Loading...
 
LDAP / Active directory

LDAP / Active directory


LDAP auth with Novell eDirectory setup is driving me nuts!

I'm trying to get TW to talk to our Novell eDirectory server. Here are my settings:

Create user if not in Tiki? Yes
Create user if not in Auth? No
Just use tiki auth for admin? Yes
LDAP URL:
LDAP Host:
LDAP Port: 389
LDAP Scope: sub
LDAP Base DN: ou=,o=
LDAP User DN:
LDAP User attribute: uid
LDAP User OC: *
LDAP Group DN:
LDAP Group Attribute:
LDAP Group OC: *
LDAP Member Attribute: member
LDAP Member Is DN: n (I keep setting this to "y" but it reverts back. I don't think it's used, however, so it shouldn't matter)
LDAP Admin User:
LDAP Admin Pwd:
LDAP Version: 3

I've tried using it with and without an admin user which doesn't seem to make any difference. I've also changed the settings in the LDAP.php. I tried setting "try_all" to true and I also tried turning debugging on. When I turn debugging on I get no output helping me to troubleshoot the problem. Is there someplace else this gets logged other than on the screen like the docs say?

If there's any other info you need please let me know.

Thanks!

Have the same issue, at the end added some lines of code to the ldap.php and now appears to be working. Almost no testing from my side by now.

Here the code for TikiWiki 4.1 (produced with diff)

--- ldap.php 2009-10-30 16:53:31.000000000 +0100 +++ ldap.php.new 2010-01-13 22:28:18.000000000 +0100 @@ -200,6 +200,50 @@ $this->ldaplink= Net_LDAP2::connect($options); if(Net_LDAP2::isError($this->ldaplink)) { + /* This modification is placed in order to add a kind of e-Directory compatibility. + For e-Directory and according to what I found about documentation - please consider I'm not an expert on this matter - + e-Directory will only get a positive result for the user search (with is password) only if the dn is pointing to the place where + the user object has been created, so we need first to find this data. + In the next lines the user data will be searched, and once found (if found) the info related to binddn will be updated + */ + // filters to locate the user + $filter1=Net_LDAP2_Filter::create('objectClass','equals',$this->options['useroc']); + $filter2=Net_LDAP2_Filter::create($this->options['userattr'],'equals',$this->options['username']); + $filter=Net_LDAP2_Filter::combine('and',array($filter1,$filter2)); + if(Net_LDAP2::isError($filter)) { + $this->add_log('ldap','LDAP Filter creation error: '.$filter->getMessage().' at line '.__LINE__.' in '.__FILE__); + return false; + } + $searchoptions=array('scope' => $this->options['scope']); + // unset the binddn, if set then the connect will fail + unset ($options['binddn']); + $this->ldaplink= Net_LDAP2::connect($options); + if(Net_LDAP2::isError($this->ldaplink)) { + $this->add_log('ldap','Error: '.$this->ldaplink->getMessage().' at line '.__LINE__.' in '.__FILE__); + return($this->ldaplink->getCode()); + } + $searchresult = $this->ldaplink->search($this->options['basedn'],$filter,$searchoptions); + if($searchresult->count()!=1) { + // More then 1 user ... problem + $this->add_log('ldap','Error: ldap search found this amount of useres:'.$searchresult->count().' which is not 1. at line '.__LINE__.' in '.__FILE__); + return false; + } + $entry=$searchresult->shiftEntry(); + if (Net_LDAP2::isError($entry)) { + $this->add_log('ldap','Error fetching user entries: '.$entry->getMessage().' at line '.__LINE__.' in '.__FILE__); + return($this->ldaplink->getCode()); + } + // Set the binddn again + $options['binddn']=$entry->dn(); + // Try again now with the correct binddn + $this->ldaplink= Net_LDAP2::connect($options); + if(Net_LDAP2::isError($this->ldaplink)) { + $this->add_log('ldap','Error: '.$this->ldaplink->getMessage().' at line '.__LINE__.' in '.__FILE__); + // return Net_LDAP2 Error codes. No need to redefine this. + return($this->ldaplink->getCode()); + } + // The rest of the code gets encapsulated in the else + }else { $this->add_log('ldap','Error: '.$this->ldaplink->getMessage().' at line '.__LINE__.' in '.__FILE__); // return Net_LDAP2 Error codes. No need to redefine this. return($this->ldaplink->getCode()); @@ -371,5 +415,5 @@ if($this->options['debug']) $this->logslib->add_log($facility,$message); } - + }