Hello,
I am using a community version 8.0.7
The installation worked fine, but LDAP doesn't seem to work. Following are the logs during authentication. I dont see it initiating LDAP authentication. Any suggestions?
Thanks,
Guru.
---------------[ 11-May-2015 21:01:44 +1000 [1431342103.277] (PID: 6406) ]---------------
DEBUG [L0438] [7ms]: [Function](): URI: /api/json/api.php?Class=APIAuthentication&Method=Login&v=2&MessageID=0bdac497-c624-318d-0f19-6060ad67c6c5 IP Address: 10.8.0.11
DEBUG [L0441] [7ms]: [Function](): USER-AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36
DEBUG [L0445] [7ms]: [Function](): Version: 8.0.7 Edition: 10 Production: 1 Database: Type: mysqli Name: ess Config: /var/www/html/ess/includes/../timetrex.ini.php Demo Mode: 0
DEBUG [L0163] [27ms]: TTDate::setTimeZone(): Setting TimeZone: Australia/Melbourne
DEBUG [L0224] [28ms]: [Function](): Handling JSON Call To API Factory: APIAuthentication Method: Login Message ID: 0bdac497-c624-318d-0f19-6060ad67c6c5
DEBUG [L0259] [28ms] Array: [Function](): Arguments: (Size: 41)
array(2) {
[0]=>
string(4) "guru"
[1]=>
string(9) "********"
}
DEBUG [L0283] [31ms]: [Function](): No SessionID or calling non-authenticated function...
DEBUG [L0462] [32ms]: TTi18n::chooseBestLocale(): Choosing Best Locale...
DEBUG [L0433] [32ms]: TTi18n::getBrowserLanguage(): HTTP_ACCEPT_LANGUAGE: en-US,en;q=0.8
DEBUG [L0516] [32ms]: TTi18n::chooseBestLocale(): cSetting Locale: en_US
DEBUG [L0371] [32ms]: TTi18n::setLocale(): Generated/Passed In Locale: en_US
DEBUG [L0300] [32ms]: TTi18n::generateLocale(): Array of Locales to try in order for "en_US": en_US,en_US.UTF-8,en,en.UTF-8
DEBUG [L0258] [32ms]: TTi18n::tryLocale(): Found valid locale: en_US Default: 1
DEBUG [L0374] [32ms]: TTi18n::setLocale(): Attempting to set Locale(s) to: en_US Category: 6 Current Locale:
DEBUG [L0380] [32ms]: TTi18n::setLocale(): Setting currency/numeric Locale to: en_US
DEBUG [L0393] [36ms]: TTi18n::setLocale(): Setting translator to normalized locale: en_US
DEBUG [L0417] [36ms]: TTi18n::setLocale(): Set Master Locale To: en_US
DEBUG [L0516] [36ms]: TTi18n::chooseBestLocale(): cSetting Locale: en
DEBUG [L0371] [36ms]: TTi18n::setLocale(): Generated/Passed In Locale: en
DEBUG [L0300] [36ms]: TTi18n::generateLocale(): Array of Locales to try in order for "en": en,en.UTF-8,en_US,en_US.UTF-8
DEBUG [L0258] [36ms]: TTi18n::tryLocale(): Found valid locale: en_US Default: 1
DEBUG [L0374] [36ms]: TTi18n::setLocale(): Attempting to set Locale(s) to: en_US Category: 6 Current Locale: en_US
DEBUG [L0537] [36ms]: TTi18n::chooseBestLocale(): Unable to find and set a locale.
