Hey!
I need help with configuring openldap so that it allows logging in to phpldapadmin. Can you please give me hints how to debug my ldap authentication?
I have a freshly installed server with ubuntu 14.04. I installed openldap and phpldapadmin following digitalocean tutorial [1]. My goal is to have all my user accounts in openldap. Services which will be using openldap are owncloud and dovecot. I don't have strong experience with openldap so I wanted to have phpldapadmin for easy administration of ldap database.
Openldap is now installed and I can verify that it's working by running command below and entering ldap-root password:
$ ldapsearch -x -W -D 'cn=admin,dc=XYZXYZ,dc=fi' -b "" -s base -H ldap://localhost Enter LDAP Password: # extended LDIF # # LDAPv3 # base <> with scope baseObject # filter: (objectclass=*) # requesting: ALL #
# dn: objectClass: top objectClass: OpenLDAProotDSE
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
Phpldapadmin is also installed and I have verified that it's connecting to ldap. When I try to login to phpldapadmin with same credentials as ldapsearch above. It fails with message:
Error: Invalid credentials (49) for user
Why are these credentials wrong? I'm sure that password is correct and dn ('cn=admin,dc=XYZXYZ,dc=fi') is correct.
Is there something I need to enable in openldap authentication to allow requests from phpldapadmin?
I have verified that phpldapadmin is connecting to correct ldap. Firstly I had this error message from phpldapadmin:
Error: Can't contact LDAP server (-1) for user
But changed /etc/phpldapadmin/config.php to have: $servers->setValue('server','host','ldap://localhost');
I have tried to reinstall both of them several times and still getting this same error.
I checked Php error logs (/var/log/apache2/error.log) and they are empty.
OPENLDAP VERSION: $ slapd -V @(#) $OpenLDAP: slapd (Ubuntu) (Mar 17 2014 21:20:08) $ buildd@aatxe:/build/buildd/openldap-2.4.31/debian/build/servers/slapd
PHPMYADMIN VERSION: 1.2.2
Thanks in advance :)!
[1] https://www.digitalocean.com/community/tutorials/how-to-install-and-configur...
- Onni Hakala
Onni Hakala onni@seravo.fi writes:
When I try to login to phpldapadmin with same credentials as ldapsearch above. It fails with message:
Error: Invalid credentials (49) for user
Why are these credentials wrong? I'm sure that password is correct and dn ('cn=admin,dc=XYZXYZ,dc=fi') is correct.
Enable at least stats logging in slapd and check the BIND logs.
Thanks for your response!
For anyone reading this later you can turn on logging in ubuntu by editing: /etc/rsyslog.d/50-default.conf and adding: local4.* /var/log/ldap.log
and editing: /etc/ldap/slapd.d/cn=config.ldif and Adding: olcLogLevel: -1
then: $ sudo service restart rsyslog $ sudo service restart slapd
When the authentication error happens the log shows: Oct 9 14:11:13 hostname slapd[22455]: slapd starting Oct 9 14:11:21 hostname slapd[22455]: conn=1000 fd=13 ACCEPT from IP=[::1]:41701 (IP=[::]:389) Oct 9 14:11:21 hostname slapd[22455]: conn=1000 op=0 BIND dn="cn=admin,dc=xyzxyz,dc=fi" method=128 Oct 9 14:11:21 hostname slapd[22455]: conn=1000 op=0 RESULT tag=97 err=49 text= Oct 9 14:11:21 hostname slapd[22455]: conn=1000 op=1 UNBIND Oct 9 14:11:21 hostname slapd[22455]: conn=1000 fd=13 closed
I googled and found [1] that error 49 means that binddn or password is wrong (exactly what the error message was)
And then I noticed that I was missing a colon from dn. I was using correct binddn in commandline, but somehow i was missing it in phpldapadmin. Sorry for bothering and thanks again!
[1] http://www.openldap.org/lists/openldap-technical/201010/msg00279.html -- Onni Hakala +358 445158280
Seravo Oy http://seravo.fi/
2014-10-09 11:46 GMT+03:00 Ferenc Wagner wferi@niif.hu:
Onni Hakala onni@seravo.fi writes:
When I try to login to phpldapadmin with same credentials as ldapsearch above. It fails with message:
Error: Invalid credentials (49) for user
Why are these credentials wrong? I'm sure that password is correct and dn ('cn=admin,dc=XYZXYZ,dc=fi') is correct.
Enable at least stats logging in slapd and check the BIND logs.
Feri.
openldap-technical@openldap.org
-
Ferenc Wagner -
Onni Hakala