Hello,
i try to connect a mantis-1.2a2 to our ADS, but the problem is that the
LDAP Request to do not send my Inprot from Login_Page, i sends only "administrator"
here are my config_inc.php
<?php
$g_hostname = 'localhost';
$g_db_type = 'mysql';
$g_database_name = 'mantis12';
$g_db_username = 'root';
$g_db_password = '';
$g_login_method = LDAP;
$g_ldap_server = 'ldap://server.domain.zzz/';
$g_ldap_port = '389';
$g_ldap_root_dn = 'cn=Users,DC=domain,DC=zzz';
$g_ldap_organization = ''; # e.g. '(organizationname=*Traffic)'
$g_ldap_uid_field = 'sAMAccountName'; # Use 'sAMAccountName' for Active Directory
$g_ldap_bind_dn = 'LDAPVIEW@...';
$g_ldap_bind_passwd = 'password';
$g_use_ldap_email = 'OFF'; # Should we send to the LDAP email address or what MySql tells us
$g_allow_anonymous_account = 'OFF';
# The LDAP Protocol Version, if 0, then the protocol version is not set.
$g_ldap_protocol_version = 3;
$g_allow_signup = 'OFF';
$g_use_ldap_email = 'OFF';
$g_lost_password_feature = 'OFF';
?>
I allways get the infotmation:
Your account may be disabled or blocked or the username/password you entered is incorrect.
But the data that is send to the ADS-Server includes User: administrator an not my inptuted username
i can see that the User: ldapview connect successfuly to the server.
my colleage has sniffed on the Windows 2008 Server, and thre we can see
that the user: adminisator is send, but not my inputed username from the login-form.
that i can see with wireshark, if i only open the broser to: http://192.168.1.1/mantis-1.2
tshark -R "ip.addr == 192.168.1.1" "tcp port 389"
0.000000 192.168.1.1 -> 192.168.1.250 TCP 12233 > ldap [SYN] Seq=0 Win=5840 Len=0 MSS=1460 TSV=23884586 TSER=0 WS=5
0.000390 192.168.1.250 -> 192.168.1.1 TCP ldap > 12233 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=8 TSV=17503364 TSER=23884586
0.000424 192.168.1.1 -> 192.168.1.250 TCP 12233 > ldap [ACK] Seq=1 Ack=1 Win=5856 Len=0 TSV=23884586 TSER=17503364
0.000579 192.168.1.1 -> 192.168.1.250 LDAP bindRequest(1) "LDAPVIEW@..." simple
0.002809 192.168.1.250 -> 192.168.1.1 LDAP bindResponse(1) success
0.002835 192.168.1.1 -> 192.168.1.250 TCP 12233 > ldap [ACK] Seq=51 Ack=23 Win=5856 Len=0 TSV=23884587 TSER=17503364
0.003047 192.168.1.1 -> 192.168.1.250 LDAP searchRequest(2) "cn=Users,DC=domain,DC=zzz" wholeSubtree
0.003958 192.168.1.250 -> 192.168.1.1 LDAP searchResEntry(2) "CN=Administrator,CN=Users,DC=domain,DC=zzz" | searchResDone(2) success [1 result]
0.004113 192.168.1.1 -> 192.168.1.250 LDAP bindRequest(3) "CN=Administrator,CN=Users,DC=domain,DC=zzz" simple
0.005303 192.168.1.250 -> 192.168.1.1 LDAP bindResponse(3) invalidCredentials (80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 775, v1771)
0.005459 192.168.1.1 -> 192.168.1.250 LDAP unbindRequest(4)
0.005541 192.168.1.1 -> 192.168.1.250 TCP 12233 > ldap [FIN, ACK] Seq=224 Ack=263 Win=6912 Len=0 TSV=23884587 TSER=17503364
0.006016 192.168.1.250 -> 192.168.1.1 TCP ldap > 12233 [ACK] Seq=263 Ack=225 Win=66304 Len=0 TSV=17503364 TSER=23884587
0.006016 192.168.1.250 -> 192.168.1.1 TCP ldap > 12233 [RST, ACK] Seq=263 Ack=225 Win=0 Len=0
that is the output of wireshark if i try to login:
tshark -R "ip.addr == 192.168.1.1" "tcp port 389"
0.000000 192.168.1.1 -> 192.168.1.250 TCP 26193 > ldap [SYN] Seq=0 Win=5840 Len=0 MSS=1460 TSV=23933815 TSER=0 WS=5
0.000169 192.168.1.250 -> 192.168.1.1 TCP ldap > 26193 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=8 TSV=17523042 TSER=23933815
0.000202 192.168.1.1 -> 192.168.1.250 TCP 26193 > ldap [ACK] Seq=1 Ack=1 Win=5856 Len=0 TSV=23933815 TSER=17523042
0.000361 192.168.1.1 -> 192.168.1.250 LDAP bindRequest(1) "LDAPVIEW@..." simple
0.002631 192.168.1.250 -> 192.168.1.1 LDAP bindResponse(1) success
0.002657 192.168.1.1 -> 192.168.1.250 TCP 26193 > ldap [ACK] Seq=51 Ack=23 Win=5856 Len=0 TSV=23933815 TSER=17523042
0.002867 192.168.1.1 -> 192.168.1.250 LDAP searchRequest(2) "cn=Users,DC=domain,DC=zzz" wholeSubtree
0.003439 192.168.1.250 -> 192.168.1.1 LDAP searchResEntry(2) "CN=Administrator,CN=Users,DC=domain,DC=zzz" | searchResDone(2) success [1 result]
0.003848 192.168.1.1 -> 192.168.1.250 LDAP bindRequest(3) "CN=Administrator,CN=Users,DC=domain,DC=zzz" simple
0.005168 192.168.1.250 -> 192.168.1.1 LDAP bindResponse(3) invalidCredentials (80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 775, v1771)
0.005320 192.168.1.1 -> 192.168.1.250 LDAP unbindRequest(4)
0.005457 192.168.1.1 -> 192.168.1.250 TCP 26193 > ldap [FIN, ACK] Seq=224 Ack=263 Win=6912 Len=0 TSV=23933816 TSER=17523043
0.005995 192.168.1.250 -> 192.168.1.1 TCP ldap > 26193 [ACK] Seq=263 Ack=225 Win=66304 Len=0 TSV=17523043 TSER=23933816
0.005996 192.168.1.250 -> 192.168.1.1 TCP ldap > 26193 [RST, ACK] Seq=263 Ack=225 Win=0 Len=0
what dit i wrong ?
