Not logged in. · Lost password · Register
Forum: General Help and Support Installation and Configuration RSS
AD-Login across internet
AD-Server is in another network than the webserver
Avatar
Odido #1
Member for a week · 6 posts
Group memberships: Members
Show profile · Link to this post
Subject: AD-Login across internet
Hello,

I am trying to use authad to login my users into dokuwiki. But the AD is not on the same server as dokuwiki, not even the same network. All requests have to pass the internet.

Unfortunately I am not able to get this working. I constantly get the message that username or password are wrong. Using ldap_bind() and ldap_search() from the same server to the same AD ARE working. I made this to verify if there is a connection between webserver and AD-server.

I have been trying these settings in various combinations:
$conf['plugin']['authad']['account_suffix'] = '@abc.def';
$conf['plugin']['authad']['base_dn'] = 'DC=abc,DC=def';
$conf['plugin']['authad']['domain_controllers'] = '#.#.#.#'; //with or without ldap(s):// at the beginning
$conf['plugin']['authad']['use_ssl'] = 1;
$conf['plugin']['authad']['debug'] = 1;
$conf['plugin']['authad']['ad_port'] = 636;

Is there anyone amoung you who has got a configuration like this working and can give me some helpful hints?

Thx
Oliver
Avatar
andi (Administrator) #2
User title: splitbrain
Member since May 2006 · 3497 posts · Location: Berlin Germany
Group memberships: Administrators, Members
Show profile · Link to this post
You're not getting any other messages despite having the debug option enabled? Then it seems the connection is just fine, only the binding fails. Maybe because of a wrong user or password? Maybe the user you're trying is disabled? Maybe your AD server has additional logs to debug this?
Read this if you don't get any useful answers.
Lies dies wenn du keine hilfreichen Antworten bekommst.
Avatar
Odido #3
Member for a week · 6 posts
Group memberships: Members
Show profile · Link to this post
Thx Andi,

no other messages. The debug-option seems to have no effect.

The user is surely not the problem. With my manual script this user is recognized.

With the logs on the AD I have to ask the admin. I have no access to the AD 8-(.
Avatar
andi (Administrator) #4
User title: splitbrain
Member since May 2006 · 3497 posts · Location: Berlin Germany
Group memberships: Administrators, Members
Show profile · Link to this post
Just a hunch: did you actually enable the authad authentication?
Read this if you don't get any useful answers.
Lies dies wenn du keine hilfreichen Antworten bekommst.
Avatar
Odido #5
Member for a week · 6 posts
Group memberships: Members
Show profile · Link to this post
SSL is enabled.

BUT: for my manuel tests I use this to get it working:
putenv('LDAPTLS_REQCERT=never');
$ldap_con = ldap_connect('ldaps://#.#.#.#', 636);
The problem is probably to be found in this context. But I have no clue what to do to fix it for DokuWiki.
Avatar
andi (Administrator) #6
User title: splitbrain
Member since May 2006 · 3497 posts · Location: Berlin Germany
Group memberships: Administrators, Members
Show profile · Link to this post
Quote by Odido:
SSL is enabled.

that wasn't my question. did you check that authad is enabled?

Quote by Odido:
putenv('LDAPTLS_REQCERT=never');

disabling certificate checking isn't the best idea security wise. but see
https://stackoverflow.com/questions/3866406/need-help-igno…
Read this if you don't get any useful answers.
Lies dies wenn du keine hilfreichen Antworten bekommst.
Avatar
Odido #7
Member for a week · 6 posts
Group memberships: Members
Show profile · Link to this post
sorry for the delay. I was AFK.

Uuuups, sorry. Yes, in the plugins section of Dokuwiki authad is enabled. I've done this. But shit! I just checked it. Now it says: "Dieses Auth Plugin ist in der Konfiguration nicht aktiviert, Du solltest es deaktivieren." When I disable the plugin and reenable it, it seems ok. But reloading the page keeps showing me the error. How to fix this?

I know that setting this option to never is contra productive. But I found this to be the only way to get access.

But htx for the link. I think until now I did not find this one.
Avatar
andi (Administrator) #8
User title: splitbrain
Member since May 2006 · 3497 posts · Location: Berlin Germany
Group memberships: Administrators, Members
Show profile · Link to this post
Quote by Odido:
I just checked it. Now it says: "Dieses Auth Plugin ist in der Konfiguration nicht aktiviert, Du solltest es deaktivieren." When I disable the plugin and reenable it, it seems ok.

So it's actually not used. It's not enough to just have the plugin installed. You need to switch DokuWiki to use it for authentication: https://www.dokuwiki.org/config:authtype
Read this if you don't get any useful answers.
Lies dies wenn du keine hilfreichen Antworten bekommst.
Avatar
Odido #9
Member for a week · 6 posts
Group memberships: Members
Show profile · Link to this post
That's what is included in dokuwiki.php:
$conf['authtype']    = 'authplain';      //which authentication backend should be used

local.php includes:
$conf['authtype'] = 'authad';

And I thought the setting in local.php is the one I need for authad and is overwriting the setting in dokuwiki.php. Or am I wrong??
Avatar
andi (Administrator) #10
User title: splitbrain
Member since May 2006 · 3497 posts · Location: Berlin Germany
Group memberships: Administrators, Members
Show profile · Link to this post
Quote by Odido:
And I thought the setting in local.php is the one I need for authad and is overwriting the setting in dokuwiki.php. Or am I wrong??

No, that's correct.
Read this if you don't get any useful answers.
Lies dies wenn du keine hilfreichen Antworten bekommst.
Avatar
Odido #11
Member for a week · 6 posts
Group memberships: Members
Show profile · Link to this post
Oh shit. Now I see, why the plugin says "Dieses Auth Plugin ist in der Konfiguration nicht aktiviert, Du solltest es deaktivieren.": To be able to login into the backend I have to switch back to authplain - since AD isn't working. And then, of course, the backend gives me this error.

So how can I check with authad activated if the plugin is really working?
Close Smaller – Larger + Reply to this post:
Verification code: VeriCode Please enter the word from the image into the text field below. (Type the letters only, lower case is okay.)
Smileys: :-) ;-) :-D :-p :blush: :cool: :rolleyes: :huh: :-/ <_< :-( :'( :#: :scared: 8-( :nuts: :-O
Special characters:
Go to forum
Imprint
This board is powered by the Unclassified NewsBoard software, 20150713-dev, © 2003-2015 by Yves Goergen
Current time: 2019-11-12, 05:59:49 (UTC +01:00)