I think the updated version of this file which I attached to my recent 
email does not include this bug.

Stephen

On 07/03/2014 12:01, Millington, Andrew John wrote:
> Hi All,
>
> Troels has mentioned an issue with LDAP authentication in WebPA 2 and I believe it is related to a bug I posed in SourceForge a while ago. In the file class_ldap_authenticator.php there is an if statement on line 98 which seems to cause the issue:
>
> if (LDAP__AUTO_CREATE_USER) {
>
>        $sql = 'INSERT INTO ' . APP__DB_TABLE_PREFIX . 'user SET ' . implode(', ', $els) . ", username = '{$this->username}', password = '" . md5(str_random()) . "', source_id = ''";
>        $sql .= ' ON DUPLICATE KEY UPDATE ' . implode(', ', $els);
>        $DAO->execute($sql);
>        $id = $DAO->get_insert_id();
>        $sql = 'SELECT * FROM ' . APP__DB_TABLE_PREFIX . "user WHERE user_id = $id";
>
>      }
>
> The key point here is that $els is based on the following array:
>
> $_fields = array('forename' => $info[0]['givenname'][0],
>                       'lastname'  => $info[0]['sn'][0],
>                       'email'     => $info[0]['mail'][0],
>                       'user_type' => get_LDAP_user_type($info[0][LDAP__USER_TYPE_ATTRIBUTE]),
>                       );
>      $els = array();
>
> In the PA2_user table we do not have a field called user_type as this was removed when transitioning from version 1 to version 2 of WebPA. If I am understanding the code correctly, the insert statement will always fail.
>
> The code for setting up the table pa2_user is pasted below to show the absence of the user_type field:
>
> CREATE TABLE pa2_user (
>    user_id int(10) unsigned NOT NULL AUTO_INCREMENT,
>    source_id varchar(255) NOT NULL DEFAULT '',
>    username varchar(255) NOT NULL,
>    `password` varchar(45) NOT NULL,
>    id_number varchar(255) DEFAULT NULL,
>    department_id varchar(255) DEFAULT NULL,
>    forename varchar(255) NOT NULL,
>    lastname varchar(255) NOT NULL,
>    email varchar(255) DEFAULT NULL,
>    admin tinyint(1) NOT NULL DEFAULT '0',
>    disabled tinyint(1) NOT NULL DEFAULT '0',
>    date_last_login datetime DEFAULT NULL,
>    last_module_id int(10) DEFAULT NULL,
>    PRIMARY KEY (user_id)
> ) ENGINE=InnoDB DEFAULT CHARSET=latin1;
>
> Because of this bug you will always receive the error message: ' Your username and password were rejected.'
>
> All the best,
>
> Andrew Millington
>
> -----Original Message-----
> From: WebPA [mailto:[log in to unmask]] On Behalf Of Troels Bugge
> Sent: 04 March 2014 12:30
> To: [log in to unmask]
> Subject: LDAP integration with WebPA v2
>
> Hi everybody,
>
> I have installed WebPA and would like to integrate it with our LDAP. I have tried almost every setting I can think of, but I have had no succes with the integration. From what I can read from the errors I have established connection to our LDAP (im not presented with a connection error), I get a "Your username and password were rejected. Please check your details and try again.", when I tried logging in with a LDAP user. If I use the local db user, the login is successful.
>
> So here's my questions :)
>
> Have anybody successfully made the integration with LDAP using WebPA v2?
> If so, are there any specific modifications I have to do ind our LDAP to get it working?
>
> My ldap configurations are the following:
>
> define(LDAP__HOST', "myldap.my.domain.com"); define(LDAP__PORT', 3268); define(LDAP__USERNAME_EXT', [log in to unmask]); define(LDAP__BASE', 'dc=my dc=domain dc=com'); define(LDAP__FILTER', 'name={username}*'); define(LDAP__USER_TYPE_ATTRIBUTE', 'description'); define(LDAP__DEBUG_LEVEL', 7); define(LDAP__AUTO_CREATE_USER', TRUE);
>
> I would appreciate any help :)
>
> Thank you!
>
> Regards,
> Troels Jon Bugge
> Aarhus School of Marine and Technical Engineering Aarhus, Denmark
> The University of Aberdeen is a charity registered in Scotland, No SC013683.
>