我正试图在客户端找到LDAP问题的底部,而这种不合时宜的Unknown错误会给这个问题带来很大的影响。
首先让我说我在大学工作,他们(IT)使用LDAP做很多事情。所以我知道他们的LDAP设置正常。我们(我的部门)正在实施一个新的网络软件,并希望将其用于身份验证。该软件名为PHPScheduleIT,它随附了LDAP插件。我已经向IT确认我们的服务器确实在ldap服务器的正确端口上打开了防火墙。话虽如此,这是我在日志中得到的。
有人告诉我将TLS设置为true,当我这样做时,我会在日志中看到这一点:
01/22/14 16:47:30,243 [68660] DEBUG default - Loading plugin. Type=Authentication, Plugin=Ldap
01/22/14 16:47:30,267 [68660] DEBUG default - Trying to connect to LDAP
01/22/14 16:47:30,271 [68660] ERROR default - Could not connect to LDAP server. Check your settings in Ldap.config.php : TLS could not be started: Can't contact LDAP server: Unknown Net_LDAP2 Error (-1)
01/22/14 16:47:30,272 [68660] ERROR default - Uncaught exception: exception 'Exception' with message 'Could not connect to LDAP server. Check your settings in Ldap.config.php : TLS could not be started: Can't contact LDAP server: Unknown Net_LDAP2 Error (-1)' in D:\devC\phpScheduleIt\plugins\Authentication\Ldap\Ldap2Wrapper.php:58
Stack trace:
#0 D:\devC\phpScheduleIt\plugins\Authentication\Ldap\Ldap.php(128): Ldap2Wrapper->Connect()
#1 D:\devC\phpScheduleIt\lib\Application\Authentication\WebAuthentication.php(93): Ldap->Validate('[REMOVED]', '[REMOVED]')
#2 D:\devC\phpScheduleIt\Presenters\LoginPresenter.php(99): WebAuthentication->Validate('[REMOVED]', '[REMOVED]')
#3 D:\devC\phpScheduleIt\Pages\LoginPage.php(198): LoginPresenter->Login()
#4 D:\devC\phpScheduleIt\Web\index.php(35): LoginPage->Login()
#5 {main}
当关闭TLS时,日志是相同的,除了错误读取:
01/22/14 16:47:50,527 [68660] ERROR default - Could not connect to LDAP server. Check your settings in Ldap.config.php : Bind failed: Can't contact LDAP server: Unknown Net_LDAP2 Error (-1)
在LDAP配置文件中,我不确定其中有多少是private所以我删除了一些域和pw信息。然而,所有这些都是直接从IT部门提供给我的。
$conf['settings']['host'] = 'ldap.[domain.com]'; // comma separated list of ldap servers such as mydomain1,localhost
$conf['settings']['port'] = '636'; // default ldap port 389 or 636 for ssl.
$conf['settings']['version'] = '3'; // LDAP protocol version
$conf['settings']['starttls'] = 'true'; // TLS is started after connecting
$conf['settings']['binddn'] = '[user]@[domain.com]'; // The distinguished name to bind as (username). If you don't supply this, an anonymous bind will be established.
$conf['settings']['bindpw'] = '[password]'; // Password for the binddn. If the credentials are wrong, the bind will fail server-side and an anonymous bind will be established instead. An empty bindpw string requests an unauthenticated bind.
$conf['settings']['basedn'] = 'ou=[removed],dc=[removed],dc=[removed],dc=[removed]'; // LDAP base name
$conf['settings']['filter'] = ''; // Default search filter
$conf['settings']['scope'] = ''; // TLS is started after connecting
$conf['settings']['database.auth.when.ldap.user.not.found'] = 'true'; // if ldap auth fails, authenticate against phpScheduleIt database
$conf['settings']['ldap.debug.enabled'] = 'false'; // if LDAP2 should use debug logging
$conf['settings']['attribute.mapping'] = 'sn=sn,givenname=givenname,mail=mail,telephonenumber=telephonenumber,physicaldeliveryofficename=physicaldeliveryofficename,title=title'; // mapping of required attributes to attribute names in your directory
$conf['settings']['user.id.attribute'] = 'cn'; // the attribute name for user identification
IT向我提供了以下信息:host port starttls binddn bindpw和basedn。所以我相信他们知道他们在做什么,这些领域是正确的。我删除了安全值。
这是我的php服务器在phpinfo中的输出:
LDAP Support enabled
RCS Version $Id$
Total Links 0/unlimited
API Version 3001
Vendor Name OpenLDAP
Vendor Version 20319
SASL Support Enabled
Directive Local Value Master Value
ldap.max_links Unlimited Unlimited
问题
如何记录/输出失败的更具描述性的错误?
有谁知道还有什么“可能”失败?
有没有办法测试与php的连接到ldap服务器而不发送身份验证请求?
我已尝试设置LDAP配置以打开调试但我从未在任何地方看到过日志。有谁知道它保存在哪里?