Jump to:

10979 Posts in 2722 Topics by 1815 members

All other Modules

SilverStripe Forums » All other Modules » external authentication and 2008 AD

Discuss all other Modules here.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1 2
Go to End
Author Topic: 2620 Views
  • spencer
    Avatar
    Community Member
    8 Posts

    external authentication and 2008 AD Link to this post

    Hello,

    I think I am missing something with external authentication module and our 2008 AD interaction. It will either give no results or a 500 internal error. I have the ldap module installed in php so I am not sure where I should work.

    external authentication .3
    server 2008
    IIS 7
    PHP 5.2

    Any help would be greatly appreciated.

    Thanks,

  • lancer
    Avatar
    57 Posts

    Re: external authentication and 2008 AD Link to this post

    Anything in the IIS server log? (sorry don't really know about IIS, only Apache)

    A black page usually means an error somewhere.

  • spencer
    Avatar
    Community Member
    8 Posts

    Re: external authentication and 2008 AD Link to this post

    Nope nothing there. Just gives the unknown error 500 totally confusing. I am thinking there might be something in php causing it. Could you send me a list of php modules that are required for this silverstripe module to work? I guess I'll start there and proceed.

    Thanks,

    Spencer

  • lancer
    Avatar
    57 Posts

    Re: external authentication and 2008 AD Link to this post

    You could try the latest version from trunk. It has debug logging features.

    If you use AD, the only php module you need is php_ldap. But on Windows I imagine something more is needed (like openldap libs)

  • spencer
    Avatar
    Community Member
    8 Posts

    Re: external authentication and 2008 AD Link to this post

    Ok finally got PHP to behave hare to use the add and remove programs in windows to enable modules. Stupid.

    Anyways I got so far that it is acctually producing a log. So here it is. I am not sure why it would not bind. What should I try next.

    Fri, 30 Oct 09 10:29:08 -0600 - Starting process for user webtest
    Fri, 30 Oct 09 10:29:08 -0600 - webtest - User with source localldap found in database
    Fri, 30 Oct 09 10:29:08 -0600 - webtest - Password locking is disabled
    Fri, 30 Oct 09 10:29:08 -0600 - webtest - loading driver LDAP
    Fri, 30 Oct 09 10:29:08 -0600 - webtest - executing authentication driver
    Fri, 30 Oct 09 10:29:08 -0600 - webtest.ldap - Connecting to ldap://"This did display the correct server" port 389 LDAP version 3
    Fri, 30 Oct 09 10:29:08 -0600 - webtest.ldap - If process stops here, check PHP LDAP module
    Fri, 30 Oct 09 10:29:08 -0600 - webtest.ldap - Connect succeeded
    Fri, 30 Oct 09 10:29:08 -0600 - webtest.ldap - LDAP set to protocol version 3
    Fri, 30 Oct 09 10:29:08 -0600 - webtest.ldap - TLS not set
    Fri, 30 Oct 09 10:29:08 -0600 - webtest.ldap - Bind failed 81:Can't contact LDAP server
    Fri, 30 Oct 09 10:29:08 -0600 - webtest - authentication driver LDAP failed
    Fri, 30 Oct 09 10:29:08 -0600 - Process for user webtest ended

    Thanks for all your help.

  • lancer
    Avatar
    57 Posts

    Re: external authentication and 2008 AD Link to this post

    Did you use DNS name (FQDN?) or IP? I've run into instances where PHP wouldn't correctly resolve my server name. As soon as I used the IP address the problems went away. Can you actually verify (e.g. using some LDAP tool) that you can bind from the server you are using?

  • spencer
    Avatar
    Community Member
    8 Posts

    Re: external authentication and 2008 AD Link to this post

    Ok I tried both. I tried 636 with ssl and 389 both as the ports and settings. Another note when I try and enable the user to look up with out anonymous I get a 500 internal server error. I will verify the connect from the server I am on but it is in the same domain so I would assume so.

  • lancer
    Avatar
    57 Posts

    Re: external authentication and 2008 AD Link to this post

    In this case the server being in the same domain makes no difference at all. PHP reports unable to bind, so the problem is in the php ldap module, or in de ldap (AD) itself. Use http://jxplorer.org to check your directory connectivity.

    2620 Views
Page: 1 2
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.