engymk | Deleted | 19. May 2014, 08:31
I have done every step to the LDAP as per the official document. The binding is happening alright. But it does not do work when i try to login from the login screen. It just give very simple message of "username or password is wrong".
I need your help please. I came across some threads here but no solution was shared. I desperately need your help!! Since we are launching the course from next week and this is the only pending step.
engymk | Deleted | 20. May 2014, 14:21
Re: Re: LDAP Configuration
Thank you for your response. I really wish you could help me.. please find the link which i followed
pascal.schmitt | pascal.schmitt | 20. May 2014, 15:47
Re: Re: Re: LDAP Configuration
Please check if there is a green checked icon behind "LDAP" on the page "Administration / Authentication and Registration / Authentication". Also check LDAP as your default authentication mode (in the same screen).
Hope that helps
engymk | Deleted | 21. May 2014, 07:38
Edited on: 21. May 2014, 07:41 - by engymk (Deleted)Re: Re: Re: Re: LDAP Configuration
I have already enabled the LDAP with the green check before I post the topic. However when I made it default. No login is working anymore. I am trying to access local by selecting the "ILIAS Native Authentication" with root user and it started to give the same error of "Wrong Login or Password". Please help. I cannot access the server anymore!!
Here is my version i am using: ILIAS (v4.4.2 2014-03-26)
pascal.schmitt | pascal.schmitt | 21. May 2014, 08:30
Re: Re: Re: Re: Re: LDAP Configuration
Access the database (e.g. by phpmyadmin), select the table "settings" and look for a entry like
module = common
keyword = auth_mode
and set the value to "1"
Now you should be able to login with root again.
jackisch | jackisch | 24. May 2014, 15:15
Edited on: 24. May 2014, 15:33 - by jackisch | jackischRe: Re: Re: Re: Re: Re: LDAP Configuration
in my installations LDAP is working allright.
Can you post your LDAP configuration settings?
For a next try for your configuration: manually change the auth-setting of the root user to the ILIAS database. When this is set to "default", the login-mode changes with the settings you configure and root cannot login anymore. Pascals hints give you a way to get root to work again. Probably you can set the login-method un the usr_data table for the root user to the local login, too.
I added a warning (and minor additions for the login order) to the LDAP instructions.
For tests, open a different browser or a session o a different client with administrative rights, as long as you dont exit this session you can always repair...
To bring LDAP to work I set the login-order with LDAP before any other method. This way, ILIAS tries to authenticate vai LDAP first, then against the local database.
To further investigate, I used tcpdump on the ILIAS machine (like tcpdump -A -i eth0 port 389) to see if LDAP traffic occurs and what data is sent. If there is no traffic then ILIAS doesnt try LDAP, if there is any traffic you can read which user ILIAS tries to authenticate and the answers.
engymk | Deleted | 10. Jun 2014, 14:05
Re: Re: Re: Re: Re: Re: Re: LDAP Configuration
I have tried all the tips you provided with no single luck!
please find attached the configuration shots...
jackisch | jackisch | 10. Jun 2014, 21:06
Re: Re: Re: Re: Re: Re: Re: Re: LDAP Configuration
on page 3 of your config you have set OU=CMA,DC=INT,.... as user search base. This setting is prepended to the baseDN (see picture 2), so can you pace only OU=CMA (no commas) in this field?
The rest seems o.k. to me.
You can see messages in the ILIAS logfile or watch the process with tcpdump, you shoud see your ldap user binds first and then the user login, if everything works.
If problems stay, can you tell if the LDAP bind of the ldap user succeeds?
Nigel.Trego@zeon.eu | Nigel.Trego@zeon.eu | 10. Jan 2019, 17:35
LDAP Confguration Active Directory
We wanted to standardise using the user's email address for AD authentication, we use the email address (email@example.com) as a user id for Office365 as well as many other platforms. Some of our user accounts still had dated login names (pre Windows 2000, e.g. Jill Blogs would have username BloggsJ). Also, our internal AD domain was xyz.net, a suffix that did not match the email address suffix (xyz.com). With this in mind using samaccountname as the LDAP attribute did not work for us.
We managed to work around this issue by using the LDAP attribute UserPrincipalName in the Ilias Ldap config. Prior to this we added the email domain name (xyz.com) as a UPN suffix (in Active Directory Domains and Trusts) and changed suffix in the AD user account record. (Once you have added the UPN suffix in Active Directory Domains and Trusts, it becomes avaiable in the AD user account as a dropdown).
So now firstname.lastname@example.org authenticates correctly.
Hopefully this might help someone who has experienced similar issues.