History

Troubleshooting

If you are having issues here are some steps to try and help you figure out what is going on.

After you have read and tried all these you can post your issue on the forum:
http://forums.kayako.com/threads/php-ad-ldap-authenticator.24269/

Please remember to UNDO all the testing changes before going live!!!!! This includes test mode since it will cause to you not be able to login

First step

Read and check all the Installation, Setup and Configure steps. Many of the issues people have is they didnt follow each step correctly.

Enable logging

  • First make sure that /ldap/log/ is writable
  • Open the ldap/config.php file
  • Find:
    • define('KAYAKO_LDAP_LOG', false);
  • Change to:
    • define('KAYAKO_LDAP_LOG', true);
  • Now logging is enabled. You can now try to login again, even if you know it will not work. However if you go to /ldap/log/ you should see log.txt file. In it there should be a log of what is going on. This should help you track down the problem.

Enable XML logging

This will log the actual XML which is sent back to loginshare.

First enable logging as noted above.

  • First make sure that /ldap/log/ is writable
  • Open the ldap/config.php file
  • Find:
    • define('KAYAKO_LDAP_LOG_XML', false);
  • Change to:
    • define('KAYAKO_LDAP_LOG_XML', true);
  • Now XML logging is enabled. You should now see the XML data in the log file

Enable Output logging

This will attempt to log everything that is displayed to the screen. Good for trouble shooting Type 1 errors

Please note this might not work on all server environments.

First enable logging as noted above.

  • First make sure that /ldap/log/ is writable
  • Open the ldap/config.php file
  • Find:
    • define('KAYAKO_LDAP_LOG_OUTPUT', false);
  • Change to:
    • define('KAYAKO_LDAP_LOG_OUTPUT', true);
  • Now output logging is enabled. You should now see it in the log file.

Enable testing

  • Open the ldap/config.php file
  • Find:
    define('KAYAKO_LDAP_USERNAME', 'username');
define('KAYAKO_LDAP_PASSWORD', 'password');
  • Change the username and password to known good AD account (preferably your own). So it should look like:
    define('KAYAKO_LDAP_USERNAME', 'administrator');
define('KAYAKO_LDAP_PASSWORD', 'thepassword');
  • Find:
    • define('KAYAKO_LDAP_TEST', false);
  • Change to:
    • define('KAYAKO_LDAP_TEST', true);
  • Now you are in testing mode. If you go to the ldap.php you can now test those credentials and see if they work. If they do you should get a valid XML result.
You can also enable logging of the username and password sent to AD to ensure there is no problems with that. By default its commented our for security. To enable it:
  • Open /ldap/helpers.php
  • Find:
    • //$adldap->log('Username: '.$adldap->getUsername().' - Password: '.$adldap->getPassword());
  • Change to:
    • $adldap->log('Username: '.$adldap->getUsername().' - Password: '.$adldap->getPassword());
    • Notice the // are now gone

Try the ldap.html or ldap_staff.html

In the tools folder you will find ldap.hml and ldap_staff.html. ldap.html is for testing users and ldap_staff.html is for testing staff

If you upload it and go to the url, it will allow you to test different ldap users and see if you get a valid XML.

Remote troubleshooting

If you are going to give me the ability to remotely troubleshoot please only give me this information in a PM or direct email. Do not post this information here or on the support thread.

If you would like to have me remotely look at your issue I will need the following:

  1. Remote access to the server running Kayako with LDAP Authenticator already installed
    1. The preferable method would be FTP or SFTP, however SSH will work as well
    2. The account should be a temporary or throw away account
      1. Account must have read/write abilities to the files and folders in your installation
      2. Account can be locked to just the Kayako installation if on a shared server
    3. You can make up the username and password
  2. AD account with the proper credentials to login (if it were working obviously)
    1. The account should be a temporary or throw away account
    2. You can make up the username and password
  3. Anything else required to access your system such as VPN information, ip or url to connect to, etc

When you send me this info please make sure you are sending me everything you think I need.

I will sign a Non-Disclosure Agreement (NDA) or other legal documents if needed.