LDAP auth not working

  • Resolved crcinau

    (@crcinau)


    10 years, 1 month ago

    Hi, I’m trying to use LDAP auth for my internal site. I am trying with the uid of the person with no joy.

    I do see the following in the apache error_log:

    PHP Warning:  ldap_connect() expects parameter 2 to be long, string given in authorizer.php on line 1046
PHP Warning:  ldap_set_option(): supplied argument is not a valid ldap link resource in authorizer.php on line 1047
PHP Warning:  ldap_start_tls() expects parameter 1 to be resource, boolean given in authorizer.php on line 1049

    I’m running this on RHEL7 – which has PHP version:

    $ rpm -qa | grep php | sort
php-5.4.16-36.el7_1.x86_64
php-cli-5.4.16-36.el7_1.x86_64
php-common-5.4.16-36.el7_1.x86_64
php-ldap-5.4.16-36.el7_1.x86_64
php-mbstring-5.4.16-36.el7_1.x86_64
php-mcrypt-5.4.16-4.el7.x86_64
php-mysql-5.4.16-36.el7_1.x86_64
php-pdo-5.4.16-36.el7_1.x86_64

    https://ww.wp.xz.cn/plugins/authorizer/

Viewing 4 replies - 1 through 4 (of 4 total)
  • Thread Starter crcinau

    (@crcinau)

    10 years, 1 month ago

    As always happens, I managed to get this going.

    I believe the UI is somewhat confusing with the placeholders not actually being values. My understanding was that values with a placeholder entry were the ‘defaults’ and didn’t need to be set. When I actually added the same text as within the placeholder, things just worked.

    As such, I believe you should rethink the use of placeholders in this way – or implement some defaults if values are not set.

    Thread Starter crcinau

    (@crcinau)

    10 years, 1 month ago

    On the same topic, if you don’t specify the mail address field, the email address is made up of TWO dc= fields. If you have three (ie dc=mydomain,dc=com,dc=au), then you end up with [email protected] as the email address.

    You really should validate *all* supplied dc fields to reconstruct the email address.

    Plugin Author Paul Ryan

    (@figureone)

    10 years, 1 month ago

    Sure, I can set the defaults for a few of the attributes that are likely to be the same on all LDAP installs:
    https://github.com/uhm-coe/authorizer/commit/deb7c36005b3aaf74ad2b4476dac3d6615cfbd94

    The rest of them will probably be different on each install, so I’ll leave the placeholders as a suggestion.

    Regarding the default email address construction, it’s actually coming from the LDAP Host field, not LDAP Search Base. I like your idea of grabbing the dc fields from the search base, as it’s more tolerant of TLDs with country codes. Thanks!
    https://github.com/uhm-coe/authorizer/commit/c609231251d1216bbd60c206ac4bc74da91c6dcd

    These fixes will be in the next release (v2.5.1).

    Plugin Author Paul Ryan

    (@figureone)

    10 years, 1 month ago

    Version 2.5.1 is out now.
    https://ww.wp.xz.cn/plugins/authorizer/changelog/

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘LDAP auth not working’ is closed to new replies.