[SOLVED NO TL ISSUE] Unable to login using LDAP Auth

[istream]

I have following in my configuration:

• RH EL 5.0
  MySQL Server 5.1.50
  PHP 5.3.3 and all relevant plugins (all showing fine in phpinfo())
  Bugzilla 3.6.2 using LDAP authentication (working fine)
  TestLink 1.9.5 Beta with LDAP configuration matching bugzilla configuration ***** C A N N O T L O G I N **********

I do not see any errors regarding login failures in

• Testlink/logs
  Apache2 logs
  PHP logs.

When i use the credentials which are working on bugzilla, Testlink simply comes back to login screen. Any ideas, will help.

Thanks,

[s_knight]

Hi!

Did you register new user with ldap settings? Because testlink check first on own database and after sent to ldap server the user data (pwd,username).

Regards,
Knight

[istream]

Would the steps be:

• First create users (LDAP) in testlink, using admin local (MD5) account
  Change the type to LDAP in custom_config.inc.php
  Try to login using the new users

Do I have to do associate any projects etc, before I try to login? Thx in advance for your help.

[s_knight]

Hi!

Steps:
1. Create new user with LDAP settings.
2. Change back the LDAP settings to MD5.
3, Login admin with MD5 settings.
4. Change the new LDAP user role to admin (if you want...)
5. Change back the MD5 settings to LDAP.
6. Login LDAP user (it is created the first step!)
7. You have admin user with LDAP authentication.

I hope it's help to you.

[istream]

Hi Istvan, thanks for your reply, but still no luck. I have the ldap user which is corporate user, and is working with bugzilla just fine. Here is the my LDAP section. Is there a way to debug whats happening? Testlink immediately comes back with "Try again! Wrong Login or Password!". Same settings are in bugzilla configuration.
---

// ----------------------------------------------------------------------------
/* [User Authentication] */

/**
* Login authentication method:
* 'MD5' => use password stored on db
* 'LDAP' => use password from LDAP Server
*/
//$tlCfg->authentication['method'] = 'MD5';
$tlCfg->authentication['method'] = 'LDAP';

/** LDAP authentication credentials */
$tlCfg->authentication['ldap_server'] = 'ldap://companyname.com';
$tlCfg->authentication['ldap_port'] = '389';
$tlCfg->authentication['ldap_version'] = '3'; // could be '2' in some cases
$tlCfg->authentication['ldap_root_dn'] = 'ou=companyname,dc=companyname,dc=com';
$tlCfg->authentication['ldap_organization'] = ''; // e.g. '(organizationname=*Traffic)'
$tlCfg->authentication['ldap_uid_field'] = 'sAMAccountName'; // Use 'sAMAccountName' for Active Directory
$tlCfg->authentication['ldap_bind_dn'] = 'cn=srvc-ldap, ou=Service-Accounts, ou=companyname, dc=companyname, dc=com:1|0st8$10n1X'; // Left empty for anonymous LDAP binding
$tlCfg->authentication['ldap_bind_passwd'] = ''; // Left empty for anonymous LDAP binding
$tlCfg->authentication['ldap_tls'] = false; // true -> use tls
$tlCfg->authentication['ldap_mail_attribute'] = 'mail'; //
$tlCfg->authentication['ldap_filter'] = 'memberOf: 1.2.840.113556.1.4.1941:=CN=Testlink-WEB-ACL,OU=Security-Groups,OU=companyname,DC=companyname,DC=com';


/** Enable/disable Users to create accounts on login page */
$tlCfg->user_self_signup = TRUE;

/** Validating new user login names */
$tlCfg->validation_cfg->user_login_valid_regex='/^[\w \- .]+$/';

[s_knight]

Hi!

$tlCfg->authentication['ldap_server'] = 'ldap://companyname.com';
change to
$tlCfg->authentication['ldap_server'] = 'companyname.com';
or use IP address.

Could you try it?

