使用Active Directory的Drupal 7和LDAP身份验证
我正在使用Drupal7LDAP模块()通过WindowsActiveDirectory进行身份验证。我得到了以下错误:使用Active Directory的Drupal 7和LDAP身份验证,drupal,drupal-7,active-directory,ldap,Drupal,Drupal 7,Active Directory,Ldap,我正在使用Drupal7LDAP模块()通过WindowsActiveDirectory进行身份验证。我得到了以下错误: username : Beginning authentification.... username : Existing Drupal User Account not found. Continuing on to attempt ldap authentication username : Trying server global_directory where bin
username : Beginning authentification....
username : Existing Drupal User Account not found. Continuing on to attempt ldap authentication
username : Trying server global_directory where bind_method = 2
username : Success at connecting to global_directory
ldap_search() call: base_dn: CN=Configuration,DC=ab,DC=cd,DC=ef, filter = (samaccountname=username), attributes: , attrsonly = 0, sizelimit = 0, timelimit = 0, deref = , scope = 3
username : Trying server global_directory where bind_method = 2. Error: Success
username : Authentication result id=0 auth_result=3 (Sorry, unrecognized username or password.)
username : Failed ldap authentication. User may have authenticated successfully by other means in a mixed authentication site. LDAP Authentication Error #: 3 error message: Sorry, unrecognized username or password.
Login attempt failed for username.
sid = global_directory
numeric_sid = 1
name = Global Directory
status = 1
ldap_type = ad
address = ldaps://ldap.url
port = 3269
tls = 0
followrefs = 0
bind_method = 2
basedn = Array ( [0] => CN=Configuration,DC=ab,DC=cd,DC=ef )
binddn =
user_dn_expression = %username@domain.com
user_attr = samaccountname
account_name_attr =
mail_attr = mail
mail_template =
picture_attr =
unique_persistent_attr =
unique_persistent_attr_binary = 0
ldap_to_drupal_user =
testing_drupal_username =
testing_drupal_user_dn =
grp_unused = 1
grp_object_cat =
grp_nested = 0
grp_user_memb_attr_exists = 0
grp_user_memb_attr =
grp_memb_attr =
grp_memb_attr_match_user_attr =
grp_derive_from_dn = 0
grp_derive_from_dn_attr =
grp_test_grp_dn =
grp_test_grp_dn_writeable =
search_pagination = 0
search_page_size = 1000
username : Beginning authentification....
username : Existing Drupal User Account not found. Continuing on to attempt ldap authentication
username : Trying server global_directory where bind_method = 2
username : Success at connecting to global_directory
ldap_search() call: base_dn: DC=cd,DC=ef, filter = (samaccountname=username), attributes: , attrsonly = 0, sizelimit = 0, timelimit = 0, deref = , scope = 3
ldap_search() function error. LDAP Error: Referral, ldap_search() parameters: ldap_search() call: base_dn: DC=cd,DC=ef, filter = (samaccountname=username), attributes: , attrsonly = 0, sizelimit = 0, timelimit = 0, deref = , scope = 3
username : Trying server global_directory where bind_method = 2. Error: Referral
username : Authentication result id=0 auth_result=8 (Authentication Server or Configuration Error.)
username : Failed ldap authentication. User may have authenticated successfully by other means in a mixed authentication site. LDAP Authentication Error #: 8 error message: Authentication Server or Configuration Error.
Login attempt failed for username.
有人面临同样的问题吗?任何帮助都将不胜感激。您的问题显然是最基本的。在第一个错误中,身份验证失败(登录或密码错误)。至于第二个问题,您的配置中还有一些其他问题 你都检查过了吗?是否启用iptables中的端口?因为它在尝试与服务器联系时似乎失败(bind_方法;身份验证服务器或配置错误) 我希望这至少有助于澄清一点情况:)我终于找到了一个魔术:
我必须写:ldaps://ldap.url:3269 在LDAP服务器字段中,在LDAP端口字段中保留相同的端口号。谢谢@MPrazz,问题现在已经解决。罪魁祸首是ldap服务器安全和端口问题。我必须将ldap地址更改为:ldap.url(不带:ldaps://),并将端口更改为3268@Borot,请将问题标记为已解决:)当然,如果有用,请接受答案:)实际上,如果我想通过端口3269的ssl连接到ldap服务器,仍然存在一个问题。以前的解决方案在某种程度上不是连接到AD的安全方式,而这只是一个临时解决方案。PHP ldap库或服务器证书是否存在任何问题?这是可能的。。我建议大家看看这个网站。如果您环顾四周,他们也有一篇关于如何通过ssl测试ldap连接的文章。可能会帮助您找出错误:)谢谢@MPrazz,我已经尝试了很多可能的方法来处理证书文件。。但它仍然不起作用。我终于找到了一个魔术:我必须写:ldaps://ldap.url:3269 在Ldap服务器字段中。