PHP AD LDAP Authenticator

h1. Troubleshooting

If you are having issues here are some steps  to try and help you figure out what is going on.

After you have read and tried all these you can post your issue on the forum:

http://forums.kayako.com/threads/php-ad-ldap-authenticator.24269/

+*Please remember to UNDO all the testing changes before going live!!!!!*+  This includes test mode since it will cause to you not be able to login

h1. First step

Read and check all the [[Installation]], [[Setup]] and [[Configure]] steps.  Many of the issues people have is they didnt follow each step correctly.

h1. Enable logging

* First make sure that /ldap/log/ is writable

* Open the ldap/config.php file

* Find:

** @define('KAYAKO_LDAP_LOG', false);@

* Change to:

** @define('KAYAKO_LDAP_LOG', true);@

* Now logging is enabled.  You can now try to login again, even if you know it will not work.  However if you go to /ldap/log/ you should see log.txt file.  In it there should be a log of what is going on.  This should help you track down the problem.

h1. Enable XML logging

This will log the actual XML which is sent back to loginshare.

First enable logging as noted above.

* First make sure that /ldap/log/ is writable

* Open the ldap/config.php file

* Find:

** @define('KAYAKO_LDAP_LOG_XML', false);@

* Change to:

** @define('KAYAKO_LDAP_LOG_XML', true);@

* Now XML logging is enabled.  You should now see the XML data in the log file

h1. Enable Output logging

This will attempt to log everything that is displayed to the screen.  Good for trouble shooting Type 1 errors

Please note this might not work on all server environments.

First enable logging as noted above.

* First make sure that /ldap/log/ is writable

* Open the ldap/config.php file

* Find:

** @define('KAYAKO_LDAP_LOG_OUTPUT', false);@

* Change to:

** @define('KAYAKO_LDAP_LOG_OUTPUT', true);@

* Now output logging is enabled.  You should now see it in the log file.

h1. Enable testing

* Open the ldap/config.php file

* Find:

<pre>define('KAYAKO_LDAP_USERNAME', 'username');

define('KAYAKO_LDAP_PASSWORD', 'password');</pre>

* Change the username and password to known good AD account (preferably your own).  So it should look like:

<pre>define('KAYAKO_LDAP_USERNAME', 'administrator');

define('KAYAKO_LDAP_PASSWORD', 'thepassword');</pre>

* Find:

** @define('KAYAKO_LDAP_TEST', false);@

* Change to:

** @define('KAYAKO_LDAP_TEST', true);@

* Now you are in testing mode.  If you go to the ldap.php you can now test those credentials and see if they work.  If they do you should get a [[Troubleshooting_XML|valid XML]] result.

You can also enable logging of the username and password sent to AD to ensure there is no problems with that.  By default its commented our for security.  To enable it:

* Open /ldap/helpers.php

* Find:

** @		//$adldap->log('Username: '.$adldap->getUsername().' - Password: '.$adldap->getPassword());@

* Change to:

** @		$adldap->log('Username: '.$adldap->getUsername().' - Password: '.$adldap->getPassword());@

** Notice the // are now gone

h1. Try the ldap.html or ldap_staff.html

In the tools folder you will find ldap.hml and ldap_staff.html.  ldap.html is for testing users and ldap_staff.html is for testing staff

If you upload it and go to the url, it will allow you to test different ldap users and see if you get a [[Troubleshooting_XML|valid XML]].