DEBUG [L0082] [36ms]: unauthenticatedInvokeService(): Handling UNAUTHENTICATED JSON Call To API Factory: APIAuthentication Method: Login Message ID: 0bdac497-c624-318d-0f19-6060ad67c6c5
DEBUG [L0054] [38ms]: APIAuthentication::Login(): User Name: guru Password Length: 9 Type: USER_NAME
DEBUG [L0608] [38ms]: Authentication::Login(): Login Type: USER_NAME
DEBUG [L0686] [53ms]: Authentication::Login(): Login Failed! Attempt: 2
DEBUG [L0828] [1063ms]: Validator::Error(): Validation Error: Label: user_name Value: "0" Msg: User Name or Password is incorrect
DEBUG [L0341] [1063ms] Array: APIFactory::returnHandler(): returnHandler v2 ERROR: 0
array(2) {
["api_retval"]=>
bool(false)
["api_details"]=>
array(7) {
["code"]=>
string(10) "VALIDATION"
["description"]=>
string(12) "INVALID DATA"
["record_details"]=>
array(3) {
["total"]=>
int(1)
["valid"]=>
int(0)
["invalid"]=>
int(1)
}
["user_generic_status_batch_id"]=>
bool(false)
["request"]=>
bool(false)
["pager"]=>
bool(false)
["details"]=>
array(1) {
[0]=>
array(1) {
["user_name"]=>
array(1) {
[0]=>
string(34) "User Name or Password is incorrect"
}
}
}
}
}
DEBUG [L0093] [1064ms]: ProgressBar::start(): start: '0bdac497-c624-318d-0f19-6060ad67c6c5' Iterations: 9999 Update Iterations: 9999 Key: 0bdac497-c624-318d-0f19-6060ad67c6c5(1431342104.3406) Message: INVALID DATA
DEBUG [L0287] [1064ms]: [Function](): Server Response Time: 1.0639040470123
---------------[ 11-May-2015 21:01:44 +1000 [1431342104.341] (PID: 6406) ]---------------
LDAP not working
Re: LDAP not working
Its likely that your PHP installation does not have the PHP-LDAP module enabled.
Re: LDAP not working
Hello Shawn,
PHP-ldap is installed as the server also hosts other sites that has joomla, etc that has ldap working.
-bash-4.1# rpm -qa | grep php-ldap
php-ldap-5.4.35-1.el6.remi.x86_64
I got a little further with the authentication. First I found reading through various forum, that you need a same login on the timetrex system, so I created a employee account to match the user account and now I can see LDAP logs. Second, I was binding using our root account, that was causing password comparison issues, as we have md5 hash on the passwords. So, I went ahead and removed the bind username/pass and just use bind dn to uid. Please see attached screen shot of our LDAP configuration, LDAP tree and logs.
---------------[ 12-May-2015 11:15:21 +1000 [1431393319.489] (PID: 24244) ]---------------
DEBUG [L0438] [12ms]: [Function](): URI: /api/json/api.php?Class=APIAuthentication&Method=Login&v=2&MessageID=83d7a6e1-5ef3-6c53-57c9-cc2b94a0d4eb IP Address: 10.8.0.11
DEBUG [L0441] [12ms]: [Function](): USER-AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36
DEBUG [L0445] [12ms]: [Function](): Version: 8.0.7 Edition: 10 Production: 1 Database: Type: mysqli Name: ess Config: /var/www/html/ess/includes/../timetrex.ini.php Demo Mode: 0
DEBUG [L0163] [38ms]: TTDate::setTimeZone(): Setting TimeZone: Australia/Melbourne
DEBUG [L0224] [40ms]: [Function](): Handling JSON Call To API Factory: APIAuthentication Method: Login Message ID: 83d7a6e1-5ef3-6c53-57c9-cc2b94a0d4eb
DEBUG [L0259] [40ms] Array: [Function](): Arguments: (Size: 41)
array(2) {
[0]=>
string(4) "guru"
[1]=>
string(9) "******"
}
DEBUG [L0283] [43ms]: [Function](): No SessionID or calling non-authenticated function...
DEBUG [L0462] [44ms]: TTi18n::chooseBestLocale(): Choosing Best Locale...
