OpenLDAP authentication issue bind:Can't contact LDAP server

Post general support questions here that do not specifically fall into the Linux or Windows categories.

Moderators: Moderators, Developers

Post Reply
Author
Message
tomaszD
Posts: 2
Joined: Wed Apr 20, 2016 9:32 am

OpenLDAP authentication issue bind:Can't contact LDAP server

#1 Post by tomaszD » Wed Apr 20, 2016 10:12 am

Hi,
I tried to setup LDAP authentication but without success.
OpenLDAP works fine and cooperates with IPAM, GLPI and others.

I cannot make CACTI works with LDAP.

All the time I have error:
LDAP Error: General bind error, LDAP result: Can't contact LDAP server

What I checked:
- TLS is switch off
- anonymous auth on LDAP in switch ON
- everything works fine from command line:
bash# ldapsearch -b 'dc=domain,dc=net' -h 172.16.0.1 -x "(&(objectclass=*))" userPassword

I created test script:

Code: Select all

<?php
        $ldap_conn = ldap_connect("172.16.0.1", "389");

        ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3);
        echo "Before bind: ".ldap_error($ldap_conn)."\n";
        $response = ldap_bind($ldap_conn);
        echo "After bind ".ldap_error($ldap_conn)."\n";
        echo "\nChecking HOST: 172.16.0.1 DUMP".var_dump($ldap_conn)." \n Respond ".var_dump($response)."\n";
        ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3);
        $ldap_conn = ldap_connect("172.16.0.1", "389");
        $response = ldap_bind($ldap_conn);
        echo $response."\n";

?>


RESULT
Before bind: Success
After bind Success
resource(4) of type (ldap link)
bool(true)

Checking HOST: 172.16.0.1 DUMP
Respond
1


What is very interesting I put some echo in cacti/lib/ldap.php file

Code: Select all

function Authenticate() {
...

if ($ldap_conn) {
 here works
...
          echo ldap_error($ldap_conn); <- result: SUCCESS
          $ldap_response = @ldap_bind($ldap_conn, $this->dn, $this->password);

          echo var_dump($ldapresponse); <- result is false
     
          echo ldap_error($ldap_conn); <- result: Can't contact LDAP server 
...

}
Cacti LDAP config:
LDAP General Settings
Server: 172.168.0.1
Port Standard: 389
Protocol Version: 3
Encryption: none
Referrals: disabled
Mode: ALL checked (No Searching, Anonymous Searching, Specific Searching)
Distinguished Name (DN): uid=<username>,ou=people,dc=domain,dc=net
Require Group Membership: NO

LDAP Specific Search Settings
Search Base: ou=people,dc=domain,dc=net
Search Filter: empty
Search Distingished Name (DN): empty
Search Password: empty


It means that after ldap_bind in ldap.php file is loosing connection with server.

In test script it sill have connection with ldap server.

Can anyone have ever this issue or know how to fix it?

Specification:
os: centos 7
apache: Apache/2.4.6 (CentOS)
cacti: Version 0.8.8g
OpenLDAP: slapd 2.4.40 (Mar 31 2016 15:24:52)
PHP: PHP 5.4.16 (cli) (built: Jun 23 2015 21:17:27)
php -m show module ldap in the list.

Thank you in advance.

User avatar
micke2k
Cacti User
Posts: 261
Joined: Wed Feb 03, 2016 3:38 pm

Re: OpenLDAP authentication issue bind:Can't contact LDAP se

#2 Post by micke2k » Thu Apr 21, 2016 7:18 am

Disabled SELinux?

tomaszD
Posts: 2
Joined: Wed Apr 20, 2016 9:32 am

Re: OpenLDAP authentication issue bind:Can't contact LDAP se

#3 Post by tomaszD » Thu Apr 21, 2016 10:19 am

I have just disabled SELINUX and now WORKS fine.
I spent so much time to find out what is wrong in config and php.

Thank you.

Post Reply