LDAP authentication - Error

Get help from other users here.

Moderators: Developer, Contributor

shanthini.g
Posts: 44
Joined: 31 May 2017, 12:45

LDAP authentication - Error

Post by shanthini.g »

Hi,
We are trying LDAP authentication. In this proces we are getting error as attached. Could you please suggest. Thanks
Attachments
ref-15062020.jpg
ref-15062020.jpg (133.93 KiB) Viewed 12126 times
mushu
Posts: 349
Joined: 04 Jan 2017, 17:41

Re: LDAP authentication - Error

Post by mushu »

What version of MantisBT?
What version of adLogin plugin?
What version of PHP?
What operating system and version?
shanthini.g
Posts: 44
Joined: 31 May 2017, 12:45

Re: LDAP authentication - Error

Post by shanthini.g »

Hi,
Please find below details

Mantis version: 2.15.0
adLogin plugin: I am not using the plugin. I am trying as in this https://www.mantisbt.org/docs/master/en ... .auth.ldap
PHP version: 5.5.15
OS:Windows
shanthini.g
Posts: 44
Joined: 31 May 2017, 12:45

Re: LDAP authentication - Error

Post by shanthini.g »

Hi,
I created a separate page for this.

I am using the code as below. Using this code LDAP bind is working. But LDAP search is not working. I am getting error as - Warning: ldap_search(): Search: No such object. Could you please suggest.

$server = "ldap://xxx.xxx.x.xxx/"; //this is the LDAP server you're connecting with
$ds = ldap_connect($server, 389); //always connect securely via LDAPS when possible

ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);

$ldap_bind_dn = 'corpxxxxxx\xxxxxxxxxadmin';
$pass = "xxxxxx";
$ldapbind = ldap_bind($ds, $ldap_bind_dn, $pass); //this is the point we are authenticating

$dn = "uid=xxxxxadmin,ou=Users,dc=corp,dc=xxxxxx,dc=com";
$filter = "uid=*"; //don't filter anyone out (every user has a uid)
$sr = ldap_search($ds, $dn, $filter) or die ("bummer"); //define your search scope
shanthini.g
Posts: 44
Joined: 31 May 2017, 12:45

Re: LDAP authentication - Error

Post by shanthini.g »

Hi,
I checked further on this as below. But still I am not able to login. I am getting error as 'Your account may be disabled or blocked or the username/password you entered is incorrect.'

Could you please help.

I created a test PHP page to test LDAP access and this is working fine
$server = "ldap://123.123.0.200/"; //this is the LDAP server you're connecting with
$ds = ldap_connect($server, 389); //always connect securely via LDAPS when possible

ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);

$ldap_bind_dn = 'corpcompany\testadmin';
$pass = "test123";
$ldapbind = ldap_bind($ds, $ldap_bind_dn, $pass); //this is the point we are authenticating

$dn = "OU=COMPANYCORP,DC=corp,DC=companytec,DC=com";
$t_ldap_uid_field = 'sAMAccountName';
$c_username="name.g";
$filter = $t_ldap_uid_field . '=' . $c_username;
$sr = ldap_search($ds, $dn, $filter); //define your search scope

$results = ldap_get_entries($ds, $sr); //here we are pulling the actual entries from the search we just defined
var_dump($results); //will give you all results is array form.

Same setting I used in Mantis and tested. I am able to get value for t_ldap_data in the function ldap_get_field_from_username as highlighted below. But my mantis login page shows error as - Your account may be disabled or blocked or the username/password you entered is incorrect.

function ldap_get_field_from_username( $p_username, $p_field ) {
log_event( LOG_LDAP, "Retrieving field '$p_field' for '$p_username'" );
$t_ldap_data = ldap_cache_user_data( $p_username );
var_dump($t_ldap_data);exit;
......

My PHP error log says as below
[26-Jun-2020 13:50:01 Europe/Berlin] 2020-06-26 13:50 CEST LDAP ldap_api.php:124 ldap_connect_bind() Bind to ldap server successful
[26-Jun-2020 13:50:01 Europe/Berlin] 2020-06-26 13:50 CEST LDAP ldap_api.php:237 ldap_cache_user_data() Searching for sAMAccountName=name.g
[26-Jun-2020 13:50:01 Europe/Berlin] 2020-06-26 13:50 CEST LDAP ldap_api.php:269 ldap_cache_user_data() Unbinding from LDAP server

Thanks
shanthini.g
Posts: 44
Joined: 31 May 2017, 12:45

Re: LDAP authentication - Error

Post by shanthini.g »

Hi,

I checked further and please find below details

I am getting correct email id in $t_email

function user_get_email( $p_user_id ) {
$t_email = '';
if( LDAP == config_get_global( 'login_method' ) && ON == config_get( 'use_ldap_email' ) ) {
$t_email = ldap_email( $p_user_id );
....
....
}

But getting error as Your account may be disabled or blocked or the username/password you entered is incorrect. This because of the below 'login_error' in line No. 127 of login_page.php

if( $f_error || $f_cookie_error ) {
echo '<div class="alert alert-danger">';

# Only echo error message if error variable is set
if( $f_error ) {
echo '<p>' . lang_get( 'login_error' ) . '</p>';
}
....
....

