0
1
Hi, I've just grabbed the latest master tarball from github as of about 24 hours ago - Installation is done, all dependencies were satisfied. I'm configuring the LDAP connection so I can use it for authentication, but it's only partially working - When a user enters a username and password to login for the first time, they receive the error \"Login Failed\".\nHowever, the new user appears in the w2p users list correctly, the First/Sur name, and email fields are all populated, and everything looks ok, except - they don't actually get logged in, and the the Login History still says \"Never Visited\". I've tried to turn on debugging but I'm not getting the output where I expect it (on the client screen?) - I've tried creating a company, assigning roles to the user account that gets created and logging in again, but I continue to get login failed errors. Can you give me a tip on where to diagnose/how to resolve this? Thanks -

asked 11 Sep '14, 21:38

cleary's gravatar image

cleary
0222
accept rate: 0%

asked 11 Sep '14, 21:38

The plot thickens:nIn the system admin settings, if LDAP authentication is the default login mechanism, I can no longer login as my admin user ("LDAP also allows standard login" option is ticked) If I then change the login mechanism back to standard web2project authentication, my admin user can login. I suspect I'm heading into bug reporting territory here... [edit] scratch that, I have an admin username in LDAP that would be causing this issue.

(11 Sep '14, 22:24) cleary cleary's gravatar image

Do these new users have Roles? If they don't have Roles, they won't be able to log in.

(12 Sep '14, 00:34) caseydk ♦♦ caseydk's gravatar image

(moving this out of the comment thread that got too long) Ok, that's understandable, but - Even with the Role and Company assigned, I still can't actually login. I get a login failed message at the login screen each time.
permanent link

answered 21 Sep '14, 19:23

cleary's gravatar image

cleary
0222
accept rate: 0%

answered 21 Sep '14, 19:23

Wondering if there's been any movement on this? I've tried several different versions (3.0 3.1 3.2 3.3) on several different setups (debian LAMP and OSX XAMPP) and keep getting the same problem. Judging by the fact that this thread has a whopping 3.3k views, i'm guessing a lot of other people are having the same problem too. Version 3.0 works perfectly, but when i use any higher version, the user logins (except for the admin) all fail. At a guess i'm assuming its something to do with the LDAP stuff, but there is literally no mention at all about LDAP setup in the web2project install wiki page. For now i'll stick to v3.0, but it does concern me about future-proofing my business...
permanent link

answered 23 Oct '14, 22:30

geoff.murphy's gravatar image

geoff.murphy
(suspended)
accept rate: 0%

answered 23 Oct '14, 22:30

To be frank, the LDAP implementation has gotten zero attention since v3.0 because I don't have an LDAP server to test against. All it takes is someone with a server who can either a) give me the access to authenticate (not admin) or b) give me some error logs and detail on what is happening. Until one or the other happens, it's hard to do much on it. :(

(24 Oct '14, 14:55) caseydk ♦♦ caseydk's gravatar image
Well, hi guys.\nI have the same problem here, i m using the 3.2.90 version of w2p.\nWhen i set up LDAP auth i lost my admin login, and the users can't log in with your LDAP account. I dont know how to solve this, maybe we need to create a squad to debug this.\nTy so much for your attention.
permanent link

answered 31 Oct '14, 06:47

EddieFrost's gravatar image

EddieFrost
0122
accept rate: 0%

answered 31 Oct '14, 06:47

What sort of errors/messages are you getting?

(31 Oct '14, 09:13) caseydk ♦♦ caseydk's gravatar image
Bump - Keith please note my reply above with the test LDAP server details
permanent link

answered 10 Dec '14, 18:46

cleary's gravatar image

cleary
0222
accept rate: 0%

answered 10 Dec '14, 18:46

Thanks, I'll check into this as soon as I can.. probably this coming weekend.

