TOPIC:

I am attempting to enable authentication via LDAP. My environment is:

OS: Centos 7
Xerte: Version 2.1
LDAP: SSL Protected LDAPS directory requiring certificate exchange

I have setup the particulars for the LDAP connection using management.php > LDAP without success. If I attempt to login to Xerte the screen just gets reloaded without any message, and with no indication in the logs as to what the issue may be.

Has anyone else successfully configured authentication using an LDAPS connection? I am also interested in how to enable logging of failed LDAP authentication.

Any help or advice would be appreciated.

Alexander

I helped another user fixed this, and basically as it stands now 2.1 is broken (3.0-beta as well). I'll fix it by the end of this week.

In the meantime a patch is available here:

www.xerte.org.uk/index.php?option=com_ku...n&limitstart=30#2816

See here for instructions:

www.xerte.org.uk/index.php?option=com_ku...n&limitstart=24#2807

Thank you Tom,

I guessed that things weren't quite right with 2.1...

There appear to be a couple of zipped PHP files on the pages you reference, special.php and site_details_management.php - and I'm not sure which to go for. Taking a look at the files it appears that the site_details_management.php file seems to the one to go for as special.php appears to just execute some SQL to insert another row in the ldap table. Just to clarity I am guessing that you are advising me to:

Place site_details_management.php under the [xerte]/website_code/php/management directory. Then access /xertetoolkits/management.php in the browser and click save again

many thanks
AL

I placed the new version of site_details_management.php under the [xerte]/website_code/php/management directory and access /management.php and clicked Save again. I went to the login page and attempted to login to Xerte using my LDAP credentials and nothing happened except the login page refreshed.

Even though I have $development = true; set in the config.php file I do not see any errors reported in the browser, and no debug file gets written to /tmp/debug.log, which is a shame as I'd love to know exactly which bit is failing.

Do you have any other suggestions to either get LDAP working - or should I hold on for the end of the week? I'd also love to be able to get the debug log working...

Many thanks
AL

Hi Alexander,

Let's do this step by step:

1. The first link points to the exact file you need, i.e. in post #2816

2. In post #2804 (www.xerte.org.uk/index.php?option=com_ku...n&limitstart=18#2804) you can find a version of Ldap.php that adds the debugging. Place this file libraries/Xerte/Authentication

3. I assume LDAP is enabled in auth_config.php

Hiya..also having same issue with fresh download of the 2.1 zip.

added ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); to library/Xerte/Authentication/Ldap.php

I added the special.php and ran - it added 2nd entry in ldap table

Debug working fine but not very helpful

2015-07-02 14:41:56 /srv/www/vhosts/xerte.uct.ac.za/xertetoolkits/library/Xerte/Authentication/Ldap.php69Valid login? Xerte / Password1
2015-07-02 14:41:56 /srv/www/vhosts/xerte.uct.ac.za/xertetoolkits/library/Xerte/Authentication/Ldap.php88Running : SELECT * FROM ldap
2015-07-02 14:41:56 /srv/www/vhosts/xerte.uct.ac.za/xertetoolkits/library/Xerte/Authentication/Ldap.php91Trying to authenticate against srvslsath002.uct.ac.za
2015-07-02 14:41:56 /srv/www/vhosts/xerte.uct.ac.za/xertetoolkits/library/Xerte/Authentication/Ldap.php138Failed to bind to ldap server- perhaps the dn(cn=svc_xerte,ou=services,o=uct) or password(somepasswdhere) are incorrect?
2015-07-02 14:41:56 /srv/www/vhosts/xerte.uct.ac.za/xertetoolkits/library/Xerte/Authentication/Ldap.php91Trying to authenticate against srvdc01.lincolncollege.ac.uk
2015-07-02 14:41:57 /srv/www/vhosts/xerte.uct.ac.za/xertetoolkits/library/Xerte/Authentication/Ldap.php138Failed to bind to ldap server- perhaps the dn(CN=Xerte,CN=Staff,DC=lincolncollege,DC=ac,DC=uk) or password(Password1) are incorrect?

ldap search of UCT auth service for cn=svc_xerte returns

thor6:/home/roger # ldapsearch -x -H ldaps://srvslsath002.uct.ac.za cn=svc_xerte
# extended LDIF
#
# LDAPv3
# base <> (default) with scope subtree
# filter: cn=svc_xerte
# requesting: ALL
#

# svc_xerte, services, uct
dn: cn=svc_xerte,ou=services,o=uct <><<<<<<<<
uid: svc_xerte
givenName: Xerte
fullName: Xerte Service Account
Language: ENGLISH
sn: Service Account
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: Person
objectClass: ndsLoginProperties
objectClass: Top
loginTime: 20150630130006Z
cn: svc_xerte <<<<<<<<<<<<<<<<<
ACL: 2#subtree#cn=svc_xerte,ou=services,o=uct#[All Attributes Rights]
ACL: 6#entry#cn=svc_xerte,ou=services,o=uct#loginScript
ACL: 2#entry#[Public]#messageServer
ACL: 2#entry#[Root]#groupMembership
ACL: 6#entry#cn=svc_xerte,ou=services,o=uct#printJobConfiguration
ACL: 2#entry#[Root]#networkAddress

also run setup/ldap_test.php with just the UCT auth in ldap table..it returns

---

filter_attr = uid

Attempting to connect
Connected
Attempting to bind
LDAP bound
LDAP search attempt
LDAP search success
No LDAP entries for that user
Logging in failed

Getting LDAP record for user - to work with Toolkits - [sn][0] should the surname and [givenname][0] should be the first name

which again doesn't help me diagnose the issue