Could you please suggest what may be issue

Thanks
shanthini.g
Posts: 44
Joined: 31 May 2017, 12:45

Re: LDAP authentication - Error

Post by shanthini.g »

Hi,
Could any one help with this please
Thanks
mushu
Posts: 349
Joined: 04 Jan 2017, 17:41

Re: LDAP authentication - Error

Post by mushu »

Sorry, we use the AdLogin plugin and it works great for us. I suggest you get that plugin and simply look at the code. It is *very* small, just a few lines, and might tell you what you need to do to make your situation work.

We are in a large organization and every time someone authenticated to the network goes to our mantis webpage it logs them in automatically and they don't have to think about it. Perhaps the plugin code will show you what you need? Good luck!
shanthini.g
Posts: 44
Joined: 31 May 2017, 12:45

Re: LDAP authentication - Error

Post by shanthini.g »

Hi mushu,
Can you please share AdLogin plugin link
Thanks
shanthini.g
Posts: 44
Joined: 31 May 2017, 12:45

Re: LDAP authentication - Error

Post by shanthini.g »

Hi,

I am using the LDAP configurations as per below link
https://squeakyspacebar.github.io/2011/ ... -ants.html

And as suggested in this link https://www.mantisbt.org/wiki/doku.php/ ... %20purpose, I am able to fetch the email id.

LDAP logs FYR
[17-Dec-2020 05:49:55 Europe/Berlin] 2020-12-17 05:49 CET LDAP ldap_api.php:114 ldap_connect_bind() Bind to ldap server successful
[17-Dec-2020 05:49:55 Europe/Berlin] 2020-12-17 05:49 CET LDAP ldap_api.php:249 ldap_get_field_from_username() Searching for sAMAccountName=xxxx
[17-Dec-2020 05:49:55 Europe/Berlin] 2020-12-17 05:49 CET LDAP ldap_api.php:269 ldap_get_field_from_username() Unbinding from LDAP server
[17-Dec-2020 05:49:55 Europe/Berlin] 2020-12-17 05:49 CET LDAP ldap_api.php:283 ldap_get_field_from_username() Found value 'xxxx@xxxx.com' for field 'mail'.

But when I try to login using Mantis interface, I am getting alert as 'Your account may be disabled or blocked or the username/password you entered is incorrect'. Please help to fix this

Thanks
mushu
Posts: 349
Joined: 04 Jan 2017, 17:41

Re: LDAP authentication - Error

Post by mushu »

shanthini.g wrote: 17 Dec 2020, 05:26 Hi mushu,
Can you please share AdLogin plugin link
Thanks
https://www.mantisbt.org/forums/viewtop ... 720#p64720
cas
Posts: 1586
Joined: 11 Mar 2006, 16:08
Contact:

Re: LDAP authentication - Error

Post by cas »

It is also available for Mantis 2.x, see my website www.nuy.info/mantis2 :mrgreen:
shanthini.g
Posts: 44
Joined: 31 May 2017, 12:45

Re: LDAP authentication - Error

Post by shanthini.g »

Hi mushu and cas

I tried downloaded the plugin from these links https://github.com/mantisbt-plugins/Sim ... ee/initial and https://github.com/mantisbt-plugins/SampleAuth and placed then in Mantis -> plugins folder.

But the details are not available in Manage -> Manage Plugins -> Installed Plugins

Not sure what I am doing wrong

Please suggest

Thanks
cas
Posts: 1586
Joined: 11 Mar 2006, 16:08
Contact:

Re: LDAP authentication - Error

Post by cas »

when you download, you get the name "SampleAuth-master".
When you move this to the plugin directory, ensure to change the name of the directory to "SampleAuth"
That will do the trick :mrgreen:
mushu
Posts: 349
Joined: 04 Jan 2017, 17:41

Re: LDAP authentication - Error

Post by mushu »

You might also need to edit the Core version as explained in my link above.
Post Reply