|
Notes |
|
|
|
Stick to whatever is in conf/admin_ldap.conf.
I don't think I've ever seen the string you are talking about.. I quickly grepped our source code trying to find it and couldn't find anything..
$ grep -rn "Not searching LDAP" /usr/local/pf/
Could it be FreeRADIUS that is complaining? Can you give me more context please.
Thanks |
|
|
|
(0002804)
|
|
barryq
|
|
2012-06-15 16:25
|
|
When starting packetfence I get the following output:
Checking configuration sanity...
service|command
config files|start
iptables|start
named|start
Internet Systems Consortium DHCP Server 4.1.1-P1
Copyright 2004-2010 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/ [^]
Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file
Wrote 41 leases to leases file.
Listening on LPF/eth1/00:50:56:8b:00:94/192.168.20.0/24
Sending on LPF/eth1/00:50:56:8b:00:94/192.168.20.0/24
Listening on LPF/eth0/00:50:56:8b:00:92/192.168.11.0/24
Sending on LPF/eth0/00:50:56:8b:00:92/192.168.11.0/24
Sending on Socket/fallback/fallback-net
dhcpd|start
radiusd|start
httpd|start
snmptrapd|start
pfsetvlan|start
pfdhcplistener|start
pfmon|start
You can see the "not searching" message in the output. You did give me a good idea. I did a grep -r for "ldap_bind_dn" and it shows up in html/admin/login.php. That at least answers the question of what the variable should be.
There is a post on the mailing list right now titled "LDAP Question" with the same error and he seems to have gotten past it. It seems to me that I've done everything correct, but just can't get LDAP working or that message to go away.
Also another thing that is a bit odd, today when I put admin_ldap.conf in place, after I login in. All I get back is a blank page.
The URL is https://packetfence:1443/login.php?p=/status/dashboard.php [^]
And there are no log entries in packetfence.log about admin login event failed or otherwise. |
|
|
|
(0002805)
|
|
barryq
|
|
2012-06-15 16:31
|
|
|
So I just solved the blank page issue. There was a typo in admin_ldap.conf I didn't catch. |
|
|
|
(0002806)
|
|
barryq
|
|
2012-06-15 17:02
|
|
So... my brain isn't fully functional today.
I think you are right. That "Not Searching" message is coming from DHCP and on PF. Although I see a lot of people on the mail list say that message comes from PF.
I had a moment of brain function and looked in admin_error.log and here is the problem:
[Fri Jun 15 13:33:41 2012] [error] [client 10.247.169.162] PHP Warning: ldap_search(): Search: Operations error in /usr/local/pf/html/admin/login.php on line 123, referer: https://packetfence.chico.sungardps.lcl:1443/login.php?p=/status/dashboard.php [^]
[Fri Jun 15 13:33:41 2012] [error] [client 10.247.169.162] PHP Warning: ldap_get_entries() expects parameter 2 to be resource, boolean given in /usr/local/pf/html/admin/login.php on line 124, referer: https://packetfence.chico.sungardps.lcl:1443/login.php?p=/status/dashboard.php [^]
Here is the block of code in question:
# Here we look only into one DN ($ldap_user_base)
$result = ldap_search($ldap, $ldap_user_base, $filter, array("dn"));
$info = ldap_get_entries($ldap, $result);
if (!$result) {
$logger->info("LDAP query failed, check your settings");
return false;
}
I'm going to continue to look into it, but any quick suggestions? |
|
|
|
|
What are your ldap parameters? The important error is 'Search: Operations error'. The search is failing.
Try your search parameters with (all one line):
ldapsearch -x -b <LDAPUserBase> -h <LDAPServer> -W -D <LDAPBindDN> <LDAPUserKey>=username dn
You will need the openldap-clients package installed. |
|
|
|
(0002814)
|
|
barryq
|
|
2012-06-18 16:27
|
|
I got there eventually. The real problem I found ( after getting rid of all the user error ) was the LDAP search was not executing a search with the correct scope. It was only searching at the level specified by ldap_bind_base. According to php.net the default should be LDAP_SCOPE_SUBTREE. Did you by chance override that setting somewhere?
One minor note: there is a small error in the code:
$result = ldap_search($ldap, $ldap_user_base, $filter, array("dn"));
$info = ldap_get_entries($ldap, $result);
if (!$result) {
$logger->info("LDAP query failed, check your settings");
return false;
}
It's slightly out of order. The error handling on $result should take place before you try and use it in the ldap_get_entries function... like so:
$result = ldap_search($ldap, $ldap_user_base, $filter, array("dn"));
if (!$result) {
$logger->info("LDAP query failed, check your settings");
return false;
}
$info = ldap_get_entries($ldap, $result);
Not a big deal but that was were "PHP Warning: ldap_get_entries() expects parameter 2 to be resource" was coming from. |
|
|
|
(0003115)
|
|
fgaudreault
|
|
2012-10-09 09:26
|
|
|
Another customer had the same issue, I had him remove comments on line 108/109 and it worked. |
|
|
|
(0003697)
|
|
lmunro
|
|
2015-02-13 15:26
|
|
Old issues.
Most are not relevant to PF 4 and up.
Let's reopen the ones that matter when we move to github. |
|