Welcome to the LimeSurvey Community Forum

Ask the community, share ideas, and connect with other LimeSurvey users!

AuthLDAP with Active Directory not working

  • stefanosts
  • stefanosts's Avatar Topic Author
  • Offline
  • New Member
  • New Member
More
5 days 2 hours ago #270191 by stefanosts
AuthLDAP with Active Directory not working was created by stefanosts
Hi,I am using self hosted installations. I have Version 2.62.0+170124 which was then upgraded via comfort update to Version 3.28.77+231213 which was then subsequently upgraded to Version 6.10.0+250106I have then installed a clean 6.10.0+250106 as well in order to avoid any bugs or database schema miscarried from version upgrades (if any) and also a 6.13.0 all of them running on Rocky Linux 9.I have tried using AuthLDAP with all these version with settings known to work with other platforms like moodle and even a custom PHP LDAP script I wrote running on the same server as limesurvey just to confirm that the settings actually work properly with AD through ldap. I failed miserably in ALL my tries no matter what combinations I tried and going through all info I could find online. The custom test script worked fine by the way as ldapsearch on Linux.I am not really getting a proper error except from a wrong username and/or password when ever trying to login via LDAP (even when the user with the exact same username from AD it was locally created in Limesurvey).The settings I have used are:LDAP server: ldap://IP_of_AD_server (I have tried ldaps:// as well)Port number: 389 (tried 636 with ldaps://)LDAP version LDAPv3Select true if referrals must be followed (use false for ActiveDirectory): OffEnable Start-TLS: OffSelect how to perform authentication: Search and bindAttribute to compare to the given login cab uid, cn, mail, … : sAMAccountNameBase DN for the user search operation. Multiple bases may be separated by a semicolon (;): ou=name of,dc=domain,dc=ac,dc=cy (of course using correct OU name and Domain)Optional extra LDAP filter to be ANDed to the basic (searchuserattribute=username) filter: (&(objectClass=user)(sAMAccountName={username}))Optional DN of the LDAP account used to search for the end-user's DN. An anonymous bind is performed if empty: CN=properuseraccount,OU=User Account,DC=domain,DC=ac,DC=cy (using a proper account and domain)LDAP attribute of email address: mailLDAP attribute of full name: displayName (I have used cn as well)Check to make default authentication method: unticked (I have tried both tick and unticked)Automatically create user if it exists in LDAP server: unticked (I have tried both tick and unticked)Grant survey creation permission to automatically created users: untickedOptional base DN for group restriction: emptyOptional filter for group restriction: emptyAllow initial user to login via LDAP: unticked (I have tried both tick and unticked)Regarding logs, I have tried to enable full debug mode but I do not see anything related to LDAP in it. It’s like the call is not even made on the login screen.I have no idea though which other log would have to be enabled to log any more information on why it fails to authenticate.I appreciate any information anyone has on the matter. At this point I am wondering if AuthLDAP does indeed work at all.

Thanks,

Please Log in to join the conversation.

  • DenisChenu
  • DenisChenu's Avatar
  • Offline
  • LimeSurvey Community Team & Official Partner
  • LimeSurvey Community Team & Official Partner
More
3 days 19 hours ago #270202 by DenisChenu
Replied by DenisChenu on topic AuthLDAP with Active Directory not working
Can you show your script ?
Can you activate debug mode and test ?

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member. - Professional support - Plugins, theme and development .
I don't answer to private message.

Please Log in to join the conversation.

  • stefanosts
  • stefanosts's Avatar Topic Author
  • Offline
  • New Member
  • New Member
More
1 day 10 hours ago #270228 by stefanosts
Replied by stefanosts on topic AuthLDAP with Active Directory not working
Hi,

The script I used for testing the ldap connection from the same server limesurvey is installed to the actual LDAP server is this:
Code:
<?php
$ldap_host = "ldap://ldap.server.IP.address";
$ldap_port = 389;
$bind_dn   = "CN=bind_user,OU=User Account,DC=domain,DC=com";
$bind_pwd  = "bind_user_password";
$base_dn   = "ou=actual ou,dc=domain,dc=com";
$username  = "username of actual user on AD";        // sAMAccountName of a real AD user
 
$filter = "(&amp;(objectClass=user)(sAMAccountName=$username))";
 
