Open-AudIT

What's on your network?
It is currently Sun Jan 21, 2018 2:57 am

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 6 posts ] 
Author Message
PostPosted: Wed Apr 08, 2009 10:57 am 
Offline
Contributor

Joined: Fri Jul 04, 2008 6:46 am
Posts: 153
Location: USA - WI
I was testing out the latest svn realease today and had a really tough time trying to get the LDAP logins working correctly. I tried it in Firefox 3, IE6, and IE7 and I had the same issue in all of them. Perhaps I'm not doing something currectly. These are the steps I'm taking ...

1. I use "New Connection" in the LDAP config section in the Admin Config area.
2. Fill in all the details (server name, user name, password)
3. Do a test connection and the bind is successful (However, the DNS suffix and naming context are blank on the test)

Code:
Server connection successful
Default Naming Context:
User DNS Suffix:
LDAP bind successful


4. Save the connection and it shows up on my list (How do I name the connection?)
5. I hover over the connection and select to add a path (Is this supposed to be an "ldap://mydomain.com" style or "DC=mydomain,DC=COM" style?).
6. I fill in the path and save it...but it never saves.

I can inspect the ldap_paths table using phpmyadmin and it's empty like it never saved. I can manually create the path entry in that table and associate it with the connection ID number from the ldap_connections table and then the path and connection at least show up correctly in the admin config area. However, if I try to use this connection for authentication my logins keep failing.

I've tried this on a fresh install with a fresh db. I'll probably keep plugging away at it to see if I can find what's causing it.

Anyone have any ideas though?

_________________
OA Server: Debian Squeeze w/ Apache2
Auditing: 700 Workstations, 250 or so Retail Terminals, about 75 Servers
OS's: Windows XP/2003/2008/2008 R2/Vista/7, Debian
LDAP: Active Directory 2008 R2


Top
 Profile  
Reply with quote  
PostPosted: Sun Apr 26, 2009 6:16 am 
Offline
Newbie

Joined: Sat Apr 25, 2009 8:14 am
Posts: 2
I've been having very similar problems.

Yesterday I was unable to authenticate to test the connection. I came in today and the server was frozen so I rebooted. Now I'm able to test and save the connection, but unable to add any paths.

I am also unsure of what the paths should look like.


Top
 Profile  
Reply with quote  
PostPosted: Sun Apr 26, 2009 6:19 pm 
Offline
Contributor

Joined: Fri Jul 28, 2006 6:30 am
Posts: 157
Location: London
Chad wrote:
4. Save the connection and it shows up on my list (How do I name the connection?)
5. I hover over the connection and select to add a path (Is this supposed to be an "ldap://mydomain.com" style or "DC=mydomain,DC=COM" style?).


Re. 4, You don't name the connection it should use the NetBIOS name of your AD domain.
Re. 5, use "DC=mydomain,DC=COM"

Given that your DNS suffix and naming context are blank on the test, then it looks like an issue retrieving the info from RootDSE. When I get a minute I'll see if I can add some code to handle/diagnose this error more elegantly.

_________________
Cheers, Nick.

OA Server: Windows Server 2003 / Apache 2
Auditing: 1600 Workstations, 200 Servers
OS's: Windows XP / Windows 2000 / Windows 2003 Server / Windows Vista
LDAP: Active Directory


Top
 Profile  
Reply with quote  
PostPosted: Wed Apr 29, 2009 4:11 am 
Offline
Newbie

Joined: Sat Apr 25, 2009 8:14 am
Posts: 2
I had been using openaudit on a fedora 9.
Today I installed ubuntu 9.04, mysql, php, and openaudit.
I can't say with any certainty what the problem was inside of fedora. But I am guessing it was related to the ldap.so extension not being loaded into php

I am now able to authenticate through the active directory server.


Top
 Profile  
Reply with quote  
PostPosted: Sun May 31, 2009 10:05 pm 
Offline
Contributor

Joined: Fri Jul 04, 2008 6:46 am
Posts: 153
Location: USA - WI
Interesting....well, my ldap extension seems to be loading OK, or at least PHP thinks so. I narrowed the issue down to the following line in the GetDefaultNC function.

Code:
$sr = ldap_read($ldap,null,"(defaultnamingcontext=*)",array("defaultnamingcontext"));


That causes ldap to return an error of "Operations error". However, I can craft a RootDSE query using openldap utilities and it returns the results fine. It's odd because if I put in the code to do a bind before that line of code, then I don't get the "Operations error" anymore, but it still doesn't return any info. Maybe I'll throw together a different linux box to install OA on to see if the same thing happens, because it works fine from an XAMPP on Windows XP setup.

_________________
OA Server: Debian Squeeze w/ Apache2
Auditing: 700 Workstations, 250 or so Retail Terminals, about 75 Servers
OS's: Windows XP/2003/2008/2008 R2/Vista/7, Debian
LDAP: Active Directory 2008 R2


Top
 Profile  
Reply with quote  
PostPosted: Tue Feb 15, 2011 12:04 am 
Offline
Newbie

Joined: Mon Feb 14, 2011 11:51 pm
Posts: 1
We're using Open-AudIT on CentOS 5.2 and had the same Problem. Today, after spending a lot of time in it, I was able to solve this. Maybe this will help you, too:
Go to /etc/openldap/ldap.conf and comment out the BASE-Line. That's it.
Found via http://bugs.php.net/bug.php?id=29587


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 6 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group