Registrations to Open-AudIT forums are now closed. To ask any new questions please visit Opmantek Community Questions.

Open-AudIT

What's on your network?
It is currently Tue Mar 19, 2024 6:43 pm

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 7 posts ] 
Author Message
 Post subject: LDAP Setup duplicity
PostPosted: Mon Oct 15, 2012 5:33 pm 
Offline
Newbie

Joined: Tue Sep 25, 2012 5:52 am
Posts: 32
Hello,

im having troubles to setup the LDAP. When i create/save it, to edit the settings again, im getting blank details. I have to very carefully hover over the LDAP icon, to "find" the proper one which shows the details previously filled. Not sure how to explain it more cleraly. It seems that there is more then one connection inside the LDAP icon created.

When i setup the LDAP, and hover over the icon to click Edit, sometimes im getting empty fields, sometimes the actual filled fields..here is the log line, where im trying to edit the LDAP settings and getting ldap_connection_id=
GET http://172.16.0.128/oa-trunk/admin_conf ... ection_id= [HTTP/1.1 200 OK 100ms]

and here is the log line, where i actually see the input data for connection, where ldap_connection_id=6
GET http://172.16.0.128/oa-trunk/admin_conf ... hp?sub=f5&ldap_connection_id=6 [HTTP/1.1 200 OK 150ms]

Does anybody know why and how to fix it?

Thank you.

Ivan


Top
 Profile  
Reply with quote  
 Post subject: Re: LDAP Setup duplicity
PostPosted: Wed Oct 17, 2012 2:04 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1259
As with your audit_commands problem there's not a lot of people left that understand the ldap stuff. Open Audit version 1 has been stagnant for a long time and a lot of the authors are gone.

I do have the following patch in my local copy which basically justs sets the sql mode to get around modern MySQL strict checking. No guarantees it will help. But if you've got strict checking on (default) in your MySQL then you'll need this to get it to work.
[code]Index: ldap_audit_script.php
===================================================================
--- ldap_audit_script.php (revision 1251)
+++ ldap_audit_script.php (working copy)
@@ -58,6 +58,13 @@
exit("Failed to connect to Open Audit database, $mysql_database");
}

+# <HACK>
+# The following turns off strict checking so incorrect
+# datatypes can be inserted into fields!
+$sql = "SET @@session.sql_mode=''";
+$result = mysql_query($sql);
+# </HACK>
+
AuditLdapPaths();

// Close SQL connection
[/code]


Top
 Profile  
Reply with quote  
 Post subject: Re: LDAP Setup duplicity
PostPosted: Thu Oct 18, 2012 8:55 pm 
Offline
Newbie

Joined: Tue Sep 25, 2012 5:52 am
Posts: 32
Thank you for your reply. Where should i place the "ldap_audit_scrip.php"? Even though im sure that the credentials are correct, im still getting LDAP connection error:
LDAP SERVER IP
using username
and password


Server connection successful
Schema: UNKNOWN
!! Unable to bind to server !!
Err Number: 49
Err String: Invalid credentials
Check that credentials are correct

LDAP SERVER IP
using username@domain
and password


Server connection successful
Schema: UNKNOWN
LDAP bind successful


Top
 Profile  
Reply with quote  
 Post subject: Re: LDAP Setup duplicity
PostPosted: Fri Oct 19, 2012 1:38 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1259
I posted a patch to ldap_audit_script.php and not the file itself. Basically you need to add the following lines just before "AuidtLdapPaths();" in the ldap_audit_script.php file in your OA directory.

[code]
# <HACK>
# The following turns off strict checking so incorrect
# datatypes can be inserted into fields!
$sql = "SET @@session.sql_mode=''";
$result = mysql_query($sql);
# </HACK>
[/code]

Beyond that you shouldn't be getting "Schema: UNKNOWN" in your test output. Obviously somethings going wrong and the authors of that bit of code are long gone. What ldap server are you querying against: Active Directory or some other ldap server?

When you're on the "Admin - LDAP/SMTP" config page you should see a named ldap connection and valid ldap path. If you don't have at least that fix that first.


Top
 Profile  
Reply with quote  
 Post subject: Re: LDAP Setup duplicity
PostPosted: Fri Oct 19, 2012 4:29 pm 
Offline
Newbie

Joined: Tue Sep 25, 2012 5:52 am
Posts: 32
I did setup the "Admin - LDAP/SMTP". The only way to save it is when i type in username: username@domail.local. If i type only username, im getting mentioned error and cant save it. What is the relation between LDAP setting in Security tab and LDAP/SMTP tab LDAP ..? Why there are 2 different locations for the same setting?

Thank you.


Top
 Profile  
Reply with quote  
 Post subject: Re: LDAP Setup duplicity
PostPosted: Sat Oct 20, 2012 1:53 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1259
OpenAudit grew over time with different authors for different pieces. I'm pretty sure the Admin-Config-Security ldap stuff is for using ldap to authenticate users to the web interface and to display ldap information about particular items in the database. The LDAP/SMTP stuff is related to the Audits menu and allows multiple LDAP connection options in the Audit Credentials section when adding a web scheduled audit command.


Top
 Profile  
Reply with quote  
 Post subject: Re: LDAP Setup duplicity
PostPosted: Sat Oct 20, 2012 1:59 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1259
Looking through my local copy of OAv1 I have a bunch of simple changes that I must have made in the past to get this stuff working.

Audit menu related changes:
[attachment=1] Audit_menu.patch.txt [5.22 KiB]
Downloaded 625 times


nmap related changes:
[attachment=0] admin_nmap_input.patch.txt [14.21 KiB]
Downloaded 650 times


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 7 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group