Problemas ao logar no phpLDAPadmin?

Iniciado por Joule, 27 de Março de 2012, 20:54

tópico anterior - próximo tópico

Joule

Olá amigos, instalei o LDAP no meu servidor e juntamente com ele o phpLDAPadmin para administração do mesmo, o meu problema é que eu faço o login e não exibir as configurações dos usuários, abaixo os meus arquivos:


Minha tela:

Imagem editada por ter mais de 40kB - Por favor respeite as regras do forum
http://www.coren.rn.gov.br/tela_phpldapadmin.png
Imagem editada por ter mais de 40kB - Por favor respeite as regras do forum

Meu arquivo "slapd.conf":

# Versão de Protocolo para consultas ao LDAP
allow bind_v2

# Schemas
include        /etc/ldap/schema/core.schema
include        /etc/ldap/schema/cosine.schema
include        /etc/ldap/schema/nis.schema
include        /etc/ldap/schema/inetorgperson.schema

# Arquivos de controle dos processos
pidfile        /var/run/slapd/slapd.pid
argsfile    /var/run/slapd/slapd.args

# Módulos
# No Fedora/RedHat você deve comentar
# as duas linhas abaixo
modulepath    /usr/lib/ldap
moduleload    back_bdb

# Controle de acesso
# acesso à estrutura básica do Diretório
access to dn.exact=""
   by * read

# Apenas o próprio usuário pode ver/alterar a senha
access to attrs=userPassword
       by self write
       by anonymous auth
       by * none

# Libera consulta a todos os outros dados de nossa base
access to *
       by * read

# Definição do nível de log
loglevel    1024

# Base de dados
database    bdb

# Estrutura do diretório e administrador
suffix        "dc=empresa,dc=com,dc=br"
rootdn        "cn=admin,dc=empresa,dc=com,dc=br"
# A senha
rootpw        {SSHA}59euqmTK2N2Dq/mEYhNWmnMkV7a8j1rp

# Local de armazenamento dos dados
directory    /var/lib/ldap

# índices de pesquisa
index    objectClass    eq
index    cn,sn,mail     eq,sub,approx
index    uid            eq,sub



Meu arquivo "ldap.conf"

#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable .

BASE dc=empresa,dc=com,dc=br
URI ldap://192.168.0.1


SIZELIMIT 0
#TIMELIMIT 15
#DEREF never


zekkerj

Já tentou olhar no log do apache? De repente há alguma dica lá do erro que vc tem.

O arquivo é "/var/log/apache/error_log".
Pesquise antes de perguntar, sua dúvida pode já ter sido respondida.
Não respondo dúvidas por MP, coloque sua dúvida no fórum onde ela pode ser pesquisada pelos seus colegas!
Não venha ao fórum apenas para perguntar. Se você sabe a resposta de um problema, porque não ajudar seu colega? ;D

Joule

no log do apache só tem:

[Tue Mar 27 06:25:05 2012] [notice] Apache/2.2.20 (Ubuntu) PHP/5.3.6-13ubuntu3.6 with Suhosin-Patch configured -- resuming normal operations

zekkerj

Viu se o ldap, em si, tem algum arquivo de log?
Pesquise antes de perguntar, sua dúvida pode já ter sido respondida.
Não respondo dúvidas por MP, coloque sua dúvida no fórum onde ela pode ser pesquisada pelos seus colegas!
Não venha ao fórum apenas para perguntar. Se você sabe a resposta de um problema, porque não ajudar seu colega? ;D

anjo_ed

Bom, pelo o que parece, o phpldapadmin não conectou na base. Mostre o arquivo de configuração do phpldapadmin, config.php. Além disso, gostaria de verificar se tu realmente inseriu a base no ldap:
# ldapsearch -x


Outra coisa, você configurou o php com suporte a ldap, certo ?

Joule

O arquivo "/usr/shared/phpldapadmin/config/config.php"

/* SASL authorization id regex and replacement
   When sasl_authz_id property is not set (default), phpLDAPAdmin will try to
   figure out authorization id by itself from bind distinguished name (DN).

   This procedure is done by calling preg_replace() php function in the
   following way:

   $authz_id = preg_replace($sasl_authz_id_regex,$sasl_authz_id_replacement,
    $bind_dn);

   For info about pcre regexes, see:
   - pcre(3), perlre(3)
   - http://www.php.net/preg_replace */
// $servers->setValue('server','sasl_authz_id_regex',null);
// $servers->setValue('server','sasl_authz_id_replacement',null);
#  $servers->setValue('server','sasl_authz_id_regex','/^uid=([^,]+)(.+)/i');
#  $servers->setValue('server','sasl_authz_id_replacement','$1');

/* SASL auth security props.
   See http://beepcore-tcl.sourceforge.net/tclsasl.html#anchor5 for explanation.                                                                                                  */
// $servers->setValue('server','sasl_props',null);

