LDAP auth problem

Previous topic

Install & configuration

Next topic

Author	Message
Barbe Amaury	Friday 20 November 2009 12:59:39 am Hello there, Firstly, sorry for my approximate English. I am establishing an Intranet for my company and I tried to bind it to my AD server for authentication and user groups. I filled my ldap.ini with informations I used for an other website's ldap auth so I am sure it is correct. But when I put the right LDAP host and I try to connect with my AD account, it is loading until a timeout. here is my ldap.ini: [LDAPSettings] # Enable tracing the the ldap login, outputs extensive debug info for use during setup # NOTE: Do not keep this enabled on production setup as login name and passwords will be # logged to logfiles or outputted if DebugOutput settings are enabled. LDAPDebugTrace=disabled # Set LDAP version number LDAPVersion=3 # Determines whether the LDAP library automatically follows referrals returned by LDAP servers or not. # set to 1 to enable LDAPFollowReferrals=0 # Set to true if use LDAP server LDAPEnabled=true # LDAP host LDAPServer=srv01001-dmz1 # Port nr for LDAP, default is 389 LDAPPort=389 # Specifies the base DN for the directory. LDAPBaseDn=DC--SOLIC,DC--RSX # If the server does not allow anonymous bind, specify the user name for the bind here. LDAPBindUser= **** # If the server does not allow anonymous bind, specify the password for the bind here. LDAPBindPassword= **** # Could be sub, one, base. LDAPSearchScope=sub # Use the equla sign to replace "=" when specify LDAPBaseDn or LDAPSearchFilters LDAPEqualSign=-- # Add extra search requirment. Uncomment it if you don't need it. # Example LDAPSearchFilters[]=objectClass--inetOrgPerson LDAPSearchFilters[] # LDAP attribute for login. Normally, uid LDAPLoginAttribute=userPrincipalName # Could be id or name LDAPUserGroupType=id # Default place to store LDAP users. Could be content object id or group name for LDAP user group, # depends on LDAPUserGroupType. LDAPUserGroup[] # Group mapping settings: # Root node id where LDAP groups are created, node id: 5 is used if blank LDAPGroupRootNodeId=5 # Possible values: UseGroupAttribute (old style group assignig using LDAPUserGroupAttribute setting), # SimpleMapping (using LDAPUserGroupMap array for name-to-name group mapping) or GetGroupsTree LDAPGroupMappingType=UseGroupAttribute # Base LDAP dn which should be used to fetch user group objects from LDAP LDAPGroupBaseDN= # LDAP user group class LDAPGroupClass=exampleGroupDAClassName # Attribute which should be used to obtain name of an LDAP group # Required then 'LDAPGroupMappingType' is set to 'GetGroupsTree' or 'SimpleMapping' LDAPGroupNameAttribute=cn # Attribute of LDAP user which should be used to obtain groups which user(group) belongs to. # Required then 'LDAPGroupMappingType' is set to 'GetGroupsTree' or 'SimpleMapping' LDAPGroupMemberAttribute=member # Attribute which contain description of LDAP group, optional LDAPGroupDescriptionAttribute= # Group names map (from LDAP to ezpublish user-groups), # used then 'LDAPGroupMappingType' is set to 'SimpleMapping' LDAPUserGroupMap[] # LDAP attribute type for user group. Could be name or id LDAPUserGroupAttributeType=name # LDAP attribute for user group. For example, employeetype. If specified, LDAP users # will be saved under the same group as in LDAP server. LDAPUserGroupAttribute=employeetype # LDAP attribute for First name. Normally, givenname LDAPFirstNameAttribute=givenname # If cn (common name) is used for first name, sn (Last name) will be removed from first name LDAPFirstNameIsCommonName=false # LDAP attribute for Last name. Normally, sn LDAPLastNameAttribute=sn # LDAP attribute for email. Normally, mail LDAPEmailAttribute=mail # For use if LDAP does not return mail, creates one using login name + email suffix, like '@ez.no' LDAPEmailEmptyAttributeSuffix=@solic-group.com # LDAP encoding is utf-8 or not Utf8Encoding=false # if 'enabled' you can move LDAP users to a different group and they will not # be automatically moved back (to the group they are configured to be placed in) # when the user logs in again. KeepGroupAssignment=disabled Can anyone see where is my problem? Any clue?

