TurnKey Linux Virtual Appliance Library

PHPBB fresh install... Need LDAP

 Ok so I just DL'd PHPBB a few hours ago and have been playing with it, trying to set everything in motion.

 

When I go to Client Communication -->  Authentication I have the drop-down option of LDAP however when I put everything in I get a message stating:

 

Information

LDAP extension not available.

 

 

What do I need to do to get this working?

Jeremy's picture

I can't answer this question

I can't answer this question directly but while you wait for someone else I have a few ideas...

From my reading of this page it seems like that is something that is generally set up on install (although I only skimmed it, probably pay to read it properly to be sure). I suspect there is a way of doing it post install though. Maybe have a look on the phpBB support pages or forums or even post there. In my very brief travels over there I did notice something about setting it up in the Administration page?!

As the Appliance page does not mention LDAP at all perhaps LDAP is not something available by default? Being open source I am sure there is a way to get it working, although it may take a little research.

Well...

 Ok here's the thing...

 

There is no "install" if you will with the Turnkey "installation".  In other words it's all automated.  So when I installed I only was able to provide an IP address and that was it!

I did find the setup portion on the ACP.  It is under  Client Communication --> Authentication

Then you select Ldap from there and fill out the required settings.

The first time I tried it I was receiving an error along the lines that it is "not available".  So I tried to track that down and I found how to add it on the "jumpbox" appliance install.  That seemed to install for me as well and then my error changed to the one I put up here about not being able to bind to account etc.

I just can't figure out if there is something I'm missing or what.  I want to install this on a VM and this seemed to be the quickest/easiest way to do so but it may be missing quite a few things.  If nobody else responds to this with any knowledge on this then I may just try to install this VM from the beginning again and see if I missed ANYTHING having to do with LDAP on installation and then probably just install as a full install appliance etc.

I forgot to mention...

I did try the support pages and forums over at the phpbb site as well as MANY other places however the issue is that the "appliance" install seems to be missing some things or has some things in different places.  I did try to get OPENLdap working and still something seems to be "off".  I don't understand really because everything from within the ACP shows PHP having what it needs and that it's enabled etc. 

Jeremy's picture

Hmmm strange!

It all sounds very strange! What you are saying suggests to me the possibility of a bug in the TKL phpBB appliance. Unfortunately I am not in a position to test this to confirm that possibility.

If LDAP support appears to be enabled but doesn't work then in my mind that would be a bug. However if the devs did not plan for LDAP support (either intentionally or unintentionally) then it is more a situation of unsupporteddded funtionality. We really need to hear from Alon or Liraz to confirm this either way.

As for my reference to "something that is generally set up on install" I wasn't referring to you installing the TKL appliance, but the actual install of phpBB on the initial prototype (or master) that the TKL devs created (which was then converted to an iso/vm image). Thus I was suggesting the possibility that this function may not have been initially included. This would be well outside of your control during install of TKL phpBB.

To confirm whether it is a TKL bug and/or phpBB bug and/or a specific site/system LDAP bug it may be worth using TKL LAMP as a base and installing phpBB on top of that yourself. I remember installing phpBB some time ago and it was all pretty straightforward from memory. Probably even more-so on top of TKL LAMP (I did it from scratch - although admitedly on a Windows Server system using WAMP as a base).

If you choose to tread this path then please document this process so that (assuming it works) you could feed this info back to Alon and Liraz.

Good luck!

Ahhh... and thank you for the reply thus far.

 Ok... 

I did go and install LAMP TKL and install PHPBB and the same thing...  nothing.  I followed straight-up install guide from PHPBB.  

I think the issue here has to do with LDAP support from PHP.  Apparently in the LAMP or PHPBB install (which I assume has LAMP underneath it) TKL did not install LDAP support in PHP.

From what I have found from that, if you install when you setup your box (meaning setting up the "P" in LAMP) it is straight forward (mostly reading from how-to forge it seems that way anyway) but "adding" it after the fact seems almost near impossible if you don't know what you are doing (which is part of the reason (mostly with php) that I chose to go this route.

I have posted on PHPBB's...  well BB in the support section about this trying to find out what I can.  I will definitely report back any findings on this as I'm sure I'm not the only one that is looking to do this.  The only thing I've found so far is that I have to recompile the PHP install and start over again :(  Hopefully this is not true.

Alon Swartz's picture

php5-ldap package?

I quickly skimmed the above posts, so I hope I am not missing anything. From what I understand you need the LDAP PHP libraries. Installing them should be as simple as:
apt-get update
apt-get install php5-ldap
Just to be clear, you should already have an LDAP server setup so phpBB can use it.

I hope the above helps. If it does, let us know and we will include php5-ldap in future versions of TurnKey phpBB.

Hmmm....

I believe I already did this from one of the things I read about.  Yes...  I read about it on a jumpbox post of a similar thing.

I cannot find the "code" box on here but I just ran it and this is what I got: (great now I don't know how to get out)  The return is below at the bottom of the post.

 

What happened was when I did this I noticed that in the ACP in PHP setup I had 2 areas that referred to LDAP; they both said they were working (or enabled) and my error message turned from the "not installed" to the "Could not bind with username/password" error.

What kills me is that I don't see anything on the logs on my AD DC that shows a request was made and dropped etc.  And I don't know where any log is on the *nix box to look through to see just what may be causing the issue.

