LDAP Error 500 - Internal server error (Resolved but thought I'd share)
2,122 views
Skip to first unread message
Heidi Hendry
May 14, 2015, 11:20:36 PM5/14/15
to resour...@googlegroups.com
LDAP - I enabled posixldapauth and clicked on Options and got:
500 - Internal server error.
David Mac (new)
May 15, 2015, 4:48:57 AM5/15/15
to resour...@googlegroups.com
Hi Heidi
Thanks for that.
Regards
David
Noel Slevin
Oct 2, 2015, 5:46:04 AM10/2/15
to ResourceSpace
Just in case someone else stumbles across this in the future (I stumbled across this whilst facing this issue), this is part of the solution, but not always the complete solution. It depends how complex your setup is.
PHP on IIS runs as whatever is set in the Anonymous Authentication module. By default, that is IUSR, but if you're hosting multiple sites on a server, each site will often run with its own application pool identity.
Thus, if Anonymous Authentication is set to use the application pool identity, go to Application Pools and find the corresponding Application Pool for the site - that's the one that will need write access to the log files.
So, if your site's application pool is called "ResourceSpace", and the anonymous authentication runs using that identity, the "IIS AppPool\ResourceSpace" user on the local server would need write access to the PHP error log.
Hopefully this helps someone else in future and just makes the solution a bit more complete.
Noel
David Mac (new)
Oct 3, 2015, 6:49:34 AM10/3/15
to ResourceSpace
Hi Noel
Thanks for adding this!
Regards
David
Zach Halliwell
Nov 16, 2015, 7:42:04 AM11/16/15
to ResourceSpace
I'm having the exact same problem, however, I've added every user possible with full control to the correct folders and it still hasn't resolved. As soon as I hit save after checking the "Enable" box I get that 500 Internal server error with the file path displayed. The other weird thing I noticed was as I was putting in settings, if I hit the test button I just get a pop up that says "Status error in" and then nothing else. The only way I can get it back is by deactivating the plugin, purging the configuration, and then reactivating it. Is there a newer version other than 0.99 that I should be using?
David Mac (new)
Nov 16, 2015, 8:08:47 AM11/16/15
to ResourceSpace
Hi There
Can you double check that your version of PHP has the LDAP libraries installed please?
Many thanks
David
Zach Halliwell
Nov 16, 2015, 10:50:18 AM11/16/15
to resour...@googlegroups.com
That's most likely the issue. The instructions for installation on the wiki were a little outdated and the step "Install the php_ldap.dll PHP extension" wasn't working. When I clicked the link in that step to download the zip file, it turned out to be a broken link. So I looked in the ext folder in the PHP root and found the php_ldap.dll file and just added the necessary text but now when I open it, it looks like the file is all corrupted.
Do you happen to have a copy of how the .DLL file should look that's compatible with PHP 5.3 that you could send me?
--
ResourceSpace: Open Source Digital Asset Management
http://www.resourcespace.org
---
You received this message because you are subscribed to a topic in the Google Groups "ResourceSpace" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/resourcespace/5ZGVB4RlPXE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to resourcespac...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Zach Halliwell
Marketing/Social Media
The Southern Theater
za...@southerntheater.org
(920) 268-7525
________________________________
“He felt that his whole life was some
kind of dream and he sometimes
wondered whose it was and whether
they were enjoying it.”
~Douglas Adams
Marketing/Social Media
The Southern Theater
za...@southerntheater.org
(920) 268-7525
________________________________
“He felt that his whole life was some
kind of dream and he sometimes
wondered whose it was and whether
they were enjoying it.”
~Douglas Adams
David Mac (new)
Nov 17, 2015, 6:56:18 AM11/17/15
to ResourceSpace
Hi Zach, Sorry but I don't have a copy.
Does this help?
Regards
David
Zach Halliwell
Nov 17, 2015, 12:09:32 PM11/17/15
to resour...@googlegroups.com
Zach Halliwell
Nov 19, 2015, 10:26:41 AM11/19/15
to ResourceSpace
It looks like all of that is correct but I just thought of something. We installed PHP through an internal system and it didn't give us the option to change the install path to c:\php\ so instead we just left it in the Program Files folder. Could that be what's causing the issue? Is the plugin pointing directly at the c:\php\ext folder instead of finding the PHP folder automatically?
David Mac (new)
Nov 23, 2015, 3:59:56 AM11/23/15
to ResourceSpace
Hi Zach
Unfortunately I'm not that familiar with setting this up on Windows. There should be a setting in the php.ini file that specifies where the extensions are installed.
Regards
David
Noel Slevin
Nov 24, 2015, 11:13:14 AM11/24/15
to ResourceSpace
The default PHP installation directory in Windows is Program Files (x86)\PHP\Version. So, for me, that's \v5.6.13. The extension directory is in that folder, in a subfolder called "ext".
It shouldn't cause any issue that PHP isn't installed in C:\PHP - it's not installed there for me and I've never had any issues. The setup guide on the wiki for Windows Server 2008 R2 suggests to change all manner of default settings, none of which I've done, and it's never been an issue for me at all.