$ds = ldap_connect($ldap_host, $ldap_port);
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
 
if (!$ds) {
    die("Could not connect to LDAP server");
}
 
echo "Connected to LDAP<br>";
 
if (!ldap_bind($ds, $bind_dn, $bind_pwd)) {
    die("LDAP bind failed<br>");
}
 
echo "Bind successful<br>";
 
$search = ldap_search($ds, $base_dn, $filter);
$entries = ldap_get_entries($ds, $search);
 
if ($entries["count"] == 0) {
    die("User not found in LDAP<br>");
}
 
$user_dn = $entries[0]["dn"];
 
echo "Found user: $user_dn<br>";
 
// Now try binding as the actual user
$user_password = "password_for_test_user"; // AD password
if (@ldap_bind($ds, $user_dn, $user_password)) {
    echo "<strong>LDAP login successful for user $username</strong>";
} else {
    echo "<strong>LDAP login failed for user $username</strong>";
}
?>

Activating debug and testing just shows the following:
Code:
system.db.CDbCommand.query(SHOW FULL COLUMNS FROM lime_surveys)    1    0.00288    0.00288    0.00288    0.00288
system.db.CDbCommand.query(SHOW FULL COLUMNS FROM lime_plugins)    1    0.00106    0.00106    0.00106    0.00106
system.db.CDbCommand.query(SHOW FULL COLUMNS FROM lime_plugin_settings)    1    0.00100    0.00100    0.00100    0.00100
system.db.CDbCommand.query(SHOW FULL COLUMNS FROM lime_settings_global)    1    0.00098    0.00098    0.00098    0.00098
system.db.CDbCommand.query(SHOW FULL COLUMNS FROM lime_asset_version)    1    0.00094    0.00094    0.00094    0.00094
system.db.CDbCommand.query(SHOW CREATE TABLE lime_surveys)    1    0.00064    0.00064    0.00064    0.00064
system.db.CDbCommand.query(SHOW CREATE TABLE lime_plugins)    1    0.00049    0.00049    0.00049    0.00049
system.db.CDbCommand.query(SELECT * FROM lime_asset_version t WHERE path = :path LIMIT 1. Bound with :path='/var/www/html/limesurvey/application/extensions/yiiwheels/widgets/select2/assets')    1    0.00046    0.00046    0.00046    0.00046
system.db.CDbCommand.query(SELECT t1.message AS message, t2.translation AS translation FROM lime_source_message t1, lime_message t2 WHERE t1.id=t2.id AND t1.category=:category AND t2.language=:language. Bound with :category='', :language='en')    1    0.00045    0.00045    0.00045    0.00045
system.db.CDbCommand.query(SELECT * FROM lime_plugins t WHERE t.active=:yp0 ORDER BY priority DESC. Bound with :yp0=1)    1    0.00045    0.00045    0.00045    0.00045
system.db.CDbCommand.query(SELECT * FROM lime_settings_global t WHERE stg_name=:name LIMIT 1. Bound with :name='DBVersion')    1    0.00044    0.00044    0.00044    0.00044
system.db.CDbCommand.query(SHOW CREATE TABLE lime_asset_version)    1    0.00044    0.00044    0.00044    0.00044
system.db.CDbCommand.query(SHOW CREATE TABLE lime_plugin_settings)    1    0.00042    0.00042    0.00042    0.00042
system.db.CDbCommand.query(SELECT * FROM lime_asset_version t WHERE path = :path LIMIT 1. Bound with :path='/var/www/html/limesurvey/application/extensions/FlashMessage/assets')    1    0.00039    0.00039    0.00039    0.00039
system.db.CDbCommand.query(SELECT * FROM lime_settings_global t)    1    0.00038    0.00038    0.00038    0.00038
system.db.CDbCommand.query(SELECT * FROM lime_asset_version t WHERE path = :path LIMIT 1. Bound with :path='/var/www/html/limesurvey/application/extensions/LimeScript/assets/script.js')    1    0.00037    0.00037    0.00037    0.00037
system.db.CDbCommand.query(SHOW CREATE TABLE lime_settings_global)    1    0.00036    0.00036    0.00036    0.00036
system.db.CDbCommand.query(SELECT * FROM lime_plugin_settings t WHERE t.plugin_id=:yp0 AND t.model IS NULL AND t.model_id IS NULL AND t.key=:yp1. Bound with :yp0='5', :yp1='is_default')    1    0.00033    0.00033    0.00033    0.00033

Please Log in to join the conversation.

Moderators: holchtpartner

Lime-years ahead

Online-surveys for every purse and purpose