LDAP / Active directory

LDAP / Active directory

LDAP and Binddn empty

Hello everyone,

We are now enjoying Tikiwiki for more than three weeks now but since then we have a problem on LDAP and now we do not really know how to fix it. It is now a blocking issue. After having a look online we ask to the community because we used up all our idea and help (such as research on Tikiwiki website).

First the configuration as a "beta tester" is:
Windows XP SP3
HTTP server Apache 2.2.14
PHP 5.2.12 (manually installed)
MySQL client version: 5.0.51a
Server version: 5.1.42-community
And PhpMyadmin 3.2.5
Tikiwiki 4.1 stable
Chrome 3.5.1/Internet Explorer 6.0

We have set up the proxy setting of my company and manage to upload the wanted profile.

We setup also the LDAP parameters but it not working.
We have worked on it for a while now and we think we have found the source of the issue, but we rather ask first if someone already meet the issue before creating a new bug track.

After attempting to connect we are always redirected to "Invalid username or password" page. How ever the tiki log tells us:

Case if the user name contains a space " " such as Tom Jerry:
ldap Tue 16 of Feb., 2010 14:09 UTC Tom Jerry Connect Host: ldap://monserveurldap.com:389. Binddn: at line 192 in ldap.php XXX.XXX.XXX.XXX Mozilla/5.0
ldap Tue 16 of Feb., 2010 14:09 UTC Tom Jerry Bind successful. XXX.XXX.XXX.XXX Mozilla/5.0

As you may notice the Binddn parameter is empty.

Case if the user name dosn not contains a space such as TomJerry:
ldap Tue 16 of Feb., 2010 14:09 UTC TomJerry Connect Host: ldap://monserveurldap.com:389. Binddn: TomJerry at line 192 in ldap.php XXX.XXX.XXX.XXX Mozilla/5.0
ldap Tue 16 of Feb., 2010 14:09 UTC TomJerry Error: Bind failed: Invalid credentials:... XXX.XXX.XXX.XXX Mozilla/5.0

This time it appears that the parameter Binddn is well fulfil.

Having a look with wiershark we managed to confirm that we have an issue, the parameter name in the IP frame is empty when there is a space.

The LDAP parameters is:
Host: myldapserver
Port: 389
Write LDAP debug Information in Tiki Logs: checked
Use SSL (ldaps): unchecked
Use TLS: unchecked
LDAP Bind Type: Plain username
Search scope: Subtree
LDAP version: 3
Base DN: dc=company_name
User attribute: uid
User OC: *
Realname attribute: cn
Country attribute: EMPTY
E-mail attribute: EMPTY
Group attribute: cn
Group description attribute: groupOfNames
Member attribute: uniqueMember
Member is DN: checked
Group attribute: EMPTY
Group attribute in group entry: EMPTY

We wanted to try with the version 3.4 LTS but it appears that on that version the proxy is not working (same parameter as in the version 4.1 stable).

Now we am really lost, we tried to modifie so many time the parameters in the LDAP configuration that we do not see why is there this problem of space. By the way it appears that the problem is the same changing the "LDAP Bind Type", binddn remains EMPTY.
We also checked the LDAP parameters with the administrator and it seems to be all right.

Thank you very much for your help.
We are really looking forward to use Tikiwiki in the best way we can.

United States

I fought my way through this last week, but I've been getting errors when I tried to post here.

No matter my preference settings, my Base DN was being blanked out. I am now running 4.1 with a patch to line 110 of lib/auth/ldap.php:

< if(isset($options$n) && !empty($options$n) && preg_match('#\s#',$options$n)==0) {

> if(isset($options$n) && !empty($options$n) ) {

That preg_match test causes any of the strings in the array to be dropped if they have an embedded space. I dropped that test because in our LDAP directory (really Active Directory) there are legitimate embedded spaces in our OU names.

I'm new here so I need to look before I leap, but I intend to submit this as a bug.


Thank you very much for your help.
It seems to be true that the preg_match php function does not allow to use space in user names. It now works well for few days.
According our company it also seems legitimate that user name have an embedded spaces.
What I am proposing is that you can report it has a bug in the bug tracker because you found the alternative or workaround solution.
Let me know what you think but I won't be reachable for a month.

Thank you very much again.