Page 1 of 1

[SOLVED] OpenLDAP

Posted: Wed Feb 12, 2014 11:03 am
by coudy
Hi,
yes, I know, LDAP again. I have read all topics about LDAP on this forum, even in German language.
I'm new in LDAP, but I can auth with LDAP account over SSH, FTP, Usermin (Webmin) and Zabbix. I can connect over windows utility LDAPAdmin (http://www.ldapadmin.org). What I didn't solve is connect over PMF. I'm running LAMP with Debian stable, and latest stable PMF

this is my modified ldap.php

Code: Select all

// Main LDAP server
$PMF_LDAP['ldap_server'] = '127.0.0.1';
$PMF_LDAP['ldap_port'] = 389;
$PMF_LDAP['ldap_user'] = 'cn=admin,dc=local,dc=sys,dc=corp';
$PMF_LDAP['ldap_password'] = 'xxxx';
$PMF_LDAP['ldap_base'] = 'dc=local,dc=sys,dc=corp';
this are my constants_ldap.php changes

Code: Select all

// Datamapping - in this example for an ADS
$PMF_LDAP['ldap_mapping'] = array (
    'name'     => 'gecos',
    'username' => 'uid',
    'mail'     => 'mail'
);
I have created user test with password test123.
When I try to connect as login:test and password:test123 on PMF login page, I get error "Wrong login name or password."
this is in php log>

Code: Select all

[Wed Feb 12 10:54:50 2014] [error] [client 192.168.2.10] phpMyFAQ warning:  ldap_bind(): Unable to bind to server: Invalid DN syntax in /home/www/faq/inc/PMF/Ldap.php on line 137, referer: http://web/faq/?action=login
this is in slapd.log>

Code: Select all

Feb 12 10:54:50 slapd[26791]: conn=1131 op=0 do_bind: invalid dn (test)
When I try to connect as login:cn=test,ou=Users,dc=local,dc=sys,dc=corp and password:test123 on PMF login page, I get error "Wrong login name or password."
this is in php log>

Code: Select all

[Wed Feb 12 10:58:49 2014] [error] [client 192.168.2.10] phpMyFAQ warning:  ldap_get_values() expects parameter 2 to be resource, boolean given in /home/www/faq/inc/PMF/Ldap
.php on line 257, referer: http://web/faq/?action=login
and no error in slapd.log

Can you help me ? What I'm doing wrong ?

Re: OpenLDAP

Posted: Thu Feb 13, 2014 2:51 pm
by coudy
Hi,
I have tried several configuration options, but still can't connect to PMF with LDAP account. I can connect with ldap_use_anonymous_login=true.

I found several PHP LDAP examples on the web, and test it with my LDAP. They all works.

example1: ldap.php

Code: Select all

<?php
echo "<html><head><title>PHP/LDAP Query Test</title></head><body>";
$lc = ldap_connect("127.0.0.1");
ldap_set_option($lc, LDAP_OPT_PROTOCOL_VERSION, 3);
echo "<h1>LDAP query results</h1>";
ldap_bind($lc);

// Search users in the group with gid 100
$base = "ou=Users,dc=local,dc=sys,dc=corp";
$filt = "uid=test";
$sr = ldap_search($lc, $base, $filt);
$info = ldap_get_entries($lc, $sr);

echo "Searched from base " . $base . " with filter " . $filt . ".<br><br>";

for ($i = 0; $i < $info["count"]; $i++) {
  echo "Match " . $i . ": " . $info[$i]["cn"][0];
  echo " (gecos: " . $info[$i]["gecos"][0] . ")<br>";
}

if ($i == 0) {
  echo "No matches found!";
}

ldap_close($lc);
echo "</body></html>";
result:

Code: Select all

LDAP query results
Searched from base ou=Users,dc=local,dc=sys,dc=corp with filter uid=test.
Match 0: * (gecos: Test User)
example2: ldap_bind.php Works with both, admin and test account

Code: Select all

<?php
// using ldap bind *** NOTE the uname *****
#$ldaprdn  = 'cn=admin,dc=local,dc=sys,dc=corp';    // ldap rdn or dn
#$ldappass = 'xxxxx';  // associated password
$ldaprdn  = 'uid=test,ou=Users,dc=local,dc=sys,dc=corp';    // ldap rdn or dn
$ldappass = 'test123';  // associated password

// connect to ldap server
$ldapconn = ldap_connect("localhost")
   or die("Could not connect to LDAP server.");

ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);

if ($ldapconn) {
   // binding to ldap server
   $ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);

   // verify binding
   if ($ldapbind) {
       echo "LDAP bind successful...";
   } else {
       echo "LDAP bind failed...";
   }
}
?>
result:

Code: Select all

LDAP bind successful...
example3: ldap_bind_anon.php

Code: Select all

<?php
//using ldap bind anonymously
// connect to ldap server
$ldapconn = ldap_connect("localhost")
    or die("Could not connect to LDAP server.");

ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);

if ($ldapconn) {
    // binding anonymously
    $ldapbind = ldap_bind($ldapconn);
    if ($ldapbind) {
        echo "LDAP bind anonymous successful...";
    } else {
        echo "LDAP bind anonymous failed...";
    }
}

?>
result:

Code: Select all

LDAP bind anonymous successful... 
What is wrong, when PMF can't bind to LDAP ?

[SOLVED]Re: OpenLDAP

Posted: Fri Feb 14, 2014 2:01 pm
by coudy
solved by setting ldap_use_domain_prefix=false in constants_ldap.php

Code: Select all

$PMF_LDAP['ldap_use_domain_prefix'] = false;

Re: [SOLVED] OpenLDAP

Posted: Sat Feb 15, 2014 8:45 am
by Thorsten
Hi,

thanks for your post, it will help a lot of people.

bye
Thorsten

Re: [SOLVED] OpenLDAP

Posted: Wed Apr 13, 2016 6:14 am
by hnoor0066
Very Nice