LDAP phpMyFAQ 2.7.0-RC and Windows 2000 AD

[Rigoletto]

Hello,

i try to turn on ldap support and edited the ldap.php and turned on the ldap-option.
Now i cant login anymore, i only get a blank screen with url: ".../admin/index.php"

It is obsolent what i type into login information, no errors, just a blank screen.

There are no errors in the /var/logs/apache2/error.log
Is there another log to check?

greets
Rigoletto

[Thorsten]

Hi,

you can enable the DEBUG mode in inc/Init.php

bye
Thorsten

[Rigoletto]

Hi Thorsten,

i got following debug messages:


phpMyFAQ notice [8]: Use of undefined constant LDAP_OPT_PROTOCOL_VERSION - assumed 'LDAP_OPT_PROTOCOL_VERSION' in /var/www/test/config/constants_ldap.php on line 41

phpMyFAQ notice [8]: Use of undefined constant LDAP_OPT_REFERRALS - assumed 'LDAP_OPT_REFERRALS' in /var/www/test/config/constants_ldap.php on line 42

This is my constatns_ldap:

Code: Select all

<?php
/**
 * LDAP constants for phpMyFAQ.
 *
 * PHP Version 5.2
 *
 * The contents of this file are subject to the Mozilla Public License Version
 * 1.1 (the "License"); you may not use this file except in compliance with
 * the License. You may obtain a copy of the License at
 * http://www.mozilla.org/MPL/
 *
 * Software distributed under the License is distributed on an "AS IS" basis,
 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
 * for the specific language governing rights and limitations under the
 * License.
 *
 * @category  phpMyFAQ
 * @package   PMF_Ldap
 * @author    Lars Scheithauer <lars.scheithauer@googlemail.com>
 * @author    Thorsten Rinne <thorsten@phpmyfaq.de>
 * @copyright 2009-2010 phpMyFAQ Team
 * @license   http://www.mozilla.org/MPL/MPL-1.1.html Mozilla Public License Version 1.1
 * @link      http://www.phpmyfaq.de
 * @since     2009-08-05
 */

// Datamapping - in this example for an ADS
$PMF_LDAP['ldap_mapping'] = array (
    'name'     => 'cn',
    'username' => 'sAMAccountName',
    'mail'     => 'mail');

// In a multi-domain environment, users may enter a prefix as domain, e.g. "DOMAIN\username"
// If possible, you should use the Microsoft Glocal Catalog as LDAP-Server, which comes
// with every ADS-Installation.
$PMF_LDAP['ldap_use_domain_prefix'] = false;

// LDAP-options to set
// refer to the documentation of ldap_set_option() for information on available options
$PMF_LDAP["ldap_options"] = array (
    LDAP_OPT_PROTOCOL_VERSION => 3,
    LDAP_OPT_REFERRALS        => 0 );
    
// Option for binding to LDAP directory using SASL
// Default: false
$PMF_LDAP['ldap_use_sasl'] = false;
~
~
~

greetz
Rigoletto

[Thorsten]

Hi,

which PHP version do you use?

bye
Thorsten

[Rigoletto]

Hi,

the version is:

Code: Select all

administrator@ubuntu:~$ php -version
PHP 5.3.5-1ubuntu7.2 with Suhosin-Patch (cli) (built: May  2 2011 23:18:30) 
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies

greets

[Thorsten]

Hi,

do you installed LDAP extension in your PHP?

bye
Thorsten

[Rigoletto]

Hi,

i have installed it (php5-ldap) and reboot the machine.

I got now an error that binding is not possible. I checked credentials, they are ok and working for example from an ldap-browser.

