LDAP issues (not getting any error output)

[gcomeau]

I am currently trying to get LDAPS working between our testlink application and our active directory DC. I am having some troubles getting either LDAP or LDAPS working based on the sample configuration provided in the read me.

Below is my configuration:

Code: Select all

$tlCfg->authentication['method'] = 'LDAP';

$tlCfg->authentication['ldap'] = array();
$tlCfg->authentication['ldap'][1]['ldap_server'] = 'dc.example.com';
$tlCfg->authentication['ldap'][1]['ldap_port'] = '389';
$tlCfg->authentication['ldap'][1]['ldap_version'] = '3'; // could be '2' in some cases
$tlCfg->authentication['ldap'][1]['ldap_root_dn'] = 'OU=Domain Users,OU=test,DC=example,DC=com';
$tlCfg->authentication['ldap'][1]['ldap_bind_dn'] = 'CN=svcTEST, OU=OrgUnit, DC=example, DC=com'; // Left empty for anonymous LDAP binding
$tlCfg->authentication['ldap'][1]['ldap_bind_passwd'] = 'xxxxxxxxxxxxxx'; // Left empty for anonymous LDAP binding
$tlCfg->authentication['ldap'][1]['ldap_tls'] = false; // true -> use tls

// Following configuration parameters are used to build 
// ldap filter and ldap attributes used by ldap_search()
//
// filter => "(&$t_ldap_organization($t_ldap_uid_field=$t_username))";
// attributess => array( $t_ldap_uid_field, 'dn' );
// 
// This can be used to manage situation like explained on post on forum:
// ActiveDirectory + users in AD group
// 
// $tlCfg->authentication['ldap'][1]['ldap_organization'] = ''; // e.g. '(organizationname=*Traffic)'
$tlCfg->authentication['ldap'][1]['ldap_uid_field'] = 'sAMAccountName'; // Use 'sAMAccountName' for Active Directory

// Configure following fields in custom_config.inc.php according your configuration
/*$tlCfg->authentication['ldap'][1]['ldap_email_field'] = 'mail';
$tlCfg->authentication['ldap'][1]['ldap_firstname_field'] = 'givenname';
$tlCfg->authentication['ldap'][1]['ldap_surname_field'] = 'sn';
*/

// Follows Mantisbt idea.
// True if user does not exist on DB, but can be get from LDAP, 
// the user will be created AUTOMATICALLY with default user role.
// Create user with following data from LDAP
// mail
// name
// surname
$tlCfg->authentication['ldap_automatic_user_creation'] = false;

The odd thing is, that when I use ldapsearch from my centos box where testlink is setup and try to connect to the active directory dc, I am receiving valid credentials from the dc.

Code: Select all

ldapsearch -x -LLL -p 389 -h dc1.example.com -D svcTest -w xxxxxxxxxxxxx -b "OU=Domain Users,OU=test,DC=example,DC=com" 

I am getting all the active directory accounts from the OU that I want, as an example:

Code: Select all

dn: CN=Gil Tea,OU=Retired,OU=Robotics,OU=Domain Users,OU=TEST,
 DC=example,DC=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Gil Tea
sn: Tea
title: Electrical Engineer
description: Robotics
facsimileTelephoneNumber: +9999999999
givenName: Gil

I am not getting any of value out of the testlink, nginx, php-fpm error logs. I have been trying to capture packets to the ports but still have not be able to debug the issue yet. If someone could point me in the right direction, it would be apprecicated.

[gcomeau]

So the setup only works properly if:
$tlCfg->authentication['ldap_automatic_user_creation'] = false;

Is set to:
$tlCfg->authentication['ldap_automatic_user_creation'] = true;

Not sure why this is the case? Can this be set up without the flag enabled?

[fman]

Hmm, very strange I'm going to check what control is failing.
Things have to work no matter this attribute value