simplesamlphp ldap problem
1,248 views
Skip to first unread message
Theodotos Andreou
Nov 20, 2012, 5:38:30 AM11/20/12
to simple...@googlegroups.com
Hi,
I am trying to deploy filesender simplesamlphp on our University.
I have setup an ldap authentication source for our active directory server.
When I try to test it using the simplesamlphp web gui I get:
When I traced the connection to the AD server the authentication was successful and the user data retrieved as expected.
These are the changes in /etc/simplesamlphp/authsources.php
'university-ldap' => array(
'ldap:LDAP',
'hostname' => 'dc1.example.com dc2.example.com',
'enable_tls' => FALSE,
'debug' => TRUE,
'timeout' => 0,
'attributes' => NULL,
'dnpattern' => 'uid=%username%,ou=people,dc=example,dc=org',
'search.enable' => TRUE,
'search.base' => 'dc=here,dc=example,dc=com',
'search.attributes' => array('sAMAccountName', 'mailNickname'),
'search.username' => '************************',
'search.password' => '*************',
'priv.read' => FALSE,
'priv.username' => NULL,
'priv.password' => NULL,
I have a similar configuration on /etc/simplesamlphp/ldap.org. Not sure we you need to insert these information twice.
$config = array (
'auth.ldap.dnpattern' => 'uid=%username%,dc=feide,dc=no,ou=feide,dc=uninett,dc=no',
'auth.ldap.hostname' => 'dc1.example.com dc2.example.com',
'auth.ldap.attributes' => null,
'auth.ldap.enable_tls' => false,
'auth.ldap.search.enable' => TRUE,
'auth.ldap.search.base' => 'dc=here,dc=example,dc=com',
'auth.ldap.search.attributes' => array('sAMAccountName', 'mailNickname'),
'auth.ldap.search.username' => '************************************',
'auth.ldap.search.password' => '**************',
);
I am using simplesamlphp 1.8.2 on ubuntu server 10.04 64 bit , installed from the Ubuntu repositories.
Is this a bug or am I doing something wrong?
Thanks
Theodotoa Andreou
Cyprus University of Technology
I am trying to deploy filesender simplesamlphp on our University.
I have setup an ldap authentication source for our active directory server.
When I try to test it using the simplesamlphp web gui I get:
SimpleSAML_Error_Error: UNHANDLEDEXCEPTION
Backtrace: 0 /usr/share/simplesamlphp/www/module.php:180 (N/A) Caused by: SimpleSAML_Error_AuthSource: Library - LDAP search(): Failed search on base 'dc=here,dc=example,dc=com' for '(|(sAMAccountName=user.name)(mailNickname=user.name))' Backtrace: 7 /usr/share/simplesamlphp/lib/SimpleSAML/Auth/LDAP.php:156 (SimpleSAML_Auth_LDAP::makeException) 6 /usr/share/simplesamlphp/lib/SimpleSAML/Auth/LDAP.php:214 (SimpleSAML_Auth_LDAP::search) 5 /usr/share/simplesamlphp/lib/SimpleSAML/Auth/LDAP.php:273 (SimpleSAML_Auth_LDAP::searchfordn) 4 /usr/share/simplesamlphp/modules/ldap/lib/ConfigHelper.php:187 (sspmod_ldap_ConfigHelper::login) 3 /usr/share/simplesamlphp/modules/ldap/lib/Auth/Source/LDAP.php:52 (sspmod_ldap_Auth_Source_LDAP::login) 2 /usr/share/simplesamlphp/modules/core/lib/Auth/UserPassBase.php:176 (sspmod_core_Auth_UserPassBase::handleLogin) 1 /usr/share/simplesamlphp/modules/core/www/loginuserpass.php:49 (require) 0 /usr/share/simplesamlphp/www/module.php:135 (N/A)
When I traced the connection to the AD server the authentication was successful and the user data retrieved as expected.
These are the changes in /etc/simplesamlphp/authsources.php
'university-ldap' => array(
'ldap:LDAP',
'hostname' => 'dc1.example.com dc2.example.com',
'enable_tls' => FALSE,
'debug' => TRUE,
'timeout' => 0,
'attributes' => NULL,
'dnpattern' => 'uid=%username%,ou=people,dc=example,dc=org',
'search.enable' => TRUE,
'search.base' => 'dc=here,dc=example,dc=com',
'search.attributes' => array('sAMAccountName', 'mailNickname'),
'search.username' => '************************',
'search.password' => '*************',
'priv.read' => FALSE,
'priv.username' => NULL,
'priv.password' => NULL,
I have a similar configuration on /etc/simplesamlphp/ldap.org. Not sure we you need to insert these information twice.
$config = array (
'auth.ldap.dnpattern' => 'uid=%username%,dc=feide,dc=no,ou=feide,dc=uninett,dc=no',
'auth.ldap.hostname' => 'dc1.example.com dc2.example.com',
'auth.ldap.attributes' => null,
'auth.ldap.enable_tls' => false,
'auth.ldap.search.enable' => TRUE,
'auth.ldap.search.base' => 'dc=here,dc=example,dc=com',
'auth.ldap.search.attributes' => array('sAMAccountName', 'mailNickname'),
'auth.ldap.search.username' => '************************************',
'auth.ldap.search.password' => '**************',
);
I am using simplesamlphp 1.8.2 on ubuntu server 10.04 64 bit , installed from the Ubuntu repositories.
Is this a bug or am I doing something wrong?
Thanks
Theodotoa Andreou
Cyprus University of Technology
Daniel Tsosie
Nov 20, 2012, 12:09:21 PM11/20/12
to simple...@googlegroups.com, theodoto...@cut.ac.cy
If you have an AD LDAP backend I am pretty sure referrals are the problem. I submitted a patch that is now in svn. You will need to obtain that code than add to your authsources
'referrals' => FALSE
'referrals' => FALSE
Theodotos Andreou
Nov 21, 2012, 1:31:12 AM11/21/12
to Daniel Tsosie, simple...@googlegroups.com
Thanks Daniel,
I will export the latest svn and try that.
I will be back to report success (or not) after that.
I will export the latest svn and try that.
I will be back to report success (or not) after that.
Theodotos Andreou
Nov 29, 2012, 1:42:18 AM11/29/12
to simple...@googlegroups.com, Daniel Tsosie
Hi guys,
I have downloaded the latest source from SVN. It works now! Thanks again for the support!
I still have one question though. Why does this configuration needs to be set up on both authsources.php and ldap.php? Is one of them redundant or do you need to have both?
I have downloaded the latest source from SVN. It works now! Thanks again for the support!
I still have one question though. Why does this configuration needs to be set up on both authsources.php and ldap.php? Is one of them redundant or do you need to have both?
--
You received this message because you are subscribed to the Google Groups "simpleSAMLphp" group.
To post to this group, send email to simple...@googlegroups.com.
To unsubscribe from this group, send email to simplesamlph...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/simplesamlphp?hl=en.
Daniel Tsosie
Nov 29, 2012, 11:59:26 AM11/29/12
to simple...@googlegroups.com, Daniel Tsosie, theodoto...@cut.ac.cy
ldap.php is just an example config. All the magic happens in authsources.php.
Theodotos Andreou
Nov 30, 2012, 3:40:38 AM11/30/12
to Daniel Tsosie, simple...@googlegroups.com
Thanks Daniel.
Reply all
Reply to author
Forward
0 new messages