Uploaded image for project: 'Observium'
  1. Observium
  2. OBS-2645

Multiple LDAP backends not working

Details

    Description

      When configuring multiple LDAP backends, logins are not possible. Only when using a single LDAP server it is working as expected.

      Tried the following configuration that doesn't work:

      $config['auth_ldap_server']  = array("ldap1.server.ext","ldap2.server.ext");

      Also it does not work when the config rule is disabled/removed and backends added in the config in the web interface through Global Settings -> Edit -> Authentication -> LDAP servers. 

      Configuration that does work:

      $config['auth_ldap_server']  = "ldap1.server.ext";

      Maybe there isn't support for multiple backends, but the field in the web interface indicates that multiple backends can be provided.

      Version: r9172

      Attachments

        Activity

          [OBS-2645] Multiple LDAP backends not working
          Pod2 Phil Davey added a comment -

          I can confirm that:

          $config['auth_ldap_server']  = array("ldap1.server.ext","ldap2.server.ext");

          does not work. However, either one by itself does work.

          However, if you add 'ldap://' (and presumably 'ldaps://') to each entry, it does work:

          $config['auth_ldap_server']  = array("ldap://ldap1.server.ext","ldap://ldap2.server.ext");

          Pod2 Phil Davey added a comment - I can confirm that: $config ['auth_ldap_server']   = array("ldap1.server.ext","ldap2.server.ext"); does not work. However, either one by itself does work. However, if you add 'ldap://' (and presumably 'ldaps://') to each entry, it does work: $config ['auth_ldap_server']   = array("ldap://ldap1.server.ext","ldap://ldap2.server.ext");

          PHP 7.1.16-1+0~20180405085551.16+jessie~1.gbp4937aa (cli) (built: Apr  5 2018 09:13:06) ( NTS )

          Schoemaker Quentin Schoemaker added a comment - PHP 7.1.16-1+0~20180405085551.16+jessie~1.gbp4937aa (cli) (built: Apr  5 2018 09:13:06) ( NTS )

          Which PHP version are you using? Observium is simply passing multiple LDAP servers to the connect function as documented on php.net ...

          sid3windr Tom Laermans added a comment - Which PHP version are you using? Observium is simply passing multiple LDAP servers to the connect function as documented on php.net ...

          Even worse, if you provide two or more AD/LDAP server (which contain the same data), you can't login at all.
          Apache2 error log says:

          {{ldap_url_parse_ext(ldap://localhost/)
          ldap_init: trying /etc/ldap/ldap.conf
          ldap_init: using /etc/ldap/ldap.conf
          ldap_init: HOME env is NULL
          ldap_init: trying ldaprc
          ldap_init: LDAPCONF env is NULL
          ldap_init: LDAPRC env is NULL
          ldap_create
          ldap_url_parse_ext(ldap2.server.ext:389)
          ldap_err2string}}

          Schoemaker Quentin Schoemaker added a comment - Even worse, if you provide two or more AD/LDAP server (which contain the same data), you can't login at all. Apache2 error log says: {{ldap_url_parse_ext(ldap://localhost/) ldap_init: trying /etc/ldap/ldap.conf ldap_init: using /etc/ldap/ldap.conf ldap_init: HOME env is NULL ldap_init: trying ldaprc ldap_init: LDAPCONF env is NULL ldap_init: LDAPRC env is NULL ldap_create ldap_url_parse_ext(ldap2.server.ext:389) ldap_err2string}}

          Are you saying you're specifying multiple LDAP servers  that contain the same data, and it's not failing over when the first server is down?

          sid3windr Tom Laermans added a comment - Are you saying you're specifying multiple LDAP servers  that contain the same data, and it's not failing over when the first server is down?

          People

            sid3windr Tom Laermans
            Schoemaker Quentin Schoemaker
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated: