[Xerte-dev] Re: LDAP authentication problems at EFC Resolved

Thu May 17 12:35:02 BST 2012

I never really understood the names of the variables, and was never
sure what they did.

I think login_library has been superseded now

On Thu, May 17, 2012 at 12:29 PM, Thomas Rochford
<thomas.rochford at jiscadvance.ac.uk> wrote:
> Hi Everyone,
>
>
>
> I thought I’ld drop a line to this list to report my success at Epping
> forest College yesterday in getting LDAP authentication to work properly. As
> Ron and Pat are aware this has been ongoing for some time but yesterday I
> got 1.7 to handle AD authentication, after addressing two issues.
>
>
>
> The first was a possible misunderstanding on my part about the LDAP filter
> entry. I’m still not clear where this is actually set! The Management page
> shows
>
>
>
> LDAP Main filter: sAMAccountName=
>
> LDAP Second filter: cn=
>
>
>
> The LDAP Table in the database shows
>
> ldap_id  1
>
> ldap_knownname
>
> ldap_host  172.16.8.47
>
> ldap_port
>
> ldap_username  XXXXXXX
>
> ldap_password  XXXXXXX
>
> ldap_basedn  OU= EFC_Users, DC=efc, DC=lan
>
> ldap_filter  sAMAccountName, objectclass, cn
>
> ldap_filter_attr  sAMAccountName
>
>
>
> The SITEDETAILS Table shows
>
> ldap_host  172.16.8.47
>
> ldap_port
>
> bind_pwd  XXXXXXX
>
> basedn  OU= EFC_Users, DC=efc, DC=lan
>
> bind_dn  XXXXXXX (just a user name; not fully qualified – that didn’t work
> at all)
>
> LDAP_preference  sAMAccountName=
>
> LDAP_filter  cn=
>
>
>
> So it looks as though the ldap_filter_attr field and the ldap_filter fields
> may be mapping to the wrong variables in the source code, depending on where
> it’s reading it’s data from. I know I had to change them in the database as
> well as the Management page.
>
>
>
> The second issue was actually in the code in login_library.php. Sorting out
> the above issue enabled the software to locate the user in AD, however it
> was then unable to verify the password. The supplied code read as follows at
> the entry point to the authenticate_to_host() function where I had to
> replace this line:
>
>
>
> $ldap_search_attr = array('firstname' => 'givenname', 'lastname' => 'sn');
>
>
>
> With
>
>
>
> $ldap_search_attr = array("sAMAccountName","objectclass","cn");
>
>
>
> That then worked straightaway. Maybe, I didn’t even need to change the
> database entries?
>
>
>
> I know the same line is used elsewhere in the code, but this was the one I
> had to change at EFC.
>
>
>
> I’m not quite sure what the current state of play is within the SVN as the
> login_library.php appears to be devoid of any code as at revision 350? Or am
> I missing something here?
>
>
>
> Kindest regards, Thomas
>
>
>
>
>
>
>
>
>
>
>
>
> This message and any attachment are intended solely for the addressee and
> may contain confidential information. If you have received this message in
> error, please send it back to me, and immediately delete it. Please do not
> use, copy or disclose the information contained in this message or in any
> attachment. Any views or opinions expressed by the author of this email do
> not necessarily reflect the views of the University of Nottingham.
>
> This message has been checked for viruses but the contents of an attachment
> may still contain software viruses which could damage your computer system:
> you are advised to perform your own checks. Email communications with the
> University of Nottingham may be monitored as permitted by UK legislation.
>
>
> _______________________________________________
> Xerte-dev mailing list
> Xerte-dev at lists.nottingham.ac.uk
> http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev
>
> This message and any attachment are intended solely for the addressee and
> may contain confidential information. If you have received this message in
> error, please send it back to me, and immediately delete it.   Please do not
> use, copy or disclose the information contained in this message or in any
> attachment.  Any views or opinions expressed by the author of this email do
> not necessarily reflect the views of the University of Nottingham.
>
> This message has been checked for viruses but the contents of an attachment
> may still contain software viruses which could damage your computer system:
> you are advised to perform your own checks. Email communications with the
> University of Nottingham may be monitored as permitted by UK legislation.
>
>