View Issue Details

WikiRelated ChangesetsJump to Notes
IDProjectCategoryView StatusDate SubmittedLast Update
0007432mantisbtldappublic2006-09-14 04:082009-10-07 14:20
Reporterlandy Assigned Tovboctor  
PrioritynormalSeverityfeatureReproducibilityalways
Status closedResolutionfixed 
PlatformLinuxOSRedHat FedoraOS Version4
Product Version1.1.0a1 
Fixed in Version1.2.0rc2 
Summary0007432: LDAP integration with Active Directory
Description

Not connect AD w3k (non secure)..

config_inc.php (domain changed):
$g_ldap_server = 'pdc.example.com';
$g_ldap_port = '389';
$g_ldap_root_dn = 'DC=example,DC=com';
$g_ldap_organization = '';
$g_ldap_uid_field = 'sAMAccountName';
$g_ldap_bind_dn = 'CN=ldap,OU=Administrators,DC=example,DC=com';
$g_ldap_bind_passwd = '**';
$g_use_ldap_email = OFF;
$g_ldap_protocol_version = 3;

when i add in 'core/ldap_api.php' this:
ldap_set_option( $t_ds, LDAP_OPT_REFERRALS, 0);

all the work!

file included.

Tagspatch
Attached Files
ldap_api.php (5,401 bytes)    
<?php
	# Mantis - a php based bugtracking system
	# Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
	# Copyright (C) 2002 - 2004  Mantis Team   - mantisbt-dev@lists.sourceforge.net
	# This program is distributed under the terms and conditions of the GPL
	# See the README and LICENSE files for details

	# --------------------------------------------------------
	# $Id: ldap_api.php,v 1.19 2006/04/22 01:52:14 vboctor Exp $
	# --------------------------------------------------------

	###########################################################################
	# LDAP API
	###########################################################################

 	# --------------------
	# Connect and bind to the LDAP directory
	function ldap_connect_bind( $p_binddn = '', $p_password = '' ) {
		$t_ldap_server	= config_get( 'ldap_server' );
		$t_ldap_port	= config_get( 'ldap_port' );

		$t_ds = @ldap_connect ( $t_ldap_server, $t_ldap_port );
		if ( $t_ds > 0 ) {
			$t_protocol_version = config_get( 'ldap_protocol_version' );

			if ( $t_protocol_version > 0 ) {
				ldap_set_option( $t_ds, LDAP_OPT_PROTOCOL_VERSION, $t_protocol_version );
				ldap_set_option( $t_ds, LDAP_OPT_REFERRALS, 0);
			}

			# If no Bind DN and Password is set, attempt to login as the configured
			#  Bind DN.
			if ( is_blank( $p_binddn ) && is_blank( $p_password ) ) {
				$p_binddn	= config_get( 'ldap_bind_dn', '' );
				$p_password	= config_get( 'ldap_bind_passwd', '' );
			}

			if ( !is_blank( $p_binddn ) && !is_blank( $p_password ) ) {
				$t_br = @ldap_bind( $t_ds, $p_binddn, $p_password );
			} else {
				# Either the Bind DN or the Password are empty, so attempt an anonymous bind.
				$t_br = @ldap_bind( $t_ds );
			}
			if ( !$t_br ) {
				trigger_error( ERROR_LDAP_AUTH_FAILED, ERROR );
			}
		} else {
			trigger_error( ERROR_LDAP_SERVER_CONNECT_FAILED, ERROR );
		}

		return $t_ds;
	}

 	# --------------------
	# Return an email address from LDAP, given a userid
	function ldap_email( $p_user_id ) {
		$t_username = user_get_field( $p_user_id, 'username' );
		return ldap_email_from_username($t_username);
	}

 	# --------------------
	# Return an email address from LDAP, given a username
	function ldap_email_from_username( $p_username ) {
		$t_ldap_organization	= config_get( 'ldap_organization' );
		$t_ldap_root_dn	    	= config_get( 'ldap_root_dn' );

		$t_ldap_uid_field = config_get( 'ldap_uid_field', 'uid' ) ;
		$t_search_filter	= "(&$t_ldap_organization($t_ldap_uid_field=$p_username))";
		$t_search_attrs		= array( $t_ldap_uid_field, 'mail', 'dn' );
		$t_ds           	= ldap_connect_bind();

