Unable to bind to server: Can't contact LDAP server

michaeldavid · December 9, 2017, 5:27am

Hi Team: I am not able to get Piwik 3.2.0 to securely bind to my LDAP. I’m using Windows 2012 R2 server with Apache 2.4.27, php 5.6.31 and MySQL 5.7. I get message: WARNING: D:\wamp64\www\piwik\plugins\LoginLdap\Ldap\Client.php(146): Warning - ldap_bind(): Unable to bind to server: Can’t contact LDAP server - Piwik 3.2.0 - Please report this message in the Piwik forums: http://forum.piwik.org (please do a search first as it might have been reported already)

Not sure what I’m missing. Can someone articulate the minimum windows/apache/php software components and configuration entries? Anything I should know about specifying the SSL certificate, authority, root or where it needs to be stored?

Thanks.

The connection to the server on port 3269 succeeds. the bind fails.

The parameters below are same as we use on Linux server which is running Piwik 2.x.
Server name ldap_server
Server URL ldaps://xxxx.us.lmco.com:3269
Server Port 389 (grayed out)
Base DN DC=us,DC=lmco,DC=com
LDAP Bind Username CN=Fc-xx,xxxxxx,OU=Users,OU=xxx,DC=us,DC=lmco,DC=com
LDAP Password xxxxxx

Not sure if this matters: I added the cert root chain to the java keystore “C:\Program Files (x86)\Java\jre1.8.0_151\lib\security”

I have these SSL entries in D:\wamp64\bin\apache\apache2.4.27\conf\extra\httpd-ssl.conf
SSLCertificateFile "d:/piwik.cer"
SSLCertificateKeyFile "d:/piwik.key"
SSLCertificateChainFile “C:\Program Files (x86)\Java\jre1.8.0_151\lib\security\cacerts”

Other LDAP plugin fields are:
[LoginLdap]
use_ldap_for_authentication = 1
synchronize_users_after_login = 1
required_member_of = ""
use_webserver_auth = ""
ldap_network_timeout = 30
ldap_user_filter = "(objectClass=*)"
enable_random_token_auth_generation = 1
new_user_default_sites_view_access = 18
user_email_suffix = ""
ldap_user_id_field = "samaccountname"
ldap_last_name_field = "sn"
ldap_first_name_field = "givenName"
ldap_alias_field = "cn"
ldap_mail_field = "mail"
ldap_password_field = "userPassword"
servers[] = "ldap_server"
enable_synchronize_access_from_ldap = ""
ldap_view_access_field = "view"
ldap_admin_access_field = "admin"
ldap_superuser_access_field = "superuser"
user_access_attribute_server_specification_delimiter = ";"
user_access_attribute_server_separator = ":"
instance_name = ""
required_member_of_field = “”

michaeldavid · December 9, 2017, 4:00pm

Sorry folks - My error - I had a bad self-signed SSL CA Certificate file. I’ll revisit current documentation and if I can improve it for this specific case i will post here. Thanks.