Code: Select all

phpMyFAQ warning [2]: ldap_bind(): Unable to bind to server: Invalid credentials in /var/www/test/inc/Ldap.php on line 124

phpMyFAQ notice [8]: Undefined index: ldap_use_memberOf in /var/www/test/inc/Ldap.php on line 206

greets
Rigoletto

added:

I tried a 2008 Server to, here i get other errors:

Code: Select all

phpMyFAQ notice [8]: Undefined index: ldap_use_memberOf in /var/www/test/inc/Ldap.php on line 206

phpMyFAQ warning [2]: ldap_bind(): Unable to bind to server: Invalid credentials in /var/www/test/inc/Ldap.php on line 124

[Thorsten]

Hi,

your credentials in config/ldap.php are wrong and it seems, the configuration in config/constants_ldap.php, too

bye
Thorsten

[Rigoletto]

Hi,

the credentials in config/ldap.php are correct, i using this credentials in other software and its working.
I tried to set LDAP_OPT_PROTOCOL_VERSION = 2 and SASL = true but same errors.
With ldap-browser i see on win200 samAccountName is written sAMAccountName, i changed it but seems not to have an effect.
Not all users have an mail entry.
Can "%" using in passwords can cause problems?

Code: Select all

 * LDAP constants for phpMyFAQ.
 *
 * PHP Version 5.2
 *
 * The contents of this file are subject to the Mozilla Public License Version
 * 1.1 (the "License"); you may not use this file except in compliance with
 * the License. You may obtain a copy of the License at
 * http://www.mozilla.org/MPL/
 *
 * Software distributed under the License is distributed on an "AS IS" basis,
 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
 * for the specific language governing rights and limitations under the
 * License.
 *
 * @category  phpMyFAQ
 * @package   PMF_Ldap
 * @author    Lars Scheithauer <lars.scheithauer@googlemail.com>
 * @author    Thorsten Rinne <thorsten@phpmyfaq.de>
 * @copyright 2009-2010 phpMyFAQ Team
 * @license   http://www.mozilla.org/MPL/MPL-1.1.html Mozilla Public License Version 1.1
 * @link      http://www.phpmyfaq.de
 * @since     2009-08-05
 */

// Datamapping - in this example for an ADS
$PMF_LDAP['ldap_mapping'] = array (
    'name'     => 'cn',
    'username' => 'samAccountName',
    'mail'     => 'mail');

// In a multi-domain environment, users may enter a prefix as domain, e.g. "DOMAIN\username"
// If possible, you should use the Microsoft Glocal Catalog as LDAP-Server, which comes
// with every ADS-Installation.
$PMF_LDAP['ldap_use_domain_prefix'] = false;

// LDAP-options to set
// refer to the documentation of ldap_set_option() for information on available options
$PMF_LDAP["ldap_options"] = array (
    LDAP_OPT_PROTOCOL_VERSION => 3,
    LDAP_OPT_REFERRALS        => 0 );

// Option for binding to LDAP directory using SASL
// Default: false
$PMF_LDAP['ldap_use_sasl'] = false;

greets
Rigoletto

[Thorsten]

Hi,

Can "%" using in passwords can cause problems?

maybe... but my LDAP knowledge is very limited. I'll search a little bit in Google.

bye
Thorsten

[Rigoletto]

Hi,

i tried to get more detailled error message from a snipplet:

Code: Select all

<?php

define(LDAP_OPT_DIAGNOSTIC_MESSAGE, 0x0032)

$handle = ldap_connect('ldap://active.directory.server/');
$bind = ldap_bind($handle, 'user', 'expiredpass');

if ($bind) {
    if (ldap_get_option($handle, LDAP_OPT_DIAGNOSTIC_MESSAGE, $extended_error)) {
        echo "Error Binding to LDAP: $extended_error";
    } else {
        echo "Error Binding to LDAP: No additional information is available.";
    }
}
?>

But i dont get any output!? Just blank screen.

Sourcepage:
http://www.php.net/manual/de/function.ldap-bind.php

greets

[Thorsten]

Hi,

if you get a blank screen a PHP fatal error occurs. You should see it in your webservers errorlog

bye
Thorsten

[Rigoletto]

After try and error i find this solution: http://www.php.net/manual/de/function.l ... .php#96660

[Thorsten]

Hi,

is it working now?

bye
Thorsten

[Rigoletto]

Yes, users from the AD now can login and access all free categorys.

But they didnt show up under user management!? Can rights added to users from ldap?