/* Default password hashing algorithm. One of md5, ssha, sha, md5crpyt, smd5,
   blowfish, crypt or leave blank for now default algorithm. */
// $servers->setValue('appearance','password_hash','md5');

/* If you specified 'cookie' or 'session' as the auth_type above, you can
   optionally specify here an attribute to use when logging in. If you enter
   'uid' and login as 'dsmith', phpLDAPadmin will search for (uid=dsmith)
   and log in as that user.
   Leave blank or specify 'dn' to use full DN for logging in. Note also that if
   your LDAP server requires you to login to perform searches, you can enter the
   DN to use when searching in 'bind_id' and 'bind_pass' above.
// $servers->setValue('login','attr','dn');

/* Base DNs to used for logins. If this value is not set, then the LDAP server
   Base DNs are used. */
// $servers->setValue('login','base',array());

/* If 'login,attr' is used above such that phpLDAPadmin will search for your DN
   at login, you may restrict the search to a specific objectClasses. EG, set th                                                                                                 is
   to array('posixAccount') or array('inetOrgPerson',..), depending upon your
   setup. */
// $servers->setValue('login','class',array());

/* If you specified something different from 'dn', for example 'uid', as the
   login_attr above, you can optionally specify here to fall back to
   authentication with dn.
   This is useful, when users should be able to log in with their uid, but
   the ldap administrator wants to log in with his root-dn, that does not
   necessarily have the uid attribute.
   When using this feature, login_class is ignored. */
// $servers->setValue('login','fallback_dn',false);

/* Specify true If you want phpLDAPadmin to not display or permit any
   modification to the LDAP server. */
// $servers->setValue('server','read_only',false);

/* Specify false if you do not want phpLDAPadmin to draw the 'Create new' links
   in the tree viewer. */
// $servers->setValue('appearance','show_create',true);

/* This feature allows phpLDAPadmin to automatically determine the next
   available uidNumber for a new entry. */
// $servers->setValue('auto_number','enable',true);

/* The mechanism to use when finding the next available uidNumber. Two possible
   values: 'uidpool' or 'search'.
   The 'uidpool' mechanism uses an existing uidPool entry in your LDAP server to
   blindly lookup the next available uidNumber. The 'search' mechanism searches
   for entries with a uidNumber value and finds the first available uidNumber
   (slower). */
// $servers->setValue('auto_number','mechanism','search');

/* The DN of the search base when the 'search' mechanism is used above. */
#  $servers->setValue('auto_number','search_base','ou=People,dc=example,dc=com')                                                                                                 ;

/* The minimum number to use when searching for the next available number
   (only when 'search' is used for auto_number */
// $servers->setValue('auto_number','min',array('uidNumber'=>1000,'gidNumber'=>5                                                                                                 00));

/* If you set this, then phpldapadmin will bind to LDAP with this user ID when
   searching for the uidnumber. The idea is, this user id would have full
   (readonly) access to uidnumber in your ldap directory (the logged in user
   may not), so that you can be guaranteed to get a unique uidnumber for your
   directory. */
// $servers->setValue('auto_number','dn',null);

/* The password for the dn above. */
// $servers->setValue('auto_number','pass',null);

/* Enable anonymous bind login. */
// $servers->setValue('login','anon_bind',true);

/* Use customized page with prefix when available. */
#  $servers->setValue('custom','pages_prefix','custom_');

/* If you set this, then only these DNs are allowed to log in. This array can
   contain individual users, groups or ldap search filter(s). Keep in mind that
   the user has not authenticated yet, so this will be an anonymous search to
   the LDAP server, so make your ACLs allow these searches to return results! */
#  $servers->setValue('login','allowed_dns',array(
#   'uid=stran,ou=People,dc=example,dc=com',
#   '(&(gidNumber=811)(objectClass=groupOfNames))',
#   '(|(uidNumber=200)(uidNumber=201))',
#   'cn=callcenter,ou=Group,dc=example,dc=com'));

/* Set this if you dont want this LDAP server to show in the tree */
// $servers->setValue('server','visible',true);

/* This is the time out value in minutes for the server. After as many minutes
   of inactivity you will be automatically logged out. If not set, the default
   value will be ( session_cache_expire()-1 ) */
#  $servers->setValue('login','timeout',30);

/* Set this if you want phpldapadmin to perform rename operation on entry which
   has children. Certain servers are known to allow it, certain are not */
// $servers->setValue('server','branch_rename',false);

/* If you set this, then phpldapadmin will show these attributes as
   internal attributes, even if they are not defined in your schema. */
// $servers->setValue('server','custom_sys_attrs',array(''));
#  $servers->setValue('server','custom_sys_attrs',array('passwordExpirationTime'                                                                                                 ,'passwordAllowChangeTime'));

