LDAP Fails To Work

All about webserver configurations, PHP and databases.

Moderator: Thorsten

JEmlay
Posts: 23
Joined: Mon Oct 15, 2012 10:03 pm

Re: LDAP Fails To Work

Post by JEmlay »

Just checking in. Is there any other info can provide to help out?
Thorsten
Posts: 15560
Joined: Tue Sep 25, 2001 11:14 am
Location: #phpmyfaq
Contact:

Re: LDAP Fails To Work

Post by Thorsten »

HI,

hadn't that much time to work on this issue, but the next days.

bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
JEmlay
Posts: 23
Joined: Mon Oct 15, 2012 10:03 pm

Re: LDAP Fails To Work

Post by JEmlay »

Great, thanks. I appreciate it!
JEmlay
Posts: 23
Joined: Mon Oct 15, 2012 10:03 pm

Re: LDAP Fails To Work

Post by JEmlay »

Were you able to find anything?
Thorsten
Posts: 15560
Joined: Tue Sep 25, 2001 11:14 am
Location: #phpmyfaq
Contact:

Re: LDAP Fails To Work

Post by Thorsten »

Hi,

partly. Looks like a Windows Sever 2012 issue. I got a MSDN license from Microsoft to check it.

bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
JEmlay
Posts: 23
Joined: Mon Oct 15, 2012 10:03 pm

Re: LDAP Fails To Work

Post by JEmlay »

Ok, if you ever need to remote into any of my machines just let me know, I'll set something up.
Thorsten
Posts: 15560
Joined: Tue Sep 25, 2001 11:14 am
Location: #phpmyfaq
Contact:

Re: LDAP Fails To Work

Post by Thorsten »

HI,

good to know, I'll try it first on a virtual machine.

bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
JEmlay
Posts: 23
Joined: Mon Oct 15, 2012 10:03 pm

Re: LDAP Fails To Work

Post by JEmlay »

Have you been able to make any progress on Server 2012 and LDAP?
jason102178
Posts: 200
Joined: Tue Nov 02, 2010 9:08 am
Location: United States-Ohio
Contact:

Re: LDAP Fails To Work

Post by jason102178 »

Hi,

Thorsten will be available to answer your question after april 3rd...

Best Regards ,

Jason
phpMyFAQ Quality Assurance / Forum Moderator
Amazon.com Wishlist
JEmlay
Posts: 23
Joined: Mon Oct 15, 2012 10:03 pm

Re: LDAP Fails To Work

Post by JEmlay »

Thank you very much for the notice!
JEmlay
Posts: 23
Joined: Mon Oct 15, 2012 10:03 pm

Re: LDAP Fails To Work

Post by JEmlay »

I went ahead and installed RC3 to check it out since I'll be waiting anyway. Here are my findings:

I was able to have my users login with "DOMAIN\username". So right off the bat, at least something works. I'll have to figure out how to append DOMAIN\ when the user submits to login so they wont be bothered with that.

However, I came across the same goofy issue as before. If the display name does not match then account name then the user cannot use the account name to login. For example:

Can NOT login:
DisplayName - Justin Emlay
AccountName - jemlay

Can NOT login:
DIsplayName - JustinEmlay
AccountName - jemlay

CAN login:
DisplayName - jemlay
AccountName - jemlay

In all cases the user can login with 'DOMAIN\jemlay'. However only in the last case can the user login with just 'jemlay'

If I can figure out how in PHP to append the username then I'll be set but it sure would be nice to not have to alter your code to make this work for future updates. I guess I could create an FAQ in my FAQ about the change :)

EDIT:
I also suspect it's the reason I can't get SSO to work. Once SSO is turned on everyone shows up as a blank user and the guest count goes up by 2. But that's another issue with it's own thread.
Thorsten
Posts: 15560
Joined: Tue Sep 25, 2001 11:14 am
Location: #phpmyfaq
Contact:

Re: LDAP Fails To Work

Post by Thorsten »

Hi,

I checked the code and our AD code.

In config/constants_ldap.php is a datamapping configured:

Code: Select all

// Datamapping - in this example for an ADS
$PMF_LDAP['ldap_mapping'] = array (
    'name'     => 'cn',
    'username' => 'samAccountName',
    'mail'     => 'mail'
);
So, by default we'll check against the account name, not the display name. You can change it there. A check against displayname and accountname wouldn't be useful in my opinion. What do you think?

bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
JEmlay
Posts: 23
Joined: Mon Oct 15, 2012 10:03 pm

Re: LDAP Fails To Work

Post by JEmlay »

Maybe I didn't explain it well. Yes, you are checking against the account name however the "account name only" wont work unless the display name matches. Here, let me try again:

This user can only login in with "DOMAIN\jemlay":
DisplayName - JustinEmlay
AccountName - jemlay

This user can login with "DOMAIN\jemlay" AND "jemlay"
DisplayName - jemlay
AccountName - jemlay

Why is the second user able to leave out "DOMAIN\"?

Does that make more sense? By default the display name will be a persons full name. Therefore none of my users can login with JUST "jemlay". They must use "DOMAIN\jemlay". Unless of course I change all display names to match which would be a royal pain to constantly remember to change or getting my users to remember to login with "DOMAIN\" would be like beating my own head with a baseball bat ;)
Thorsten
Posts: 15560
Joined: Tue Sep 25, 2001 11:14 am
Location: #phpmyfaq
Contact:

Re: LDAP Fails To Work

Post by Thorsten »

Hi,

ah, now I understand! Sorry!

What's your configuration of

Code: Select all

// In a multi-domain environment, users may enter a prefix as domain, e.g. "DOMAIN\username"
// If possible, you should use the Microsoft Global Catalog as LDAP-Server, which comes
// with every ADS-Installation.
$PMF_LDAP['ldap_use_domain_prefix'] = true;
in config/constants_ldap.php?

bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
JEmlay
Posts: 23
Joined: Mon Oct 15, 2012 10:03 pm

Re: LDAP Fails To Work

Post by JEmlay »

Setting that to false now allows everyone to login with just the account name regardless of the display name. So that's awesome!

However, I still don't understand the correlation with the display name at all. That's just odd.

At any rate, this is great. So just a straight "jemlay" works for login.

Sorry, I completely forgot about that setting.
Post Reply