Is PHP 7.2 supported? mcrypt still needed? Plugin does not work.

  • viniciusferrao

    (@viniciusferrao)


    7 years, 3 months ago

    I can’t make this plugin to work. I’m running it on CentOS 7.6 with PHP 7.2 and the shipped Apache 2.4 version.

    At a first moment I was thinking that the problem was mcrypt, so I compiled it with PECL. But it still does not work. The log isn’t helpful either:

    2019-02-15 23:18:25 [INFO] NextADInt_Ldap_Connection::createConfiguration [line 104] LDAP connection is *not* encrypted
    2019-02-15 23:18:25 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] account_suffix =
    2019-02-15 23:18:25 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] base_dn = dc=domain,dc=com,dc=pt
    2019-02-15 23:18:25 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] domain_controllers = dc2.domain.com
    2019-02-15 23:18:25 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] ad_port = 389
    2019-02-15 23:18:25 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] use_tls =
    2019-02-15 23:18:25 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] use_ssl =
    2019-02-15 23:18:25 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] network_timeout = 5
    2019-02-15 23:18:25 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] ad_username = [email protected]
    2019-02-15 23:18:25 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] ad_password = *** protected password ***
    2019-02-15 23:18:25 [ERROR] NextADInt_Ldap_Connection::connect [line 61] Creating adLDAP object failed. Bind to Active Directory failed. Check the login credentials and/or server details. AD said: Can’t contact LDAP server

    I can do ldapsearch on the machine with GSSAPI, but the plugin simply cant work.

Viewing 9 replies - 1 through 9 (of 9 total)
  • wpalterego

    (@wpalterego)

    7 years, 3 months ago

    You can confirm if the user account you used in the Environment -> Verify Credentials section is within the OU in the Base DN section.

    Thread Starter viniciusferrao

    (@viniciusferrao)

    7 years, 3 months ago

    I tried a lot of combinations, nothing works and the output of the logs doesn’t help either.

    I’ve tried using the people’s OU, nothing.
    Created a user inside the default CN=Users container, nothing.

    Any ideias?

    wpalterego

    (@wpalterego)

    7 years, 3 months ago

    If you have a people’s OU…did you reference it in the Base DN with
    base_dn = OU=People,DC=domain,DC=com,DC=pt

    Also use the Domain Controller IP Address instead of dc2.domain.com

    Thread Starter viniciusferrao

    (@viniciusferrao)

    7 years, 3 months ago

    I’m using the base DN on the top root of the domain:

    DC=domain,DC=com,DC=pt

    I choose this approach because my architecture have sub OU’s inside the People’s OU, example:

    OU=Teachers,OU=People,DC=domain,DC=com,DC=pt

    And there’s is the groups OU, for instance:

    OU=Groups,DC=domain,DC=com,DC=pt

    Changed to IP addresses without success too. I don’t know what happening. There’s a way to raise the debugging?

    wpalterego

    (@wpalterego)

    7 years, 3 months ago

    You can troubleshoot by first connecting to an OU, then if it works you add the whole domain.

    2nd…Did you join the linux server to the Windows AD using realm join?

    Thread Starter viniciusferrao

    (@viniciusferrao)

    7 years, 3 months ago

    Yes it’s joined.

    I can do ldapsearch with GSSAPI, getent the users, etc.

    I tried connecting to a specific OU without success too. I really don’t understand whats happening.

    wpalterego

    (@wpalterego)

    7 years, 3 months ago

    Series of random thoughts…

    1. Is the domain firewall off on windows
    2. Is SELinux disabled
    3. You can add port 389 to the linux firewall
    4. Check with ADSIEdit if the account you are using to connect has read access to the windows domain root or the OUs

    Thread Starter viniciusferrao

    (@viniciusferrao)

    7 years, 3 months ago

    Hello.

    1. Firewall can’t be an issue since ldapsearch works on the same box.
    2. SELinux is disabled
    3. Firewall on Linux is open.
    4. It has the correct read access since it was working on the ADI plugin.

    I’ve done additional tests. Something should be broken on PHP or Plugin level. Using tcpdump I can see the packages to the DC’s when using ldapsearch on command line.

    On other hand when trying to test the NADI plugin it simple returns NOTHING on tcpdump.

    wpalterego

    (@wpalterego)

    7 years, 3 months ago

    You can disable all plugins and activate the AD plugin first, it should tell you if a php/linux package is missing (Worked for me)

Viewing 9 replies - 1 through 9 (of 9 total)

The topic ‘Is PHP 7.2 supported? mcrypt still needed? Plugin does not work.’ is closed to new replies.