We are trying to get OpenRoom 1.4 up and running and getting an "operations error" when trying to login using LDAP.
We use Active Directory for LDAP and usually need a BIND username and password to use AD. There does not appear to be a LDAP configuration option for a BIND user.
Any ideas?
Thanks!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
function AuthenticateUser($username, $password, $settings){
$Host = $settings;
$BaseDN = $settings;
// check for empty username and password
if(empty($username) || empty($password))
{
throw new Exception("Username or password not supplied.", 0xb00b00);
}
$connection = @ldap_connect($Host); // try to make a connection
$binduser = "user@yourcollege.edu"; // our additions
$bind_pass = "passwordforaboveuser"; // our additions
$response_from_bind = @ ldap_bind($connection,$binduser,$bind_pass); //our additions
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thank you. Your additions to the or-authemticate.php script helped me out a lot. My only remaining issue is that I cannot get our students authenticated using this script. It works for employees, even service account, but not students.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thank once again. Pardon me for my ignorance about LDAP and Active Directory, but if I'm trying to include multiple OU's to figure out why our students cannot log in, do I need to arrange those OU's in a particular order? I believe our AD tree is like this: OU=Users, OU=People, OU=StudentGroups, OU=Students, OU=CurrentStudents. This is probably just reinforcing your point that I'm going too deep with my baseDN. My campus IT is obstinate and helpful, so I'm trying to determine the AD structure by fumbling around. Also trying to use some LDAP tools in my Win2k8 server to browse the directory structure of our LDAP server, w/o much success so far.
Anyway, thanks for any input you can offer on constructing the correct order of OU's.
Jason
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
We are still struggling with getting the LDAP authentication working with AD and OpenRoom 1.4 on my campus. I have updated the or-authenticate.php file with the recommended changes that were posted here. However, when I access the login page for our OpenRoom installation, nothing happens when I enter my credentials and click the login button. I am pasting the top portion of our or-authenticate file below - can anyone suggest any changes to get it to work?
function AuthenticateUser($username, $password, $settings){
$Host = $settings;
$Host = "ldaps://" .$Host;
$BaseDN = $settings;
// check for empty username and password
if(empty($username) || empty($password))
{
throw new Exception("Username or password not supplied.", 0xb00b00);
}
$connection = @ldap_connect($Host); // try to make a connection
$binduser = "ourusername" //our additions
$bind_pass = "ourpassword" //our additions
$response_from_bind = @ ldap_bind($connection,$binduser,$bind_pass); //our additions
// if a connection could not be made, throw an exception
if(!$connection)
{
throw new Exception(sprintf("Unable to connect to host '%s'.", $Host), 0x5b);
}
// search the Active Directory for username
$result = @ldap_search($connection, $BaseDN, "sAMAccountname=" . $username);
Thanks,
Rod
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
We are trying to get OpenRoom 1.4 up and running and getting an "operations error" when trying to login using LDAP.
We use Active Directory for LDAP and usually need a BIND username and password to use AD. There does not appear to be a LDAP configuration option for a BIND user.
Any ideas?
Thanks!
I'm having the same issue with LDAP. Any assistance on this issue would be greatly appreciated.
We are having the exact same issue. Anybody got ideas on this one?
We added this to or-authenticate.php
function AuthenticateUser($username, $password, $settings){
$Host = $settings;
$BaseDN = $settings;
// check for empty username and password
if(empty($username) || empty($password))
{
throw new Exception("Username or password not supplied.", 0xb00b00);
}
$connection = @ldap_connect($Host); // try to make a connection
$binduser = "user@yourcollege.edu"; // our additions
$bind_pass = "passwordforaboveuser"; // our additions
$response_from_bind = @ ldap_bind($connection,$binduser,$bind_pass); //our additions
Thank you. Your additions to the or-authemticate.php script helped me out a lot. My only remaining issue is that I cannot get our students authenticated using this script. It works for employees, even service account, but not students.
I have a feeling your configured baseDN is going too deep and LDAP can not find the students
Within the admin GUI of OpenRoom try to adjust - or perhaps shorten - your base DN OU=YourSchool_Users,DC=YourSchool,DC=edu
Thank once again. Pardon me for my ignorance about LDAP and Active Directory, but if I'm trying to include multiple OU's to figure out why our students cannot log in, do I need to arrange those OU's in a particular order? I believe our AD tree is like this: OU=Users, OU=People, OU=StudentGroups, OU=Students, OU=CurrentStudents. This is probably just reinforcing your point that I'm going too deep with my baseDN. My campus IT is obstinate and helpful, so I'm trying to determine the AD structure by fumbling around. Also trying to use some LDAP tools in my Win2k8 server to browse the directory structure of our LDAP server, w/o much success so far.
Anyway, thanks for any input you can offer on constructing the correct order of OU's.
Jason
Tough call on the AD stuff. Our IT guys are very helpful and I believe our AD environment is less complex than yours.
but I do still believe your problem it still with the baseDN.
did you try it with just? OU=Users, OU=People
We are still struggling with getting the LDAP authentication working with AD and OpenRoom 1.4 on my campus. I have updated the or-authenticate.php file with the recommended changes that were posted here. However, when I access the login page for our OpenRoom installation, nothing happens when I enter my credentials and click the login button. I am pasting the top portion of our or-authenticate file below - can anyone suggest any changes to get it to work?
function AuthenticateUser($username, $password, $settings){
$Host = $settings;
$Host = "ldaps://" .$Host;
$BaseDN = $settings;
// check for empty username and password
if(empty($username) || empty($password))
{
throw new Exception("Username or password not supplied.", 0xb00b00);
}
$connection = @ldap_connect($Host); // try to make a connection
$binduser = "ourusername" //our additions
$bind_pass = "ourpassword" //our additions
$response_from_bind = @ ldap_bind($connection,$binduser,$bind_pass); //our additions
// if a connection could not be made, throw an exception
if(!$connection)
{
throw new Exception(sprintf("Unable to connect to host '%s'.", $Host), 0x5b);
}
// search the Active Directory for username
$result = @ldap_search($connection, $BaseDN, "sAMAccountname=" . $username);
Thanks,
Rod
Rod, it's weird that you don't get any error message. Can you double check to make sure you have ldap php extensions installed?
I was missing a semicolon at the end of one line of code. Once I added that, I started getting an error message that says "Operations Error".
LDAP PHP extensions are definitely installed. Thanks for any additional insight you may have.