If you're not sure your PHP setup is quite how it should be, you may want to install PHP Manager, which will allow you to see your installed PHP version, change it, enable and disable PHP extensions all from the IIS Manager.
Other things to check:
- Is Anonymous Authentication running as a specific user, or the Application pool identity (and if so, what's that called?)
- When you say you've changed permissions on all the right folders, which folders specifically have you done that on?
Hopefully that will help get closer to the root of the problem.
Noel
Zach Halliwell
Nov 24, 2015, 12:35:54 PM11/24/15
to resour...@googlegroups.com
Hey Noel,
Thanks for the tips. Good to know that someone else has it working from the program files path. Everything looks and works fine from the PHP manager. I just keep throwing a Server 500 error that says "The website encountered an error while retrievinghttp://resourcespace/resourcespace/plugins/posixldapauth/pages/setup.php. It may be down for maintenance or configured incorrectly." when I try to enable the posixldapauth plugin. Anonymous Authentication is running as the Application Pool IUSR identity which, to answer your second question, I've given permissions to on the plugins folder of the resourcespace directory (as well as anonymous login to be safe).
--
ResourceSpace: Open Source Digital Asset Management
http://www.resourcespace.org
---
You received this message because you are subscribed to a topic in the Google Groups "ResourceSpace" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/resourcespace/5ZGVB4RlPXE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to resourcespac...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Message has been deleted
Message has been deleted
Noel Slevin
Nov 24, 2015, 1:37:40 PM11/24/15
to ResourceSpace
Hi Zach
Thanks for clarifying. I suspect the issue is most likely that the anonymous user can't write to the PHP error logs.
Can you check the location of the PHP error log (PHP Manager will tell you), and check the permissions on that file/folder?
Zach Halliwell
Nov 24, 2015, 2:40:18 PM11/24/15
to ResourceSpace
Sorry for the barrage of email. I just deleted the last two posts so I could clarify. The LDAP extension was not enabled as I assumed it was in the PHP manager. That solved my initial error. It is now connecting to our AD server just fine, however, no users are syncing. I notice that my screen differs slightly from the manual in that I'm not seeing a User Container field. I only see Base DN and Group DN. Has it been changed since the manual was released to just find users from the Base DN? It's syncing the groups just fine so I know it's not a connection issue. Or does it just take a while to sync?
On Tuesday, November 24, 2015 at 11:35:54 AM UTC-6, Zach Halliwell wrote:
Hey Noel,Thanks for the tips. Good to know that someone else has it working from the program files path. Everything looks and works fine from the PHP manager. I just keep throwing a Server 500 error that says "The website encountered an error while retrievinghttp://resourcespace/resourcespace/plugins/posixldapauth/pages/setup.php. It may be down for maintenance or configured incorrectly." when I try to enable the posixldapauth plugin. Anonymous Authentication is running as the Application Pool IUSR identity which, to answer your second question, I've given permissions to on the plugins folder of the resourcespace directory (as well as anonymous login to be safe).
On Tue, Nov 24, 2015 at 10:13 AM, Noel Slevin <noels...@gmail.com> wrote:
The default PHP installation directory in Windows is Program Files (x86)\PHP\Version. So, for me, that's \v5.6.13. The extension directory is in that folder, in a subfolder called "ext".It shouldn't cause any issue that PHP isn't installed in C:\PHP - it's not installed there for me and I've never had any issues. The setup guide on the wiki for Windows Server 2008 R2 suggests to change all manner of default settings, none of which I've done, and it's never been an issue for me at all.If you're not sure your PHP setup is quite how it should be, you may want to install PHP Manager, which will allow you to see your installed PHP version, change it, enable and disable PHP extensions all from the IIS Manager.Other things to check:
- Is Anonymous Authentication running as a specific user, or the Application pool identity (and if so, what's that called?)
- When you say you've changed permissions on all the right folders, which folders specifically have you done that on?
Hopefully that will help get closer to the root of the problem.Noel
--
ResourceSpace: Open Source Digital Asset Management
http://www.resourcespace.org
---
You received this message because you are subscribed to a topic in the Google Groups "ResourceSpace" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/resourcespace/5ZGVB4RlPXE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to resourcespace+unsubscribe@googlegroups.com.
David Mac (new)
Nov 25, 2015, 3:21:43 AM11/25/15
to ResourceSpace
Hi Zach
That's great news that you're making progress.
The plugin will search for user accounts in the tree below the base dn. It doesn't sync the users to Resourcespace once configured, it only adds the users when they log in.
I hope that makes sense.
Regards
David
On Tuesday, November 24, 2015 at 7:40:18 PM UTC, Zach Halliwell wrote:
Sorry for the barrage of email. I just deleted the last two posts so I could clarify. The LDAP extension was not enabled as I assumed it was in the PHP manager. That solved my initial error. It is now connecting to our AD server just fine, however, no users are syncing. I notice that my screen differs slightly from the manual in that I'm not seeing a User Container field. I only see Base DN and Group DN. Has it been changed since the manual was released to just find users from the Base DN? It's syncing the groups just fine so I know it's not a connection issue. Or does it just take a while to sync?
