mercredi 12 septembre 2018

LDAP Authentification not working after Web-Server migration

recently i moved a webserver from a linux machine to a docker container. It's not a huge project. Its a 15 year old customized web-application written from students.

What i did...

Installed these packages in docker

apache2 mysql-server net-tools php php-{bcmath,bz2,intl,gd,mbstring,mysql,zip} libapache2-mod-php
wget unzip

Then i created the Database and the Database-User. Then i imported the dump file from the original sql database. Made some path-changes in the config.php file

At this point everything seems fine.. there is data in the database, also the site can be reached.

BUT... the Web-Application uses LDAP-Authetification, but if I enter my credentials it comes to an 500 Internal Server Error. So i check if i can ping our ldap-server from host -> YES, ping is successful. When i enter no pw it says -> Passwort leer! like it is in the login.php file. but if i enter a wrong one or the true password it says nothing than 500 Error.

On the live-system the LDAP Authentification works fine.

Are there any Packages, which i have to install? Or other good advices, what i should check next? I don't know any more now^^

HERE the error after entering credentials Error 500 - Internal Server Error

HERE CODE FROM login.php

<form name="login" action="index.php" method="post">
                        <table class="tocenter">
                            <tr>
                                <td>
                                    <input type="hidden" name="dologin" value="1">
                                    <table id="text">
                                        <tr>
                                            <td><span >Login Name:</span></td>
                                            <td><input <?php if($_SESSION["fault"] & 1) {echo "class=\"false\" ";} ?>name="loginuser" type="text" size="20" maxlength="30" value="<?php echo $_SESSION["loginuser"]; ?>"></td>
                                        </tr>
                                        <tr>
                                            <td>Passwort:</td>
                                            <td><input <?php if($_SESSION["fault"] & 2) {echo "class=\"false\" ";} ?>name="password" type="password" size="20" maxlength="32"></td>
                                        </tr><?php /*
                                        <tr>
                                            <td colspan="2"><hr></td>
                                        </tr> */ ?>
                                        <tr>
                                            <td colspan="2"><input class="button" type="submit" value="Einloggen"></td>
                                        </tr>
                                    </table>
                                </td>
                            </tr>
                        </table>
                    </form>

<?php
    if($_SESSION["fault"] != 0) {
?>
<span id="delMsg" onclick="document.getElementById('fault').innerHTML = ''; document.getElementById('delMsg').style.display = 'none';"></span>
<div id="fault">
    <?php
        if(!($_SESSION["fault"] ^ 3)) {
            ?>
                User-Name und Passwort leer!
            <?php
        } else if($_SESSION["fault"] & 1) {
            ?>
                User-Name leer!
            <?php
        } else if($_SESSION["fault"] & 2) {
            ?>
                Passwort leer!
            <?php
        } else if($_SESSION["fault"] & 4) {
            ?>
                Login falsch!
            <?php
        } else if($_SESSION["fault"] & 8) {
            ?>
                keine Berechtigung!
            <?php
        } else if($_SESSION["fault"] & 16) {
            ?>
                LDAP ERROR!
            <?php
        }
    ?>
</div>
<?php
    }
?>

<?php
    if ($show_version) {
        echo "<div id=\"version\">";
            include("version.php");
        echo "</div>";
    }
?>

HERE the LDAP-Part

<?php
    session_unset();
    exit();
}


$_SESSION["fault"] = 0;
$_SESSION["loginuser"] = $_POST["loginuser"];

if ($_POST["loginuser"] == "") {
    $_SESSION["fault"] = $_SESSION["fault"] | 1;
}
if ($_POST["password"] == "") {
    $_SESSION["fault"] = $_SESSION["fault"] | 2;
}
if ($_SESSION["fault"] != 0) {
    require("redirect.php");
}

    /* log logins to file */
    if (isset($loginsLog)) {
        $fh = fopen($loginsLog, 'a');
        if ($fh) {
            fwrite($fh, $_POST["loginuser"].";".date("y-m-d H:i:s").";".$_SERVER['REMOTE_ADDR']."\n");
            fclose($fh);
        }
    }
    /*** uncomment to bypass login ***/
    #$_SESSION["login"] = 2;
    #require("redirect.php");

$ldap=ldap_connect($ldap_server);
if (!$ldap) {
    $_SESSION["fault"] = $_SESSION["fault"] | 16;
    require("redirect.php");
}

ldap_set_option($ldap,LDAP_OPT_PROTOCOL_VERSION,3) or die ("Failed to set LDAP protocol version to 3");

$ldapuser = $dn_user_pre . $_POST["loginuser"] . $dn_user;
$bind_results=@ldap_bind($ldap, $ldapuser, $_POST["password"]);
if (!$bind_results) {
    if (ldap_errno($ldap) == 49 || ldap_errno($ldap) == 32)
        $_SESSION["fault"] = $_SESSION["fault"] | 4;
    else
        $_SESSION["fault"] = $_SESSION["fault"] | 16;
    require("redirect.php");
}

$r=ldap_compare($ldap, $gdn_write, $attr, $ldapuser);

if ($r === -1) {
    $_SESSION["fault"] = $_SESSION["fault"] | 16;
    require("redirect.php");
} elseif ($r === TRUE) {
    $_SESSION["login"] = 2;
} elseif ($r === FALSE) {
    $r=ldap_compare($ldap, $gdn_read, $attr, $ldapuser);
    if ($r === -1) {
        $_SESSION["fault"] = $_SESSION["fault"] | 16;
        require("redirect.php");
    } elseif ($r === TRUE) {
        $_SESSION["login"] = 1;
    } elseif ($r === FALSE) {
        $_SESSION["fault"] = $_SESSION["fault"] | 8;
        require("redirect.php");
    }
}

ldap_close($ldap);

?>

Thanks for help!

Best greetings,

Wolfgang




Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)