[Haqa]

Quote:

Originally Posted by zhangyc

Hi Haqa,

Thank you for your generous reply, I just get the vBulletin 3.7.6 and tried again, no matter I configured as the picture you posted, or as the picture I posted, it still doesn't work. Can you explain me the exact meaning of the fields "Naming Attribute", "Search Base DN" and "LDAP Attributes"? And can these fields be blank? Thank you!

Ahh.. hmm.. Yes, to use this product you need to know a little about how LDAP works. I don't claim to be a total expert but I'll try to help.

Firstly LDAP is a hierarchical database, that is it is structured like a file system with branches (Think directory) and leaves (Think file). Each node, either branch or leaf has a Distingushed Name (DN) which is made up of the Naming Attribute followed by the DN of the node in which it sits so if you have a branch of your tree called:-

dc=example,dc=com

And the naming attribute for an inetOrgPerson class is CN then an inetOrgPerson with CN=fred would have the DN of:-

cn=fred,dc=example,dc=com

The search base is the point in the tree to start searching from. Think of it like this, if on a windows machine you are searching for a document, you don't want to search the entire hard disk, you might start searching in "C:\Documents and Settings" to limit the time taken to find the file. This is what the search base does, so in my example above, to find fred I might set the search base to:-

dc=example,dc=com

The Additional LDAP Attributes setting is to support my add-on products, like Location Support and Fullname Support. For them to work you need to put the attribute name here so that the LDAP Authentication module pulls out the data needed by the add-on modules. If you are not using any modules which extend LDAP Authentication then you don't need to put anything there.

While I'm at it, don't forget that some AD servers don't support what's known as Simple Bind (Which is all that standard PHP can do) but instead need a different sort of login called Kerberos. If your Windows Server is configured to only support Native authentication then there is a good chance that PHP won't be able to bind (Login) and my module just won't work at all. I'm afraid there is nothing I can do about that, it's simply not possible with the standard version of PHP.

I hope this makes a rather complex and confusing subject a little clearer.

H.