Dependency Graph

View IssueRelationship GraphHorizontalShow Summary
Dependency Graph
related to related to child of child of duplicate of duplicate of

View Issue Details

WikiRelated ChangesetsJump to Notes
IDProjectCategoryView StatusDate SubmittedLast Update
0007432mantisbtldappublic2006-09-14 04:082024-08-15 06:52
Reporterlandy Assigned Tovboctor  
PrioritynormalSeverityfeatureReproducibilityalways
Status closedResolutionfixed 
PlatformLinuxOSRedHat FedoraOS Version4
Product Version1.1.0a1 
Fixed in Version1.2.0rc2 
Summary0007432: LDAP integration with Active Directory
Description

Not connect AD w3k (non secure)..

config_inc.php (domain changed):
$g_ldap_server = 'pdc.example.com';
$g_ldap_port = '389';
$g_ldap_root_dn = 'DC=example,DC=com';
$g_ldap_organization = '';
$g_ldap_uid_field = 'sAMAccountName';
$g_ldap_bind_dn = 'CN=ldap,OU=Administrators,DC=example,DC=com';
$g_ldap_bind_passwd = '**';
$g_use_ldap_email = OFF;
$g_ldap_protocol_version = 3;

when i add in 'core/ldap_api.php' this:
ldap_set_option( $t_ds, LDAP_OPT_REFERRALS, 0);

all the work!

file included.

Tagspatch
Attached Files
ldap_api.php (5,401 bytes)    
<?php
	# Mantis - a php based bugtracking system
	# Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
	# Copyright (C) 2002 - 2004  Mantis Team   - mantisbt-dev@lists.sourceforge.net
	# This program is distributed under the terms and conditions of the GPL
	# See the README and LICENSE files for details

	# --------------------------------------------------------
	# $Id: ldap_api.php,v 1.19 2006/04/22 01:52:14 vboctor Exp $
	# --------------------------------------------------------

	###########################################################################
	# LDAP API
	###########################################################################

 	# --------------------
	# Connect and bind to the LDAP directory
	function ldap_connect_bind( $p_binddn = '', $p_password = '' ) {
		$t_ldap_server	= config_get( 'ldap_server' );
		$t_ldap_port	= config_get( 'ldap_port' );

		$t_ds = @ldap_connect ( $t_ldap_server, $t_ldap_port );
		if ( $t_ds > 0 ) {
			$t_protocol_version = config_get( 'ldap_protocol_version' );

			if ( $t_protocol_version > 0 ) {
				ldap_set_option( $t_ds, LDAP_OPT_PROTOCOL_VERSION, $t_protocol_version );
				ldap_set_option( $t_ds, LDAP_OPT_REFERRALS, 0);
			}

			# If no Bind DN and Password is set, attempt to login as the configured
			#  Bind DN.
			if ( is_blank( $p_binddn ) && is_blank( $p_password ) ) {
				$p_binddn	= config_get( 'ldap_bind_dn', '' );
				$p_password	= config_get( 'ldap_bind_passwd', '' );
			}

			if ( !is_blank( $p_binddn ) && !is_blank( $p_password ) ) {
				$t_br = @ldap_bind( $t_ds, $p_binddn, $p_password );
			} else {
				# Either the Bind DN or the Password are empty, so attempt an anonymous bind.
				$t_br = @ldap_bind( $t_ds );
			}
			if ( !$t_br ) {
				trigger_error( ERROR_LDAP_AUTH_FAILED, ERROR );
			}
		} else {
			trigger_error( ERROR_LDAP_SERVER_CONNECT_FAILED, ERROR );
		}

		return $t_ds;
	}

 	# --------------------
	# Return an email address from LDAP, given a userid
	function ldap_email( $p_user_id ) {
		$t_username = user_get_field( $p_user_id, 'username' );
		return ldap_email_from_username($t_username);
	}

 	# --------------------
	# Return an email address from LDAP, given a username
	function ldap_email_from_username( $p_username ) {
		$t_ldap_organization	= config_get( 'ldap_organization' );
		$t_ldap_root_dn	    	= config_get( 'ldap_root_dn' );

		$t_ldap_uid_field = config_get( 'ldap_uid_field', 'uid' ) ;
		$t_search_filter	= "(&$t_ldap_organization($t_ldap_uid_field=$p_username))";
		$t_search_attrs		= array( $t_ldap_uid_field, 'mail', 'dn' );
		$t_ds           	= ldap_connect_bind();