/* If you set this, then phpldapadmin will show these attributes on
   objects, even if they are not defined in your schema. */
// $servers->setValue('server','custom_attrs',array(''));
#  $servers->setValue('server','custom_attrs',array('nsRoleDN','nsRole','nsAccou                                                                                                 ntLock'));

/* These attributes will be forced to MAY attributes and become option in the
   templates. If they are not defined in the templates, then they wont appear
   as per normal template processing. You may want to do this becuase your LDAP
   server may automatically calculate a default value.
   In Fedora Directory Server using the DNA Plugin one could ignore uidNumber,
   gidNumber and sambaSID. */
// $servers->setValue('force_may','attrs',array(''));
#  $servers->setValue('force_may','attrs',array('uidNumber','gidNumber','sambaSI                                                                                                 D'));

/*********************************************/
/* Unique attributes                         */
/*********************************************/

/* You may want phpLDAPadmin to enforce some attributes to have unique values
   (ie: not belong to other entries in your tree. This (together with
   'unique','dn' and 'unique','pass' option will not let updates to
   occur with other attributes have the same value. */
#  $servers->setValue('unique','attrs',array('mail','uid','uidNumber'));

/* If you set this, then phpldapadmin will bind to LDAP with this user ID when
   searching for attribute uniqueness. The idea is, this user id would have full
   (readonly) access to your ldap directory (the logged in user may not), so
   that you can be guaranteed to get a unique uidnumber for your directory. */
// $servers->setValue('unique','dn',null);

/* The password for the dn above. */
// $servers->setValue('unique','pass',null);

/**************************************************************************
* If you want to configure additional LDAP servers, do so below.         *
* Remove the commented lines and use this section as a template for all  *
* your other LDAP servers.                                               *
**************************************************************************/

/*
$servers->newServer('ldap_pla');
$servers->setValue('server','name','LDAP Server');
$servers->setValue('server','host','127.0.0.1');
$servers->setValue('server','port',389);
$servers->setValue('server','base',array(''));
$servers->setValue('login','auth_type','cookie');
$servers->setValue('login','bind_id','');
$servers->setValue('login','bind_pass','');
$servers->setValue('server','tls',false);

# SASL auth
$servers->setValue('server','sasl_auth',true);
$servers->setValue('server','sasl_mech','PLAIN');
$servers->setValue('server','sasl_realm','EXAMPLE.COM');
$servers->setValue('server','sasl_authz_id',null);
$servers->setValue('server','sasl_authz_id_regex','/^uid=([^,]+)(.+)/i');
$servers->setValue('server','sasl_authz_id_replacement','$1');
$servers->setValue('server','sasl_props',null);

$servers->setValue('appearance','password_hash','md5');
$servers->setValue('login','attr','dn');
$servers->setValue('login','fallback_dn',false);
$servers->setValue('login','class',null);
$servers->setValue('server','read_only',false);
$servers->setValue('appearance','show_create',true);

$servers->setValue('auto_number','enable',true);
$servers->setValue('auto_number','mechanism','search');
$servers->setValue('auto_number','search_base',null);
$servers->setValue('auto_number','min',array('uidNumber'=>1000,'gidNumber'=>500)                                                                                                 );
$servers->setValue('auto_number','dn',null);
$servers->setValue('auto_number','pass',null);

$servers->setValue('login','anon_bind',true);
$servers->setValue('custom','pages_prefix','custom_');
$servers->setValue('unique','attrs',array('mail','uid','uidNumber'));
$servers->setValue('unique','dn',null);
$servers->setValue('unique','pass',null);

$servers->setValue('server','visible',true);
$servers->setValue('login','timeout',30);
$servers->setValue('server','branch_rename',false);
$servers->setValue('server','custom_sys_attrs',array('passwordExpirationTime','p                                                                                                 asswordAllowChangeTime'));
$servers->setValue('server','custom_attrs',array('nsRoleDN','nsRole','nsAccountL                                                                                                 ock'));
$servers->setValue('force_may','attrs',array('uidNumber','gidNumber','sambaSID')                                                                                                 );
*/
?>



e com o comando "ldapsearch - x"

# extended LDIF
#
# LDAPv3
# base <dc=empresa,dc=com,dc=br> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 32 No such object

# numResponses: 1

Joule

Pessoal consegui avançar um pouco mais na configuração do LDAP ele já tá com o DN configurado agora sempre que eu coloco a senha é apresentado essa mensagem "Error: Invalid credentials (49) for user", a senha tá correta alguém tem uma dica?

Joule

Ola pessoal depois de muito tempo instalando e reinstalando conseguir resolver fazendo essa seqencia:
- apt-get install slapd lpad-util libdb4.3 libdb4.3-dev libdb4.3-util
- dpkg reconfigure slapd
- sladppasswd
- apt-get install phpldapadmin
Obrigado a todos pela atenção!