Hi Josh, I enabled logging and below is the part from /var/log/messages when I was attempting to do the domain login in VCL:
Sep 22 17:43:09 mgt systemd-logind: New session 4 of user root. Sep 22 17:43:10 mgt dbus[764]: [system] Activating service name='org.freedesktop.problems' (using servicehelper) Sep 22 17:43:10 mgt dbus[764]: [system] Successfully activated service 'org.freedesktop.problems' Sep 22 17:45:24 mgt httpd: ERROR(1): Failed to get user info from database. userid was [email protected]#012Mode was main#012#012#012Backtrace:#012=-=-=-=-=-=-=-=-=-=-=-=#012Call#:1 => index.php:initGlobals() (line#:60)#012#012Backtrace with Arguments:#012=-=-=-=-=-=-=-=-=-=-=-=#012Call#:1 => index.php:initGlobals() (line#:60)#012Arguments(none):#012----------------------- Sep 22 17:47:25 mgt httpd: PHP Fatal error: Call to undefined function getFooter() in /var/www/html/vcl-2.5.1/.ht-inc/utils.php on line 14234 I noticed *generic.php* successfully binds and the user variable contains only the userid with no suffix. Is there a way to remove the domain suffix from the userid being sent in VCL? I tried to remove the suffix by changing conf.php to read *userid => "%s",* but the suffix is still being sent as seen in /var/log/messages Regards, Luckmore Chirongo On Tue, Sep 22, 2020 at 3:45 PM L Chirongo <[email protected]> wrote: > Hi Josh, > > Thanks for your response. > > Yes, I have an affiliation with ID 6 in the affiliation table. I will go > ahead and enable the logging as you advised. > > Regards, > Luckmore Chirongo > > > > > > On Tue, 22 Sep 2020, 15:06 Josh Thompson, <[email protected]> wrote: > >> Hi Luckmore, >> >> Welcome to the VCL community! Thanks for your interest in using VCL. >> >> It sounds like your LDAP configuration is mostly correct. You have >> affiliationid set to 6 for your "BU LDAP" entry. Do you have an entry in >> your >> affiliation table with and id of 6? I'd recommend enabling php error >> logging >> so that you can see what error is being hit a little more clearly. I'd >> recommend modifying /etc/php.ini and configuring it to log to syslog. >> You'll >> also need to ensure log_errors is set to On. >> >> log_errors = On >> error_log = syslog >> >> You can also configure it to log to a file, but getting the permissions >> correct for that to work can be tricky. The file has to be owned by the >> same >> user that httpd runs as. >> >> After modifying php.ini, you'll need to restart httpd. Once you have >> logging >> enabled, try logging in with LDAP again and see if you see more >> information >> about the error in /var/log/messages. >> >> Let us know how it goes. >> >> Josh >> >> On Monday, September 21, 2020 4:47:23 PM EDT L Chirongo wrote: >> > Hello, >> > >> > I have set up LDAPS on my Active directory to authenticate VCL using a >> > self-signed wildcard certificate. Running *generic.php* is successful, >> > giving a *Binding successful* message. >> > >> > Also, running *openssl s_client -showcerts -CAfile >> > /etc/pki/tls/certs/ca-bundle.crt -connect ad1.domain.ac.bw:636 >> > <http://ad1.domain.ac.bw:636>* gives a *“Verify return code: 0 (ok)”* >> > message. >> > >> > However when I try to authenticate using LDAP in VCL I get Error: An >> error >> > has occurred. If this problem persists, please email... >> > >> > Attached are configured parts of my generic.php, conf.php and >> ldapauth.php >> > files. >> > >> > Thanks in advance for assistance. >> > >> > Regards, >> > Luckmore Chirongo >> -- >> ------------------------------- >> Josh Thompson >> Systems Programmer >> Virtual Computing Lab (VCL) >> North Carolina State University >> >> [email protected] >> 919-515-5323 >> >> my GPG/PGP key can be found on pool.sks-keyservers.net >> >> All electronic mail messages in connection with State business which >> are sent to or received by this account are subject to the NC Public >> Records Law and may be disclosed to third parties. > >