		$t_sr	= ldap_search( $t_ds, $t_ldap_root_dn, $t_search_filter, $t_search_attrs );
		$t_info	= ldap_get_entries( $t_ds, $t_sr );
		ldap_free_result( $t_sr );
		ldap_unbind( $t_ds );

		return $t_info[0]['mail'][0];
	}

	# --------------------
	# Return true if the $uid has an assigngroup=$p_group tag, false otherwise
	function ldap_has_group( $p_user_id, $p_group ) {
		$t_ldap_organization	= config_get( 'ldap_organization' );
		$t_ldap_root_dn			= config_get( 'ldap_root_dn' );

		$t_username      	= user_get_field( $p_user_id, 'username' );
		$t_ldap_uid_field	= config_get( 'ldap_uid_field', 'uid' ) ;
		$t_search_filter 	= "(&$t_ldap_organization($t_ldap_uid_field=$t_username)(assignedgroup=$p_group))";
		$t_search_attrs	 	= array( $t_ldap_uid_field, 'dn', 'assignedgroup' );
		$t_ds            	= ldap_connect_bind();

		$t_sr     	= ldap_search( $t_ds, $t_ldap_root_dn, $t_search_filter, $t_search_attrs );
		$t_entries	= ldap_count_entries( $t_ds, $t_sr );
		ldap_free_result( $t_sr );
		ldap_unbind( $t_ds );

		if ( $t_entries > 0 ) {
			return true;
		} else {
			return false;
		}
	}

	# --------------------
	# Attempt to authenticate the user against the LDAP directory
	#  return true on successful authentication, false otherwise
	function ldap_authenticate( $p_user_id, $p_password ) {
		# if password is empty and ldap allows anonymous login, then
		# the user will be able to login, hence, we need to check
		# for this special case.
		if ( is_blank( $p_password ) ) {
			return false;
		}

		$t_ldap_organization	= config_get( 'ldap_organization' );
		$t_ldap_root_dn			= config_get( 'ldap_root_dn' );

		$t_username      	= user_get_field( $p_user_id, 'username' );
		$t_ldap_uid_field	= config_get( 'ldap_uid_field', 'uid' ) ;
		$t_search_filter 	= "(&$t_ldap_organization($t_ldap_uid_field=$t_username))";
		$t_search_attrs  	= array( $t_ldap_uid_field, 'dn' );
		$t_ds            	= ldap_connect_bind();

		# Search for the user id
		$t_sr	= ldap_search( $t_ds, $t_ldap_root_dn, $t_search_filter, $t_search_attrs );
		$t_info	= ldap_get_entries( $t_ds, $t_sr );

		$t_authenticated = false;

		if ( $t_info ) {
			# Try to authenticate to each until we get a match
			for ( $i = 0 ; $i < $t_info['count'] ; $i++ ) {
				$t_dn = $t_info[$i]['dn'];

				# Attempt to bind with the DN and password
				if ( @ldap_bind( $t_ds, $t_dn, $p_password ) ) {
					$t_authenticated = true;
					break; # Don't need to go any further
				}
			}
		}

		ldap_free_result( $t_sr );
		ldap_unbind( $t_ds );

		return $t_authenticated;
	}

	# --------------------
	# Create a new user account in the LDAP Directory.

	# --------------------
	# Update the user's account in the LDAP Directory

	# --------------------
	# Change the user's password in the LDAP Directory
?>
ldap_api.php (5,401 bytes)   

Relationships

Relationship GraphDependency Graph
related to 0007620 closedvboctor ldap_search: Operation Error 
related to 0004235 closedvboctor Support Generic Authentication through Plug-ins 
related to 0007478 closeddregad MS Active Directory Authentication 

Activities

tk

tk

2008-11-21 03:58

reporter   ~0019965

duplicate of 0007620 ?
ashu

ashu

2009-04-07 11:09

reporter   ~0021416

confirmed on Win2k3, Mantis 1.2.0a3
vboctor

vboctor

2009-07-06 04:30

manager   ~0022412

Here are the fixes that I just checked in to master and master-1.2.x:

  • Added support for $g_ldap_port.
  • Added support for referrals option via configuration.
  • Added documentation about Active Directory settings.

Related Changesets

MantisBT: master 1fc901f9

2009-07-06 04:28

vboctor


Details Diff		 Fixes 0007432: LDAP integration with Active Directory. Affected Issues
0007432
mod - config_defaults_inc.php Diff File
mod - core/ldap_api.php Diff File
mod - docbook/adminguide/en/configuration.sgml Diff File

MantisBT: master-1.2.x d7d3f957

2009-07-06 04:28

vboctor


Details Diff		 Fixes 0007432: LDAP integration with Active Directory. Affected Issues
0007432
mod - config_defaults_inc.php Diff File
mod - docbook/adminguide/en/configuration.sgml Diff File
mod - core/ldap_api.php Diff File