LDAP Server Settings - Port Value

jimp

I'm not seeing that here. Are you sure you added the right code in the right place? I get all of the ldap values as expected and do not have to change anything.

shon

All aboard the failboat

I was actually adding the "+" signs

dough!

All is well now after I removed the + signs

Thanks!

jimp

That would do it. :-)

shon

Ahh spoke to soon.

The LDAP Server Setting Port value is holding at 1389, but the "authentication testing" under diagnostics is still trying to use port 389.

Any ideas?

Thanks!

jimp

The auth test doesn't specifically reference anything, it just calls the same auth function as it would if someone were logging in, and that code references the port used in the config specifically so long as it exists.

What is leading you to believe that it's still using the wrong port at that point?

shon

I ran tcpdump on my LDAP Server with the following commands:

e.g.

tcpdump -i eth0 host PFSENSEIP and port 389

tcpdump -i eth0 host PFSENSEIP and port 1389

When I hit "Test" from Diagnostics > Authentication with my LDAP Description name selected I only see traffic hitting on port 389 and never on 1389 as previously defined in Port value.

jimp

aha, it appears PHP's ldap_connect() ignores the port we pass because we pass a URL in the first parameter. So we need to add the port onto the URL.

Like so:
https://github.com/bsdperimeter/pfsense/commit/4d89e4d7818610aba44dceb3644cb2bb720bca30

shon

I grabbed the git repository and then copied the auth.inc file over to the pfsense server.

Now when I go to Section besides the main page I get the following error:

"Fatal error: Call to undefined function get_configured_ipv6_addresses() in /etc/inc/auth.inc on line 143

Thanks!

jimp

You want the file from the RELENG_2_0 branch, not the master branch.

jimp

https://raw.github.com/bsdperimeter/pfsense/4d89e4d7818610aba44dceb3644cb2bb720bca30/etc/inc/auth.inc

shon

Thanks

I get the same error I previously stated when going down to "Authentication".  Everything else is working as expected.

jimp

Which error is that now?

shon

After applying your latest change outside of the main repository I restarted the server, went for a walk, and came back and now I get no errors.

When I go to Diagnostics > Authentication

I can now see the pfsense box trying to communicate on the right port now!

My LDAP authentication passed with my users that I had setup!

Thanks!

jimp

Good news then :-)