From: <M....@ls...> - 2008-08-22 15:58:26
|
Hi, We're struggling to get the LDAP authentication working for us. We think it is because the User.php is working on an assumption that our LDAP server will allow an anonymous bind - which it won't. Has anyone tweaked the script to work with Active Directory where anonymous binds are not available? For info, when we try to login the message we're getting is: Warning: ldap_search() [function.ldap-search]: Search: Can't contact LDAP server in /usr/local/vufind/web/sys/User.php on line 62 Warning: ldap_get_entries(): supplied argument is not a valid ldap result resource in /usr/local/vufind/web/sys/User.php on line 63 We've tried making some adjustments to the script to run a bind closer to how we think our LDAP requires, and this has got rid of the error messages but we still get invalid login responses when we put in valid usernames - so it doesn't seem to be doing a successful search. We have successfully tested connection to LDAP from that server using our own scripts, so we know it's not a straightforward parameter error, or other connection issues, but we're none of us PHP experts, so fixing the script will be trial and error. I wondered if anyone had got there before us or could offer advice? Many thanks in advance, Michael. Michael Fake Library System Manager Library, The London School of Economics and Political Science 10 Portugal Street, London WC2A 2HD Email: m....@ls... Tel: 020 7955 6447 www.library.lse.ac.uk Please access the attached hyperlink for an important electronic communications disclaimer: http://www.lse.ac.uk/collections/secretariat/legal/disclaimer.htm |
From: Andrew N. <and...@vi...> - 2008-08-25 13:51:57
|
Michael - The ldap script does not do an anonymous bind. It first does a search and then does a bind with the users's account info and the supplied password. If you are getting an error about "can't contact LDAP server" then you might have some network issues ... maybe a firewall? Andrew > -----Original Message----- > From: vuf...@li... [mailto:vufind- > gen...@li...] On Behalf Of M....@ls... > Sent: Friday, August 22, 2008 11:59 AM > To: vuf...@li... > Cc: vuf...@li... > Subject: [VuFind-General] LDAP authentication - anonymous bind > > Hi, > > We're struggling to get the LDAP authentication working for us. We > think > it is because the User.php is working on an assumption that our LDAP > server will allow an anonymous bind - which it won't. Has anyone > tweaked > the script to work with Active Directory where anonymous binds are not > available? > > For info, when we try to login the message we're getting is: > > Warning: ldap_search() [function.ldap-search]: Search: Can't contact > LDAP server in /usr/local/vufind/web/sys/User.php on line 62 > Warning: ldap_get_entries(): supplied argument is not a valid ldap > result resource in /usr/local/vufind/web/sys/User.php on line 63 > > We've tried making some adjustments to the script to run a bind closer > to how we think our LDAP requires, and this has got rid of the error > messages but we still get invalid login responses when we put in valid > usernames - so it doesn't seem to be doing a successful search. We have > successfully tested connection to LDAP from that server using our own > scripts, so we know it's not a straightforward parameter error, or > other > connection issues, but we're none of us PHP experts, so fixing the > script will be trial and error. I wondered if anyone had got there > before us or could offer advice? > > Many thanks in advance, > > Michael. > > Michael Fake > Library System Manager > Library, The London School of Economics and Political Science > 10 Portugal Street, London WC2A 2HD > Email: m....@ls... Tel: 020 7955 6447 > www.library.lse.ac.uk > > > Please access the attached hyperlink for an important electronic > communications disclaimer: > http://www.lse.ac.uk/collections/secretariat/legal/disclaimer.htm > > ----------------------------------------------------------------------- > -- > This SF.Net email is sponsored by the Moblin Your Move Developer's > challenge > Build the coolest Linux based applications with Moblin SDK & win great > prizes > Grand prize is a trip for two to an Open Source event anywhere in the > world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > VuFind-General mailing list > VuF...@li... > https://lists.sourceforge.net/lists/listinfo/vufind-general |
From: <M....@ls...> - 2008-08-27 14:21:06
|
Hi Andrew, We actually got sent a script from another site who had got this working by changing the loginLDAP function to do a bind before the search. Our LDAP system requires this before allowing the search. It wasn't a firewall issue - we have now successfully hooked up to LDAP, and we can login. Thanks for the responses from everyone who contacted me. Our problem now is that we are unable to link up to our Voyager system when we try to link to Library Catalog Username and Password. I have been trying to trace how this works through the scripts but I'm clearly missing something. The Voyager.php uses the patron ID to get the right information from Voyager - and that Patron ID is identified by a search against last name and barcode - but I can't see where we're setting these two variables, and how this connects to the Username and Password chosen in the 'Checked Out Items' box. Any pointers? Best, Michael. -----Original Message----- From: Andrew Nagy [mailto:and...@vi...] Sent: 25 August 2008 14:52 To: Fake,M; vuf...@li... Cc: vuf...@li... Subject: RE: LDAP authentication - anonymous bind Michael - The ldap script does not do an anonymous bind. It first does a search and then does a bind with the users's account info and the supplied password. If you are getting an error about "can't contact LDAP server" then you might have some network issues ... maybe a firewall? Andrew > -----Original Message----- > From: vuf...@li... [mailto:vufind- > gen...@li...] On Behalf Of M....@ls... > Sent: Friday, August 22, 2008 11:59 AM > To: vuf...@li... > Cc: vuf...