		$t_sr	= ldap_search( $t_ds, $t_ldap_root_dn, $t_search_filter, $t_search_attrs );
		$t_info	= ldap_get_entries( $t_ds, $t_sr );
		ldap_free_result( $t_sr );
		ldap_unbind( $t_ds );

		return $t_info[0]['mail'][0];
	}

	# --------------------
	# Return true if the $uid has an assigngroup=$p_group tag, false otherwise
	function ldap_has_group( $p_user_id, $p_group ) {
		$t_ldap_organization	= config_get( 'ldap_organization' );
		$t_ldap_root_dn			= config_get( 'ldap_root_dn' );

		$t_username      	= user_get_field( $p_user_id, 'username' );
		$t_ldap_uid_field	= config_get( 'ldap_uid_field', 'uid' ) ;
		$t_search_filter 	= "(&$t_ldap_organization($t_ldap_uid_field=$t_username)(assignedgroup=$p_group))";
		$t_search_attrs	 	= array( $t_ldap_uid_field, 'dn', 'assignedgroup' );
		$t_ds            	= ldap_connect_bind();

		$t_sr     	= ldap_search( $t_ds, $t_ldap_root_dn, $t_search_filter, $t_search_attrs );
		$t_entries	= ldap_count_entries( $t_ds, $t_sr );
		ldap_free_result( $t_sr );
		ldap_unbind( $t_ds );

		if ( $t_entries > 0 ) {
			return true;
		} else {
			return false;
		}
	}

	# --------------------
	# Attempt to authenticate the user against the LDAP directory
	#  return true on successful authentication, false otherwise
	function ldap_authenticate( $p_user_id, $p_password ) {
		# if password is empty and ldap allows anonymous login, then
		# the user will be able to login, hence, we need to check
		# for this special case.
		if ( is_blank( $p_password ) ) {
			return false;
		}

		$t_ldap_organization	= config_get( 'ldap_organization' );
		$t_ldap_root_dn			= config_get( 'ldap_root_dn' );

		$t_username      	= user_get_field( $p_user_id, 'username' );
		$t_ldap_uid_field	= config_get( 'ldap_uid_field', 'uid' ) ;
		$t_search_filter 	= "(&$t_ldap_organization($t_ldap_uid_field=$t_username))";
		$t_search_attrs  	= array( $t_ldap_uid_field, 'dn' );
		$t_ds            	= ldap_connect_bind();

		# Search for the user id
		$t_sr	= ldap_search( $t_ds, $t_ldap_root_dn, $t_search_filter, $t_search_attrs );
		$t_info	= ldap_get_entries( $t_ds, $t_sr );

		$t_authenticated = false;

		if ( $t_info ) {
			# Try to authenticate to each until we get a match
			for ( $i = 0 ; $i < $t_info['count'] ; $i++ ) {
				$t_dn = $t_info[$i]['dn'];

				# Attempt to bind with the DN and password
				if ( @ldap_bind( $t_ds, $t_dn, $p_password ) ) {
					$t_authenticated = true;
					break; # Don't need to go any further
				}
			}
		}

		ldap_free_result( $t_sr );
		ldap_unbind( $t_ds );

		return $t_authenticated;
	}

	# --------------------
	# Create a new user account in the LDAP Directory.

	# --------------------
	# Update the user's account in the LDAP Directory

	# --------------------
	# Change the user's password in the LDAP Directory
?>
ldap_api.php (5,401 bytes)   

Relationships

related to 0007620 closedvboctor ldap_search: Operation Error 
related to 0004235 closedvboctor Support Generic Authentication through Plug-ins 

Activities

tk

tk

2008-11-21 03:58

reporter   ~0019965

duplicate of 0007620 ?
ashu

ashu

2009-04-07 11:09

reporter   ~0021416

confirmed on Win2k3, Mantis 1.2.0a3
vboctor

vboctor

2009-07-06 04:30

manager   ~0022412

Here are the fixes that I just checked in to master and master-1.2.x:

  • Added support for $g_ldap_port.
  • Added support for referrals option via configuration.
  • Added documentation about Active Directory settings.

Related Changesets

MantisBT: master 1fc901f9

2009-07-06 04:28

vboctor


Details Diff		 Fixes 0007432: LDAP integration with Active Directory. Affected Issues
0007432
mod - config_defaults_inc.php Diff File
mod - core/ldap_api.php Diff File
mod - docbook/adminguide/en/configuration.sgml Diff File

MantisBT: master-1.2.x d7d3f957

2009-07-06 04:28

vboctor


Details Diff		 Fixes 0007432: LDAP integration with Active Directory. Affected Issues
0007432
mod - config_defaults_inc.php Diff File
mod - docbook/adminguide/en/configuration.sgml Diff File
mod - core/ldap_api.php Diff File