#209 LDAP lookup problem -- with fix

[Anonymous]

Name: Reed Wade
Email: reed@cadre5.com

Our LDAP directory is organized such that a uid lookup is needed to get the correct user DN before the binding attempt. We have users split into different OU's so a single DN

I've written and tested (against phpopenchat-3.0.1) a short ldap auth function which I would be happy to send you.

-reed

[Reed]

Logged In: YES
user_id=1123655

function ldap_auth($user,$passwd,$basedn,$groupdn="") {

// $basedn = "dc=cadre5,dc=com";

if (!$ldap = ldap_connect("ldap.cadre5.com")) {
// return "connect failed";
return '';
}

if (!$res = @ldap_bind($ldap)) {
// return "anon bind failed";
return '';
}

$filter="(|(uid=$user))";
$res = @ldap_search($ldap, $basedn, $filter, array
("dn"));

$info = @ldap_get_entries($ldap, $res);

if ($info["count"] != 1) {
// return "can't find user ($user)";
return '';
}

$userdn = $info[0]["dn"];

if (strlen($groupdn)) {

$filter="(|(member=$userdn))";
$res = @ldap_search($ldap, $groupdn.",".$basedn,
$filter, array("dn"));

$info = @ldap_get_entries($ldap, $res);

if ($info["count"] != 1) {
// return "user ($user) is not a member of this
group";
return '';
}

}

# now try to bind w/user DN
if (!$res = @ldap_bind($ldap, $userdn, $passwd)) {
// return "passwd failed for user ($user)";
return '';
}

return $user;
}

[Reed]

Logged In: YES
user_id=1123655

Then, around line 1940 in class.Chatter.inc replace the ldap
search code with--

return ldap_auth($user, $password, LDAP_DN);

And maybe somewhere at the top, a reference to the
function--

require_once(POC_INCLUDE_PATH.'/ldapAuth.php');

[Reed]

Logged In: YES
user_id=1123655

We use group membership to manage who is allowed to get
at certain things. I'll probably be extending that to our
phpopenchat installation. That's why I've left the group
option in ldap_auth()