Active Directory - Error 500 on LogIn

[beezoboy]

I have searched a dozen times for an answer on this forum and I can't seem to find the answer to this exact problem.

Here is the detailed error:

Request URI:
http://localhost:8081/deki/users/aut...uthprovider=10

Server response:
Array
(
[exception] => Array
(
[message] => No Such Object
[source] => Novell.Directory.Ldap
[stacktrace] => Array
(
[frame] => Array
(
[0] => Novell.Directory.Ldap.LdapResponse.chkResultCode () [0x00000]
[1] => Novell.Directory.Ldap.LdapSearchResults.next () [0x00000]
[2] => MindTouch.Deki.Services.LdapClient.GetUserInfo (Boolean retrieveGroupMembership, System.String username) [0x00000]
)

)

[type] => Novell.Directory.Ldap.LdapException
)

In event log I get a successful login. Also if I type in an incorrect password I get an "incorrect username or password" message indicating that it is successfully authenticating against my Active Directory User List. Should I be getting a Novell LDAP Error for AD?

We are trying to deploy this Wiki as the "intranet" for our 300+ user network, so having AD login would really make for easier deployment. I am a linux NOOB so please explain with that in mind.

Thanks in Advance!

[beezoboy]

I forgot to mention I am using the latest version of DekiWiki. 1.9.0b.

Beez

[MaxM]

List your deki's ldap service settings please

[beezoboy]

SID = "http://services.mindtouch.com/deki/stable/2007/05/ldap-authentication"
Hostname = DC's IP (also tried netbios name)
Searchbase = DC=servername,DC=company,DC=com
BindingDN = $1@company.com
UserQuery = samAccountName=$1

I noticed there was a new post I hadn't seen here: http://forums.opengarden.org/showthread.php?t=1783

I am currently looking at this adsiedit and will post any other info I find. Thanks for your help!

Beez

[MaxM]

those settings look pretty straightforward. Try the troubleshooting steps (connect to the service directly) as described in the howto. Seems like the binding is working but your search query is somehow failing.
You might need to play with your searchbase or UserQuery

[beezoboy]

I have somewhat. CN and samAccountName can be swapped with no change in result. I am going to copy the Wiki and try it on another server on another domain. Could be we have something odd going on in our network. I'll also try the direct URL and report back.

Thanks and have a good weekend,

Beez

[beezoboy]

Ok I tried this on my home SBS Server. This time I receive another 500 error but it's different.

Request URI:
http://localhost:8081/deki/users/aut...uthprovider=10

Server response:
Array
(
[exception] => Array
(
[message] => Object reference not set to an instance of an object
[source] => System
[stacktrace] => Array
(
[frame] => Array
(
[0] => System.Text.RegularExpressions.Regex.Match (System.String input, Int32 startat) [0x00000]
[1] => System.Text.RegularExpressions.Regex.Replace (System.String input, System.Text.RegularExpressions.MatchAppendEvaluato r evaluator, Int32 count, Int32 startat) [0x00000]
[2] => System.Text.RegularExpressions.Regex.Replace (System.String input, System.Text.RegularExpressions.MatchEvaluator evaluator, Int32 count, Int32 startat) [0x00000]
[3] => System.Text.RegularExpressions.Regex.Replace (System.String input, System.Text.RegularExpressions.MatchEvaluator evaluator) [0x00000]
[4] => MindTouch.Dream.PhpUtil.ConvertToFormatString (System.String paramsString) [0x00000]
[5] => MindTouch.Deki.Services.LdapClient.BuildBindDn () [0x00000]
[6] => MindTouch.Deki.Services.LdapClient.GetLdapConnecti on (System.String server, System.String username, System.String password) [0x00000]
)

)

[type] => System.NullReferenceException
)

)

Service Settings Below

bindingdn = $1@altamont.local
hostname = monty.altamont.local (also tried IP)
searchbase = DC=monty,DC=altamont,DC=local
bindingdn = samAccountName=$1

Beez

[beezoboy]

Changing the binding DN setting below. . .

bindingdn = $1@altamont.local
hostname = monty.altamont.local (also tried IP)
searchbase = DC=monty,DC=altamont,DC=local
bindingdn = samAccountName=$1 to sAMAccountName=$1

. . . now yields this error

Request URI:
http://localhost:8081/deki/users/aut...uthprovider=10

Server response:
Array
(
[exception] => Array
(
[message] => Connect Error
[source] => Novell.Directory.Ldap
[stacktrace] => Array
(
[frame] => Array
(
[0] => Novell.Directory.Ldap.Connection.connect (System.String host, Int32 port, Int32 semaphoreId) [0x00000]
[1] => Novell.Directory.Ldap.Connection.connect (System.String host, Int32 port) [0x00000]
[2] => Novell.Directory.Ldap.LdapConnection.Connect (System.String host, Int32 port) [0x00000]
)

)

[type] => Novell.Directory.Ldap.LdapException
)

)

For whatever reason in eventlog the user keeps showing up as MONTY$ instead of the user I put in the box.

Hope this helps.

Beez

[merktnichts]

Try this:

Code:

bindingdn = $1@altamont.local
hostname = monty.altamont.local
searchbase = DC=altamont,DC=local
bindingdn = samAccountName=$1

That's how it works perfectly here. monty.altamont.local is the FQDN for the server in this case, of course. Your searchbase was different from mine (and had a typo in it, you wrote "altomont"), so if you'd try the settings I listed, it might work for you as well.

[beezoboy]

Oops! I only had it mistyped here on the forum and NOT on my actual wiki. I tried removing "DC=monty" but doing that still yields the same error.

I have been looking on the net and it seems like their are a lot of additional parameters that could be included in authenticating, however I don't know which are allowed.

I wish this were easier to debug. Maybe Deki Wiki 2.0 can have a tool to test settings and will then generate the correct service based on a test login. I just don't know enough about this to go much further with troubleshooting.

Any other ideas?

Beez