Hi,
I’m running EFA (forum.efa-project.org/viewtopic.php?t=1484 but I can’t seem to get it to work.
Any suggestions?
Gerald
Hi,
I’m running EFA (forum.efa-project.org/viewtopic.php?t=1484 but I can’t seem to get it to work.
Any suggestions?
Gerald
…not without knowing what exactly does not work. The linked documentation describes a LDAP connection - is that not working? Do you get errors, etc.?
I added some debug code, and I get a bind failure.
This is what they use to connect to AD
[code]/**
@param $user
@param $password
@return null|string
*/
function ldap_authenticate($user, $password)
{
$user = strtolower($user);
if ($user != “” && $password != “”) {
$ds = ldap_connect(LDAP_HOST, LDAP_PORT) or die("Could not connect to " . LDAP_HOST);
// Check if Microsoft Active Directory compatibility is enabled
if (defined(‘LDAP_MS_AD_COMPATIBILITY’) && LDAP_MS_AD_COMPATIBILITY === true) {
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
}
ldap_bind($ds, LDAP_USER, LDAP_PASS); <<<<---------- FAILS HERE
if (strpos($user, ‘@’) and LDAP_EMAIL_FIELD === ‘mail’) {
$r = ldap_search($ds, LDAP_DN, LDAP_EMAIL_FIELD . “=$user”) or die(“Could not search”);
} elseif (strpos($user, ‘@’)) {
$r = ldap_search($ds, LDAP_DN, LDAP_EMAIL_FIELD . “=SMTP:$user”) or die(“Could not search”);
} else {
$r = ldap_search($ds, LDAP_DN, “sAMAccountName=$user”) or die(“Could not search”);
}
if ($r) {
$result = ldap_get_entries($ds, $r) or die(“Could not get entries”);
if ($result[0]) {
if (in_array(“group”, array_values($result[0][“objectclass”]))) {
return null;
}
$user = $result[0][‘userprincipalname’][‘0’];
if (ldap_bind($ds, $user, “$password”)) {
if (isset($result[0][LDAP_EMAIL_FIELD])) {
foreach ($result[0][LDAP_EMAIL_FIELD] as $email) {
if (substr($email, 0, 4) == “SMTP”) {
$email = strtolower(substr($email, 5));
break;
}
}
$sql = sprintf("SELECT username FROM users WHERE username = %s", quote_smart($email));
$sth = dbquery($sql);
if (mysql_num_rows($sth) == 0) {
$sql = sprintf(
"REPLACE INTO users (username, fullname, type, password) VALUES (%s, %s,'U',NULL)",
quote_smart($email),
quote_smart($result[0]['cn'][0])
);
dbquery($sql);
}
return $email;
}
}
}
}
}
return null;
}[/code]
And these are my settings:
// LDAP settings
define('USE_LDAP', true);
define('LDAP_SSL', false); // set to true if using LDAP with SSL encryption
define('LDAP_HOST', 'server.example.com');
define('LDAP_PORT', '389');
define('LDAP_DN', 'DC=example,DC=com');
define('LDAP_USER', 'administrator@example.com');
define('LDAP_PASS', 'secret');
define('LDAP_SITE', 'default-first-site-name');
// can be set to 'proxyaddresses' or 'mail'. Please refer to your LDAP system manual for the right keyword
define('LDAP_EMAIL_FIELD', 'mail');
// Microsoft Active Directory compatibility support for searches from Domain Base DN
define('LDAP_MS_AD_COMPATIBILITY', true);
Does that help at all? I do have the right name and password. My PHP is pretty weak.
Gerald
Interestingly enough, this worked perfectly on another install.
I’ll compare the two and see if I can find any differences.
Gerald