[istream]

Hi,
I tried putting only the company name, but did not work. However I am seeing an error in the userlog0.log file (at the end of this post). Following are current settings and error i see in the log file. PS. I am new to LDAP interface, so pls bare with me. Thx.
====================

// ----------------------------------------------------------------------------
// ----------------------------------------------------------------------------
/* [User Authentication] */

/**
* Login authentication method:
* 'MD5' => use password stored on db
* 'LDAP' => use password from LDAP Server
*/
//$tlCfg->authentication['method'] = 'MD5';
$tlCfg->authentication['method'] = 'LDAP';

/** LDAP authentication credentials */
$tlCfg->authentication['ldap_server'] = 'ldap://servername.com';
$tlCfg->authentication['ldap_port'] = '389';
$tlCfg->authentication['ldap_version'] = '3'; // could be '2' in some cases
$tlCfg->authentication['ldap_root_dn'] = 'ou=companyname,dc=companyname,dc=com';
$tlCfg->authentication['ldap_organization'] = ''; // e.g. '(organizationname=*Traffic)'
$tlCfg->authentication['ldap_uid_field'] = 'sAMAccountName'; // Use 'sAMAccountName' for Active Directory
$tlCfg->authentication['ldap_bind_dn'] = 'cn=srvc-ldap, ou=Service-Accounts, ou=companyname, dc=companyname, dc=com:1|0st8$10n1X'; // Left empty for anonymous LDAP binding
$tlCfg->authentication['ldap_bind_passwd'] = ''; // Left empty for anonymous LDAP binding
$tlCfg->authentication['ldap_tls'] = false; // true -> use tls
$tlCfg->authentication['ldap_mail_attribute'] = 'mail';
$tlCfg->authentication['ldap_filter'] = 'memberOf: 1.2.840.113556.1.4.1941:=CN=Testlink-WEB-ACL,OU=Security-Groups,OU=companyname,DC=companyname,DC=com';


/** Enable/disable Users to create accounts on login page */
$tlCfg->user_self_signup = TRUE;

/** Validating new user login names */
$tlCfg->validation_cfg->user_login_valid_regex='/^[\w \- .]+$/';

/**
* Validating user email addresses
* Example of other possibilities:
* <code>
* $regex = "/^[a-z0-9!#$%&'*+\/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+\/=?^_`{|}~-]+)*" .
* "@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?$/i";
* $regex = "/^([\w]+)(.[\w]+)*@([\w-]+\.){1,5}([A-Za-z]){2,4}$/";
* </code>
**/
$tlCfg->validation_cfg->user_email_valid_regex_js = "/^(\w+)([-+.][\w]+)*@(\w[-\w]*\.){1,5}([A-Za-z]){2,4}$/";



****************************************************************



$ sudo tail logs/userlog0.log
ldap_search(): Search: Operations error - in /usr/local/testlink/lib/functions/ldap_api.php - Line 111
[10/Sep/12 18:47:38][WARNING][<nosession>][GUI]
E_WARNING
ldap_get_entries() expects parameter 2 to be resource, boolean given - in /usr/local/testlink/lib/functions/ldap_api.php - Line 112
[10/Sep/12 18:47:38][WARNING][<nosession>][GUI]
E_WARNING
ldap_free_result() expects parameter 1 to be resource, boolean given - in /usr/local/testlink/lib/functions/ldap_api.php - Line 131
[10/Sep/12 18:47:38][AUDIT][<nosession>][GUI]
Login for 'username' from '10.100.13.73' failed

[s_knight]

Oh... yes, I had a same problem in the past and I use following code for LDAP settings testing:

Code: Select all

<?php
// basic sequence with LDAP is connect, bind, search, interpret search
// result, close connection

echo "<h3>LDAP query test</h3>";
echo "Connecting ...";
$ds=ldap_connect("localhost");  // must be a valid LDAP server!
echo "connect result is " . $ds . "<br />";

if ($ds) { 
    echo "Binding ..."; 
    $r=ldap_bind($ds);     // this is an "anonymous" bind, typically
                           // read-only access
    echo "Bind result is " . $r . "<br />";

    echo "Searching for (sn=S*) ...";
    // Search surname entry
    $sr=ldap_search($ds, "o=My Company, c=US", "sn=S*");  
    echo "Search result is " . $sr . "<br />";

    echo "Number of entires returned is " . ldap_count_entries($ds, $sr) . "<br />";

    echo "Getting entries ...<p>";
    $info = ldap_get_entries($ds, $sr);
    echo "Data for " . $info["count"] . " items returned:<p>";

    for ($i=0; $i<$info["count"]; $i++) {
        echo "dn is: " . $info[$i]["dn"] . "<br />";
        echo "first cn entry is: " . $info[$i]["cn"][0] . "<br />";
        echo "first email entry is: " . $info[$i]["mail"][0] . "<br /><hr />";
    }

    echo "Closing connection";
    ldap_close($ds);