Author

Message

Barbe Amaury

Friday 20 November 2009 12:59:39 am

Hello there,

Firstly, sorry for my approximate English.

I am establishing an Intranet for my company and I tried to bind it to my AD server for authentication and user groups. I filled my ldap.ini with informations I used for an other website's ldap auth so I am sure it is correct. But when I put the right LDAP host and I try to connect with my AD account, it is loading until a timeout.

here is my ldap.ini:

[LDAPSettings]
# Enable tracing the the ldap login, outputs extensive debug info for use during setup
# NOTE: Do not keep this enabled on production setup as login name and passwords will be
# logged to logfiles or outputted if DebugOutput settings are enabled.
LDAPDebugTrace=disabled
# Set LDAP version number
LDAPVersion=3
# Determines whether the LDAP library automatically follows referrals returned by LDAP servers or not.
# set to 1 to enable
LDAPFollowReferrals=0
# Set to true if use LDAP server
LDAPEnabled=true
# LDAP host
LDAPServer=srv01001-dmz1
# Port nr for LDAP, default is 389
LDAPPort=389
# Specifies the base DN for the directory.
LDAPBaseDn=DC--SOLIC,DC--RSX
# If the server does not allow anonymous bind, specify the user name for the bind here.
LDAPBindUser= ******
# If the server does not allow anonymous bind, specify the password for the bind here.
LDAPBindPassword= ******
# Could be sub, one, base.
LDAPSearchScope=sub
# Use the equla sign to replace "=" when specify LDAPBaseDn or LDAPSearchFilters
LDAPEqualSign=--
# Add extra search requirment. Uncomment it if you don't need it.
# Example LDAPSearchFilters[]=objectClass--inetOrgPerson
LDAPSearchFilters[]
# LDAP attribute for login. Normally, uid
LDAPLoginAttribute=userPrincipalName
# Could be id or name
LDAPUserGroupType=id
# Default place to store LDAP users. Could be content object id or group name for LDAP user group,
# depends on LDAPUserGroupType.
LDAPUserGroup[]
# Group mapping settings:
# Root node id where LDAP groups are created, node id: 5 is used if blank
LDAPGroupRootNodeId=5
# Possible values: UseGroupAttribute (old style group assignig using LDAPUserGroupAttribute setting),
# SimpleMapping (using LDAPUserGroupMap array for name-to-name group mapping) or GetGroupsTree
LDAPGroupMappingType=UseGroupAttribute
# Base LDAP dn which should be used to fetch user group objects from LDAP
LDAPGroupBaseDN=
# LDAP user group class
LDAPGroupClass=exampleGroupDAClassName
# Attribute which should be used to obtain name of an LDAP group
# Required then 'LDAPGroupMappingType' is set to 'GetGroupsTree' or 'SimpleMapping'
LDAPGroupNameAttribute=cn
# Attribute of LDAP user which should be used to obtain groups which user(group) belongs to.
# Required then 'LDAPGroupMappingType' is set to 'GetGroupsTree' or 'SimpleMapping'
LDAPGroupMemberAttribute=member
# Attribute which contain description of LDAP group, optional
LDAPGroupDescriptionAttribute=
# Group names map (from LDAP to ezpublish user-groups),
# used then 'LDAPGroupMappingType' is set to 'SimpleMapping'
LDAPUserGroupMap[]
# LDAP attribute type for user group. Could be name or id
LDAPUserGroupAttributeType=name
# LDAP attribute for user group. For example, employeetype. If specified, LDAP users
# will be saved under the same group as in LDAP server.
LDAPUserGroupAttribute=employeetype
# LDAP attribute for First name. Normally, givenname
LDAPFirstNameAttribute=givenname
# If cn (common name) is used for first name, sn (Last name) will be removed from first name
LDAPFirstNameIsCommonName=false
# LDAP attribute for Last name. Normally, sn
LDAPLastNameAttribute=sn
# LDAP attribute for email. Normally, mail
LDAPEmailAttribute=mail
# For use if LDAP does not return mail, creates one using login name + email suffix, like '@ez.no'
LDAPEmailEmptyAttributeSuffix=@solic-group.com
# LDAP encoding is utf-8 or not
Utf8Encoding=false
# if 'enabled' you can move LDAP users to a different group and they will not
# be automatically moved back (to the group they are configured to be placed in)
# when the user logs in again.
KeepGroupAssignment=disabled

