|
123
|
I have managed to figure out ldp.exe and have now got anonymous searchs working against our Active Directory
However still having trouble with this mod. I have modified the controller so $ldapFilter = "(sAMAccountName=" . $vbulletin->GPC['vb_login_username'] .")"; using ldp.exe I can do the above search ok Using the debug controller I can see it hangs at $searchDn=ldap_search($ldapConnection,$ldapBase,$l dapFilter); If I add a line before it if(defined('LDDEBUG')) { wrlog("++ presearch /t $ldapConnection,$ldapBase,$ldapFilter"); } I get this in my log file ++ presearch /t Resource id #15,dc=thebookpeople,dc=com,(sAMAccountName=test98 7) ANy ideas, desperate for this to work! Cheers John |
Quote:
- $ldapBase printed (dc=thebookpeople,dc=com) - $ldapFiler printed (sAMAccountName=test987) - $ldapConnection is working, too is it working when you print some text into debuglog right after $searchDn=ldap_search($ldapConnection,$ldapBase,$l dapFilter); ? -malc |
Thanks
|
Quote:
Progress! I have had some partial success. If I specify in the ldapconfig.php the actual OU that the account exists in $ldapBase = "OU=users,OU=Haydock,DC=thebookpeople,DC=com"; and use the cn for the ldapfilter $ldapFilter = "(cn=" . $vbulletin->GPC['vb_login_username'] .")"; then it works if I login with the actual fullname , ie for me cn=john ainsworth What I really need is to be able to set the Base to be our top level AD DC=thebookpeople,DC=com rather than be specific Also to be able to use their login name rather than the Active Directory Object name I did work out that I changed ldapfilter to query the Active Directory property sAMAccountName instead of cn and changed the ldapbase to be CN=John Ainsworth,OU=HayIT,OU=Haydock,DC=thebookpeople,DC= com then it would log me in Cheers |
if you can only find your user in the "long" tree but the search does not succed with the top level AD base, then it "could" be possivle that AD has a mechanism (like any other ldap) to deny a subtreee (scope) search.
if that works (test with the ldap client command), php standard search scope is subtree (LDAP_SCOPE_SUBTREE) - http://de.php.net/manual/en/function.ldap-search.php your other thoughts are right: - login with samaccountname - search for user (samaccountname=username) - bind with the full dn (cn=....) -malc |
[QUOTE=malcolmx;1510358]if you can only find your user in the "long" tree but the search does not succed with the top level AD base, then it "could" be possivle that AD has a mechanism (like any other ldap) to deny a subtreee (scope) search.
All sorted!! If you want to query sub trees in Active Directory don't use the standard port number , use 3268 instead Once I changed the port number I was able to change the filter to $ldapFilter = "(sAMAccountName=" . $vbulletin->GPC['vb_login_username'] .")"; to login using the AD login name rather than the cn name Cheers for all your help malc |
thanks for using my plugin and its nice to see another one using it :)
dont forget to click on "Mark as Installed" :) thanks for your support! -malc |
I am new to using plugins for vBulletin and the error is probaly basic.
I downloaded the plugin and followed the directions, but when I get to step 6: I receive a message "invalid file specified". Step 6 is in admin cp import the product at "Download / Upload" Plugins I am using the plugin hooks_ldap.xml located in the ./includes/xml/. Any help would be appreciated. |
I got it working.
|
| All times are GMT. The time now is 02:21 PM. |
Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
| X vBulletin 3.8.12 by vBS Debug Information | |
|---|---|
|
|
 More Information |
|
|
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|