Re: [phpesp-general] Active Directory

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi,

the code has been added, see options ldap_bind_dn and
ldap_bind_password in admin/phpESP.ini.php

Franky

On Fri, 28 Mar 2008 17:25:09 +0100
"Franky Van Liedekerke" <lie...@te...> wrote:

> I will add a config option that lets you define a search user and
> password, so those can then be used to bind to do the user DN-search.
> Many LDAP configs have DN's for users where the username is not even
> mentioned, eg for me this could be:
> DN=cn=franky van liedekerke,o=edynamics,c=be
> while my username is totally different than "franky van
> liedekerke" :-) So you can't asume the DN just by having part of it
> in a config, you need to search for it.
> 
> Franky
> 
> On 3/28/08, Matthew Gregg <mat...@gm...> wrote:
> >
> > Looking at the code yeah we search then bind, which is valid.  I
> > wonder if we should have a default distinguished name(DN) in the
> > config and if that is set, skip the search and bind directly as
> > that DN substituting the filter attribute and the username used?
> >
> >
> > On Fri, 2008-03-28 at 15:40 +0100, Franky Van Liedekerke wrote:
> > > Yes, to know the DN of the user, you need to search ldap first
> > > (because the user enters his username, not his DN)
> > >
> > > Franky
> > >
> > >
> > > On 3/28/08, Matthew Gregg <mat...@gm...> wrote:
> > >         Do we browse before we bind in the ldap auth code?
> > >
> > >         On Fri, 2008-03-28 at 14:27 +0100, Franky Van Liedekerke
> > >         wrote:
> > >         > For the moment, this is indeed an issue. I'll fix this
> > >         > and
> > >         add this
> > >         > possibility in the next version.
> > >         > For now: go to admin/include/lib/espauth-ldap.inc,
> > >         > search
> > >         for the line
> > >         > that mentions "ldap_connect" and add the following
> > >         > lines:
> > >         >
> > >         > if ($ds) {
> > >         >    $ldapbind=ldap_bind($ds, "YOUR DN","YOUR PASS");
> > >         >    if (!$ldapbin) {
> > >         >       return false;
> > >         >    }
> > >         > }
> > >         >
> > >         > Franky
> > >         >
> > >         >
> > >         > On 3/28/08, Mihails Agafonovs <_m...@in...> wrote:
> > >         >         Hi!
> > >         >         Has someone configured phpESP authentication to
> > >         > work
> > >         with
> > >         >         Active Directory? I've tried that, but there is
> > >         > a
> > >         problem,
> > >         >         that Active Directory doesn't allow anonymous
> > >         browsing, so I
> > >         >         can't even perform a successful bind.
> > >         >         Ar cieņu, Mihails
> > >         >
> > >         >