2016-07-24 16:03 GMT+02:00 Nicolas Pecheux <[email protected]>: > Hi Clement,
Hi Nicolas, first, your mail was moderated because you did not regsiter to the list. Please register here: http://lists.ltb-project.org/listinfo/ltb-users > > I've been trying to use SSP (version 0.9) on a CentOS Linux release 7.2.1511 > (Core), without success. > I've read the forums and done some troubleshooting on my install but I can't > figure out what is wrong. Many values have been tested out, but here is the > current config (AD credentials are right, it is working with other > servers/softwares): > > config.inc.php > > # LDAP > $ldap_url = "ldap://192.168.60.60:389";; > $ldap_starttls = false; > $ldap_binddn = "CN=Administrator,CN=Users,DC=obs,DC=lab"; > $ldap_bindpw = "XXXXX"; > $ldap_base = "DC=obs,DC=lab"; > $ldap_login_attribute = "sAMAccountName"; > #$ldap_login_attribute = "uid"; > $ldap_fullname_attribute = "cn"; > $ldap_filter = "(&(objectClass=person)($ldap_login_attribute={login}))"; > #$ldap_filter = "(&(objectClass=person)(uid={login}))"; > > # Active Directory mode > # true: use unicodePwd as password field > # false: LDAPv3 standard behavior > $ad_mode = true; > # Force account unlock when password is changed > $ad_options['force_unlock'] = true; > # Force user change password at next login > $ad_options['force_pwd_change'] = false; > # Allow user with expired password to change password > $ad_options['change_expired_password'] = true; > > > cat /var/log/apache2/ssp_error.log > > [Sun Jul 24 14:41:46.459734 2016] [:error] [pid 2590] [client > 192.168.101.100:20497] PHP Warning: ldap_bind(): Unable to bind to server: > Can't contact LDAP server in > /usr/local/self-service-password/ltb-project-self-service-password-0.9/pages/change.php > on line 93, referer: http://192.168.60.62/index.php > [Sun Jul 24 14:41:46.459848 2016] [:error] [pid 2590] [client > 192.168.101.100:20497] LDAP - Bind error -1 (Can't contact LDAP server), > referer: http://192.168.60.62/index.php > > change.php > > # Check old password > #============================================================================== > if ( $result === "" ) { > > # Connect to LDAP > $ldap = ldap_connect($ldap_url); > ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); > ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); > if ( $ldap_starttls && !ldap_start_tls($ldap) ) { > $result = "ldaperror"; > error_log("LDAP - Unable to use StartTLS"); > } else { > > # Bind > if ( isset($ldap_binddn) && isset($ldap_bindpw) ) { > LINE93--> $bind = ldap_bind($ldap, $ldap_binddn, $ldap_bindpw); > } else { > $bind = ldap_bind($ldap); > } > > Any idea what I am doing wrong? If you could help that'd be great! First, be sure you don't have any firewall rule between your server and AD. Try to connect with ldapsearch for example. Then check that SELinux is not preventing Apache to contact LDAP server. Clément. _______________________________________________ ltb-users mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-users
