Archive > 15.7 Legacy Series
[SOLVED] Basic troubleshooting for LDAP authentication server
CraigPutnam:
I am setting up OPNsense 15.7.18_1-amd64 (OpenSSL) hosted on ESXi-5.5.0. I am trying to set up an LDAP authentication server against a local Active Directory domain controller. When I click the Select button in the Containers section, I get the informative message: "Could not connect to the LDAP server. Please check your LDAP configuration."
So, my main question is, how in the world do I troubleshoot this? Are there any log files or other tests that could give me more information?
weust:
Can't help you with logs, but do upgrade to the latest version before continuing any further.
This is how have set it up, excluding the basic information/settings.
Protocol version: 3
Bind credentials\User DN: domain\serviceaccount
Search scope\Level: One level
Base DN: DC=domain,DC=local
Authentication containers: use Select here. Should work if you got the previous settings filled in correctly.
Extended query: take the default IIRC. Been a while since I set it up.
User naming attribute: samAccountName
That work for me(tm)
franco:
Hi Craig,
The ldap_bind() call is being muted in the code, that is indeed a bit hard to trace. I will try to improve the error reporting for 15.7.25 out on Monday.
Cheers,
Franco
franco:
Some more hints may be hidden here... http://php.net/manual/de/function.ldap-bind.php#103034
CraigPutnam:
--- Quote ---The ldap_bind() call is being muted in the code, that is indeed a bit hard to trace. I will try to improve the error reporting for 15.7.25 out on Monday.
--- End quote ---
Much appreciated. :) The better the error messages, the faster I can figure out how and why I'm being stupid.
--- Quote ---Can't help you with logs, but do upgrade to the latest version before continuing any further.
--- End quote ---
Good idea, so I did that. I like the updated menu layout.
I managed to resolve the issue, mostly by poking around and thinking really hard like a bear of very little brain. I had pointed the system to external DNS servers, but I was trying to resolve an internal host... Like I said, very little brain.
Once I pointed to a DNS server that could actually resolve my domain controller, everything worked great. I did notice one UI issue that might cause issues for others. The authentication containers selection window is non-resizeable (at least in IE 11), so if you have more than 7 containers, they spill off the bottom of the window. I resolved it by narrowing the search scope, but users in a complex organization would probably have to resort to typing the container DNs by hand.
Thanks for everyone's help!
Navigation
[0] Message Index
[#] Next page
Go to full version