Can anyone see where is my problem? Any clue?

eZ debug

Timing:	Jan 18 2025 01:03:02
Script start
Timing:	Jan 18 2025 01:03:02
Module start 'layout'
Timing:	Jan 18 2025 01:03:02
Module start 'content'
Timing:	Jan 18 2025 01:03:04
Module end 'content'
Timing:	Jan 18 2025 01:03:04
Script end

Main resources:

Total runtime	1.5712 sec
Peak memory usage	4,096.0000 KB
Database Queries	46

Timing points:

Checkpoint	Start (sec)	Duration (sec)	Memory at start (KB)	Memory used (KB)
Script start	0.0000	0.0098	589.0469	152.6250
Module start 'layout'	0.0098	0.0047	741.6719	39.4453
Module start 'content'	0.0145	1.5549	781.1172	422.2109
Module end 'content'	1.5694	0.0018	1,203.3281	12.1719
Script end	1.5711		1,215.5000

Time accumulators:

Accumulator	Duration (sec)	Duration (%)	Count	Average (sec)
Ini load
Load cache	0.0035	0.2222	16	0.0002
Check MTime	0.0015	0.0928	16	0.0001
Mysql Total
Database connection	0.0009	0.0573	1	0.0009
Mysqli_queries	1.5096	96.0803	46	0.0328
Looping result	0.0005	0.0314	44	0.0000
Template Total	1.5216	96.8	2	0.7608
Template load	0.0022	0.1380	2	0.0011
Template processing	1.5194	96.7019	2	0.7597
Template load and register function	0.0002	0.0109	1	0.0002
states
state_id_array	0.0017	0.1078	1	0.0017
state_identifier_array	0.0024	0.1557	2	0.0012
Override
Cache load	0.0019	0.1214	86	0.0000
Sytem overhead
Fetch class attribute can translate value	0.0010	0.0610	1	0.0010
Fetch class attribute name	0.0006	0.0384	1	0.0006
XML
Image XML parsing	0.0002	0.0096	1	0.0002
class_abstraction
Instantiating content class attribute	0.0000	0.0003	1	0.0000
General
dbfile	0.0071	0.4530	10	0.0007
String conversion	0.0001	0.0032	4	0.0000
Note: percentages do not add up to 100% because some accumulators overlap

Templates used to render the page:

Usage	Requested template	Template	Template loaded
1	node/view/full.tpl	full/forum_topic.tpl	extension/sevenx/design/simple/override/templates/full/forum_topic.tpl
1	content/datatype/view/ezxmltext.tpl	<No override>	extension/community_design/design/suncana/templates/content/datatype/view/ezxmltext.tpl
2	content/datatype/view/ezxmltags/paragraph.tpl	<No override>	extension/ezwebin/design/ezwebin/templates/content/datatype/view/ezxmltags/paragraph.tpl
1	content/datatype/view/ezxmltags/line.tpl	<No override>	design/standard/templates/content/datatype/view/ezxmltags/line.tpl
1	print_pagelayout.tpl	<No override>	extension/community/design/community/templates/print_pagelayout.tpl
Number of times templates used: 6 Number of unique templates used: 5

Time used to render debug report: 0.0001 secs