DEBUG [L0433] [44ms]: TTi18n::getBrowserLanguage(): HTTP_ACCEPT_LANGUAGE: en-US,en;q=0.8
DEBUG [L0516] [44ms]: TTi18n::chooseBestLocale(): cSetting Locale: en_US
DEBUG [L0371] [44ms]: TTi18n::setLocale(): Generated/Passed In Locale: en_US
DEBUG [L0300] [44ms]: TTi18n::generateLocale(): Array of Locales to try in order for "en_US": en_US,en_US.UTF-8,en,en.UTF-8
DEBUG [L0258] [44ms]: TTi18n::tryLocale(): Found valid locale: en_US Default: 1
DEBUG [L0374] [44ms]: TTi18n::setLocale(): Attempting to set Locale(s) to: en_US Category: 6 Current Locale:
DEBUG [L0380] [44ms]: TTi18n::setLocale(): Setting currency/numeric Locale to: en_US
DEBUG [L0393] [48ms]: TTi18n::setLocale(): Setting translator to normalized locale: en_US
DEBUG [L0417] [48ms]: TTi18n::setLocale(): Set Master Locale To: en_US
DEBUG [L0516] [48ms]: TTi18n::chooseBestLocale(): cSetting Locale: en
DEBUG [L0371] [48ms]: TTi18n::setLocale(): Generated/Passed In Locale: en
DEBUG [L0300] [48ms]: TTi18n::generateLocale(): Array of Locales to try in order for "en": en,en.UTF-8,en_US,en_US.UTF-8
DEBUG [L0258] [48ms]: TTi18n::tryLocale(): Found valid locale: en_US Default: 1
DEBUG [L0374] [48ms]: TTi18n::setLocale(): Attempting to set Locale(s) to: en_US Category: 6 Current Locale: en_US
DEBUG [L0537] [48ms]: TTi18n::chooseBestLocale(): Unable to find and set a locale.
DEBUG [L0082] [48ms]: unauthenticatedInvokeService(): Handling UNAUTHENTICATED JSON Call To API Factory: APIAuthentication Method: Login Message ID: 83d7a6e1-5ef3-6c53-57c9-cc2b94a0d4eb
DEBUG [L0054] [51ms]: APIAuthentication::Login(): User Name: guru Password Length: 9 Type: USER_NAME
DEBUG [L0608] [51ms]: Authentication::Login(): Login Type: USER_NAME
DEBUG [L0259] [71ms]: Authentication::checkCompanyStatus(): Company Status: 10
DEBUG [L0254] [74ms]: TTLDAP::authenticate(): LDAP: Host: localhost Port: 389 Bind User Name: Bind Password: Bind DN: uid=guru, ou=Active,dc=bazaari,dc=com,dc=au Base DN: ou=Active,dc=bazaari,dc=com,dc=au Bind Authentication Mode: 1 Password: y
DEBUG [L0254] [74ms]: TTLDAP::authenticate(): 8Cbmr7te
DEBUG [L0264] [74ms]: TTLDAP::authenticate(): aLDAP Bind Authentication Mode...
DEBUG [L0268] [76ms]: TTLDAP::authenticate(): bLDAP Bind Authentication Mode...
DEBUG [L0283] [77ms]: TTLDAP::authenticate(): LDAP Connection Failed!: ldap error: [49: Binding: Invalid credentials] in CONNECT(localhost, 'uid=guru, ou=Active,dc=bazaari,dc=com,dc=au', '****', ou=Active,dc=bazaari,dc=com,dc=au)
DEBUG [L0287] [77ms]: TTLDAP::authenticate(): LDAP Filter User:
DEBUG [L0364] [77ms]: TTLDAP::authenticate(): LDAP authentication result: 0 Total Time: 0.0036931037902832s
DEBUG [L0815] [77ms]: UserFactory::checkPassword(): LDAP authentication failed, falling back to local password...
