PacketFence
Bug Tracking System

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001471PacketFenceweb adminpublic2012-06-14 20:342015-02-13 15:26
Reporterbarryq 
Assigned To 
PrioritynormalSeveritytrivialReproducibilityalways
StatusclosedResolutionopen 
PlatformOSOS Version
Product Version3.4.0 
Target VersioninvestigateFixed in Version 
Summary0001471: web admin LDAP variables
DescriptionWhen I start PF it says
"Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file"

when I look in admin_ldap.conf the variables are:
$ldap_host
$ldap_port
$ldap_bind_dn
$ldap_bind_pwd
$ldap_user_base

etc.

The output and the sample don't match. One uses "_" and the other uses "-". Also the variable in admin_ldap.conf says ldap_host and the output from the startup shows ldap-server. The FAQ just refers me to admin_ldap.conf

Just curious what the correct set of variables should be.
TagsNo tags attached.
fixed in git revision
fixed in mtn revision
Attached Files

- Relationships

-  Notes
(0002803)
obilodeau (reporter)
2012-06-15 15:21

Stick to whatever is in conf/admin_ldap.conf.

I don't think I've ever seen the string you are talking about.. I quickly grepped our source code trying to find it and couldn't find anything..

$ grep -rn "Not searching LDAP" /usr/local/pf/


Could it be FreeRADIUS that is complaining? Can you give me more context please.

Thanks
(0002804)
barryq (reporter)
2012-06-15 16:25

When starting packetfence I get the following output:

Checking configuration sanity...
service|command
config files|start
iptables|start
named|start
Internet Systems Consortium DHCP Server 4.1.1-P1
Copyright 2004-2010 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/ [^]
Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file
Wrote 41 leases to leases file.
Listening on LPF/eth1/00:50:56:8b:00:94/192.168.20.0/24
Sending on LPF/eth1/00:50:56:8b:00:94/192.168.20.0/24
Listening on LPF/eth0/00:50:56:8b:00:92/192.168.11.0/24
Sending on LPF/eth0/00:50:56:8b:00:92/192.168.11.0/24
Sending on Socket/fallback/fallback-net
dhcpd|start
radiusd|start
httpd|start
snmptrapd|start
pfsetvlan|start
pfdhcplistener|start
pfmon|start


You can see the "not searching" message in the output. You did give me a good idea. I did a grep -r for "ldap_bind_dn" and it shows up in html/admin/login.php. That at least answers the question of what the variable should be.

There is a post on the mailing list right now titled "LDAP Question" with the same error and he seems to have gotten past it. It seems to me that I've done everything correct, but just can't get LDAP working or that message to go away.

Also another thing that is a bit odd, today when I put admin_ldap.conf in place, after I login in. All I get back is a blank page.

The URL is https://packetfence:1443/login.php?p=/status/dashboard.php [^]

And there are no log entries in packetfence.log about admin login event failed or otherwise.
(0002805)
barryq (reporter)
2012-06-15 16:31

So I just solved the blank page issue. There was a typo in admin_ldap.conf I didn't catch.
(0002806)
barryq (reporter)
2012-06-15 17:02

So... my brain isn't fully functional today.

I think you are right. That "Not Searching" message is coming from DHCP and on PF. Although I see a lot of people on the mail list say that message comes from PF.

I had a moment of brain function and looked in admin_error.log and here is the problem:
[Fri Jun 15 13:33:41 2012] [error] [client 10.247.169.162] PHP Warning: ldap_search(): Search: Operations error in /usr/local/pf/html/admin/login.php on line 123, referer: https://packetfence.chico.sungardps.lcl:1443/login.php?p=/status/dashboard.php [^]
[Fri Jun 15 13:33:41 2012] [error] [client 10.247.169.162] PHP Warning: ldap_get_entries() expects parameter 2 to be resource, boolean given in /usr/local/pf/html/admin/login.php on line 124, referer: https://packetfence.chico.sungardps.lcl:1443/login.php?p=/status/dashboard.php [^]

Here is the block of code in question:
# Here we look only into one DN ($ldap_user_base)
  $result = ldap_search($ldap, $ldap_user_base, $filter, array("dn"));
  $info = ldap_get_entries($ldap, $result);
  if (!$result) {
    $logger->info("LDAP query failed, check your settings");
    return false;
  }


I'm going to continue to look into it, but any quick suggestions?
(0002810)
obilodeau (reporter)
2012-06-18 09:02

What are your ldap parameters? The important error is 'Search: Operations error'. The search is failing.

Try your search parameters with (all one line):

ldapsearch -x -b <LDAPUserBase> -h <LDAPServer> -W -D <LDAPBindDN> <LDAPUserKey>=username dn

You will need the openldap-clients package installed.
(0002814)
barryq (reporter)
2012-06-18 16:27

I got there eventually. The real problem I found ( after getting rid of all the user error ) was the LDAP search was not executing a search with the correct scope. It was only searching at the level specified by ldap_bind_base. According to php.net the default should be LDAP_SCOPE_SUBTREE. Did you by chance override that setting somewhere?

One minor note: there is a small error in the code:
$result = ldap_search($ldap, $ldap_user_base, $filter, array("dn"));
  $info = ldap_get_entries($ldap, $result);
  if (!$result) {
    $logger->info("LDAP query failed, check your settings");
    return false;
  }

It's slightly out of order. The error handling on $result should take place before you try and use it in the ldap_get_entries function... like so:
$result = ldap_search($ldap, $ldap_user_base, $filter, array("dn"));
if (!$result) {
  $logger->info("LDAP query failed, check your settings");
  return false;
}
$info = ldap_get_entries($ldap, $result);

Not a big deal but that was were "PHP Warning: ldap_get_entries() expects parameter 2 to be resource" was coming from.
(0003115)
fgaudreault (viewer)
2012-10-09 09:26

Another customer had the same issue, I had him remove comments on line 108/109 and it worked.
(0003697)
lmunro (administrator)
2015-02-13 15:26

Old issues.
Most are not relevant to PF 4 and up.

Let's reopen the ones that matter when we move to github.

- Issue History
Date Modified Username Field Change
2012-06-14 20:34 barryq New Issue
2012-06-15 15:19 obilodeau Status new => assigned
2012-06-15 15:19 obilodeau Assigned To => obilodeau
2012-06-15 15:21 obilodeau Note Added: 0002803
2012-06-15 16:25 barryq Note Added: 0002804
2012-06-15 16:31 barryq Note Added: 0002805
2012-06-15 17:02 barryq Note Added: 0002806
2012-06-18 09:02 obilodeau Note Added: 0002810
2012-06-18 16:27 barryq Note Added: 0002814
2012-10-09 09:26 fgaudreault Note Added: 0003115
2012-10-19 13:43 fgaudreault Assigned To obilodeau =>
2012-10-19 13:43 fgaudreault Target Version => investigate
2015-02-13 15:26 lmunro Note Added: 0003697
2015-02-13 15:26 lmunro Status assigned => closed


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker