[Bug 18947] New: Active Directory LDAP authentication broken

classic Classic list List threaded Threaded
36 messages Options
12
Reply | Threaded
Open this post in threaded view
|

[Bug 18947] Unexpected Active Directory LDAP authentication failure mode

bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18947

--- Comment #22 from [hidden email] ---
Yep, no problem with searching even for other users:

ou=Profesores,~ > grep cn=Profesor
CN=Profesor,OU=Profesores,DC=aulas,DC=campus,DC=local
ou=Profesores,~ >

I'm even more concerned about the impossibility of login for local koha users
or even cached credentials.

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18947] Unexpected Active Directory LDAP authentication failure mode

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18947

--- Comment #23 from Nick Clemens <[hidden email]> ---
(In reply to jesus from comment #22)
> Yep, no problem with searching even for other users:
>
> ou=Profesores,~ > grep cn=Profesor
> CN=Profesor,OU=Profesores,DC=aulas,DC=campus,DC=local
> ou=Profesores,~ >
>
> I'm even more concerned about the impossibility of login for local koha
> users or even cached credentials.

Are you still experiencing issues? So far all cases we have seen have been
remedied by adding <anonymous_bind>0</anonymous_bind> and restarting memcached
and apache

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18947] Unexpected Active Directory LDAP authentication failure mode

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18947

--- Comment #24 from [hidden email] ---
Yes, I'm still experiencing this issue.

You can see my configuration above with <anonymous_bind>0</anonymous_bind> and
I have restarted the server several times.

This is my test server before upgrading the production one, so I am free to
debug in whatever way you may further consider.

User and password check ok with shelldap, but I still get auth rejected error
when trying to access the OPAC:

[Thu Oct 11 10:53:42.471369 2018] [cgi:error] [pid 1611] [client
192.168.222.176:50338] AH01215: [Thu Oct 11 10:53:42 2018] opac-user.pl: LDAP
Auth rejected : search with filter '(cn=biblio)' returns no hit:
/usr/share/koha/opac/cgi-bin/opac/opac-user.pl, referer:
http://campus.koha.somedomain.es/

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18947] Unexpected Active Directory LDAP authentication failure mode

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18947

--- Comment #25 from [hidden email] ---
Still not working in 18.05.05-1

Martin, any idea on this?

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18947] Unexpected Active Directory LDAP authentication failure mode

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18947

Victor Grousset/tuxayo <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |[hidden email]
                   |                            |m

--- Comment #26 from Victor Grousset/tuxayo <[hidden email]> ---
Hi, we got the error at /usr/share/koha/lib/C4/Auth_with_ldap.pm line 101
on two instances when updating from 17.11.06 to 17.11.09
And <anonymous_bind>0</anonymous_bind> worked
(with a restart of memcached and starman/plack)

Here is the rest of the config if that can help those for which anonymous_bind
isn't enough.


 <ldapserver id="SOME_ID">
      <hostname>ldaps://SOME_IP_ADDR</hostname>
      <user>CN=FOOBAR,OU=FOOBAR,OU=FOOBAR,DC=FOOBAR,DC=FOOBAR</user>
      <pass>FOOBAR</pass>
      <base>ou=FOOBAR,ou=FOOBAR,dc=FOOBAR,dc=FOOBAR</base>
      <principal_name>cn=%s,
ou=FOOBAR,ou=FOOBAR,dc=FOOBAR,dc=FOOBAR</principal_name>
      <update>1</update>
      <replicate>1</replicate>
      <anonymous>0</anonymous>
      <auth_by_bind>0</auth_by_bind>
      <anonymous_bind>0</anonymous_bind>
      <mapping>
         <firstname    is="givenName"           ></firstname>
         <surname      is="sn"                  ></surname>
         [...]
      </mapping>
 </ldapserver>

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18947] Unexpected Active Directory LDAP authentication failure mode

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18947

--- Comment #27 from [hidden email] ---
Thanks Victor,

<auth_by_bind>0</auth_by_bind> did the trick for me...

I discovered that I also had problems with the user I was testing with: Despite
being active and able to browse the directory with shelldap, it wouldn't be
able to login successfully to koha. Deleting the user and creating it again
cleared the error for me.

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
12