We have osTicket v.1.17.2 setup on Ubuntu Server 22.04.1 LTS.
We're running PHP 8.1.2 with Apache 2.4.52.
I have Active Directory authentication working perfectly for agents -- however -- users can't just log in with their AD username and password -- we get a 500 error if they try to do that. I can register users and then they can log in and see tickets -- but I'd like them to use the same password as their AD login. What might I be doing wrong?
Thank you in advance!
W
Did you install the latest build of the LDAP plugin?
Did you install the latest build of the LDAP plugin before upgrading?
Do you see any associated errors in your logs (general server logs, webserver error logs, PHP error logs, MySQL/MariaDB error logs, osTicket System Logs, Browser Console logs, etc.)?
Cheers.
After updating to 1.17, we're having the same issue. I see something about StaffLDAPAuthentication in the apache error log when it attempts to use the LDAP plugin. Any help would be appreciated
I will say we have the latest ldap plugin.
We're moving from Zoho to osTicket -- all brand new install with the latest versions. I'll log into the server and see what the logs have to say and post it here.
After looking at all the logs -- osTicket is the only place I'm finding an error:
Here is a full listing of the error we are getting:
[Tue Jan 24 08:06:18.122972 2023] [php:error] [pid 153559] [client 192.168.231.68:56225] PHP Fatal error: Uncaught Error: Call to a member function dn() on bool in phar:///var/www/html/include/plugins/auth-ldap.phar/authentication.php:390\nStack trace:\n#0 phar:///var/www/html/include/plugins/auth-ldap.phar/authentication.php(225): LDAPAuthentication->lookupAndSync()\n#1 phar:///var/www/html/include/plugins/auth-ldap.phar/authentication.php(479): LDAPAuthentication->authenticate()\n#2 /var/www/html/include/class.auth.php(341): ClientLDAPAuthentication->authenticate()\n#3 /var/www/html/login.php(51): AuthenticationBackend::process()\n#4 {main}\n thrown in phar:///var/www/html/include/plugins/auth-ldap.phar/authentication.php on line 390, referer: https://helpdesk.enablecomp.com/login.php
That was around the time I was trying to log in as a regular user -- non agent AD account.
[Mon Jan 23 15:54:42.311020 2023] [php:error] [pid 209795] [client 192.168.168.185:65211] PHP Fatal error: Uncaught Err
or: Call to a member function dn() on bool in phar:///var/www/html/helpdesk/include/plugins/auth-ldap.phar/authenticatio
n.php:246\nStack trace:\n#0 phar:///var/www/html/helpdesk/include/plugins/auth-ldap.phar/authentication.php(479): LDAPAu
thentication->authenticate()\n#1 /var/www/html/helpdesk/include/class.auth.php(341): ClientLDAPAuthentication->authentic
ate()\n#2 /var/www/html/helpdesk/login.php(51): AuthenticationBackend::process()\n#3 {main}\n thrown in phar:///var/www
/html/helpdesk/include/plugins/auth-ldap.phar/authentication.php on line 246, referer: https://xxx.org/helpde
sk/login.php
That usually means it can't connect to the AD server. We call dn() on $r->current() which should be the current AD Entry from the binded AD connection.
You can also try applying the following changes:
Also, have you tried entering the password for the bind user as well as adding a search base?
Cheers.
Agents can log in 100% of the time -- I'm using the same LDAP instance for Agents and users -- should I not be doing that?
That should be fine. Others have complained about PHP 8.1 so try downgrading to 8.0.
Cheers.
I can't go to PHP8.0 at the moment -- is there a way we can get you more information to see if this bug can be fixed or what's the official process?
I've tried replicating the 8.1 issue repeatedly and cannot replicate the issue so the cause is unknown and I can't debug any further as I cannot replicate the issue. I'm using v1.17.2, PHP 8.1, and OpenLDAP and everything works as expected.
We do have some LDAP plugin patches and such coming which I referenced above so hopefully that will address the issue for you.
Cheers.
I am having the same problem, I am running osTicket 1.17.2 with the LDAP Authentication and Lookup plug-in version 0.6.2. I'm running Ubuntu 22.04 with PHP 8.1. The error is the one that includes "Call to a member function dn() on bool..."
I guess I'm just looking for clarification, I found another thread where it said that the LDAP Authentication plug-in required PHP 8.0 and it also said to look at the documentation. I have searched for official documentation for the plug-in, if I go the docs.osticket.com/en/latest and look at the plugins section, I don't see it listed. Can someone please tell me where to find the official documentation for this plugin?
