

Another note, I completely turned off the firewall on the LDAP/AD server and I still could not establish a connection from mediawiki. I assume something on the Ubuntu box is blocking it.

Reply 13:56, 25 July 2019 4 years ago
Reply to "Can't connect to Ldap Server at log in screen"
Retrieved from "https://www.mediawiki.org/wiki/Topic:V43ta8feitj2yx47"