View Issue Details

IDProjectCategoryView StatusLast Update
0021051mantisbtldappublic2016-07-07 02:37
Reporterbertram.ryba Assigned Todregad  
PrioritynormalSeveritycrashReproducibilityalways
Status closedResolutionno change required 
Product Version1.2.19 
Summary0021051: LDAP with IIS 7 and PHP 7.0.5
Description

I'm trying to set up mantisbt for our organisation and got it working with local auth without ssl under IIS 7 with PHP 7.05.

The goal is to run it with single-sign on and later with ssl.

Every Time i try to enable ldap auth i instantly get 500 Server Errors for all sites on our Ticketsystem.

I tried to follow these instructions without success:
https://www.mantisbt.org/docs/master-1.2.x/en/administration_guide.html#ADMIN.CONFIG.AUTH.LDAP

I Need some assistence in correctly cnfiguring the ldap Parameters in the config_inc.php:

#$g_login_method = LDAP;
#$g_ldap_server = IP:389'; or: ldap://servername.domain.local:398/
#$g_ldap_root_dn = “OU=My Business,DC=domain,DC=local”;
#$g_ldap_bind_dn = “CN=mantisbt,OU=Service_Accounts,OU=Users,OU=MyBusiness,DC=domain,DC=local”;
#$g_ldap_bind_passwd = 'Start1234';
#$g_ldap_organization = '(objectClass=*)';
#$g_ldap_protocol_version = 3;
#$g_ldap_follow_referrals = OFF;
#$g_use_ldap_email = ON;
#$g_use_ldap_realname = ON;
#$g_log_level = LOG_LDAP;
#$g_log_destination = 'file:c:\mantisbt\mantisbt.log';
#$g_ldap_uid_field= 'sAMAccountName';

Is there anything wrong or missing?

I even tried to use the adlogin plugin, but when i deactivate anonymous auth i can't Login anymore and with activated anonymous auth i can't install the plugin, because it ends in a 500 Server Error.

https://www.mantisbt.org/bugs/view.php?id=12627

Maybe someone can assist here!

TagsNo tags attached.
Attached Files
asp.JPG (56,500 bytes)   
asp.JPG (56,500 bytes)   

Activities

dregad

dregad

2016-06-03 11:03

developer   ~0053261

The provided information is not sufficient to provide any help in resolving the issue. A complete and detailed description is required for the support team to get a clear understanding of the problem.

Whenever you get HTTP 500 errors, you should look at your server log files. What do you see there ?

I see you have enabled LOG_LDAP logging, that's good. What do you get in the mantisbt.log file ?

bertram.ryba

bertram.ryba

2016-06-03 11:29

reporter   ~0053262

Hello dregad,

well my main problem is, that i just get the HTTP 500 Error.
I activate the entries in the config files by removing the # and safe the config_inc.php.
Then i reload the website and get server errors.
I have no error for the reload timestamp in the event viewer and i have no log file in the file system(yes it wasn't even created).

this is really confusing.

What i get at other timestamps is a WAS Error 5011 pointing to ASP.net v4.0 and a w3wp.exe error

w3wp.JPG (53,789 bytes)   
w3wp.JPG (53,789 bytes)   
dregad

dregad

2016-06-05 05:18

developer   ~0053267

I do not use IIS so I'm not able to help here much here. I have no idea what ASP.net has to do in this picture, and have no idea what w3wp.exe is or does.

All I can say is, if you're not getting any log file from LOG_LDAP, then there is likely some problem with your system that you need to address; that is not related to MantisBT.

bertram.ryba

bertram.ryba

2016-06-08 11:18

reporter   ~0053284

i could solve some issues with the server.
my problem was, that i copy pasted a config for ldap and it had " instead of ' in use.

What i get now is:

APPLICATION ERROR 0001401
LDAP Server Connection Failed.

mantislog:

2016-06-08 17:06 CEST ldap Binding to LDAP server
2016-06-08 17:06 CEST ldap Attempting connection to LDAP URI 'ldap://<ip>:389'.
2016-06-08 17:06 CEST ldap Connection accepted by LDAP server
2016-06-08 17:06 CEST ldap Setting LDAP protocol version to 3
2016-06-08 17:06 CEST ldap Attempting bind to ldap server with username and password
2016-06-08 17:06 CEST ldap ERROR #49: Invalid credentials
2016-06-08 17:06 CEST ldap Bind to ldap server failed

i used the domain administrator with it's plain text password.

as i've seen in the config the site administrators password was hashed.

how do i hash my password so that it's accepted? what hash do i need?

dregad

dregad

2016-06-09 17:59

developer   ~0053293

i used the domain administrator with it's plain text password.

You mean that you're using the domain admin as LDAP bind DN ?

As a side note, from a security perspective it's not a good idea to do that. You really should create a low-privileged service account for LDAP binds.

as i've seen in the config

What config ? config_inc.php ?

the site administrators password was hashed.

Hashed by whom, and why ? Passwords in the config files must be in clear text.
We only use hashed passwords when we store them in the DB.

atrol

atrol

2016-06-27 10:08

developer   ~0053472

bertram.ryba,

You did not provide feedback; I am therefore resolving this issue as "no change required".

Feel free to reopen the issue at a later time and provide the requested information.