Cacti (home)ForumsRepositoryDocumentation
Cacti: offical forums and support  

 FAQFAQ   SearchSearch   MemberlistMemberlist    RegisterRegister   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in    


[INFO] LDAP Authentication in Active Directory
Goto page Previous  1, 2
 
Post new topic   Reply to topic    Cacti Forum Index -> Informational/HOWTO's
Author Message
wsaxon



Joined: 15 Oct 2008
Posts: 1
PostPosted: Wed Oct 15, 2008 5:35 pm    Post subject: Reply with quote
I've spent about 30 minutes this afternoon trying to get the LDAP authentication working against a native mode 2003 AD. I've tried the various suggestions in this thread and it's simply not working.

Cacti is v0.8.7b running on a CentOS 5.2 system, with PHP 5.1.6. I am using the following settings:

Code:
server: dc.domain.com
port standard: 389
port ssl: 636
protocol version: 3
encryption: none
referrals: enable
mode: specific searching
search base: cn=users,dc=domain,dc=com
search filter: (&(objectclass=user)(objectcategory=user)(userPrincipalName=<username>*))
search distinguished name: cn=cacti ldap service account,ou=service accounts,dc=domain,dc=com
search password: password


If I use ldapsearch with the same credentials from the cacti server, it works. Also, if I sniff the LDAP conversation I see that the search bind is successful and the correct DN is returned from the domain controller:

Code:
cacti -> dc LDAP bindRequest(1) "CN=Cacti LDAP Service Account,OU=Service Accounts,DC=domain,DC=com" simple

dc -> cacti LDAP bindResponse(1) success

cacti -> dc LDAP searchRequest(2) "dc=domain,dc=com" wholeSubtree

dc -> cacti LDAP searchResEntry(2) "CN=Will Saxon,CN=Users,DC=domain,DC=com" | searchResRef(2) | searchResRef(2) | searchResRef(2) | searchResDone(2) success

cacti -> dc LDAP unbindRequest(12)


So I'm wondering if anyone has additional ideas. I've tried this with protocol versions and 3, referrals on and off, with and without specific searching (using a DN setting of <username>@domain.com), and also replacing the UserPrincipalName search node in the search string with sAMAccountName. I've also tried setting the search base to just 'dc=domain,dc=com'.
Back to top
Brainscanner



Joined: 16 Oct 2007
Posts: 21
PostPosted: Mon Nov 17, 2008 5:54 am    Post subject: Reply with quote
UPDATE!

It just started working

..with the settings shown on the screenshot below. My only guess would be: I always was logged in as local admin with Opera and tried loggin in with my normal user via Firefox. I tried something in Firefox->failed. I changed the settings to what they are now and tried again on the already loaded login page->failed. Now logout in Opera and login in Opera as normal user->works!
Maybe you have to reload the login page in order for authentication settings to be applied?? Don't know, maybe there's something that's written to the session file?!

UPDATE!

I'm really sorry, seems I missed the mail notification. Still no change in my case here.

I've scripted another web portal that's using adldap.sourceforge.net as an interface to Active Directory, even with encryption.

Domain controller as well as webserver are running on the same machine (so IIS is the webserver): Windows Server 2003, fully updated.
Doesn't matter if I try the FQDN of the machine the IP, localhost or 127.0.0.1.

settings.png
 Description:
 Filesize:  69.99 KB
 Viewed:  328 Time(s)

settings.png
Back to top
Display posts from previous:   
Post new topic   Reply to topic    Cacti Forum Index -> Informational/HOWTO's All times are GMT - 5 Hours
Goto page Previous  1, 2
Page 2 of 2

 



Powered by phpBB © 2001, 2005 phpBB Group