Hi All,
Troels has mentioned an issue with LDAP authentication in WebPA 2 and I believe it is related to a bug I posed in SourceForge a while ago. In the file class_ldap_authenticator.php there is an if statement on line 98 which seems to cause the issue:
if (LDAP__AUTO_CREATE_USER) {
$sql = 'INSERT INTO ' . APP__DB_TABLE_PREFIX . 'user SET ' . implode(', ', $els) . ", username = '{$this->username}', password = '" . md5(str_random()) . "', source_id = ''";
$sql .= ' ON DUPLICATE KEY UPDATE ' . implode(', ', $els);
$DAO->execute($sql);
$id = $DAO->get_insert_id();
$sql = 'SELECT * FROM ' . APP__DB_TABLE_PREFIX . "user WHERE user_id = $id";
}
The key point here is that $els is based on the following array:
$_fields = array('forename' => $info[0]['givenname'][0],
'lastname' => $info[0]['sn'][0],
'email' => $info[0]['mail'][0],
'user_type' => get_LDAP_user_type($info[0][LDAP__USER_TYPE_ATTRIBUTE]),
);
$els = array();
In the PA2_user table we do not have a field called user_type as this was removed when transitioning from version 1 to version 2 of WebPA. If I am understanding the code correctly, the insert statement will always fail.
The code for setting up the table pa2_user is pasted below to show the absence of the user_type field:
CREATE TABLE pa2_user (
user_id int(10) unsigned NOT NULL AUTO_INCREMENT,
source_id varchar(255) NOT NULL DEFAULT '',
username varchar(255) NOT NULL,
`password` varchar(45) NOT NULL,
id_number varchar(255) DEFAULT NULL,
department_id varchar(255) DEFAULT NULL,
forename varchar(255) NOT NULL,
lastname varchar(255) NOT NULL,
email varchar(255) DEFAULT NULL,
admin tinyint(1) NOT NULL DEFAULT '0',
disabled tinyint(1) NOT NULL DEFAULT '0',
date_last_login datetime DEFAULT NULL,
last_module_id int(10) DEFAULT NULL,
PRIMARY KEY (user_id)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
Because of this bug you will always receive the error message: ' Your username and password were rejected.'
All the best,
Andrew Millington
-----Original Message-----
From: WebPA [mailto:[log in to unmask]] On Behalf Of Troels Bugge
Sent: 04 March 2014 12:30
To: [log in to unmask]
Subject: LDAP integration with WebPA v2
Hi everybody,
I have installed WebPA and would like to integrate it with our LDAP. I have tried almost every setting I can think of, but I have had no succes with the integration. From what I can read from the errors I have established connection to our LDAP (im not presented with a connection error), I get a "Your username and password were rejected. Please check your details and try again.", when I tried logging in with a LDAP user. If I use the local db user, the login is successful.
So here's my questions :)
Have anybody successfully made the integration with LDAP using WebPA v2?
If so, are there any specific modifications I have to do ind our LDAP to get it working?
My ldap configurations are the following:
define(LDAP__HOST', "myldap.my.domain.com"); define(LDAP__PORT', 3268); define(LDAP__USERNAME_EXT', [log in to unmask]); define(LDAP__BASE', 'dc=my dc=domain dc=com'); define(LDAP__FILTER', 'name={username}*'); define(LDAP__USER_TYPE_ATTRIBUTE', 'description'); define(LDAP__DEBUG_LEVEL', 7); define(LDAP__AUTO_CREATE_USER', TRUE);
I would appreciate any help :)
Thank you!
Regards,
Troels Jon Bugge
Aarhus School of Marine and Technical Engineering Aarhus, Denmark
The University of Aberdeen is a charity registered in Scotland, No SC013683.
|