Also, can someone verify once and for all whether PHP 8.0 is required or should it be working with PHP 8.1? I have the same plugin installed and working on an older osTicket installation and I was able to copy the configuration settings from there so I'm pretty sure I have it configured right.
Thank you
PHP 8.1 should work as I mentioned above. There is no plugin documentation for the ldap plugin.
Cheers.
I installed php8.0, disabled 8.1, and set apache to use 8.0 to no avail. I'll check out the notes linked.
Hello,
I have almost the same problem...
I upgraded OSTicket from version 1.15.2 to version 1.17.2, going from PHP7.3 to PHP8.1 and MySQL/MariaDB version is 10.3.36. My server is a Debian 10 Virtual Machine.
I had previously upgraded my plugins including the LDAP plugin to 0.6.2 (Is it really the lastest version ??) and added a LDAP Search User.
The upgrade is done without problems, the integration of the PHP8.1 Extensions made by myself appears correct after the upgrade (Dashboard > Information looks great with valid sign !).
No errors in the Apache2 logs for example.
I upgraded as a Local (root) account so when I try to reconnect with my AD account I get an "Access denied" message.
I searched the forum and found a solution that works for agents here: https://forum.osticket.com/d/101553-ldap-not-enter-whit-user/66
You have to change the authentication method to "Local", save and change again to "LDAP" and save. After that the agent account can be reconnected by the LDAP method
However my "Standard" users who are not "Agents" still can't connect on their side, they get an "Access denied" message.
I have read many topics in the forum and I can't find any solution, even if I try to change in the database directly in the ost_user_account table the "backend" column by "NULL" and then by "ldap.client" it still doesn't work.
I'm pretty sure it's not a PHP version problem for my installation (between 8.0 or 8.1) because I don't have an error like you and according to the last post from @KevinTheJedi .
However, be aware that you have to completely deactivate/uninstall your old versions of PHP to avoid any problems of extension conflicts between versions.
I'm still looking for a solution but if you have an idea to help me, I'm interested!
Thanks
You need to do this:
Cheers.
KevinTheJedi
Ok, I was too fast on this topic ... Thanks for telling me where I should look.
Well, now I also get the error of @roark ...
I'm going to look for a solution for this problem in PHP 8.1, if I don't find it I'll try in PHP 8.0 ...
I'll keep you up to date,
Thanks to you anyway @KevinTheJedi !
Did you also try applying these changes?
Cheers.
Hello,
I made the fixes in the php code and I also made the fix you put on GitHub in the plugin.
I re-compiled the plugin, uninstalled the old auth-ldap.phar and put mine instead.
I'm back to php8.1
After re-installing the plugin in OSTicket, I had to redo the database modification because the identifiers in the bakend column changed (I was expecting it).
The update is done, it works correctly for the agents but still not for the users.
This time I have no error in the /var/log/apache2 logs.
I'm still looking for an error somewhere in the logs 
I am still puzzled by this. For a couple years or so we've had a server running Ubuntu 18.0.4 with OSTicket 1.14.2 with the LDAP Authentication and Lookup plug-in version 0.6.2 which works fine. The plug-in is the same version that came with OSTicket 1.17.2 so I would think that matching the same settings should work fine, but I'm still getting the same error. Both servers are virtualized and running on the same Hyper-V server as is the domain controller it is authenticating to. They are all connected to the same virtual switch and the firewall is inactive on all three machines.
I've checked that all the PHP extensions that were installed on the old server were installed on the new one before installing OSTicket so as far as I can tell, the only difference is the version of Ubuntu, and the version of OSTicket. The only thing I can think of is perhaps I'm missing some dependency on the new server that was installed on the old one. Are there any Ubuntu packages that need to be installed for the LDAP plug-in to work correctly that are not required for OSTicket itself? Other than that, I'm kind of at a loss. I will continue reading through the various threads to see if I can find anything else that may help.
Thank you
Thanks Kevin, it would be nice if it was that easy but php-ldap is installed. Before installing OSTicket on the new server I made sure that all the PHP extensions installed on the older server were also on the new one. I just double checked and it definitely is installed.
I was just answering the question of:
Are there any Ubuntu packages that need to be installed for the LDAP plug-in to work correctly that are not required for OSTicket itself?
