0010617: LDAP login not work on AD

ID	Project	Category	View Status	Date Submitted	Last Update
0010617	mantisbt	ldap	public	2009-06-23 07:15	2010-04-23 23:21

Reporter	lone	Assigned To	vboctor
Priority	normal	Severity	minor	Reproducibility	always
Status	closed	Resolution	duplicate
Product Version	1.1.7

Summary	0010617: LDAP login not work on AD
Description	--- LDAP --------- $g_login_method = LDAP; $g_ldap_server = 'abc.com.tw'; $g_ldap_port = '389'; $g_ldap_root_dn = 'dc=abc,dc=com,dc=tw'; $g_ldap_organization = ''; $g_ldap_uid_field = 'sAMAccountName'; $g_ldap_bind_dn = 'xxx@abc.com.tw'; $g_ldap_bind_passwd = 'xxxxxxxx'; 使用LDAP 所查到的email address 或 mantis 資料庫中的 $g_use_ldap_email = ON; The LDAP Protocol Version, if 0, then the protocol version is not set. $g_ldap_protocol_version = 3; // AD 需使用 LDAP V3
Steps To Reproduce	will show error: SYSTEM WARNING: ldap_search() [function.ldap-search]: Search: Operations error SYSTEM WARNING: ldap_get_entries(): supplied argument is not a valid ldap result resource SYSTEM WARNING: ldap_free_result(): supplied argument is not a valid ldap result resource
Additional Information	need to add [ldap_set_option( $t_ds, LDAP_OPT_REFERRALS, 0); ] on [core/ldap_api.php] (almost line43) as below if ( $t_protocol_version > 0 ) { ldap_set_option( $t_ds, LDAP_OPT_PROTOCOL_VERSION, $t_protocol_version ); `#Add by lone for LDAP of AD ldap_set_option( $t_ds, LDAP_OPT_REFERRALS, 0); }`
Tags	patch

Woefdram 2009-06-24 04:53 reporter ~0022254	It seems to me that your ldap bind DN is not in the correct form. Should probably be something like uid=me,dc=abc,dc=com,dc=tw. Check if binding actually succeeds. Using Wireshark (http://www.wireshark.org/) on the LDAP connection should give you a good idea of what happens and what not.

lone 2009-06-24 06:20 reporter ~0022255	$g_ldap_bind_dn = 'uid=user,dc=abc,dc=com,dc=tw'; also fail: LDAP Authentication Failed.

lone 2009-06-24 06:28 reporter ~0022256	it's the same issue of http://www.mantisbt.org/bugs/view.php?id=7620

--- LDAP ---------