Error setting up ldap backend

bruno · Nov 27, 2012, 11:40 AM

Hi,
I have an issue setting up an LDAP server in 2.1-BETA0 (amd64) built yesterday.
I filled in the form with exactly the same settings from 2.0 and saved, but after clicking on "Select" to pick up auth containers the GUI becomes unresponsive for some minutes then "Could not connect to the LDAP server. Please check your LDAP configuration.".

in system.log


php: /system_usermanager_settings_ldapacpicker.php: ERROR! ldap_get_user_ous() could not bind to server .

thanks
B.

eri-- · Nov 27, 2012, 2:56 PM

The user you have used to authenticate to LDAP is wrong.
Check the password of that user and it should behave correctly.

bruno · Nov 27, 2012, 3:05 PM

I wish the password was wrong, but I can connect w/o problem on pf 2.0 and also with an ldap browser using the same password.
Isn't something missing in that error, like the server name before the dot?

eri-- · Nov 27, 2012, 3:51 PM

Can you show the url used to open the window.
You even should have it shown on the opened window or can get it through developers tools in chrome under network settings.
Something is not getting field properly there and the request might be going and trying anon binding.

bruno · Nov 27, 2012, 4:58 PM

Here's the URL:

2.1beta

https://pfsense21/system_usermanager_settings_ldapacpicker.php?port=389&host=ldapserver&scope=subtree&basedn=DC=domain,DC=local&binddn=ldapuser&bindpw=ldappass&urltype=TCP%20-%20Standard&proto=3&authcn=cn=Users,DC=domain,DC=local&cert=

2.0.1-rel

https://pfsense201/system_usermanager_settings_ldapacpicker.php?port=389&host=ldapserver&scope=subtree&basedn=DC=domain,DC=local&binddn=ldapuser&bindpw=ldappass&urltype=TCP%20-%20Standard&proto=3&authcn=CN=Users,DC=domain,DC=local&cert=4d9304d33184c

moh10ly · Apr 20, 2013, 8:13 AM

I had the same issue but I solved it and thought to share it with you guys. I would like just first to explain why this error persists!

When using special characters in passwords which authenticates to the Active Directory in order to retrieve the users unit, These passwords get transmitted html-encodedly.

So for example the password: abc1" becomes abc1&qout; which obviously leads to a failure.

It seems that this bug could be fixed by adding this code to the Active directory plugin " html_decode_entities($password)" according to similar issue I noticed in another forum, just to be honest I'm not good at all with HTML/PHP coding.

so in order to solve your problem, create a user on AD e.g. (Pfsense) and the password is plain simple e.g. (pfsense) no numbers of special characters involved.

test it by clicking Select next to Authentication containers.

jimp · Apr 24, 2013, 5:50 PM

The quoting there has other issues actually. If a user has international characters it needs a call to utf8_encode/utf8_decode in various places as well. I'm not sure why it's run through html encoded there, it probably shouldn't be done at that stage, only if the text needs transmitted back to the user in the GUI somewhere.