thanks
LDAP Auth to Active Directoy (ADS) - do not work - my Login
Moderators: Developer, Contributor
Re: LDAP Auth to Active Directoy (ADS) - do not work - my Lo
The same thing happens to me, did you resolv this??
I have pretty much the same config and I analyzed the traffic with wireshark:
0.17 172.16.30.88 10.100.5.170 LDAP bindRequest(1) CN=my_user CN=users DC=mydomain DC=com" simple "
0.18 10.100.5.170 172.16.30.88 LDAP bindResponse(1) success
0.18 172.16.30.88 10.100.5.170 TCP 56155 > ldap [ACK] Seq=65 Ack=23 Win=5888 Len=0 TSV=881287322 TSER=31216958
0.18 172.16.30.88 10.100.5.170 LDAP searchRequest(2) CN=users DC=my_domain DC=cl" wholeSubtree "
0.18 10.100.5.170 172.16.30.88 LDAP searchResEntry(2) CN=Administrator CN=Users DC=my_domain DC=com" | searchResDone(2) success "
0.18 172.16.30.88 10.100.5.170 LDAP bindRequest(3) CN=Administrator CN=Users DC=my_domain DC=com" simple "
0.21 10.100.5.170 172.16.30.88 LDAP bindResponse(3) invalidCredentials (80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece)
0.21 172.16.30.88 10.100.5.170 LDAP unbindRequest(4)
0.21 172.16.30.88 10.100.5.170 TCP 56155 > ldap [FIN, ACK] Seq=238 Ack=262 Win=6912 Len=0 TSV=881287353 TSER=31216958
0.21 10.100.5.170 172.16.30.88 TCP ldap > 56155 [ACK] Seq=262 Ack=239 Win=65298 Len=0 TSV=31216958 TSER=881287353
0.21 10.100.5.170 172.16.30.88 TCP ldap > 56155 [FIN, ACK] Seq=262 Ack=239 Win=65298 Len=0 TSV=31216958 TSER=881287353
0.21 172.16.30.88 10.100.5.170 TCP 56155 > ldap [ACK] Seq=239 Ack=263 Win=6912 Len=0 TSV=881287354 TSER=31216958
I can't get this work, need a little help please
Cheers
I have pretty much the same config and I analyzed the traffic with wireshark:
0.17 172.16.30.88 10.100.5.170 LDAP bindRequest(1) CN=my_user CN=users DC=mydomain DC=com" simple "
0.18 10.100.5.170 172.16.30.88 LDAP bindResponse(1) success
0.18 172.16.30.88 10.100.5.170 TCP 56155 > ldap [ACK] Seq=65 Ack=23 Win=5888 Len=0 TSV=881287322 TSER=31216958
0.18 172.16.30.88 10.100.5.170 LDAP searchRequest(2) CN=users DC=my_domain DC=cl" wholeSubtree "
0.18 10.100.5.170 172.16.30.88 LDAP searchResEntry(2) CN=Administrator CN=Users DC=my_domain DC=com" | searchResDone(2) success "
0.18 172.16.30.88 10.100.5.170 LDAP bindRequest(3) CN=Administrator CN=Users DC=my_domain DC=com" simple "
0.21 10.100.5.170 172.16.30.88 LDAP bindResponse(3) invalidCredentials (80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece)
0.21 172.16.30.88 10.100.5.170 LDAP unbindRequest(4)
0.21 172.16.30.88 10.100.5.170 TCP 56155 > ldap [FIN, ACK] Seq=238 Ack=262 Win=6912 Len=0 TSV=881287353 TSER=31216958
0.21 10.100.5.170 172.16.30.88 TCP ldap > 56155 [ACK] Seq=262 Ack=239 Win=65298 Len=0 TSV=31216958 TSER=881287353
0.21 10.100.5.170 172.16.30.88 TCP ldap > 56155 [FIN, ACK] Seq=262 Ack=239 Win=65298 Len=0 TSV=31216958 TSER=881287353
0.21 172.16.30.88 10.100.5.170 TCP 56155 > ldap [ACK] Seq=239 Ack=263 Win=6912 Len=0 TSV=881287354 TSER=31216958
I can't get this work, need a little help please
Cheers
-
kimsmarkin
- Posts: 1
- Joined: 28 Aug 2010, 09:50
Re: LDAP Auth to Active Directoy (ADS) - do not work - my Lo
I continually tried to get this to work and always get this error. Already 6.x-1.0-alpha2-and module version of Drupal 6.6. All three LDAP modules in place and plans to use the group form the authentication module, if I can work.
The only thing we have to fear is fear itself