ERROR 500 When savin LDAP CONF #273
Comments
|
i tracked it to this line https://github.com/osTicket/osTicket-plugins/blob/develop/lib/pear-pear.php.net/net_ldap2/Net/LDAP2.php#L701 maybe maybe @JediKev can share some light :) |
|
Can anyone prowide some idea why is this happeninge ? |
|
@protich sorry for mention but we are really despered to get it working, and you already managed to fix one of bad downsides of OST the oauth when basic authentication was droped on ms site. Would you be able please to take a look on to this issue ? |
|
Have you tried using this build of the plugin? Cheers. |
Hi i already, tryed that :( unforchunatelly, in test enviroment when i try LDAP ove standart port and everithhing is correct, but in production with LDAPS each time i try to save the setting i get 500 error |
|
Then it sounds like it truly can’t connect. Have you checked your firewall, ports, SSL cert, etc.? Have you tried an LDAPS connection from the webserver to see if it can connect properly? Cheers. |
|
yes i tryed ldaps Conection ower Powershell and native win server app both are working |
|
Post a screenshot of Admin Panel > Dashboard > Information. Cheers. |
|
The only thing out of place here is the message about no longer being supported. Looks like you are having some DNS issues for that. However, I don't think that has any effect on this issue. At this point the best course of action will be to track your connection logs and see at what point it fails. We'd just be guessing without more detailed errors/information. Cheers. |
Yes you are right server is deployed in same ENV as My dev server both are high sec. enviroments. if you can guid me threw i can get you logs if you want :). |
|
but i guss from waht i see incorect variable is pushed in to the ldap_close() fuction as i posted in initial message, prehaps it si some edge cases when plugin configuration validation fail ? judst guessing since if validation fails nothing can be closed if conection is not established right ? |
|
I am not a windows/IIS guy so I'm not going to be too helpful here. I did some quick googling and saw that the Windows Event Viewer can log LDAP/LDAPS connections/authentication attempts. You may need to go in and enable it though. It basically can't close a connection as the connection is Cheers. |
|
@JediKev I even runned tests over powershell and telnet to server over port 636 and it get threw :( |
|
if anyone interested there is simple ps LDAP and LDAPS tester https://evotec.xyz/testing-ldap-and-ldaps-connectivity-with-powershell/ |
|
I was able to replicate this exact error when enabling TLS in the plugin config when I don't have TLS configured on the LDAP server. It does seem like the LDAPS connection is failing so Also, what port are you using in your plugin config for LDAPS? Also, did you enable the TLS option in the plugin config? Cheers. |
|
@JediKev |
|
I believe here is where the This seems to be happening in your case. Let's setup an unpacked plugin so you can add debug statements. First, simply unpack the plugin: Now you must update the database:
Once you do this you may need to restart the webserver. Now, you can edit the raw plugin files and add debug statements. From here you can edit the // If we're supposed to use TLS, do so before we try to bind,
// as some strict servers only allow binding via secure connections
if ($this->_config["starttls"] === true) {
if (self::isError($msg = $this->startTLS())) {
$current_error = $msg;
var_dump($current_error);die;
$this->_link = false;
$this->_down_host_list[] = $host;
continue;
}
}Now when you go to save it should hopefully dump the full PEAR error which should be more detailed. Cheers. |
|
hmm i am getting some wier error |
|
Windows is horrible for this kind of thing lol Try switching the quotes around (ie. replace single with double and double with single). Cheers. |
|
you were right correct syntax is how ever now i get this |
|
Continue on to my other steps. Cheers. |
|
i done them already |
|
ou stupid my sql client i had changes pending still getting same error |
|
oh /path/to/osticket/include/plugins/auth-ldap/include/Net/LDAP2.php is loadet not net2 |
|
Now i get big chunk of data mostly dump of configuration in DB |
|
how ever on start of string there is something interesting indeed |
|
I think maybe are we abel to check whitch tls wersion is PHPO using we have mandatory 1.2 and up |
|
I am done to day if you will have any sugestions let me know :), i will test them tomorow :) |
|
Hi, @JediKev i vas just thinking isng bad vesion of library includet in plugin ? shoudent there be version from folder Net2 ? So i am guessing bad version of TLS is used |
|
Also i noticed that underliing code in plugin is always prefixing url with ldap:// not ldaps:// if you input ldaps conection. |
|
Additional test with ldp.exe is also working with same values so i guess somethin bad is with in the Underliing library :( |
|
Hi, any idea what cna be done next ? |
|
Hello, Thanks for any info |
|
Upgrade to v1.17.4 or v1.18, install the latest build of the LDAP plugin (relevant to the osTicket version you will be upgrading to), and retest. Cheers. |
Hello @JediKev,
i tryed addressed both in IP DNS names formats with and without ldaps:// But will be depreciated when i try to test LDAPS strait from server where IIS is hosted with testing utility it works like a charm just not from OST. Any suggested next steps ? |
|
People have reported issues with LDAPS protocol specifically. For now, use normal LDAP and enable TLS. Cheers. |
|
@JediKev as i described previously this is not possible LDAP will be switched of by our Sec. Department on all domain controllers :( |
|
You can always review your AD logs to see why LDAPS is failing. We do not have the time to look into this at the moment but the code is open source allowing you to review the code and make any needed changes to get it working. Cheers. |
|
hello @JediKev, |
|
I think I do see an issue with the regex. It seems it does have potential to strip the prepended Cheers. |
|
I have a pull that fixes the REGEX and should allow Cheers. |
|
Thanks any ATA on it ? |
|
Like always, there is no set date, however we do plan on making a release relatively soon. So please stay tuned! Cheers. |
|
Related: #276 |
|
Any estimated ATA ? @JediKev |
|
Look at the pull, it has been merged and is included in the latest build of the plugin. Cheers. |
Can anybody help me with this issue ?
The text was updated successfully, but these errors were encountered: