LDAP & User Authentication

bakrone · Post by **bakrone** » Wed Jun 15, 2005 2:47 pm

hello all, just installed 1.5 rc4 and I am trying to get LDAP to work. I need to be able to make it so that you can browse the FAQ non-authenticated but have to authenticate to ask a question or post a new entry.

I have an Active Directory environment and would like to use that so that the form is prepopulated with their name & email. How can I require authentication for questions and entries and make it use LDAP? I have the LDAP setup and the checkbox checked in the admin backend but that just generates ldap_search errors when I go to a "add" page because there is no "remote user" seen as they haven't authenticated yet.

Thanks!

Post by **Thorsten** » Wed Jun 15, 2005 3:36 pm

Hi,

could you please post your LDAP errors?

An authentication via LDAP will be available in phpMyFAQ 1.6.

bye
Thorsten

bakrone · Post by **bakrone** » Wed Jun 15, 2005 3:38 pm

Code: Select all


Warning: ldap_get_values(): supplied argument is not a valid ldap result entry resource in /www/ithd.current.inet/html/phpmyfaq/inc/ldap.php on line 91

Warning: ldap_get_values(): supplied argument is not a valid ldap result entry resource in /www/ithd.current.inet/html/phpmyfaq/inc/ldap.php on line 112

I'm assuming because there is no username set for it to search on. I've been digging around the source and that is what I can come up with.

Post by **Thorsten** » Wed Jun 15, 2005 3:40 pm

Hi,

thanks a lot for debugging!

bye
Thorsten

bakrone · Post by **bakrone** » Wed Jun 15, 2005 4:30 pm

Here's what I did to solve my problem.

I created an .htaccess file that auths to my Active Directory, unfortunately everyone has to authenticate even to view the files but I guess if I have to have that for now I do.

But I also had to make changes to inc/ldap.php

I changed the search strings in ldap_getEmail & ldap_getCompleteName to read the following:

Code: Select all

        $sr = ldap_search($this->ds, $this->base, 'samaccountname='.$username, array('cn'));

Notice that it is searching on 'samaccountname' instead of 'uid'

This works for a 2003 Active Directory structure.

Post by **Thorsten** » Thu Jun 16, 2005 7:03 am

Hi,

thanks a lot. I think, this should be editable, so everyone can change it.

bye
Thorsten

bakrone · Post by **bakrone** » Thu Jun 16, 2005 2:49 pm

Yea, I would add a variable to the dataldap.php file that we can set for our "search" parameter. Usually for an Active Directory setup you would search on samaccountname but people might want to search on other criteria.

Post by **Thorsten** » Thu Jun 16, 2005 2:51 pm

Hi,

this is what I thought, too.

bye
Thorsten