(10 Dec '14, 18:48) caseydk ♦♦ caseydk's gravatar image
I added a ton of error_log statements around the LDAP auth. The first thing I ran into was an out of range error creating the user contact. failed(INSERT INTO `contacts`(`contact_first_name`,`contact_last_name`,`contact_display_name`,`contact_email`,`contact_owner`,`contact_lastupdate`) VALUES ('XX','XX','XX','XX@XX.com',-1,'2014-12-18 14:03:06')) - error was: Out of range value for column 'contact_owner' at row 1 Looks like the contact creation is before the SQL user creation, therefore there is no user ID available and the function returns a -1. I reversed the order of the user create and contact create, and passed the user id from the new user instead of $this->AppUI->user_id; and the contact was created correctly. Now I dont see any more sql errors, but im not sure if the acl's were updated correctly. User is in the db, however does not show up in the user manager on the webui. Looking in gacl_permissions, the users rows are entered but the acl_id is still 0 and access is 0 for everything. I changed the get_group_id('anon') to normal, and the result was the same. Moving on from the ACL error, I went after the error of a missing argument to the ldap user_id function. PHP Warning: Missing argument 1 for w2p_Authenticators_LDAP::userId(), called in /usr/local/www/apache24/data/web2project/classes/w2p/Core/CAppUI.class.php on line 789 and defined in /usr/local/www/apache24/data/web2project/classes/w2p/Authenticators/LDAP.class.php on line 108 if you look at the auth setup $user_id = $auth->userId();\n$username = $auth->username; Youll see the function is indeed being called without a username to get the ID. I added the $username field from above, then moved on to an error adding the auth to the access log. /usr/local/www/apache24/data/web2project/classes/w2p/Database/Query.class.php(1139): query failed(INSERT INTO `user_access_log`(`user_id`,`date_time_in`,`user_ip`) VALUES ('-1','2014-12-18 14:44:46','10.0.2.2')) - error was: Out of range value for column 'user_id' at row 1, referer: http://192.168.10.11:8080/web2project/index.php? To be continued...
permanent link

answered 18 Dec '14, 09:51

silent_ninja1's gravatar image

silent_ninja1
3522
accept rate: 15%

answered 18 Dec '14, 09:51

Added the following line below the get user id function above : $this->user_id = $user_id; and now a new user can login directly from LDAP This user is presented with a generic welcome page, and dosnt have access to anything. They show up in the active sessions listing, however they do not show up under active or inactive users, and I cannot select them to assign any role or other permissions. This afternoon ill try to create a new sql user with the same default role, then compare all the sql tables to see what differs between the ldap imported user and the new sql user. At least we have a proper login now.
permanent link

answered 18 Dec '14, 09:55

silent_ninja1's gravatar image

silent_ninja1
3522
accept rate: 15%

edited 18 Dec '14, 10:01

Can you submit these changes as a pull request and I'll review and merge asap.

(18 Dec '14, 13:18) caseydk ♦♦ caseydk's gravatar image
Pull requests are in. For the future, id suggest adding a config option for default role to assign to LDAP users.
permanent link

answered 22 Dec '14, 12:53

silent_ninja1's gravatar image

silent_ninja1
3522
accept rate: 15%

answered 22 Dec '14, 12:53

Until this is merged, here's the pull request referenced: https://github.com/web2project/web2project/pull/278

(25 Dec '14, 23:16) caseydk ♦♦ caseydk's gravatar image
I just patched my system after upgrading from 3.1 to 3.3 left me without the ability to log in. Here's what I found and how I fixed it. Somewhere between 3.1 and 3.3, CAppUI.class.php changed a line in public function login($username, $password) from: $user_id = $auth->userId($username); to: $user_id = $auth->userId(); Now the base class userId has no argument, but LDAP.class.php userId has an argument, $username. You can either change the $auth->userId call back to the way it was in version 3.1, or what I did, change LDAP.class.php to use $this->username rather than take an argument, i.e.: public function userId(/*$username*/) { $username = $this->username; $q = $this->query; ... Grepping for \"->userId\", I found no other occurrences in the system.
permanent link

answered 04 Feb '15, 16:02

mhillsmt's gravatar image

mhillsmt
(suspended)
accept rate: 0%

answered 04 Feb '15, 16:02

I just checked 3.3.55 and found this: $user_id = $auth->userId($username); so it looks like it's already been fixed?

(06 Feb '15, 00:15) caseydk ♦♦ caseydk's gravatar image
That would do it.
permanent link

answered 06 Feb '15, 08:52

mhillsmt's gravatar image

mhillsmt
(suspended)
accept rate: 0%

answered 06 Feb '15, 08:52

I looked into changing LDAP's userId to not take an argument, however it seems it would be required in order to keep the password synchronized with the AD directory. The function is used prior to the user object being created, therefore if it does not have a way to poll the db for the uid instead of relying on the base object, that functionality wont work. We can however add a default value to the function, so the cAppUi use of the function can have the variable removed, and the function could default to returning the current object if no username is set. Edit : in hindsight, im not sure there is much need to keep that functional. I dont see the password being used outside of authentication. If you change the auth backend from LDAP to SQL, it would keep the passwords the same as the most recently seen login of the same user. All it does is prevent login as that user without a password in the same case as above (backend change from LDAP to SQL). As it sits right now, it seems the store function for the user isnt properly updating that password to the latest value anyway. The isValid function is returning that the user exists and exiting without the change.
permanent link

answered 09 Feb '15, 16:59

silent_ninja1's gravatar image

silent_ninja1
3522
accept rate: 15%

edited 09 Feb '15, 17:10

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×3

question asked: 11 Sep '14, 21:38

question was seen: 7,331 times

last updated: 10 Feb '15, 13:59

powered by Bitnami OSQA