What error do you get from the code?
The code looks like it is using the user credentials, including password:
//construct login name
$user = $this->username . LDAP__USERNAME_EXT;
//bind with the username and password
$bind = ldap_bind($ldapconn, $user, $this->password);
so it is doing more than just checking for the existence of the user name.
Stephen
On 13/04/2016 11:56, Spark, Alistair wrote:
> Hi Paul,
>
> No, it does an authenticated check that the account exists rather than
> with the end user’s credentials or anonymous which WebPA does at the moment
> This bit in particular implements it in PHP with bind dn -
> https://github.com/moodle/moodle/blob/master/auth/ldap/auth.php#L178-L226
>
> I figured the above could inspire a PHP dev to get that working.
>
> Thanks
> Alistair
>
>> On 13 Apr 2016, at 11:49, Paul Newman <[log in to unmask]
>> <mailto:[log in to unmask]>> wrote:
>>
>> Hi,
>>
>> Unfortunately, I don’t know enough about LDAP/AD to know what's
>> missing here.
>>
>> Is the DN binding simply a case of using 'dc=example,dc=com,-name
>> username' instead of [log in to unmask]
>> <mailto:[log in to unmask]>' or is there a lot more to it?
>>
>> --
>> Paul Newman
>> ------------------------------------------------------
>> Senior PHP Developer
>> Centre for Engineering and Design Education
>> Loughborough University
>> ------------------------------------------------------
>>
>>
>>
>> From: Spark, Alistair
>> Subject: Re: WebPA LDAP support
>>
>> Hi Claudio,
>>
>> I came to same conclusion as you - tried setting up WebPA for prod
>> last week and came to the same conclusion & from the looks of this
>> mailing lists’s archives no one has been able to get LDAP working in
>> the last year due to this limitation. Seeing as similar threads to
>> this one have remained without answer.
>>
>> We’re very much at a piloting stage so have resorted to manual
>> accounts. Alternatively, I did note along the way though that an LTI
>> 2.0 integration is being worked on currently, this would allow for
>> seamless integration with all VLEs including memberships & group syncs
>> I believe which would make that integration a lot more useful.
>>
>> Figured that if the pilot is successful we’ll have to invest
>> development time in getting this working, or just use LTI 2.0 if it
>> addresses our needs.
>>
>
> RVC Logo - link to RVC Website <http://www.rvc.ac.uk> Twitter icon -
> link to RVC (Official) Twitter <http://twitter.com/RoyalVetCollege>
> Facebook icon - link to RVC (Official) Facebook
> <http://www.facebook.com/theRVC> YouTube icon - link to RVC YouTube
> <http://www.youtube.com/user/RoyalVetsLondon?feature=mhee> Pinterest
> icon - link to RVC Pinterest <http://pinterest.com/royalvetcollege/>
> Instagram icon - link to RVC Instagram
> <http://instagram.com/royalvetcollege>
>
> This message, together with any attachments, is intended for the stated
> addressee(s) only and may contain privileged or confidential
> information. Any views or opinions presented are solely those of the
> author and do not necessarily represent those of the Royal Veterinary
> College (RVC). If you are not the intended recipient, please notify the
> sender and be advised that you have received this message in error and
> that any use, dissemination, forwarding, printing, or copying is
> strictly prohibited. Unless stated expressly in this email, this email
> does not create, form part of, or vary any contractual or unilateral
> obligation. Email communication cannot be guaranteed to be secure or
> error free as information could be intercepted, corrupted, amended,
> lost, destroyed, incomplete or contain viruses. Therefore, we do not
> accept liability for any such matters or their consequences.
> Communication with us by email will be taken as acceptance of the risks
> inherent in doing so.
>
|