I know that if I fill out the information and leave the "password" field blank I get a "could not connect to LDAP server" message and when I fill out the password I get a "could not bind..." error message which is strange to me considering I should still be trying a password.  So it makes me think that Yes something is connecting to LDAP and SEEING it but somehow it's not doing SOMETHING.  

I even read where people said they had to create an account with the same name for it to "bind" to but even that didn't help.

I am going to open up a fresh VM, and run the php-ldap install and then try (without touching anything else) to see if I can connect....

Ok same thing.  I don't know if it is settings or what.  I've followed what everyone has said:

Method: Ldap
Server:  [IP Address]
Port:  BLANK (Default)
BaseDN:  DC=domain,DC=com         (would represent my domain as domain.com)
LDAP uid:  sAMAccountName         (setting I got from numerous posts)
Filter:    BLANK
LDAP e-mail attribute:  mail          (again another setting found online)
LDAP user dn:  CN=administrator,OU=Users,DC=domain,DC=com          (representing administratior of domain.com)
LDAP pass:  [password for administratior of domain.com account]

 

Maybe I'm wrong somewhere here?

 

 

root@phpbb:~# sudo apt-get install php5-ldap
Reading package lists... Done
Building dependency tree
Reading state information... Done
php5-ldap is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
 

 

GOT IT WORKING!!!!!! IT'S ALIVE!!!!!

 Ok got it working....

Thanks to a  post here:  http://www.phpbb.com/community/viewtopic.php?f=46&t=576624&start=0

The caveat is that you must create a user in phpbb that has an account in AD that you make an owner/admin IN phpbb.

After you have that it's just a matter of the CORRECT settings.  For my settings I said I used I had one line WRONG:

USERdn:  CN=administrator,CN=Users,DC=domain,DC=com

I hda OU=Users which is WRONG!

So as long as that is there, you should be ok.  I tested on a "fresh" server install and it worked immeidately.

Thank you everyone.

Alon Swartz's picture

Glad to hear everything is working

You mentioned you got it working on a fresh install, so you didn't need to install php5-ldap? Also, could you summarize what you did into tutorial form, I'm sure it will help others who come across this thread.

I ran into the same issue.

I ran into the same issue. These are the steps I took to resolve it:

From the shell on the appliance, I ran the following:

apt-get update
apt-get install php5-ldap

I registered a new user (I'll call the new account aduser) on phpbb, with the same username and password as an account in Active Directory with full administrative priviledges.

I logged in to phpbb as admin. In the Admin Control Panel, under Users and Groups, I chose Manage users and found the aduser account. I changed the 'Founder' property to 'Yes'.

I logged out of phpbb, and logged back in as aduser, and went to the Admin Control Panel. There I chose Authentication, and filled out the form as follows:

  • Select an authentication method: LDAP
  • LDAP server name: <adserver.domain.com>
  • LDAP server port: 3268 (it may be 389 for some users)
  • LDAP base dn: DC=<domain>,DC=<domain>
  • LDAP uid: sAMAccountName
  • LDAP user filter: <blank>
  • LDAP e-mail attribute: mail
  • *LDAP user dn: CN=<acctname>,OU=<container>,DC=<domainname>,DC=<domainname>
  • *LDAP password: <acctname password>

Then I hit submit, and I received the confirmation "Configuration updated successfully."

The <acctname> used here can be a service account that is created in Active Directory with basic user rights, not admin rights. I just created a new account to use specifically for phpbb.

From this point, I am able to login to phpbb using any AD account.

Configuration saves, but...

So after toying with this issue for about an hour, I discovered that using *domain*\*username* in the user dn field allowed it to save and configure correctlty. However, I am still undable to login using AD user names...is there any other further setup required?

Jeremy's picture

I have had heaps of troubles with LDAP on Win networks

But I have never used php-ldap so can't specifically comment...

I spent heaps of time initially trying to get LDAP logins working with Alfresco. It sounds similar to your issue (it seemed to be connected but then wouldn't allow log in from users).

In the end I found a 'LDAP browser' type GUI app (installed on my laptop which is not part of the work domain) to test LDAP connections. Once I tried to connect to LDAP with that I discovered that my Win (2008R2) server wasn't quite configured right... A few tweaks in Windows and it all worked fine. It was a while ago so I'm sorry I don't recall exactly what the issue was...

IIRC what made it harder to pin down was that my initial testing (with the GUI app) was from a Win computer that was on the Windows domain. I can only assume that because that computer was part of the domain, LDAP (from that PC) worked fine OOTB...

Although obviously if you are already using LDAP elsewhere successfully then maybe that isn't your issue!?

LDAP Elsewhere

I have succesfully configured LDAP querys and authentication from Openfiler and Nexentastor (both *nix type distros), so I dont believe it to be Server 2008R2 related. 

 

It autheticates initially correctly, because the configuration saves and does not error out. I can easily reproduce errors like "login/password incorrect" or "cannot bind to ldap server"...but when it does connect and save the configuration correctly, it simply will not authenticate AD users...its weird. 

 

And i relealize I completely posted this question in one of the many tabs I had open...and this one happens to not be a phpbb related post...smh...

nevermind

It would appear I posted in the correct thread :)

Post new comment

The content of this field is kept private and will not be shown publicly. If you have a Gravatar account, used to display your avatar.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <strike> <caption>

More information about formatting options

Leave this field empty. It's part of a security mechanism.
(Dear spammers: moderators are notified of all new posts. Spam is deleted immediately)