@li... > Subject: [VuFind-General] LDAP authentication - anonymous bind > > Hi, > > We're struggling to get the LDAP authentication working for us. We > think it is because the User.php is working on an assumption that our > LDAP server will allow an anonymous bind - which it won't. Has anyone > tweaked the script to work with Active Directory where anonymous binds > are not available? > > For info, when we try to login the message we're getting is: > > Warning: ldap_search() [function.ldap-search]: Search: Can't contact > LDAP server in /usr/local/vufind/web/sys/User.php on line 62 > Warning: ldap_get_entries(): supplied argument is not a valid ldap > result resource in /usr/local/vufind/web/sys/User.php on line 63 > > We've tried making some adjustments to the script to run a bind closer > to how we think our LDAP requires, and this has got rid of the error > messages but we still get invalid login responses when we put in valid > usernames - so it doesn't seem to be doing a successful search. We > have successfully tested connection to LDAP from that server using our > own scripts, so we know it's not a straightforward parameter error, or > other connection issues, but we're none of us PHP experts, so fixing > the script will be trial and error. I wondered if anyone had got there > before us or could offer advice? > > Many thanks in advance, > > Michael. > > Michael Fake > Library System Manager > Library, The London School of Economics and Political Science 10 > Portugal Street, London WC2A 2HD > Email: m....@ls... Tel: 020 7955 6447 > www.library.lse.ac.uk > > > Please access the attached hyperlink for an important electronic > communications disclaimer: > http://www.lse.ac.uk/collections/secretariat/legal/disclaimer.htm > > ---------------------------------------------------------------------- > - > -- > This SF.Net email is sponsored by the Moblin Your Move Developer's > challenge Build the coolest Linux based applications with Moblin SDK & > win great prizes Grand prize is a trip for two to an Open Source event > anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > VuFind-General mailing list > VuF...@li... > https://lists.sourceforge.net/lists/listinfo/vufind-general Please access the attached hyperlink for an important electronic communications disclaimer: http://www.lse.ac.uk/collections/secretariat/legal/disclaimer.htm |
From: Walker, D. <dw...@ca...> - 2008-08-26 15:50:34
|
Thought I had responded to the list, but I guess not. ================== David Walker Library Web Services Manager California State University http://xerxes.calstate.edu ________________________________________ From: Walker, David Sent: Monday, August 25, 2008 8:57 AM To: Andrew Nagy Subject: RE: LDAP authentication - anonymous bind Doesn't sounds like a firewall problem, since Michael said they were able to connect to the server using their own scripts. I think the problem here is that Active Directory won't allow you to do an ldap_search without some type of super-user credentials -- or something like that, I'm hardly an expert. When we authenticate against Active Directory from PHP, we simply ldap_connect and ldap_bind with the user's credentials, foregoing an ldap_search, like such: // connect to ldap server $connection= ldap_connect($server, $port); if ($connection) { if ( $password != null ) { // bind to ldap server $authenticated = ldap_bind($connection, $username. "@" . $domain, $password); } ldap_close($connection); } $authenticated will be true is successful, false otherwise. Easy. Make sure the user supplied a password. I forget the details, but AD will return a successful bind, I think, if the password is blank. --Dave ================== David Walker Library Web Services Manager California State University http://xerxes.calstate.edu ________________________________________ From: vuf...@li... [vuf...@li...] On Behalf Of Andrew Nagy [and...@vi...] Sent: Monday, August 25, 2008 6:51 AM To: M....@ls...; vuf...@li... Cc: vuf...@li... Subject: Re: [VuFind-General] LDAP authentication - anonymous bind Michael - The ldap script does not do an anonymous bind. It first does a search and then does a bind with the users's account info and the supplied password. If you are getting an error about "can't contact LDAP server" then you might have some network issues ... maybe a firewall? Andrew > -----Original Message----- > From: vuf...@li... [mailto:vufind- > gen...@li...] On Behalf Of M....@ls... > Sent: Friday, August 22, 2008 11:59 AM > To: vuf...@li... > Cc: vuf...@li... > Subject: [VuFind-General] LDAP authentication - anonymous bind > > Hi, > > We're struggling to get the LDAP authentication working for us. We > think > it is because the User.php is working on an assumption that our LDAP > server will allow an anonymous bind - which it won't. Has anyone > tweaked > the script to work with Active Directory where anonymous binds are not > available? > > For info, when we try to login the message we're getting is: > > Warning: ldap_search() [function.ldap-search]: Search: Can't contact > LDAP server in /usr/local/vufind/web/sys/User.php on line 62 > Warning: ldap_get_entries(): supplied argument is not a valid ldap > result resource in /usr/local/vufind/web/sys/User.php on line 63 > > We've tried making some adjustments to the script to run a bind closer > to how we think our LDAP requires, and this has got rid of the error > messages but we still get invalid login responses when we put in valid > usernames - so it doesn't seem to be doing a successful search. We have > successfully tested connection to LDAP from that server using our own > scripts, so we know it's not a straightforward parameter error, or > other > connection issues, but we're none of us PHP experts, so fixing the > script will be trial and error. I wondered if anyone had got there > before us or could offer advice? > > Many thanks in advance, > > Michael. > > Michael Fake > Library System Manager > Library, The London School of Economics and Political Science > 10 Portugal Street, London WC2A 2HD > Email: m....@ls... Tel: 020 7955 6447 > www.library.lse.ac.uk > > > Please access the attached hyperlink for an important electronic > communications disclaimer: > http://www.lse.ac.uk/collections/secretariat/legal/disclaimer.htm > > ----------------------------------------------------------------------- > -- > This SF.Net email is sponsored by the Moblin Your Move Developer's > challenge > Build the coolest Linux based applications with Moblin SDK & win great > prizes > Grand prize is a trip for two to an Open Source event anywhere in the > world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > VuFind-General mailing list > VuF...@li... > https://lists.sourceforge.net/lists/listinfo/vufind-general ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ VuFind-General mailing list VuF...@li... https://lists.sourceforge.net/lists/listinfo/vufind-general |