ldap error

Setting up MediaWiki on a SLES 11 SP3 server. Everything works fine
except I need to authenticate against my LDAP server (which is OES
11). When I try to loginm, I see this error in the log files:

PHP Warning: ldap_start_tls(): Unable to start TLS: Can’t contact
LDAP server in
/srv/www/wiki.msktd.com/htdocs/extensions/LdapAuthentication.php on
line 203, referer:
http://testwiki.msktd.com/index.php?title=Special:UserLogin&action=submitlogin&type=login&returnto=Main_Page

The IP address is correctly specified in LdapAuthentication.php. So I
figure it is either a config issue or I need to install something, but
haven’t figured it out yet. Any suggestions?

Thanks,
Ken

On 02/28/2014 09:44 AM, KeN Etter wrote:[color=blue]

Setting up MediaWiki on a SLES 11 SP3 server. Everything works fine
except I need to authenticate against my LDAP server (which is OES
11). When I try to loginm, I see this error in the log files:

PHP Warning: ldap_start_tls(): Unable to start TLS: Can’t contact
LDAP server in
/srv/www/wiki.msktd.com/htdocs/extensions/LdapAuthentication.php on
line 203, referer:
http://testwiki.msktd.com/index.php?title=Special:UserLogin&action=submitlogin&type=login&returnto=Main_Page[/color]

Are you using TCP 389 or TCP 636? Any firewall on the OES server blcoking
access to (presumably) eDirectory?
[color=blue]

The IP address is correctly specified in LdapAuthentication.php. So I
figure it is either a config issue or I need to install something, but
haven’t figured it out yet. Any suggestions?[/color]

Anything visible in ndstrace to let you know the connection is at least
being made at the network and transport layers? Did MediaWiki require you
to import a trusted root from a CA? The error would not lead me to think
this is the problem at this point, but knowing what was done for the setup
may help identify the problem.

–
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below…

On Fri, 28 Feb 2014 17:03:57 GMT, ab ab@no-mx.forums.suse.com wrote:
[color=blue]

On 02/28/2014 09:44 AM, KeN Etter wrote:[color=green]

Setting up MediaWiki on a SLES 11 SP3 server. Everything works fine
except I need to authenticate against my LDAP server (which is OES
11). When I try to loginm, I see this error in the log files:

PHP Warning: ldap_start_tls(): Unable to start TLS: Can’t contact
LDAP server in
/srv/www/wiki.msktd.com/htdocs/extensions/LdapAuthentication.php on
line 203, referer:
http://testwiki.msktd.com/index.php?title=Special:UserLogin&action=submitlogin&type=login&returnto=Main_Page[/color]

Are you using TCP 389 or TCP 636?[/color]
Should be 389 unless I messed something up.
[color=blue]
Any firewall on the OES server blcoking
access to (presumably) eDirectory?[/color]
No. And other servers are accessing LDAP on the OES server without a
problem.[color=blue]
[color=green]

The IP address is correctly specified in LdapAuthentication.php. So I
figure it is either a config issue or I need to install something, but
haven’t figured it out yet. Any suggestions?[/color]

Anything visible in ndstrace to let you know the connection is at least
being made at the network and transport layers? Did MediaWiki require you
to import a trusted root from a CA? The error would not lead me to think
this is the problem at this point, but knowing what was done for the setup
may help identify the problem.[/color]
ndstrace log shows nothing, log was empty - assuming I did it right.
The instructions I found for OES said to do this…

ndstrace
set ndstrace=nodebug
ndstrace +time +tags +ldap
ndstrace file on screen on
Then run your LDAP process you want to trace.
exit

It created a 0 byte log file.

Looks like I am missing something on my SLES box. Other than
installing the php53-ldap module, is there any other modules I would
need to install? Or other services that need to be running?

Ken

The crazy thing is this works fine on my Netware box. I found a way
to enable debugging on the ldap plugin for media wiki. Attempted
login from my Netware box and from my SLES box.

Netware box reports this:
Entering authenticate
Entering Connect
Using TLS
Connected successfully

SLES box reports this:
Entering authenticate
Entering Connect
Using TLS
Failed to start TLS.
Failed to connect

I’m missing something on this SLES box, just can’t figure out what it
is.

Ken

On Fri, 28 Feb 2014 17:03:57 GMT, ab ab@no-mx.forums.suse.com wrote:
[color=blue]

On 02/28/2014 09:44 AM, KeN Etter wrote:[color=green]

Setting up MediaWiki on a SLES 11 SP3 server. Everything works fine
except I need to authenticate against my LDAP server (which is OES
11). When I try to loginm, I see this error in the log files:

PHP Warning: ldap_start_tls(): Unable to start TLS: Can’t contact
LDAP server in
/srv/www/wiki.msktd.com/htdocs/extensions/LdapAuthentication.php on
line 203, referer:
http://testwiki.msktd.com/index.php?title=Special:UserLogin&action=submitlogin&type=login&returnto=Main_Page[/color]

Are you using TCP 389 or TCP 636? Any firewall on the OES server blcoking
access to (presumably) eDirectory?
[color=green]

The IP address is correctly specified in LdapAuthentication.php. So I
figure it is either a config issue or I need to install something, but
haven’t figured it out yet. Any suggestions?[/color]

Anything visible in ndstrace to let you know the connection is at least
being made at the network and transport layers? Did MediaWiki require you
to import a trusted root from a CA? The error would not lead me to think
this is the problem at this point, but knowing what was done for the setup
may help identify the problem.[/color]

Finally got it working…deleted all the media wiki and ldap
authentication files, grabbed the latest versions and reinstalled
everything from scratch. What a day.