Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We've moved the forum!

Please use forum.silverstripe.org for any new questions (announcement).
The forum archive will stick around, but will be read only.

You can also use our Slack channel or StackOverflow to ask for help.
Check out our community overview for more options to contribute.

All other Modules /

Discuss all other Modules here.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

external authentication and 2008 AD


Go to End


9 Posts   4627 Views

Avatar
spencer

Community Member, 8 Posts

1 October 2009 at 6:32am

Hello,

I think I am missing something with external authentication module and our 2008 AD interaction. It will either give no results or a 500 internal error. I have the ldap module installed in php so I am not sure where I should work.

external authentication .3
server 2008
IIS 7
PHP 5.2

Any help would be greatly appreciated.

Thanks,

Avatar
lancer

57 Posts

12 October 2009 at 8:47pm

Anything in the IIS server log? (sorry don't really know about IIS, only Apache)

A black page usually means an error somewhere.

Avatar
spencer

Community Member, 8 Posts

13 October 2009 at 6:23am

Nope nothing there. Just gives the unknown error 500 totally confusing. I am thinking there might be something in php causing it. Could you send me a list of php modules that are required for this silverstripe module to work? I guess I'll start there and proceed.

Thanks,

Spencer

Avatar
lancer

57 Posts

13 October 2009 at 6:07pm

You could try the latest version from trunk. It has debug logging features.

If you use AD, the only php module you need is php_ldap. But on Windows I imagine something more is needed (like openldap libs)

Avatar
spencer

Community Member, 8 Posts

31 October 2009 at 5:36am

Ok finally got PHP to behave hare to use the add and remove programs in windows to enable modules. Stupid.

Anyways I got so far that it is acctually producing a log. So here it is. I am not sure why it would not bind. What should I try next.

Fri, 30 Oct 09 10:29:08 -0600 - Starting process for user webtest
Fri, 30 Oct 09 10:29:08 -0600 - webtest - User with source localldap found in database
Fri, 30 Oct 09 10:29:08 -0600 - webtest - Password locking is disabled
Fri, 30 Oct 09 10:29:08 -0600 - webtest - loading driver LDAP
Fri, 30 Oct 09 10:29:08 -0600 - webtest - executing authentication driver
Fri, 30 Oct 09 10:29:08 -0600 - webtest.ldap - Connecting to ldap://"This did display the correct server" port 389 LDAP version 3
Fri, 30 Oct 09 10:29:08 -0600 - webtest.ldap - If process stops here, check PHP LDAP module
Fri, 30 Oct 09 10:29:08 -0600 - webtest.ldap - Connect succeeded
Fri, 30 Oct 09 10:29:08 -0600 - webtest.ldap - LDAP set to protocol version 3
Fri, 30 Oct 09 10:29:08 -0600 - webtest.ldap - TLS not set
Fri, 30 Oct 09 10:29:08 -0600 - webtest.ldap - Bind failed 81:Can't contact LDAP server
Fri, 30 Oct 09 10:29:08 -0600 - webtest - authentication driver LDAP failed
Fri, 30 Oct 09 10:29:08 -0600 - Process for user webtest ended

Thanks for all your help.

Avatar
lancer

57 Posts

31 October 2009 at 6:56am

Did you use DNS name (FQDN?) or IP? I've run into instances where PHP wouldn't correctly resolve my server name. As soon as I used the IP address the problems went away. Can you actually verify (e.g. using some LDAP tool) that you can bind from the server you are using?

Avatar
spencer

Community Member, 8 Posts

31 October 2009 at 8:00am

Ok I tried both. I tried 636 with ssl and 389 both as the ports and settings. Another note when I try and enable the user to look up with out anonymous I get a 500 internal server error. I will verify the connect from the server I am on but it is in the same domain so I would assume so.

Avatar
lancer

57 Posts

31 October 2009 at 8:09pm

In this case the server being in the same domain makes no difference at all. PHP reports unable to bind, so the problem is in the php ldap module, or in de ldap (AD) itself. Use http://jxplorer.org to check your directory connectivity.

Go to Top