AuthLDAP plugin configuration for FreeIPA auth with limesurvey 3.25.1

More
1 year 6 days ago #208665 by jelledj
Hello everybody I am using limesurvey3.25.1+201124.zip and I am keep getting "Can't contact LDAP server" after enabling and configuring the LDAP plugin.

I checked with tcpdump to the host and I can not get any traffic when I try to login...

tcpdump -i enp1s0 host 192.168.40.20

ldap://192.168.40.20 (tried fqdn as well)
389
LDAPv3 (tried LDAPv2)
Search and bind
uid
cn=users,cn=accounts,dc=organization,dc=lan
(objectclass=*) tried (&(objectclass=*)(uid=$username))
uid=externalldapadmin,cn=sysaccounts,cn=etc,dc=organization,dc=lan
<passwd>
mail
displayName
Check to make default authentication method (checked)
Automatically create user if it exists in LDAP server (checked)
Allow initial user to login via LDAP (checked)

I am normally pretty good with LDAP configs, how can I debug this? How can I get some php debugging going on to see any logs? /var/www/html/limesurvey/application/core/plugins/AuthLDAP/AuthLDAP.php ??

I have not changed anything in /var/www/html/limesurvey/application/config/ldap.php should I? I only used the GUI for the config...

Thank you in advance!
The topic has been locked.
More
1 year 6 days ago #208670 by jelledj
I had an selinux issue that was blocking the ldap connection! I solved it and the auth is working now!

# type=AVC msg=audit(1606668322.241:1084): avc: denied { name_connect } for pid=14015 comm="php-fpm" dest=389 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:ldap_port_t:s0 tclass=tcp_socket permissive=0
- name: set httpd_can_connect_ldap flag on and keep it persistent across reboots
seboolean:
name: httpd_can_connect_ldap
state: yes
persistent: yes
tags: limesurvey

# type=AVC msg=audit(1606673385.117:2183): avc: denied { name_connect } for pid=14010 comm="php-fpm" dest=443 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:http_port_t:s0 tclass=tcp_socket permissive=0
- name: set httpd_can_network_connect flag on and keep it persistent across reboots
seboolean:
name: httpd_can_network_connect
state: yes
persistent: yes
tags: limesurvey
The following user(s) said Thank You: DenisChenu
The topic has been locked.
More
1 year 6 days ago #208682 by DenisChenu
Argl … selinux …

Maybe you can create a new part here : manual.limesurvey.org/Authentication_plu...erver_authentication

for «Troubleshooting» ?

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development . I don't answer to private message.
The topic has been locked.

Start now!

Just create your account and start using Limesurvey today.

Register now