On Tuesday, November 24, 2015 at 11:35:54 AM UTC-6, Zach Halliwell wrote:
Hey Noel,Thanks for the tips. Good to know that someone else has it working from the program files path. Everything looks and works fine from the PHP manager. I just keep throwing a Server 500 error that says "The website encountered an error while retrievinghttp://resourcespace/resourcespace/plugins/posixldapauth/pages/setup.php. It may be down for maintenance or configured incorrectly." when I try to enable the posixldapauth plugin. Anonymous Authentication is running as the Application Pool IUSR identity which, to answer your second question, I've given permissions to on the plugins folder of the resourcespace directory (as well as anonymous login to be safe).
On Tue, Nov 24, 2015 at 10:13 AM, Noel Slevin <noels...@gmail.com> wrote:
The default PHP installation directory in Windows is Program Files (x86)\PHP\Version. So, for me, that's \v5.6.13. The extension directory is in that folder, in a subfolder called "ext".It shouldn't cause any issue that PHP isn't installed in C:\PHP - it's not installed there for me and I've never had any issues. The setup guide on the wiki for Windows Server 2008 R2 suggests to change all manner of default settings, none of which I've done, and it's never been an issue for me at all.If you're not sure your PHP setup is quite how it should be, you may want to install PHP Manager, which will allow you to see your installed PHP version, change it, enable and disable PHP extensions all from the IIS Manager.Other things to check:
- Is Anonymous Authentication running as a specific user, or the Application pool identity (and if so, what's that called?)
- When you say you've changed permissions on all the right folders, which folders specifically have you done that on?
Hopefully that will help get closer to the root of the problem.Noel
--
ResourceSpace: Open Source Digital Asset Management
http://www.resourcespace.org
---
You received this message because you are subscribed to a topic in the Google Groups "ResourceSpace" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/resourcespace/5ZGVB4RlPXE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to resourcespac...@googlegroups.com.
Zach Halliwell
Nov 25, 2015, 10:20:42 AM11/25/15
to ResourceSpace
Hi Dave, yep that makes total sense. I didn't realize that.
I tried it out using a user that's in the tree below the base DN but it still won't log on as that user. I'm guessing something must still be off with my configuration. I think my problem is the Member field and member field type. I've left them both as default but I'm not sure what it's supposed to be for an Active Directory environment since I've never heard it referred to as "member field" before. When the default didn't work I tried using "userPrincipalName" since that's the logon field in Active Directory, but that didn't work either. I've tried multiple combinations of the member field and member field type with no luck. I've attached a screenshot of my configuration, and the test passes just fine so it's not an authentication problem. And the service account I created to authenticate lives in the same folder that our users are in and has full admin access.
David Mac (new)
Nov 26, 2015, 8:33:49 AM11/26/15
to ResourceSpace
Hi Zach
Without knowing the full layout of your AD it's difficult to pinpoint where the issue is.
All I can suggest to try is to set the Base DN to OU=Ordway, DC etc, remove the group DN and set Member field and member field type to their defaults.
You should only ever need to change those fields if the AD has had schema customisations.
You have single domain ticked. I would also try unticking that and try logging in with the format user@domain.
There should be a php error log somewhere, on linux PHP logs to apache, that will give a lot more information about where it's failing.
Regards
David
Noel Slevin
Nov 26, 2015, 9:45:30 AM11/26/15
to ResourceSpace
There should be a php error log somewhere, on linux PHP logs to apache, that will give a lot more information about where it's failing.
On IIS, since you have PHP Manager installed, just go there and there will be a link within that to open the PHP error log directly from there.
Surveillance Téléciné
Nov 27, 2015, 12:33:17 PM11/27/15
to ResourceSpace
Hi Zach,
Here are my settings:
LDAP Information:
LDAP Server: xxx.xxx.xxx.xxx : 389
LDAP Type Active Directory
AD admin: user name of a domain admin( no need to add @domain.lan)
AD password: password of the domain admin
AD Domain: domain.lan
Use single Domain : checked
Base DN : dc=domain,dc=lan
Group DN : null
Member field : null
Member field type: Default
Resourcespace configuration:
User suffix: _AD
Create Users: checked
Group Based User Creation: checked
New User Group: General Users
Furthermore, if the user trying to login is a member of "Domain Users", i have issues connecting also. My workaround is adding those users to the built-in AD group "Users". All other groups I tried work fine.
Hope this helps
Regards,
Daniel
Zach Halliwell
Nov 27, 2015, 3:11:27 PM11/27/15
to ResourceSpace
AHA Finally got it! I removed the Group DN and backed up a couple folders to the Domain DN as the base and that made it work.
Thanks for the idea Daniel. And Noel and David, thanks for helping me out through it!
Reply all
Reply to author
Forward
0 new messages