We do have a new release coming soon as well as new builds of the LDAP plugin, etc. so stay tuned!
Cheers.
I decided to test PHP 8.0 to see if it would help. The repository I used also installed PHP 8.2 by default so before I installed 8.0 I tried it with 8.2, but still experienced the same error.
However, after installing 8.0.27 and setting Apache to use that version, we are able to authenticate and all seems to be working perfectly now.
roark
Not to be a total PITA for you -- but an you tell me -- did you just install 8.0.27 and all the same modules that you have for 8.1? To install 8.0.27 is it as easy as specifying 8.0.27?
I followed the instructions here (I hope it's OK to paste a link here)...
https://blog[dot]devops[dot]dev/downgrade-php8-1-to-php8-0-or-php7-4-on-ubuntu-22-04-2fab4a6a3be3
When I first added the repository and ran apt-update it upgraded a lot of the 8.1 packages that were already there and also installed 8.2. I tested the plug-in with 8.2 and it still was not working for me so I followed the instructions to install 8.0 and 8.0.27 is what I ended up with. Now, my server has 8.0, 8.1 and 8.2 all installed but 8.0 has been set as the default, and it is working well for us now.
I'm revisiting this and would like to know if you can provide a little more information here. I believe the reason I could never replicate this is because I use OpenLDAP and this does not use msad schema. The issue here is solely related to msad schemas.
Anyways, I would like to know what your Use TLS, Search User, Search Base, and LDAP Schema settings are set to. Please post a screenshot and censor any sensitive information.
Cheers.
Anyone else who is running into the same error can provide the above information as well.
The below pull request addresses the fatal error but I'm wondering if the root issue is elsewhere:
KevinTheJedi Can I DM this to you or do you prefer it here?
You can paste it here whilst censoring any sensitive info. For the Search User/Search Base I just really need to see the format (ie. cn=xxx,dc=xxx).
Cheers.
So I have the domain filled out and one of the main DCs set as our DNS server -- that same server is set as the LDAP server with port 389. Search user is:
cn=helpdesk,ou=IT,ou=Users,dc=ourdomain,dc=dom
Password is filled in for that user. Serach base is:
ou=Users,dc=ourdomain,dc=dom with Microsoft Active Directory selected for the LDAP schema. I downgraded to 8.0 and it may be working -- but we really need support for 8.1 and higher. Thank you for your assistance.
Okay, that all seems fine. At this point the next step involves very extensive debugging which I currently don't have the time for as I'm focusing on other issues. I also currently don't have time to setup a full AD server at the moment.
If you want to unpack your plugin and debug to speed up this process I can provide some debug statements. This will however break user authentication with ldap completely and output debug statements to the browser so you may want to setup a separate test environment if you choose to debug.
Cheers.
Also, have you tried applying the patch I referenced above to see if that addresses the issue?
Cheers.
For Search User, set it to a username.
i.e. instead of cn=helpdesk,ou=IT,ou=Users,dc=ourdomain,dc=dom
set it to helpdesk or OURDOMAIN\helpdesk
We're in production so I downgraded to PHP8.0 and all works. If I get some time I'll spin up another instance where we can debug.
I was finally able to revisit this with a legitimate MSAD server setup on Windows Server 2019. After extensive testing I can finally say without a doubt there should be no issues with User/Agent logins with PHP 8.1, v1.17.3, and latest build of LDAP plugin with correct LDAP settings configured.
If you still have issues check to see if you have more than one instance of the LDAP plugin enabled. If so, disable one of the instances and retest. Also, check to make sure your Search User and Search Base is correct. These two settings are very important. You can find the appropriate Search User string by running the following in a command prompt on the domain controller (this is assuming the administrator's username is Administrator):
dsquery user -name "Administrator"This should give you something like:
"CN=Administrator,CN=Users,DC=domain,DC=com"Cheers.
We are having the same issue. I've diligently read through all options in this thread. We are running IIS on Server 2019, PHP 8.1.17, and OSticket v1,17,3. Agents can login fine using LDAP authentication. I can even create brand new agents and they can authenticate via LDAP exclusively. Users are not able to at all. I just get Access Denied. I even tried manually creating and registering a user with a password. Access Denied. Really frustrated. Dept of Homeland Security is demanding that we move to PHP 8.1.16 or greater so we don't have a choice on PHP version. Incidentally, I get the same results with 8.1.16 and 8.1.17. Any help appreciated!