} else {
    echo "<h4>Unable to connect to LDAP server</h4>";
}
?>

Try this and if you get any result your settings is ok, if not, then clear all filter and try it step by step.

[istream]

Hi, Get following when i ran the script with proper changes i.e. replaced localhost, my company, and sr values.
===========
LDAP query test

Connecting ...connect result is Resource id #2
Binding ...Bind result is 1
Searching for (sn=S*) ...Search result is
Number of entires returned is
Getting entries ...
Data for items returned:

Closing connection
=================

[istream]

Hi,
Packet Capture, revealed that the bind password was incorrect. Once the password was corrected, things stared to work, as expected.
I really appreciate your help, in getting things moving in the right directions.
Thanks,
istream

[vijithpa]

I Got output like that ....

LDAP query test
Connecting ...connect result is Resource id #4
Binding ...Bind result is
Searching for (sn=S*) ...Search result is Resource id #5
Number of entires returned is 4
Getting entries ...

Data for 4 items returned:

dn is: uid=ajith,ou=people,dc=vmc,dc=com
first cn entry is: Ajith Kumar
first email entry is: ajith.doe@example.com
dn is: uid=abhay,ou=people,dc=vmc,dc=com
first cn entry is: Abhay Kumar
first email entry is: abhay.doe@example.com
dn is: uid=sree,ou=people,dc=vmc,dc=com
first cn entry is: Sree Kumar
first email entry is: sree.doe@example.com
dn is: uid=renjith,ou=people,dc=vmc,dc=com
first cn entry is: Renjith Kumar
first email entry is: renjith.doe@example.com
Closing connection


Then also i got erorrs while login( LDAP server through testlink )

Configuration
"$tlCfg->authentication['method'] = 'LDAP';

/** LDAP authentication credentials */
$tlCfg->authentication['ldap_server'] = '192.168.1.172';
$tlCfg->authentication['ldap_port'] = '389';
$tlCfg->authentication['ldap_version'] = '3'; // could be '2' in some cases
$tlCfg->authentication['ldap_root_dn'] = 'dc=vmc,dc=com';
$tlCfg->authentication['ldap_organization'] = '(organizationname=people)'; // e.g. '(organizationname=*Traffic)'
$tlCfg->authentication['ldap_uid_field'] = 'uid'; // Use 'sAMAccountName' for Active Directory
$tlCfg->authentication['ldap_bind_dn'] = 'cn=admin,ou=people,dc=vmc,dc=com'; // Left empty for anonymous LDAP binding
$tlCfg->authentication['ldap_bind_passwd'] = ''; // Left empty for anonymous LDAP binding
$tlCfg->authentication['ldap_tls'] = false; // true -> use tls
"

Can u pls give some solution?

[edv_harry]

Hello,

you can fix the ldap problem with this steps.

But this is an workaround for this problem.

In the file ldap_api.php you must change
i think its in line 109
$t_connect = ldap_connect_bind();
to
$t_connect = ldap_connect_bind($t_username, $p_password);
the next change is
I think its line 61

this is new
p_binddn = "DomainName\\".$p_binddn;
in front off
$t_br = $bind_method( $t_ds, $p_binddn, $p_password );

best regards
sven

[pharmmed]

I'm a bit confused in regard to LDAP use in testlink overall.

I'd like to set testlink up with our company Active Directory. I'm not sure though if testlink would still require me to manually add all users I want to be using testlink via AD-Login first or if they would be autoomatically created after first login?
Can anyone explain please?

[fman]

you need to create user on TL, there is no automatic creation after login to LDAP