Ticket #242 (closed defect: fixed)

Opened 5 years ago

Last modified 5 years ago

LDAPv3 option

Reported by: adriel.goddard@… Owned by: rjl
Priority: normal Milestone: 1.0.1
Component: PHP scripts Version: 1.0.0 RC6
Severity: normal Keywords: ldap v3 protocol
Cc:

Description

Please allow for an option in the system configuration where the version of LDAP protocol can be specified. I've recently come across an issue where Maia was unable to bind to my LDAP server because it was running v3. The fix was to add the following line between the asterisks in auth.php:

$ldap_conn = ldap_connect($auth_ldap_server)

or die($lang_error_ldap_connect);

//********************************************************

ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3);

//********************************************************

@ldap_bind($ldap_conn, $auth_ldap_bind_dn, $auth_ldap_password)

or die($lang_error_ldap_bind);

Thank you.

Change History

Changed 5 years ago by mw@…

i just added the following lines to config.php to make it work just uncomment the corresponding lines

perhaps you can add this to the distributed config.php.dist

// If you need ldap version 3 uncomment the line below // ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3); // For active directory the following is recommendended // ldap_set_option($ldap_conn, LDAP_OPT_REFERRALS, 0);

Changed 5 years ago by mw@…

  • version changed from 1.0.0 RC5 to 1.0.0 RC6
  • milestone changed from 1.0.0 RC6 to 1.0.0

OK, following two patches provide a configurable option for LDAP_VERSION and LDAP_OPT_REFERRALS

I set them to the default values, so this shouldnt break installs whch are also happy without this patch

This is the patch for config.php.dist 

--- config.php.dist.orig        2006-01-05 12:42:06.256075968 +0100
+++ config.php.dist     2006-01-05 12:42:27.150899472 +0100
@@ -261,6 +261,13 @@
     // return the user's e-mail address.
     $auth_ldap_attribute = "mailroutingaddress";
 
+    // Set your ldap version (default is 2)
+    $auth_ldap_version = 2;
+
+    // Determines whether the LDAP library automatically follows
+    // referrals returned by LDAP servers or not.
+    // Active directory seems to need 0 (default is 1)
+    $auth_ldap_opt_referrals = 1;
 
     // *** AUTHENTICATING VIA MICROSOFT EXCHANGE SERVER ***
     //

This is the patch for auth.php 

--- auth.php.orig       2006-01-05 11:57:18.434020280 +0100
+++ auth.php    2006-01-05 12:38:19.826498496 +0100
@@ -191,10 +191,15 @@
         global $auth_ldap_password;
         global $auth_ldap_query;
         global $auth_ldap_attribute;
+       global $auth_ldap_version;
+       global $auth_ldap_opt_referrals;
 
         $ldap_conn = ldap_connect($auth_ldap_server)
                          or die($lang['error_ldap_connect']);
 
+       ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, $auth_ldap_version);
+       ldap_set_option($ldap_conn, LDAP_OPT_REFERRALS, $auth_ldap_opt_referrals);
+
         @ldap_bind($ldap_conn, $auth_ldap_bind_dn, $auth_ldap_password)
             or die($lang['error_ldap_bind']);

Changed 5 years ago by dmorton

  • milestone changed from 1.0.0 to 1.0.1

Changed 5 years ago by dmorton

  • status changed from new to closed
  • resolution set to fixed

fixed: trunk [931] and 1.0 branch [932]

Note: See TracTickets for help on using tickets.