Hi Luckmore, After tracing through the code a bit, it looks like your authentication must work correctly, and then the problem is encountered after it redirects you back to the site after setting an authentication cookie. It looks like the user set in the authentication cookie must be "[email protected]". However, the code is expceting the part after the '@' to be a VCL affiliation name, rather than a domain name. I'm not sure if it is documented anywhere or not, but affiliation names cannot contain '.' characters. Is the affiliation.name in your database set to 'domain.ac.bw' for id 6? If so, try changing it to something without any '.' characters in it.
Let us know if that fixes the problem. Josh On Tuesday, September 22, 2020 12:50:13 PM EDT L Chirongo wrote: > Hi Josh, > > I enabled logging and below is the part from /var/log/messages when I was > attempting to do the domain login in VCL: > > Sep 22 17:43:09 mgt systemd-logind: New session 4 of user root. > Sep 22 17:43:10 mgt dbus[764]: [system] Activating service > name='org.freedesktop.problems' (using servicehelper) > Sep 22 17:43:10 mgt dbus[764]: [system] Successfully activated service > 'org.freedesktop.problems' > Sep 22 17:45:24 mgt httpd: ERROR(1): Failed to get user info from database. > userid was [email protected]#012Mode was > main#012#012#012Backtrace:#012=-=-=-=-=-=-=-=-=-=-=-=#012Call#:1 => > index.php:initGlobals() (line#:60)#012#012Backtrace with > Arguments:#012=-=-=-=-=-=-=-=-=-=-=-=#012Call#:1 => index.php:initGlobals() > (line#:60)#012Arguments(none):#012----------------------- > Sep 22 17:47:25 mgt httpd: PHP Fatal error: Call to undefined function > getFooter() in /var/www/html/vcl-2.5.1/.ht-inc/utils.php on line 14234 > > I noticed *generic.php* successfully binds and the user variable contains > only the userid with no suffix. Is there a way to remove the domain suffix > from the userid being sent in VCL? > > I tried to remove the suffix by changing conf.php to read *userid => "%s",* > but the suffix is still being sent as seen in /var/log/messages > > Regards, > Luckmore Chirongo > > On Tue, Sep 22, 2020 at 3:45 PM L Chirongo <[email protected]> wrote: > > Hi Josh, > > > > Thanks for your response. > > > > Yes, I have an affiliation with ID 6 in the affiliation table. I will go > > ahead and enable the logging as you advised. > > > > Regards, > > Luckmore Chirongo > > > > On Tue, 22 Sep 2020, 15:06 Josh Thompson, <[email protected]> wrote: > >> Hi Luckmore, > >> > >> Welcome to the VCL community! Thanks for your interest in using VCL. > >> > >> It sounds like your LDAP configuration is mostly correct. You have > >> affiliationid set to 6 for your "BU LDAP" entry. Do you have an entry in > >> your > >> affiliation table with and id of 6? I'd recommend enabling php error > >> logging > >> so that you can see what error is being hit a little more clearly. I'd > >> recommend modifying /etc/php.ini and configuring it to log to syslog. > >> You'll > >> also need to ensure log_errors is set to On. > >> > >> log_errors = On > >> error_log = syslog > >> > >> You can also configure it to log to a file, but getting the permissions > >> correct for that to work can be tricky. The file has to be owned by the > >> same > >> user that httpd runs as. > >> > >> After modifying php.ini, you'll need to restart httpd. Once you have > >> logging > >> enabled, try logging in with LDAP again and see if you see more > >> information > >> about the error in /var/log/messages. > >> > >> Let us know how it goes. > >> > >> Josh > >> > >> On Monday, September 21, 2020 4:47:23 PM EDT L Chirongo wrote: > >> > Hello, > >> > > >> > I have set up LDAPS on my Active directory to authenticate VCL using a > >> > self-signed wildcard certificate. Running *generic.php* is successful, > >> > giving a *Binding successful* message. > >> > > >> > Also, running *openssl s_client -showcerts -CAfile > >> > /etc/pki/tls/certs/ca-bundle.crt -connect ad1.domain.ac.bw:636 > >> > <http://ad1.domain.ac.bw:636>* gives a *“Verify return code: 0 (ok)”* > >> > message. > >> > > >> > However when I try to authenticate using LDAP in VCL I get Error: An > >> > >> error > >> > >> > has occurred. If this problem persists, please email... > >> > > >> > Attached are configured parts of my generic.php, conf.php and > >> > >> ldapauth.php > >> > >> > files. > >> > > >> > Thanks in advance for assistance. > >> > > >> > Regards, > >> > Luckmore Chirongo > >> > >> -- > >> ------------------------------- > >> Josh Thompson > >> Systems Programmer > >> Virtual Computing Lab (VCL) > >> North Carolina State University > >> > >> [email protected] > >> 919-515-5323 > >> > >> my GPG/PGP key can be found on pool.sks-keyservers.net > >> > >> All electronic mail messages in connection with State business which > >> are sent to or received by this account are subject to the NC Public > >> Records Law and may be disclosed to third parties. -- ------------------------------- Josh Thompson Systems Programmer Virtual Computing Lab (VCL) North Carolina State University [email protected] 919-515-5323 my GPG/PGP key can be found on pool.sks-keyservers.net All electronic mail messages in connection with State business which are sent to or received by this account are subject to the NC Public Records Law and may be disclosed to third parties.
signature.asc
Description: This is a digitally signed message part.
