AD Integration about ssh-key-authority HOT 7 CLOSED

Hi

This error is generated by PHP's ldap_bind() function which is reporting that the credentials you've provided are not being accepted by the server. As such it is hard for me to tell you what exactly is wrong, but I might be able to point you in the right direction for figuring it out.

The top comment on the ldap_bind PHP manual page is about debugging issues binding with Active Directory. I would suggest that you take the PHP code from their comment, put it into a test.php file with the correct LDAP server and login details and try running it from the command line (eg. php test.php). Hopefully this might get you a more useful error message.

from ssh-key-authority.

Thanks for the reply.
I modified a little this diagnostic script.
<?php
$ldaphost = "xxx.xxx.xxx.xxx";
$ldapport = 389;
$bind_dn = "[email protected]";
$bind_password = "SomeStrongPass";

define(LDAP_OPT_DIAGNOSTIC_MESSAGE, 0x0032);
$handle = ldap_connect($ldaphost, $ldapport);
echo "$handle\n";
if ($handle) {
ldap_set_option($handle, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($handle, LDAP_OPT_REFERRALS, 0);
$bind = ldap_bind($handle, $bind_dn, $bind_password);
echo "$bind\n";
ldap_get_option($handle, LDAP_OPT_DIAGNOSTIC_MESSAGE, $extended_error);
echo "$extended_error\n";
}
?>
First run:
Resource id #4
1

Then I checked Reset User Passwords and Force Password Change at Next Logon in AD for ska user
Second run:
Resource id #4
PHP Warning: ldap_bind(): Unable to bind to server: Invalid credentials in /root/ad_bind_test.php on line 14

80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 773, v2580
Then I unchecked Reset User Passwords and Force Password Change at Next Logon and set Account has expired to 02.07.18.
3rd run:
Resource id #4
PHP Warning: ldap_bind(): Unable to bind to server: Invalid credentials in /root/ad_bind_test.php on line 14

80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 701, v2580
If I change $bind_dn to ska (without domain part after at) then I get error Invalid credentials too
4th run:
Resource id #4
PHP Warning: ldap_bind(): Unable to bind to server: Invalid credentials in /root/ad_bind_test.php on line 14

80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580
All of these tries mean that binding should be successfull, as I use settings in config.ini from 1st run.

from ssh-key-authority.

After escaping bind_dn and bind_password error Invalid credentials disappeared.

from ssh-key-authority.

Now I am having ldap_search error)

from ssh-key-authority.

Looks like you had success? You needed to escape some special characters in the bind_dn and bind_password?

from ssh-key-authority.

Sorry, term misuse. Actually I told about quoting not escaping.
Like this:
bind_dn = '[email protected]'
bind_password = 'SomeStrongPass'

from ssh-key-authority.

Right, it might be wise then for me to quote these values in config-sample.ini so that others are less likely to encounter this problem.

from ssh-key-authority.