wpDirAuth config error

Resolved kgazow
(@kgazow)

9 years, 7 months ago

In the process of migrating a site to wp4.6.1 and using the wpDirAuth plugin. Tests via LDAP are successful, but using the same config/credentials via LDAPS produces the following error:

Directory Authentication Error: wpDirAuth config error: No directory server available for authentication, OR pre-binding credentials denied

The plugin is functioning on an install of wp that we’re migrating from with the same configuration. Have confirmed that traffic is passing to and from the server and the AD DC (traffic sniff), but unsure as to next steps to narrow down the problem.

Viewing 5 replies - 1 through 5 (of 5 total)

ykoeda
(@ykoeda)

9 years, 7 months ago

Did the server change? Try adding line “TLS_REQCERT ALLOW” to /etc/ldap/ldap.conf (assuming that’s where your LDAP configuration file is). See http://www.openldap.org/doc/admin21/tls.html 11.2.2.6.
If that works then there’s a trust problem between client and server which you may want to fix.

Using ldapsearch with “-d <debuglevel>” is the easiest method to see what happens on the client side.
Plugin Author Paul Gilzow
(@gilzow)

9 years, 7 months ago
LDAP can be notoriously tricky to troubleshoot, especially when you throw in the overhead of wordpress. I’ve got a test script you can use: https://github.com/gilzow/simple-ldap-test

You’ll need to make sure to add in your data in lines 18 – 31. If you are using ldaps instead of START_TLS, you’ll need to change line 56 to at least include

$aryOptions = array('starttls' => false);

Let me know what, if any, errors you see with the test script.

Also, be aware that ldaps is deprecated in favor of START_TLS: http://www.openldap.org/faq/data/cache/605.html
- This reply was modified 9 years, 7 months ago by Paul Gilzow.
Thread Starter kgazow
(@kgazow)

9 years, 7 months ago
Thanks; working it now and will advise.
- This reply was modified 9 years, 7 months ago by kgazow.
- This reply was modified 9 years, 7 months ago by kgazow.
- This reply was modified 9 years, 7 months ago by kgazow.
Thread Starter kgazow
(@kgazow)

9 years, 7 months ago

Here’s what I see as a response from the script, slightly sanitized

Simple LDAP Test

Trying to authenticate [account]…
Checking uid against regex pattern… success!
Checking user password against regex pattern, min/max lengths… success!
Setting up initial connection with [ip-address]… success!
Requesting switch to v3 of ldap protocol… success!

Authentication failed
Problem Encountered While Attempting to Authenticate
Errors Encountered
Error at line 249
unable to bind with bind account ([account]@[fqdn]). Last LDAP error: Can’t contact LDAP server

Plugin Author Paul Gilzow
(@gilzow)

9 years, 7 months ago

what port do you have ldaps running on? 636 / 3269?

Between where you’re coming from (where it works) and where you are moving to (where it doesn’t) what else is different?

side note, in case you aren’t aware, ldaps is deprecated in favor of START_TLS : http://www.openldap.org/faq/data/cache/605.html

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘wpDirAuth config error’ is closed to new replies.