[SOLVED] OpenLDAP

All about webserver configurations, PHP and databases.

Moderator: Thorsten

Post Reply
coudy
Posts: 19
Joined: Wed Feb 05, 2014 9:14 am

[SOLVED] OpenLDAP

Post by coudy »

Hi,
yes, I know, LDAP again. I have read all topics about LDAP on this forum, even in German language.
I'm new in LDAP, but I can auth with LDAP account over SSH, FTP, Usermin (Webmin) and Zabbix. I can connect over windows utility LDAPAdmin (http://www.ldapadmin.org). What I didn't solve is connect over PMF. I'm running LAMP with Debian stable, and latest stable PMF

this is my modified ldap.php

Code: Select all

// Main LDAP server
$PMF_LDAP['ldap_server'] = '127.0.0.1';
$PMF_LDAP['ldap_port'] = 389;
$PMF_LDAP['ldap_user'] = 'cn=admin,dc=local,dc=sys,dc=corp';
$PMF_LDAP['ldap_password'] = 'xxxx';
$PMF_LDAP['ldap_base'] = 'dc=local,dc=sys,dc=corp';
this are my constants_ldap.php changes

Code: Select all

// Datamapping - in this example for an ADS
$PMF_LDAP['ldap_mapping'] = array (
    'name'     => 'gecos',
    'username' => 'uid',
    'mail'     => 'mail'
);
I have created user test with password test123.
When I try to connect as login:test and password:test123 on PMF login page, I get error "Wrong login name or password."
this is in php log>

Code: Select all

[Wed Feb 12 10:54:50 2014] [error] [client 192.168.2.10] phpMyFAQ warning:  ldap_bind(): Unable to bind to server: Invalid DN syntax in /home/www/faq/inc/PMF/Ldap.php on line 137, referer: http://web/faq/?action=login
this is in slapd.log>

Code: Select all

Feb 12 10:54:50 slapd[26791]: conn=1131 op=0 do_bind: invalid dn (test)
When I try to connect as login:cn=test,ou=Users,dc=local,dc=sys,dc=corp and password:test123 on PMF login page, I get error "Wrong login name or password."
this is in php log>

Code: Select all

[Wed Feb 12 10:58:49 2014] [error] [client 192.168.2.10] phpMyFAQ warning:  ldap_get_values() expects parameter 2 to be resource, boolean given in /home/www/faq/inc/PMF/Ldap
.php on line 257, referer: http://web/faq/?action=login
and no error in slapd.log

Can you help me ? What I'm doing wrong ?
Last edited by coudy on Fri Feb 14, 2014 2:02 pm, edited 1 time in total.
coudy
Posts: 19
Joined: Wed Feb 05, 2014 9:14 am

Re: OpenLDAP

Post by coudy »

Hi,
I have tried several configuration options, but still can't connect to PMF with LDAP account. I can connect with ldap_use_anonymous_login=true.

I found several PHP LDAP examples on the web, and test it with my LDAP. They all works.

example1: ldap.php

Code: Select all

<?php
echo "<html><head><title>PHP/LDAP Query Test</title></head><body>";
$lc = ldap_connect("127.0.0.1");
ldap_set_option($lc, LDAP_OPT_PROTOCOL_VERSION, 3);
echo "<h1>LDAP query results</h1>";
ldap_bind($lc);

// Search users in the group with gid 100
$base = "ou=Users,dc=local,dc=sys,dc=corp";
$filt = "uid=test";
$sr = ldap_search($lc, $base, $filt);
$info = ldap_get_entries($lc, $sr);

echo "Searched from base " . $base . " with filter " . $filt . ".<br><br>";

for ($i = 0; $i < $info["count"]; $i++) {
  echo "Match " . $i . ": " . $info[$i]["cn"][0];
  echo " (gecos: " . $info[$i]["gecos"][0] . ")<br>";
}

if ($i == 0) {
  echo "No matches found!";
}

ldap_close($lc);
echo "</body></html>";
result:

Code: Select all

LDAP query results
Searched from base ou=Users,dc=local,dc=sys,dc=corp with filter uid=test.
Match 0: * (gecos: Test User)
example2: ldap_bind.php Works with both, admin and test account

Code: Select all

<?php
// using ldap bind *** NOTE the uname *****
#$ldaprdn  = 'cn=admin,dc=local,dc=sys,dc=corp';    // ldap rdn or dn
#$ldappass = 'xxxxx';  // associated password
$ldaprdn  = 'uid=test,ou=Users,dc=local,dc=sys,dc=corp';    // ldap rdn or dn
$ldappass = 'test123';  // associated password

// connect to ldap server
$ldapconn = ldap_connect("localhost")
   or die("Could not connect to LDAP server.");

ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);

if ($ldapconn) {
   // binding to ldap server
   $ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);

   // verify binding
   if ($ldapbind) {
       echo "LDAP bind successful...";
   } else {
       echo "LDAP bind failed...";
   }
}
?>
result:

Code: Select all

LDAP bind successful...
example3: ldap_bind_anon.php

Code: Select all

<?php
//using ldap bind anonymously
// connect to ldap server
$ldapconn = ldap_connect("localhost")
    or die("Could not connect to LDAP server.");

ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);

if ($ldapconn) {
    // binding anonymously
    $ldapbind = ldap_bind($ldapconn);
    if ($ldapbind) {
        echo "LDAP bind anonymous successful...";
    } else {
        echo "LDAP bind anonymous failed...";
    }
}

?>
result:

Code: Select all

LDAP bind anonymous successful... 
What is wrong, when PMF can't bind to LDAP ?
coudy
Posts: 19
Joined: Wed Feb 05, 2014 9:14 am

[SOLVED]Re: OpenLDAP

Post by coudy »

solved by setting ldap_use_domain_prefix=false in constants_ldap.php

Code: Select all

$PMF_LDAP['ldap_use_domain_prefix'] = false;
Thorsten
Posts: 15559
Joined: Tue Sep 25, 2001 11:14 am
Location: #phpmyfaq
Contact:

Re: [SOLVED] OpenLDAP

Post by Thorsten »

Hi,

thanks for your post, it will help a lot of people.

bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
hnoor0066
Posts: 1
Joined: Tue Apr 12, 2016 9:32 pm

Re: [SOLVED] OpenLDAP

Post by hnoor0066 »

Very Nice
Post Reply