Anonymous | Login | 2024-11-21 11:47 EST |
Main | My View | View Issues | Change Log | Roadmap |
View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
ID | Project | Category | View Status | Date Submitted | Last Update | |||
0001471 | PacketFence | web admin | public | 2012-06-14 20:34 | 2015-02-13 15:26 | |||
Reporter | barryq | |||||||
Assigned To | ||||||||
Priority | normal | Severity | trivial | Reproducibility | always | |||
Status | closed | Resolution | open | |||||
Platform | OS | OS Version | ||||||
Product Version | 3.4.0 | |||||||
Target Version | investigate | Fixed in Version | ||||||
Summary | 0001471: web admin LDAP variables | |||||||
Description | When I start PF it says "Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file" when I look in admin_ldap.conf the variables are: $ldap_host $ldap_port $ldap_bind_dn $ldap_bind_pwd $ldap_user_base etc. The output and the sample don't match. One uses "_" and the other uses "-". Also the variable in admin_ldap.conf says ldap_host and the output from the startup shows ldap-server. The FAQ just refers me to admin_ldap.conf Just curious what the correct set of variables should be. | |||||||
Tags | No tags attached. | |||||||
fixed in git revision | ||||||||
fixed in mtn revision | ||||||||
Attached Files | ||||||||
Notes | |
(0002803) obilodeau (reporter) 2012-06-15 15:21 |
Stick to whatever is in conf/admin_ldap.conf. I don't think I've ever seen the string you are talking about.. I quickly grepped our source code trying to find it and couldn't find anything.. $ grep -rn "Not searching LDAP" /usr/local/pf/ Could it be FreeRADIUS that is complaining? Can you give me more context please. Thanks |
(0002804) barryq (reporter) 2012-06-15 16:25 |
When starting packetfence I get the following output: Checking configuration sanity... service|command config files|start iptables|start named|start Internet Systems Consortium DHCP Server 4.1.1-P1 Copyright 2004-2010 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ [^] Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file Wrote 41 leases to leases file. Listening on LPF/eth1/00:50:56:8b:00:94/192.168.20.0/24 Sending on LPF/eth1/00:50:56:8b:00:94/192.168.20.0/24 Listening on LPF/eth0/00:50:56:8b:00:92/192.168.11.0/24 Sending on LPF/eth0/00:50:56:8b:00:92/192.168.11.0/24 Sending on Socket/fallback/fallback-net dhcpd|start radiusd|start httpd|start snmptrapd|start pfsetvlan|start pfdhcplistener|start pfmon|start You can see the "not searching" message in the output. You did give me a good idea. I did a grep -r for "ldap_bind_dn" and it shows up in html/admin/login.php. That at least answers the question of what the variable should be. There is a post on the mailing list right now titled "LDAP Question" with the same error and he seems to have gotten past it. It seems to me that I've done everything correct, but just can't get LDAP working or that message to go away. Also another thing that is a bit odd, today when I put admin_ldap.conf in place, after I login in. All I get back is a blank page. The URL is https://packetfence:1443/login.php?p=/status/dashboard.php [^] And there are no log entries in packetfence.log about admin login event failed or otherwise. |
(0002805) barryq (reporter) 2012-06-15 16:31 |
So I just solved the blank page issue. There was a typo in admin_ldap.conf I didn't catch. |
(0002806) barryq (reporter) 2012-06-15 17:02 |
So... my brain isn't fully functional today. I think you are right. That "Not Searching" message is coming from DHCP and on PF. Although I see a lot of people on the mail list say that message comes from PF. I had a moment of brain function and looked in admin_error.log and here is the problem: [Fri Jun 15 13:33:41 2012] [error] [client 10.247.169.162] PHP Warning: ldap_search(): Search: Operations error in /usr/local/pf/html/admin/login.php on line 123, referer: https://packetfence.chico.sungardps.lcl:1443/login.php?p=/status/dashboard.php [^] [Fri Jun 15 13:33:41 2012] [error] [client 10.247.169.162] PHP Warning: ldap_get_entries() expects parameter 2 to be resource, boolean given in /usr/local/pf/html/admin/login.php on line 124, referer: https://packetfence.chico.sungardps.lcl:1443/login.php?p=/status/dashboard.php [^] Here is the block of code in question: # Here we look only into one DN ($ldap_user_base) $result = ldap_search($ldap, $ldap_user_base, $filter, array("dn")); $info = ldap_get_entries($ldap, $result); if (!$result) { $logger->info("LDAP query failed, check your settings"); return false; } I'm going to continue to look into it, but any quick suggestions? |
(0002810) obilodeau (reporter) 2012-06-18 09:02 |
What are your ldap parameters? The important error is 'Search: Operations error'. The search is failing. Try your search parameters with (all one line): ldapsearch -x -b <LDAPUserBase> -h <LDAPServer> -W -D <LDAPBindDN> <LDAPUserKey>=username dn You will need the openldap-clients package installed. |
(0002814) barryq (reporter) 2012-06-18 16:27 |
I got there eventually. The real problem I found ( after getting rid of all the user error ) was the LDAP search was not executing a search with the correct scope. It was only searching at the level specified by ldap_bind_base. According to php.net the default should be LDAP_SCOPE_SUBTREE. Did you by chance override that setting somewhere? One minor note: there is a small error in the code: $result = ldap_search($ldap, $ldap_user_base, $filter, array("dn")); $info = ldap_get_entries($ldap, $result); if (!$result) { $logger->info("LDAP query failed, check your settings"); return false; } It's slightly out of order. The error handling on $result should take place before you try and use it in the ldap_get_entries function... like so: $result = ldap_search($ldap, $ldap_user_base, $filter, array("dn")); if (!$result) { $logger->info("LDAP query failed, check your settings"); return false; } $info = ldap_get_entries($ldap, $result); Not a big deal but that was were "PHP Warning: ldap_get_entries() expects parameter 2 to be resource" was coming from. |
(0003115) fgaudreault (viewer) 2012-10-09 09:26 |
Another customer had the same issue, I had him remove comments on line 108/109 and it worked. |
(0003697) lmunro (administrator) 2015-02-13 15:26 |
Old issues. Most are not relevant to PF 4 and up. Let's reopen the ones that matter when we move to github. |
Issue History | |||
Date Modified | Username | Field | Change |
2012-06-14 20:34 | barryq | New Issue | |
2012-06-15 15:19 | obilodeau | Status | new => assigned |
2012-06-15 15:19 | obilodeau | Assigned To | => obilodeau |
2012-06-15 15:21 | obilodeau | Note Added: 0002803 | |
2012-06-15 16:25 | barryq | Note Added: 0002804 | |
2012-06-15 16:31 | barryq | Note Added: 0002805 | |
2012-06-15 17:02 | barryq | Note Added: 0002806 | |
2012-06-18 09:02 | obilodeau | Note Added: 0002810 | |
2012-06-18 16:27 | barryq | Note Added: 0002814 | |
2012-10-09 09:26 | fgaudreault | Note Added: 0003115 | |
2012-10-19 13:43 | fgaudreault | Assigned To | obilodeau => |
2012-10-19 13:43 | fgaudreault | Target Version | => investigate |
2015-02-13 15:26 | lmunro | Note Added: 0003697 | |
2015-02-13 15:26 | lmunro | Status | assigned => closed |
Copyright © 2000 - 2012 MantisBT Group |