DEBUG [L1661] [80ms]: Factory::StartTransaction(): StartTransaction(): Transaction Count: 0 Trans Off: 0
DEBUG [L1727] [80ms]: Factory::Save(): Calling preSave()
DEBUG [L1765] [80ms]: Factory::Save(): Insert ID: 864 Table: system_log
DEBUG [L1639] [80ms]: Factory::getInsertQuery(): Insert
DEBUG [L1671] [87ms]: Factory::CommitTransaction(): CommitTransaction(): Transaction Count: 1 Trans Off: 1
DEBUG [L0091] [150ms]: TTLog::addEntry(): LogDetail Disabled... Object ID: 2 Action ID: 510 Table: users Description: LDAP Authentication failed, falling back to local password for username: guruIP Address: 10.8.0.11
DEBUG [L0686] [151ms]: Authentication::Login(): Login Failed! Attempt: 4
DEBUG [L0828] [2152ms]: Validator::Error(): Validation Error: Label: user_name Value: "0" Msg: User Name or Password is incorrect
DEBUG [L0341] [2152ms] Array: APIFactory::returnHandler(): returnHandler v2 ERROR: 0
array(2) {
["api_retval"]=>
bool(false)
["api_details"]=>
array(7) {
["code"]=>
string(10) "VALIDATION"
["description"]=>
string(12) "INVALID DATA"
["record_details"]=>
array(3) {
["total"]=>
int(1)
["valid"]=>
int(0)
["invalid"]=>
int(1)
}
["user_generic_status_batch_id"]=>
bool(false)
["request"]=>
bool(false)
["pager"]=>
bool(false)
["details"]=>
array(1) {
[0]=>
array(1) {
["user_name"]=>
array(1) {
[0]=>
string(34) "User Name or Password is incorrect"
}
}
}
}
}
DEBUG [L0093] [2153ms]: ProgressBar::start(): start: '83d7a6e1-5ef3-6c53-57c9-cc2b94a0d4eb' Iterations: 9999 Update Iterations: 9999 Key: 83d7a6e1-5ef3-6c53-57c9-cc2b94a0d4eb(1431393321.6414) Message: INVALID DATA
DEBUG [L0287] [2153ms]: [Function](): Server Response Time: 2.152685880661
---------------[ 12-May-2015 11:15:21 +1000 [1431393321.6418] (PID: 24244) ]---------------
The credentials are correct as they work on other systems just fine.
PHP-ldap is installed as the server also hosts other sites that has joomla, etc that has ldap working.
-bash-4.1# rpm -qa | grep php-ldap
php-ldap-5.4.35-1.el6.remi.x86_64
I got a little further with the authentication. First I found reading through various forum, that you need a same login on the timetrex system, so I created a employee account to match the user account and now I can see LDAP logs. Second, I was binding using our root account, that was causing password comparison issues, as we have md5 hash on the passwords. So, I went ahead and removed the bind username/pass and just use bind dn to uid. Please see attached screen shot of our LDAP configuration, LDAP tree and logs.
---------------[ 12-May-2015 11:15:21 +1000 [1431393319.489] (PID: 24244) ]---------------
DEBUG [L0438] [12ms]: [Function](): URI: /api/json/api.php?Class=APIAuthentication&Method=Login&v=2&MessageID=83d7a6e1-5ef3-6c53-57c9-cc2b94a0d4eb IP Address: 10.8.0.11
DEBUG [L0441] [12ms]: [Function](): USER-AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36
DEBUG [L0445] [12ms]: [Function](): Version: 8.0.7 Edition: 10 Production: 1 Database: Type: mysqli Name: ess Config: /var/www/html/ess/includes/../timetrex.ini.php Demo Mode: 0
DEBUG [L0163] [38ms]: TTDate::setTimeZone(): Setting TimeZone: Australia/Melbourne
DEBUG [L0224] [40ms]: [Function](): Handling JSON Call To API Factory: APIAuthentication Method: Login Message ID: 83d7a6e1-5ef3-6c53-57c9-cc2b94a0d4eb
DEBUG [L0259] [40ms] Array: [Function](): Arguments: (Size: 41)
array(2) {
[0]=>
string(4) "guru"
[1]=>
string(9) "******"
}
DEBUG [L0283] [43ms]: [Function](): No SessionID or calling non-authenticated function...
DEBUG [L0462] [44ms]: TTi18n::chooseBestLocale(): Choosing Best Locale...
