Welcome to the LimeSurvey Community Forum

Ask the community, share ideas, and connect with other LimeSurvey users!

AuthLDAP plugin configuration for FreeIPA auth with limesurvey 3.25.1

  • jelledj
  • jelledj's Avatar Topic Author
  • Offline
  • New Member
  • New Member
More
3 years 4 months ago #208665 by jelledj
AuthLDAP plugin configuration for FreeIPA auth with limesurvey 3.25.1 was created by jelledj
Hello everybody I am using limesurvey3.25.1+201124.zip and I am keep getting "Can't contact LDAP server" after enabling and configuring the LDAP plugin.

I checked with tcpdump to the host and I can not get any traffic when I try to login...

tcpdump -i enp1s0 host 192.168.40.20

ldap://192.168.40.20 (tried fqdn as well)
389
LDAPv3 (tried LDAPv2)
Search and bind
uid
cn=users,cn=accounts,dc=organization,dc=lan
(objectclass=*) tried (&(objectclass=*)(uid=$username))
uid=externalldapadmin,cn=sysaccounts,cn=etc,dc=organization,dc=lan
<passwd>
mail
displayName
Check to make default authentication method (checked)
Automatically create user if it exists in LDAP server (checked)
Allow initial user to login via LDAP (checked)

I am normally pretty good with LDAP configs, how can I debug this? How can I get some php debugging going on to see any logs? /var/www/html/limesurvey/application/core/plugins/AuthLDAP/AuthLDAP.php ??

I have not changed anything in /var/www/html/limesurvey/application/config/ldap.php should I? I only used the GUI for the config...

Thank you in advance!
The topic has been locked.
  • jelledj
  • jelledj's Avatar Topic Author
  • Offline
  • New Member
  • New Member
More
3 years 4 months ago #208670 by jelledj
Replied by jelledj on topic AuthLDAP plugin configuration for FreeIPA auth with limesurvey 3.25.1
I had an selinux issue that was blocking the ldap connection! I solved it and the auth is working now!

# type=AVC msg=audit(1606668322.241:1084): avc: denied { name_connect } for pid=14015 comm="php-fpm" dest=389 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:ldap_port_t:s0 tclass=tcp_socket permissive=0
- name: set httpd_can_connect_ldap flag on and keep it persistent across reboots
seboolean:
name: httpd_can_connect_ldap
state: yes
persistent: yes
tags: limesurvey

# type=AVC msg=audit(1606673385.117:2183): avc: denied { name_connect } for pid=14010 comm="php-fpm" dest=443 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:http_port_t:s0 tclass=tcp_socket permissive=0
- name: set httpd_can_network_connect flag on and keep it persistent across reboots
seboolean:
name: httpd_can_network_connect
state: yes
persistent: yes
tags: limesurvey
The following user(s) said Thank You: DenisChenu
The topic has been locked.
  • DenisChenu
  • DenisChenu's Avatar
  • Offline
  • LimeSurvey Community Team
  • LimeSurvey Community Team
More
3 years 4 months ago #208682 by DenisChenu
Replied by DenisChenu on topic AuthLDAP plugin configuration for FreeIPA auth with limesurvey 3.25.1
Argl … selinux …

Maybe you can create a new part here : manual.limesurvey.org/Authentication_plu...erver_authentication

for «Troubleshooting» ?
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
The topic has been locked.

Lime-years ahead

Online-surveys for every purse and purpose

Pricing & Plans
Get started

Legal

About Us

Open Source