Active Directory LDAP Example

[jelie]

I have what I hope is a very quick question. Trying to test the phpMyFAQ to see if we want to use it and would like to get the LDAP enabled. In the file:

Code: Select all

/var/www/faq/config/ldap.php

we have the following:

Code: Select all

<?php
$PMF_LDAP["ldap_server"] = 'domain.com';
$PMF_LDAP["ldap_port"] = 389;
$PMF_LDAP["ldap_user"] = 'cn=username,cn=serviceaccounts,dc=domain,dc=com';
$PMF_LDAP["ldap_password"] = 'Passw0rd';
$PMF_LDAP["ldap_base"] = 'dc=domain,dc=com';

Can anyone confirm this as being correct?

Obviously I'm not looking for specifics to my environment, but I need to know if "ldap_server" is looking for 'servername.domain.com' or just 'domain.com'. DNS is setup correctly and the domain.com pings from the OS level (Ubuntu 11.10).

Also, if I have LDAP enabled, do I need to add users before it will authenticate them from Active Directory or do the users just log in and phpMyFAQ lets them in if they are users of the domain?

Thank you!

[Thorsten]

Hi,

the "ldap_user" is just a technical user who can connect to LDAP. If LDAP is enabled the users from LDAP or AD can automatically login.

bye
Thorsten

[jelie]

So, is ldap_server looking for servername.domain.com or just domain.com?

I'm guessing it is looking for domain.com.

[Thorsten]

Hi,

depends how you configured your infrastructure

bye
Thorsten

[jelie]

I have no logs on my AD server that shows any login attempts.

Is there a log that shows if phpmyfaq is trying to connect to our active directory server and being rejected?

[Thorsten]

Hi,

did you enable the LDAP auth in the configuration? If yes, please try to login with a LDAP user.

bye
Thorsten

[jelie]

Yes, Enable LDAP Support? is checked in the UI configuration.

I tried to log in using an LDAP user

username
password

I also tried:

domain\username
password

and I tried

username@domain.com
password

Error is always: Wrong username or password.

[Thorsten]

Hi,

please enable the DEBUG mode in inc/Init.php

bye
Thorsten

[jelie]

Turned on the phpMyFAQ debug (thanks for that!), plus had one of our php guys take a look using xdebug and we figured out (long story) that we needed the following configuration:

./config/ldap.php

Code: Select all

<?php
$PMF_LDAP["ldap_server"] = 'domain.com';
$PMF_LDAP["ldap_port"] = 389;
$PMF_LDAP["ldap_user"] = 'username@domain.com';
$PMF_LDAP["ldap_password"] = 'Passw0rd';
$PMF_LDAP["ldap_base"] = 'dc=domain,dc=com';

./config/constants_ldap.php

Code: Select all

$PMF_LDAP['ldap_use_domain_prefix'] = false;

I had originally tried to use the domain_prefix=false, but it didn't work because I was still trying to use cn=username,cn=container,dc=domain,dc=domain and for some reason the code was not passing the username correctly. Switched to username@domain and turned off use_domain_prefix and we were good.

We are using Active Directory 2003, single domain (no forest). I hope this post helps someone in the future.

Great app so far, thanks for the help Thorsten!

[Thorsten]

Hi,

ah, pretty cool!

bye
Thorsten

[anshleyganoo]

I configured my Ldap as per instruction above.

Just a small confirmation, do i need to run any synchronization process so that my user can log in?

As per log

Invalid user or password.\nLogin: j_smith\nErrors: No authentication method specified. , Specified login could not be found.

Kindly help if missed out any steps?

[Thorsten]

Hi,

you don't need a ynchronization process, it should work out of the box. Do you see the login in your AD Server?

bye
Thorsten