- Posts: 6
- Thank you received: 2
Welcome to the LimeSurvey Community Forum
Ask the community, share ideas, and connect with other LimeSurvey users!
AuthLDAP plugin configuration for FreeIPA auth with limesurvey 3.25.1
- jelledj
- Topic Author
- Offline
- New Member
Less
More
3 years 4 months ago #208665
by jelledj
AuthLDAP plugin configuration for FreeIPA auth with limesurvey 3.25.1 was created by jelledj
Hello everybody I am using limesurvey3.25.1+201124.zip and I am keep getting "Can't contact LDAP server" after enabling and configuring the LDAP plugin.
I checked with tcpdump to the host and I can not get any traffic when I try to login...
tcpdump -i enp1s0 host 192.168.40.20
ldap://192.168.40.20 (tried fqdn as well)
389
LDAPv3 (tried LDAPv2)
Search and bind
uid
cn=users,cn=accounts,dc=organization,dc=lan
(objectclass=*) tried (&(objectclass=*)(uid=$username))
uid=externalldapadmin,cn=sysaccounts,cn=etc,dc=organization,dc=lan
<passwd>
mail
displayName
Check to make default authentication method (checked)
Automatically create user if it exists in LDAP server (checked)
Allow initial user to login via LDAP (checked)
I am normally pretty good with LDAP configs, how can I debug this? How can I get some php debugging going on to see any logs? /var/www/html/limesurvey/application/core/plugins/AuthLDAP/AuthLDAP.php ??
I have not changed anything in /var/www/html/limesurvey/application/config/ldap.php should I? I only used the GUI for the config...
Thank you in advance!
I checked with tcpdump to the host and I can not get any traffic when I try to login...
tcpdump -i enp1s0 host 192.168.40.20
ldap://192.168.40.20 (tried fqdn as well)
389
LDAPv3 (tried LDAPv2)
Search and bind
uid
cn=users,cn=accounts,dc=organization,dc=lan
(objectclass=*) tried (&(objectclass=*)(uid=$username))
uid=externalldapadmin,cn=sysaccounts,cn=etc,dc=organization,dc=lan
<passwd>
displayName
Check to make default authentication method (checked)
Automatically create user if it exists in LDAP server (checked)
Allow initial user to login via LDAP (checked)
I am normally pretty good with LDAP configs, how can I debug this? How can I get some php debugging going on to see any logs? /var/www/html/limesurvey/application/core/plugins/AuthLDAP/AuthLDAP.php ??
I have not changed anything in /var/www/html/limesurvey/application/config/ldap.php should I? I only used the GUI for the config...
Thank you in advance!
The topic has been locked.
- jelledj
- Topic Author
- Offline
- New Member
Less
More
- Posts: 6
- Thank you received: 2
3 years 4 months ago #208670
by jelledj
Replied by jelledj on topic AuthLDAP plugin configuration for FreeIPA auth with limesurvey 3.25.1
I had an selinux issue that was blocking the ldap connection! I solved it and the auth is working now!
# type=AVC msg=audit(1606668322.241:1084): avc: denied { name_connect } for pid=14015 comm="php-fpm" dest=389 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:ldap_port_t:s0 tclass=tcp_socket permissive=0
- name: set httpd_can_connect_ldap flag on and keep it persistent across reboots
seboolean:
name: httpd_can_connect_ldap
state: yes
persistent: yes
tags: limesurvey
# type=AVC msg=audit(1606673385.117:2183): avc: denied { name_connect } for pid=14010 comm="php-fpm" dest=443 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:http_port_t:s0 tclass=tcp_socket permissive=0
- name: set httpd_can_network_connect flag on and keep it persistent across reboots
seboolean:
name: httpd_can_network_connect
state: yes
persistent: yes
tags: limesurvey
# type=AVC msg=audit(1606668322.241:1084): avc: denied { name_connect } for pid=14015 comm="php-fpm" dest=389 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:ldap_port_t:s0 tclass=tcp_socket permissive=0
- name: set httpd_can_connect_ldap flag on and keep it persistent across reboots
seboolean:
name: httpd_can_connect_ldap
state: yes
persistent: yes
tags: limesurvey
# type=AVC msg=audit(1606673385.117:2183): avc: denied { name_connect } for pid=14010 comm="php-fpm" dest=443 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:http_port_t:s0 tclass=tcp_socket permissive=0
- name: set httpd_can_network_connect flag on and keep it persistent across reboots
seboolean:
name: httpd_can_network_connect
state: yes
persistent: yes
tags: limesurvey
The following user(s) said Thank You: DenisChenu
The topic has been locked.
- DenisChenu
- Offline
- LimeSurvey Community Team
Less
More
- Posts: 13648
- Thank you received: 2491
3 years 4 months ago #208682
by DenisChenu
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
Replied by DenisChenu on topic AuthLDAP plugin configuration for FreeIPA auth with limesurvey 3.25.1
Argl … selinux …
Maybe you can create a new part here : manual.limesurvey.org/Authentication_plu...erver_authentication
for «Troubleshooting» ?
Maybe you can create a new part here : manual.limesurvey.org/Authentication_plu...erver_authentication
for «Troubleshooting» ?
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
The topic has been locked.