LDAP Fails To Work
Moderator: Thorsten
Re: LDAP Fails To Work
Just checking in. Is there any other info can provide to help out?
Re: LDAP Fails To Work
HI,
hadn't that much time to work on this issue, but the next days.
bye
Thorsten
hadn't that much time to work on this issue, but the next days.
bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
amazon.de Wishlist
Re: LDAP Fails To Work
Great, thanks. I appreciate it!
Re: LDAP Fails To Work
Were you able to find anything?
Re: LDAP Fails To Work
Hi,
partly. Looks like a Windows Sever 2012 issue. I got a MSDN license from Microsoft to check it.
bye
Thorsten
partly. Looks like a Windows Sever 2012 issue. I got a MSDN license from Microsoft to check it.
bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
amazon.de Wishlist
Re: LDAP Fails To Work
Ok, if you ever need to remote into any of my machines just let me know, I'll set something up.
Re: LDAP Fails To Work
HI,
good to know, I'll try it first on a virtual machine.
bye
Thorsten
good to know, I'll try it first on a virtual machine.
bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
amazon.de Wishlist
Re: LDAP Fails To Work
Have you been able to make any progress on Server 2012 and LDAP?
-
- Posts: 200
- Joined: Tue Nov 02, 2010 9:08 am
- Location: United States-Ohio
- Contact:
Re: LDAP Fails To Work
Hi,
Thorsten will be available to answer your question after april 3rd...
Best Regards ,
Jason
Thorsten will be available to answer your question after april 3rd...
Best Regards ,
Jason
phpMyFAQ Quality Assurance / Forum Moderator
Amazon.com Wishlist
Amazon.com Wishlist
Re: LDAP Fails To Work
Thank you very much for the notice!
Re: LDAP Fails To Work
I went ahead and installed RC3 to check it out since I'll be waiting anyway. Here are my findings:
I was able to have my users login with "DOMAIN\username". So right off the bat, at least something works. I'll have to figure out how to append DOMAIN\ when the user submits to login so they wont be bothered with that.
However, I came across the same goofy issue as before. If the display name does not match then account name then the user cannot use the account name to login. For example:
Can NOT login:
DisplayName - Justin Emlay
AccountName - jemlay
Can NOT login:
DIsplayName - JustinEmlay
AccountName - jemlay
CAN login:
DisplayName - jemlay
AccountName - jemlay
In all cases the user can login with 'DOMAIN\jemlay'. However only in the last case can the user login with just 'jemlay'
If I can figure out how in PHP to append the username then I'll be set but it sure would be nice to not have to alter your code to make this work for future updates. I guess I could create an FAQ in my FAQ about the change
EDIT:
I also suspect it's the reason I can't get SSO to work. Once SSO is turned on everyone shows up as a blank user and the guest count goes up by 2. But that's another issue with it's own thread.
I was able to have my users login with "DOMAIN\username". So right off the bat, at least something works. I'll have to figure out how to append DOMAIN\ when the user submits to login so they wont be bothered with that.
However, I came across the same goofy issue as before. If the display name does not match then account name then the user cannot use the account name to login. For example:
Can NOT login:
DisplayName - Justin Emlay
AccountName - jemlay
Can NOT login:
DIsplayName - JustinEmlay
AccountName - jemlay
CAN login:
DisplayName - jemlay
AccountName - jemlay
In all cases the user can login with 'DOMAIN\jemlay'. However only in the last case can the user login with just 'jemlay'
If I can figure out how in PHP to append the username then I'll be set but it sure would be nice to not have to alter your code to make this work for future updates. I guess I could create an FAQ in my FAQ about the change
EDIT:
I also suspect it's the reason I can't get SSO to work. Once SSO is turned on everyone shows up as a blank user and the guest count goes up by 2. But that's another issue with it's own thread.
Re: LDAP Fails To Work
Hi,
I checked the code and our AD code.
In config/constants_ldap.php is a datamapping configured:
So, by default we'll check against the account name, not the display name. You can change it there. A check against displayname and accountname wouldn't be useful in my opinion. What do you think?
bye
Thorsten
I checked the code and our AD code.
In config/constants_ldap.php is a datamapping configured:
Code: Select all
// Datamapping - in this example for an ADS
$PMF_LDAP['ldap_mapping'] = array (
'name' => 'cn',
'username' => 'samAccountName',
'mail' => 'mail'
);
bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
amazon.de Wishlist
Re: LDAP Fails To Work
Maybe I didn't explain it well. Yes, you are checking against the account name however the "account name only" wont work unless the display name matches. Here, let me try again:
This user can only login in with "DOMAIN\jemlay":
DisplayName - JustinEmlay
AccountName - jemlay
This user can login with "DOMAIN\jemlay" AND "jemlay"
DisplayName - jemlay
AccountName - jemlay
Why is the second user able to leave out "DOMAIN\"?
Does that make more sense? By default the display name will be a persons full name. Therefore none of my users can login with JUST "jemlay". They must use "DOMAIN\jemlay". Unless of course I change all display names to match which would be a royal pain to constantly remember to change or getting my users to remember to login with "DOMAIN\" would be like beating my own head with a baseball bat
This user can only login in with "DOMAIN\jemlay":
DisplayName - JustinEmlay
AccountName - jemlay
This user can login with "DOMAIN\jemlay" AND "jemlay"
DisplayName - jemlay
AccountName - jemlay
Why is the second user able to leave out "DOMAIN\"?
Does that make more sense? By default the display name will be a persons full name. Therefore none of my users can login with JUST "jemlay". They must use "DOMAIN\jemlay". Unless of course I change all display names to match which would be a royal pain to constantly remember to change or getting my users to remember to login with "DOMAIN\" would be like beating my own head with a baseball bat
Re: LDAP Fails To Work
Hi,
ah, now I understand! Sorry!
What's your configuration of
in config/constants_ldap.php?
bye
Thorsten
ah, now I understand! Sorry!
What's your configuration of
Code: Select all
// In a multi-domain environment, users may enter a prefix as domain, e.g. "DOMAIN\username"
// If possible, you should use the Microsoft Global Catalog as LDAP-Server, which comes
// with every ADS-Installation.
$PMF_LDAP['ldap_use_domain_prefix'] = true;
bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
amazon.de Wishlist
Re: LDAP Fails To Work
Setting that to false now allows everyone to login with just the account name regardless of the display name. So that's awesome!
However, I still don't understand the correlation with the display name at all. That's just odd.
At any rate, this is great. So just a straight "jemlay" works for login.
Sorry, I completely forgot about that setting.
However, I still don't understand the correlation with the display name at all. That's just odd.
At any rate, this is great. So just a straight "jemlay" works for login.
Sorry, I completely forgot about that setting.