With the switch from Pear Net_LDAP2 to Zend\Ldap, the LDAP authentication to the AD is broken in Tiki 19.1.
With exactly the same configuration as with Tiki 18.3, I get this error message in the Action Log:
Error: 0x31 (Invalid credentials; 80090308: LdapErr: DSID-0C090400, comment: AcceptSecurityContext error, data 52e, v1db1): sAMAccountName=wiebe.oudshoorn,cn=users,dc=moba-bv,dc=local at line 262 in D
I have done some research with WireShark to inspect the packages from and to the LDAP server, when someone logs in to the wiki:
It's very clear where this is going wrong. It's trying to do a bind request with only the username instead of username at domain.url (row 355 in 18.3 screenshot vs row 239 in 19.1 screenshot ).
Although LDAP bind type is set to 'AD', so according to lib\auth\ldap.php row 184 it should add the correct information to the bind request instead of performing a 'plain' bind.
The URL for the show2.tiki.org instance that demonstrates this bug is at: http://wobow-11900-7050.show2.tiki.org. Note that if you get a popup asking for a username/password, please just enter "show" and "show". This is different from the initial login and password for a new Tiki which is "admin" and "admin".
For the install log, see http://wobow-11900-7050.show2.tiki.org/info.txt
Note that if you see PHP errors or a Tiki claiming to be missing third party software, the instance creation is probably not finished. Please wait a couple minutes and reload.
Snapshots are database dumps of the configuration that developers can download for debugging. Once you have reproduced your bug on the show2.tiki.org instance, create a snapshot that can then be downloaded by developers for further investigation.
Snapshots can be accessed at: http://wobow-11900-7050.show2.tiki.org/snapshots/. Note that if you get a popup asking for a username/password, please just enter "show" and "show".
Create new snapshotThe URL for the show.tikiwiki.org instance that demonstrates this bug is at: http://wobow-11900-7050.show.tikiwiki.org. Note that if you get a popup asking for a username/password, please just enter "show" and "show". This is different from the initial login and password for a new Tiki which is "admin" and "admin".
For the install log, see http://wobow-11900-7050.show.tikiwiki.org/info.txt
Note that if you see PHP errors or a Tiki claiming to be missing third party software, the instance creation is probably not finished. Please wait a couple minutes and reload.
Snapshots are database dumps of the configuration that developers can download for debugging. Once you have reproduced your bug on the show.tikiwiki.org instance, create a snapshot that can then be downloaded by developers for further investigation.
Snapshots can be accessed at: http://wobow-11900-7050.show.tikiwiki.org/snapshots/. Note that if you get a popup asking for a username/password, please just enter "show" and "show".
Create new snapshotfilename | created | hits | comment | version | filetype | ||
---|---|---|---|---|---|---|---|
No attachments for this item |