DEBUG [L0433] [44ms]: TTi18n::getBrowserLanguage(): HTTP_ACCEPT_LANGUAGE: en-US,en;q=0.8
DEBUG [L0516] [44ms]: TTi18n::chooseBestLocale(): cSetting Locale: en_US
DEBUG [L0371] [44ms]: TTi18n::setLocale(): Generated/Passed In Locale: en_US
DEBUG [L0300] [44ms]: TTi18n::generateLocale(): Array of Locales to try in order for "en_US": en_US,en_US.UTF-8,en,en.UTF-8
DEBUG [L0258] [44ms]: TTi18n::tryLocale(): Found valid locale: en_US Default: 1
DEBUG [L0374] [44ms]: TTi18n::setLocale(): Attempting to set Locale(s) to: en_US Category: 6 Current Locale:
DEBUG [L0380] [44ms]: TTi18n::setLocale(): Setting currency/numeric Locale to: en_US
DEBUG [L0393] [48ms]: TTi18n::setLocale(): Setting translator to normalized locale: en_US
DEBUG [L0417] [48ms]: TTi18n::setLocale(): Set Master Locale To: en_US
DEBUG [L0516] [48ms]: TTi18n::chooseBestLocale(): cSetting Locale: en
DEBUG [L0371] [48ms]: TTi18n::setLocale(): Generated/Passed In Locale: en
DEBUG [L0300] [48ms]: TTi18n::generateLocale(): Array of Locales to try in order for "en": en,en.UTF-8,en_US,en_US.UTF-8
DEBUG [L0258] [48ms]: TTi18n::tryLocale(): Found valid locale: en_US Default: 1
DEBUG [L0374] [48ms]: TTi18n::setLocale(): Attempting to set Locale(s) to: en_US Category: 6 Current Locale: en_US
DEBUG [L0537] [48ms]: TTi18n::chooseBestLocale(): Unable to find and set a locale.
DEBUG [L0082] [48ms]: unauthenticatedInvokeService(): Handling UNAUTHENTICATED JSON Call To API Factory: APIAuthentication Method: Login Message ID: 83d7a6e1-5ef3-6c53-57c9-cc2b94a0d4eb
DEBUG [L0054] [51ms]: APIAuthentication::Login(): User Name: guru Password Length: 9 Type: USER_NAME
DEBUG [L0608] [51ms]: Authentication::Login(): Login Type: USER_NAME
DEBUG [L0259] [71ms]: Authentication::checkCompanyStatus(): Company Status: 10
DEBUG [L0254] [74ms]: TTLDAP::authenticate(): LDAP: Host: localhost Port: 389 Bind User Name: Bind Password: Bind DN: uid=guru, ou=Active,dc=bazaari,dc=com,dc=au Base DN: ou=Active,dc=bazaari,dc=com,dc=au Bind Authentication Mode: 1 Password: y
DEBUG [L0254] [74ms]: TTLDAP::authenticate(): 8Cbmr7te
DEBUG [L0264] [74ms]: TTLDAP::authenticate(): aLDAP Bind Authentication Mode...
DEBUG [L0268] [76ms]: TTLDAP::authenticate(): bLDAP Bind Authentication Mode...
DEBUG [L0283] [77ms]: TTLDAP::authenticate(): LDAP Connection Failed!: ldap error: [49: Binding: Invalid credentials] in CONNECT(localhost, 'uid=guru, ou=Active,dc=bazaari,dc=com,dc=au', '****', ou=Active,dc=bazaari,dc=com,dc=au)
DEBUG [L0287] [77ms]: TTLDAP::authenticate(): LDAP Filter User:
DEBUG [L0364] [77ms]: TTLDAP::authenticate(): LDAP authentication result: 0 Total Time: 0.0036931037902832s
DEBUG [L0815] [77ms]: UserFactory::checkPassword(): LDAP authentication failed, falling back to local password...
