Re: [Phpwiki-talk] Configuring LDAP to connect to Active Directory

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

I have been able to make further progress by changing these two settings:

LDAP_BASE_DN = "DC=PDI,DC=com"
LDAP_AUTH_USER = "CN=ldapclient,CN=Users,DC=PDI,DC=com"

Now when I try to log in as any user that is in the active directory I get:
USER_AUTH_ORDER: => LDAP => Forbidden,

But if I use anything that doesn't exist in the active directory I get:
USER_AUTH_ORDER: => LDAP (nosuchuser) => Forbidden,

So at the very least I do know that it is connecting and properly 
checking if the users exist. However I am still not able to log in with 
a valid user name and password

William Leader wrote:
> I have been able to make some progress on the problem. I started by 
> reverting the config.ini file and configuring it again. This time is was 
> able to get a Call to undefined function: ldap_connect() in LDAP.php 
> line 16. This is good because it never did that before so. It seems that 
> I was missing something in my config.ini to start with. So to get past 
> this problem, I had to uncomment extension=php_ldap.dll in my php.ini. 
> So now it seems that it is really trying to use LDAP, but I am still not 
> completely there. With the debug set to 65 in config.ini, I can now get 
> something like this when logging in:
>
> DEBUG: ALLOW_ANON_EDIT = false, ALLOW_BOGO_LOGIN = false, 
> ALLOW_USER_PASSWORDS = true, ENABLE_PAGEPERM = true, USER_AUTH_ORDER: => 
> LDAP (nosuchuser) => Forbidden, USER_AUTH_POLICY: first-only, 
> PASSWORD_LENGTH_MINIMUM: 0
>
> Correct me if I am wrong, but that tells me that the LDAP code was 
> unable to verify that the supplied user name doesn't exist. I am basing 
> this assumption from the part that reads "USER_AUTH_ORDER: => LDAP 
> (nosuchuser) => Forbidden" meaning LDAP reported that no such user 
> exists, and since LDAP is the only allowed option on my wiki, failing 
> that the only choice remaining was Forbidden user.
>
> Upon double checking the config.ini, I found that the configurator.php 
> script commented out the LDAP settings. I uncommented and changed what I 
> think is correct, based on the hints in the config.ini:
>
> *LDAP_AUTH_HOST = "ldap://12.161.32.40:389"
> ;**12.161.32.40** is the address of the Active Directory server as it is 
> seen from the webserver.
> ;it does run on port 389, because I have been able to configure other 
> programs to connect on that port.
>
> LDAP_BASE_DN = "ou=Users,o=WikiUsers,dc=pdi.com"
> ;I don't know enough about LDAP to know if this is right.
> ;the origional config had o=developement
> ;not being sure what that was I guessed that it is supposed to be the group.
> ;WikiUsers is the group on Active Directory that contains the users that 
> should have access to the wiki.
> ;pdi.com is the name of the domain.
>
> LDAP_SET_OPTION = "LDAP_OPT_PROTOCOL_VERSION=3:LDAP_OPT_REFERRALS=0"
> ;I've heard somewhere active directory needs these, so I just 
> uncommented this line.
>
> LDAP_AUTH_USER = "CN=ldapclient,ou=Users,o=WikiUsers,dc=pdi.com"
> ;I also know that active directory needs a user to log in as to query 
> the directory
> ;ldapclient is a user in my domain created just for that purpose, the 
> rest of the line
> ;was similar to Base_DN so this was also modified in the same way as base_DN
>
> LDAP_AUTH_PASSWORD = secret
> ;the password was changed to match what is in active directory.
>
> LDAP_SEARCH_FIELD = sAMAccountName
> ;i've also heard somewhere that active directory needs this line to 
> search by the old style username (will instead of wi...@pd...)
>
> LDAP_OU_USERS = ou=Users
> LDAP_OU_GROUP = ou=Groups
> ;i don't know what these last two do. so I just uncommented them.
>
> *With all these changes I now get an error when loggin into the wiki:
>
> lib\WikiUser\LDAP.php:28: Warning[2]: ldap_bind() [<a 
> href='function.ldap-bind'>function.ldap-bind</a>]: Unable to bind to 
> server: Invalid credentials
> lib\WikiUser\LDAP.php:37: Warning[512]: Unable to bind LDAP server 
> ldap://12.161.32.40:389 using 
> CN=ldapclient,ou=Users,o=WikiUsers,dc=pdi.com secret
>
> And this is where I am stuck.
>
> -Will
>
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Phpwiki-talk mailing list
> Php...@li...
> https://lists.sourceforge.net/lists/listinfo/phpwiki-talk
>
>
>   