Support » Plugin: authLdap » getting a an error when trying to log in

  • Resolved shellwe

    (@shellwe)


    We set up AuthLDAP with what we think is correct and then go to the WordPress login and I type my credentials and it gives me this error.

    Parse error: syntax error, unexpected ‘[‘ in /var/www/html/assure-stack/wp-content/plugins/authldap/src/LdapList.php on line 34

    I go back and just type gibberish for the login and password and get the same page. I go back to the home page to see if I was indeed logged in and I was not and I check to see if a WP user was created and they were not.

    I have “Debug AuthLDAP” checked but not sure how to use that, is there documentation on how that process goes?

    My main suspicion is the LDAP URI is incorrect, here is what we have; the servers, users, and passwords have been changed to protect the innocent.
    ldap://uid=exampleuser,dc=testdomain,dc=local:Passw0rd@dc.testdomain.local/OU=Employees,DC=testdomain,DC=local

    I didn’ tknow if that OU=Employees goes there but wasn’t sure where else to put it.

    We are using Smart TLS

    • This topic was modified 8 months ago by  shellwe.
Viewing 8 replies - 1 through 8 (of 8 total)
  • Plugin Author heiglandreas

    (@heiglandreas)

    You are especially using an unsupported version of PHP. The given error occurs when you are running the authLDAP-code on PHP 5.3 or earlier. AuthLDAP requires at least PHP 5.4.

    PHP 5.3 is out of support since mid-2014! The currently supported versions of PHP are 5.6 and 7.0. And on 1st of December PHP 7.1 will become generally available. So you should think of updating your PHP to at least version 5.6 which will be supported until December 2018.

    If those aren’t options you can alter the code of the plugin to adapt it to PHP 5.3 by altering that line 34 in /var/www/html/assure-stack/wp-content/plugins/authldap/src/LdapList.php to read protected $items = array();. There might be more places where a [] needs to be replaced with array() but you’ll need to figure that out.

    I can not support that.

    The easiest “fix” is to update your PHP-Stack!

    shellwe

    (@shellwe)

    Thank you for getting back to me! We are indeed on 5.3. We are using CENTOS 6 so a little behind the time. I have looked at the path to upgrade to 7 and I wonder if it is just easier doing a new install.

    Anyway, I uninstalled PHP 5.3 and put on 5.6 and after some jumbling with some settings I got php 5.6 and WordPress working again. But now it just doesn’t take my login

    I now get the error:

    Warning: ldap_start_tls(): Unable to start TLS: Connect error in /var/www/html/assure-stack/wp-content/plugins/authldap/ldap.php on line 122

    I am guessing it just means we have something in our LDAP URI (Posted above?). I assume our username is our User-ID Attribute; which we assigned to sAMAccountName and my password is my LDAP password.

    Plugin Author heiglandreas

    (@heiglandreas)

    Great that you did an update!

    The error you report here sounds more like an issue with the TLS-connection, which comes before the authentication part. Are you using a selfsigned certificate for the TLS-setup? Can you do a connect from the server to the LDAP via the commandline?

    I’ve done a quick search on the internet and found these answers:

    * http://stackoverflow.com/questions/2689629/how-do-i-solve-ldap-start-tls-unable-to-start-tls-connect-error-in-php
    * http://php.net/manual/en/function.ldap-start-tls.php#115150

    shellwe

    (@shellwe)

    It may have been a blip or something because I am not getting that error anymore, it just invalid login. I also tried turning off TLS to see if that works (for sure not a permanent solution)
    How does the logging work in your program? Can that tell me anything. I am wondering if it did correctly try to handshake it’s just somehow mapped to the wrong login.

    The cert issued from our internal CA. That first article was referring to PHP2 and 3 and I am still looking through the second to get more ideas. Also, our server guy does see a request from Tux our Active Directory service via tcp port 389 (ldap port).

    I open /etc/openldap/ldap.conf and see everything is commented out except TLS_CACERTDIR
    /etc/openldap/certs

    Is openLDAP more for if I want to have my server be an LDAP server? If so I am in the wrong place.

    If it helps any we did get “Active Directory/LDAP Login for Intranet sites” working (at least before I upgraded to 5.6) with TLS we just weren’t impressed by some of its features. But I know it is able to connect

    Plugin Author heiglandreas

    (@heiglandreas)

    Sorry for letting you wait so long.

    When you activate the devbugging, authLDAP will report some additional infos to the PHP-Log. You might have to check where that is reported to. You might want to have a look at http://php.net/manual/en/errorfunc.configuration.php#ini.error-log for further infos on the location of the error-log.

    openLDAP is a project that creates an LDAP-Server as well as the libraries necessary to bind to any LDAP-Server. So it’s used by PHPs LDAP-Extension to be able to connect to AD (in your case)

    The first article was talking about LDAP-Version 2 and 3, not PHP-Versions 2 and 3 😉 But authLDAP uses version 3 anyway. That’s nothing you need to worry about 😉

    Please find your PHPs error-log and check for the information in there. When you can post that I’ll check that and ping you back as soon as possible.

    Cheers

    Andreas

    You have been very quick to respond. Thank you for your help so far.

    It took me a bit to figure out what is going on; even though I have my error_log set to /var/log/php_errors.log in php.ini it still outputs it in /var/log/httpd/ssl_error_log… not sure why but the important thing is I found it.

    When I try to log in with my user I get this:

    [Mon Nov 28 15:15:07 2016] [error] [client 10.1.8.27] [AuthLDAP] User 'sAMAccountName' logging in, referer: https://www.domain.com/wp-login.php
    [Mon Nov 28 15:15:07 2016] [error] [client 10.1.8.27] [AuthLDAP] about to do LDAP authentication, referer: https://www.domain.com/wp-login.php
    [Mon Nov 28 15:15:07 2016] [error] [client 10.1.8.27] [AuthLDAP] connect to LDAP server, referer: https://www.domain.com/wp-login.php
    [Mon Nov 28 15:15:07 2016] [error] [client 10.1.8.27] [AuthLDAP] LDAP authentication failed with exception: bind was not successfull: Invalid credentials, referer: https://www.domain.com/wp-login.php
    

    I replaced my website name with “www.domain.com/wp-login.php” since it is an internal domain and they don’t want that public knowledge. Also replaced my user with the keyword it is linked to (sAMAccountName).

    But from this I am not quite certain whether it isn’t connecting due to a bad LDAP URI or it is and the username isn’t linking to sAMAccountName. I have smart TLS on and I am making sure I go to the https version of the site.

    Thank you for your help so far!

    Plugin Author heiglandreas

    (@heiglandreas)

    There are two possible causes for this messages:

    1. The user used for the initial bind (the one that is part of the LDAP-URI) can not bind to the LDAP. That might happen due to a spelling-issue.
    2. The credentials of the user trying to login are wrong. So either the username or the password (usually the password) are wrong.

    To fix that: Can you post me the configuration you are using (without passwords or course)? Feel free to send them via Email to andreas (AT) heigl (DOT) org – I’ll then check what might be the issue.

    Cheers

    Andreas

    I tried both my email and my username, I type it several times but user errors aren’t uncommon in my line of work.
    My network admin guy sanitized the strings for me so they are free of compromising data. I’ll email you that now.
    Thanks!
    Shawn

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘getting a an error when trying to log in’ is closed to new replies.