DEBUG [L1661] [80ms]: Factory::StartTransaction(): StartTransaction(): Transaction Count: 0 Trans Off: 0
DEBUG [L1727] [80ms]: Factory::Save(): Calling preSave()
DEBUG [L1765] [80ms]: Factory::Save(): Insert ID: 864 Table: system_log
DEBUG [L1639] [80ms]: Factory::getInsertQuery(): Insert
DEBUG [L1671] [87ms]: Factory::CommitTransaction(): CommitTransaction(): Transaction Count: 1 Trans Off: 1
DEBUG [L0091] [150ms]: TTLog::addEntry(): LogDetail Disabled... Object ID: 2 Action ID: 510 Table: users Description: LDAP Authentication failed, falling back to local password for username: guruIP Address: 10.8.0.11
DEBUG [L0686] [151ms]: Authentication::Login(): Login Failed! Attempt: 4
DEBUG [L0828] [2152ms]: Validator::Error(): Validation Error: Label: user_name Value: "0" Msg: User Name or Password is incorrect
DEBUG [L0341] [2152ms] Array: APIFactory::returnHandler(): returnHandler v2 ERROR: 0
array(2) {
["api_retval"]=>
bool(false)
["api_details"]=>
array(7) {
["code"]=>
string(10) "VALIDATION"
["description"]=>
string(12) "INVALID DATA"
["record_details"]=>
array(3) {
["total"]=>
int(1)
["valid"]=>
int(0)
["invalid"]=>
int(1)
}
["user_generic_status_batch_id"]=>
bool(false)
["request"]=>
bool(false)
["pager"]=>
bool(false)
["details"]=>
array(1) {
[0]=>
array(1) {
["user_name"]=>
array(1) {
[0]=>
string(34) "User Name or Password is incorrect"
}
}
}
}
}
DEBUG [L0093] [2153ms]: ProgressBar::start(): start: '83d7a6e1-5ef3-6c53-57c9-cc2b94a0d4eb' Iterations: 9999 Update Iterations: 9999 Key: 83d7a6e1-5ef3-6c53-57c9-cc2b94a0d4eb(1431393321.6414) Message: INVALID DATA
DEBUG [L0287] [2153ms]: [Function](): Server Response Time: 2.152685880661
---------------[ 12-May-2015 11:15:21 +1000 [1431393321.6418] (PID: 24244) ]---------------
The credentials are correct as they work on other systems just fine.
Re: LDAP not working
Anyone with any suggestions?
Re: LDAP not working
So, I did more troubleshooting. Looking at the logs from LDAP, i found that the base DN that was being used for the UID was incorrect:
BIND dn="uid=guru,ou=Active,dc=bazaari,dc=com,dc=au"
Which is incorrect. So I changed the Base DN configuration on the Ldap configuration on timetrex to
cn=management,ou=Active,dc=bazaari,dc=com,dc=au
And this worked, I was able to bind properly and authenticate.
BIND dn="uid=guru,cn=management,ou=Active,dc=bazaari,dc=com,dc=au"
It seems like timetrex is not searching the subtrees for the UID. Any suggestions?
BIND dn="uid=guru,ou=Active,dc=bazaari,dc=com,dc=au"
Which is incorrect. So I changed the Base DN configuration on the Ldap configuration on timetrex to
cn=management,ou=Active,dc=bazaari,dc=com,dc=au
And this worked, I was able to bind properly and authenticate.
BIND dn="uid=guru,cn=management,ou=Active,dc=bazaari,dc=com,dc=au"
It seems like timetrex is not searching the subtrees for the UID. Any suggestions?
Re: LDAP not working
If you need to search LDAP sub-trees and re-bind based on information found that way, you have to specify a Bind Username/Password that is an Admin user with permissions to search your LDAP tree, as well as a Login attribute and Bind attribute.
Once that is specified, TimeTrex will connect to LDAP with the Bind Username/password, search the entire tree from the BaseDN for a Login Attribute matching the employees username, once found it should attempt to rebind to LDAP using the found path and the "Bind Attribute" to authenticate the password.
Once that is specified, TimeTrex will connect to LDAP with the Bind Username/password, search the entire tree from the BaseDN for a Login Attribute matching the employees username, once found it should attempt to rebind to LDAP using the found path and the "Bind Attribute" to authenticate the password.