LDAP Fails To Work

All about webserver configurations, PHP and databases.

Moderator: Thorsten

JEmlay
Posts: 23
Joined: Mon Oct 15, 2012 10:03 pm

Re: LDAP Fails To Work

Post by JEmlay » Thu Oct 25, 2012 4:17 pm

Just checking in. Is there any other info can provide to help out?

Thorsten
Posts: 15014
Joined: Tue Sep 25, 2001 11:14 am
Location: #phpmyfaq
Contact:

Re: LDAP Fails To Work

Post by Thorsten » Thu Oct 25, 2012 4:42 pm

HI,

hadn't that much time to work on this issue, but the next days.

bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist

JEmlay
Posts: 23
Joined: Mon Oct 15, 2012 10:03 pm

Re: LDAP Fails To Work

Post by JEmlay » Thu Oct 25, 2012 5:41 pm

Great, thanks. I appreciate it!

JEmlay
Posts: 23
Joined: Mon Oct 15, 2012 10:03 pm

Re: LDAP Fails To Work

Post by JEmlay » Mon Nov 26, 2012 10:45 pm

Were you able to find anything?

Thorsten
Posts: 15014
Joined: Tue Sep 25, 2001 11:14 am
Location: #phpmyfaq
Contact:

Re: LDAP Fails To Work

Post by Thorsten » Tue Nov 27, 2012 10:11 am

Hi,

partly. Looks like a Windows Sever 2012 issue. I got a MSDN license from Microsoft to check it.

bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist

JEmlay
Posts: 23
Joined: Mon Oct 15, 2012 10:03 pm

Re: LDAP Fails To Work

Post by JEmlay » Wed Nov 28, 2012 3:03 am

Ok, if you ever need to remote into any of my machines just let me know, I'll set something up.

Thorsten
Posts: 15014
Joined: Tue Sep 25, 2001 11:14 am
Location: #phpmyfaq
Contact:

Re: LDAP Fails To Work

Post by Thorsten » Wed Nov 28, 2012 7:30 am

HI,

good to know, I'll try it first on a virtual machine.

bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist

JEmlay
Posts: 23
Joined: Mon Oct 15, 2012 10:03 pm

Re: LDAP Fails To Work

Post by JEmlay » Tue Mar 26, 2013 5:49 pm

Have you been able to make any progress on Server 2012 and LDAP?

jason102178
Posts: 200
Joined: Tue Nov 02, 2010 9:08 am
Location: United States-Ohio
Contact:

Re: LDAP Fails To Work

Post by jason102178 » Tue Mar 26, 2013 6:42 pm

Hi,

Thorsten will be available to answer your question after april 3rd...

Best Regards ,

Jason
phpMyFAQ Quality Assurance / Forum Moderator
Amazon.com Wishlist

JEmlay
Posts: 23
Joined: Mon Oct 15, 2012 10:03 pm

Re: LDAP Fails To Work

Post by JEmlay » Tue Mar 26, 2013 6:57 pm

Thank you very much for the notice!

JEmlay
Posts: 23
Joined: Mon Oct 15, 2012 10:03 pm

Re: LDAP Fails To Work

Post by JEmlay » Tue Mar 26, 2013 8:35 pm

I went ahead and installed RC3 to check it out since I'll be waiting anyway. Here are my findings:

I was able to have my users login with "DOMAIN\username". So right off the bat, at least something works. I'll have to figure out how to append DOMAIN\ when the user submits to login so they wont be bothered with that.

However, I came across the same goofy issue as before. If the display name does not match then account name then the user cannot use the account name to login. For example:

Can NOT login:
DisplayName - Justin Emlay
AccountName - jemlay

Can NOT login:
DIsplayName - JustinEmlay
AccountName - jemlay

CAN login:
DisplayName - jemlay
AccountName - jemlay

In all cases the user can login with 'DOMAIN\jemlay'. However only in the last case can the user login with just 'jemlay'

If I can figure out how in PHP to append the username then I'll be set but it sure would be nice to not have to alter your code to make this work for future updates. I guess I could create an FAQ in my FAQ about the change :)

EDIT:
I also suspect it's the reason I can't get SSO to work. Once SSO is turned on everyone shows up as a blank user and the guest count goes up by 2. But that's another issue with it's own thread.

Thorsten
Posts: 15014
Joined: Tue Sep 25, 2001 11:14 am
Location: #phpmyfaq
Contact:

Re: LDAP Fails To Work

Post by Thorsten » Thu Apr 04, 2013 6:10 am

Hi,

I checked the code and our AD code.

In config/constants_ldap.php is a datamapping configured:

Code: Select all

// Datamapping - in this example for an ADS
$PMF_LDAP['ldap_mapping'] = array (
    'name'     => 'cn',
    'username' => 'samAccountName',
    'mail'     => 'mail'
);
So, by default we'll check against the account name, not the display name. You can change it there. A check against displayname and accountname wouldn't be useful in my opinion. What do you think?

bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist

JEmlay
Posts: 23
Joined: Mon Oct 15, 2012 10:03 pm

Re: LDAP Fails To Work

Post by JEmlay » Thu Apr 04, 2013 5:21 pm

Maybe I didn't explain it well. Yes, you are checking against the account name however the "account name only" wont work unless the display name matches. Here, let me try again:

This user can only login in with "DOMAIN\jemlay":
DisplayName - JustinEmlay
AccountName - jemlay

This user can login with "DOMAIN\jemlay" AND "jemlay"
DisplayName - jemlay
AccountName - jemlay

Why is the second user able to leave out "DOMAIN\"?

Does that make more sense? By default the display name will be a persons full name. Therefore none of my users can login with JUST "jemlay". They must use "DOMAIN\jemlay". Unless of course I change all display names to match which would be a royal pain to constantly remember to change or getting my users to remember to login with "DOMAIN\" would be like beating my own head with a baseball bat ;)

Thorsten
Posts: 15014
Joined: Tue Sep 25, 2001 11:14 am
Location: #phpmyfaq
Contact:

Re: LDAP Fails To Work

Post by Thorsten » Thu Apr 04, 2013 5:42 pm

Hi,

ah, now I understand! Sorry!

What's your configuration of

Code: Select all

// In a multi-domain environment, users may enter a prefix as domain, e.g. "DOMAIN\username"
// If possible, you should use the Microsoft Global Catalog as LDAP-Server, which comes
// with every ADS-Installation.
$PMF_LDAP['ldap_use_domain_prefix'] = true;
in config/constants_ldap.php?

bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist

JEmlay
Posts: 23
Joined: Mon Oct 15, 2012 10:03 pm

Re: LDAP Fails To Work

Post by JEmlay » Thu Apr 04, 2013 6:52 pm

Setting that to false now allows everyone to login with just the account name regardless of the display name. So that's awesome!

However, I still don't understand the correlation with the display name at all. That's just odd.

At any rate, this is great. So just a straight "jemlay" works for login.

Sorry, I completely forgot about that setting.

Post Reply