OpenLDAP authentication issue bind:Can't contact LDAP server

[tomaszD]

Hi,
I tried to setup LDAP authentication but without success.
OpenLDAP works fine and cooperates with IPAM, GLPI and others.

I cannot make CACTI works with LDAP.

All the time I have error:
LDAP Error: General bind error, LDAP result: Can't contact LDAP server

What I checked:
- TLS is switch off
- anonymous auth on LDAP in switch ON
- everything works fine from command line:
bash# ldapsearch -b 'dc=domain,dc=net' -h 172.16.0.1 -x "(&(objectclass=*))" userPassword

I created test script:

Code: Select all

<?php
        $ldap_conn = ldap_connect("172.16.0.1", "389");

        ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3);
        echo "Before bind: ".ldap_error($ldap_conn)."\n";
        $response = ldap_bind($ldap_conn);
        echo "After bind ".ldap_error($ldap_conn)."\n";
        echo "\nChecking HOST: 172.16.0.1 DUMP".var_dump($ldap_conn)." \n Respond ".var_dump($response)."\n";
        ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3);
        $ldap_conn = ldap_connect("172.16.0.1", "389");
        $response = ldap_bind($ldap_conn);
        echo $response."\n";

?>

RESULT
Before bind: Success
After bind Success
resource(4) of type (ldap link)
bool(true)

Checking HOST: 172.16.0.1 DUMP
Respond
1


What is very interesting I put some echo in cacti/lib/ldap.php file

Code: Select all

function Authenticate() {
...

if ($ldap_conn) {
 here works
...
          echo ldap_error($ldap_conn); <- result: SUCCESS
          $ldap_response = @ldap_bind($ldap_conn, $this->dn, $this->password);

          echo var_dump($ldapresponse); <- result is false
     
          echo ldap_error($ldap_conn); <- result: Can't contact LDAP server 
...

}

Cacti LDAP config:
LDAP General Settings
Server: 172.168.0.1
Port Standard: 389
Protocol Version: 3
Encryption: none
Referrals: disabled
Mode: ALL checked (No Searching, Anonymous Searching, Specific Searching)
Distinguished Name (DN): uid=<username>,ou=people,dc=domain,dc=net
Require Group Membership: NO

LDAP Specific Search Settings
Search Base: ou=people,dc=domain,dc=net
Search Filter: empty
Search Distingished Name (DN): empty
Search Password: empty


It means that after ldap_bind in ldap.php file is loosing connection with server.

In test script it sill have connection with ldap server.

Can anyone have ever this issue or know how to fix it?

Specification:
os: centos 7
apache: Apache/2.4.6 (CentOS)
cacti: Version 0.8.8g
OpenLDAP: slapd 2.4.40 (Mar 31 2016 15:24:52)
PHP: PHP 5.4.16 (cli) (built: Jun 23 2015 21:17:27)
php -m show module ldap in the list.

Thank you in advance.

[micke2k]

Disabled SELinux?

[tomaszD]

I have just disabled SELINUX and now WORKS fine.
I spent so much time to find out what is wrong in config and php.

Thank you.