0007432: LDAP integration with Active Directory - MantisBT

ID	Project	Category	View Status	Date Submitted	Last Update
0007432	mantisbt	ldap	public	2006-09-14 04:08	2024-08-15 06:52

Reporter	landy	Assigned To	vboctor
Priority	normal	Severity	feature	Reproducibility	always
Status	closed	Resolution	fixed
Platform	Linux	OS	RedHat Fedora	OS Version	4
Product Version	1.1.0a1
Fixed in Version	1.2.0rc2

Summary	0007432: LDAP integration with Active Directory
Description	Not connect AD w3k (non secure).. config_inc.php (domain changed): $g_ldap_server = 'pdc.example.com'; $g_ldap_port = '389'; $g_ldap_root_dn = 'DC=example,DC=com'; $g_ldap_organization = ''; $g_ldap_uid_field = 'sAMAccountName'; $g_ldap_bind_dn = 'CN=ldap,OU=Administrators,DC=example,DC=com'; $g_ldap_bind_passwd = '**'; $g_use_ldap_email = OFF; $g_ldap_protocol_version = 3; when i add in 'core/ldap_api.php' this: ldap_set_option( $t_ds, LDAP_OPT_REFERRALS, 0); all the work! file included.
Tags	patch
Attached Files	ldap_api.php (5,401 bytes) <?php # Mantis - a php based bugtracking system # Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org # Copyright (C) 2002 - 2004 Mantis Team - mantisbt-dev@lists.sourceforge.net # This program is distributed under the terms and conditions of the GPL # See the README and LICENSE files for details # -------------------------------------------------------- # $Id: ldap_api.php,v 1.19 2006/04/22 01:52:14 vboctor Exp $ # -------------------------------------------------------- ########################################################################### # LDAP API ########################################################################### # -------------------- # Connect and bind to the LDAP directory function ldap_connect_bind( $p_binddn = '', $p_password = '' ) { $t_ldap_server = config_get( 'ldap_server' ); $t_ldap_port = config_get( 'ldap_port' ); $t_ds = @ldap_connect ( $t_ldap_server, $t_ldap_port ); if ( $t_ds > 0 ) { $t_protocol_version = config_get( 'ldap_protocol_version' ); if ( $t_protocol_version > 0 ) { ldap_set_option( $t_ds, LDAP_OPT_PROTOCOL_VERSION, $t_protocol_version ); ldap_set_option( $t_ds, LDAP_OPT_REFERRALS, 0); } # If no Bind DN and Password is set, attempt to login as the configured # Bind DN. if ( is_blank( $p_binddn ) && is_blank( $p_password ) ) { $p_binddn = config_get( 'ldap_bind_dn', '' ); $p_password = config_get( 'ldap_bind_passwd', '' ); } if ( !is_blank( $p_binddn ) && !is_blank( $p_password ) ) { $t_br = @ldap_bind( $t_ds, $p_binddn, $p_password ); } else { # Either the Bind DN or the Password are empty, so attempt an anonymous bind. $t_br = @ldap_bind( $t_ds ); } if ( !$t_br ) { trigger_error( ERROR_LDAP_AUTH_FAILED, ERROR ); } } else { trigger_error( ERROR_LDAP_SERVER_CONNECT_FAILED, ERROR ); } return $t_ds; } # -------------------- # Return an email address from LDAP, given a userid function ldap_email( $p_user_id ) { $t_username = user_get_field( $p_user_id, 'username' ); return ldap_email_from_username($t_username); } # -------------------- # Return an email address from LDAP, given a username function ldap_email_from_username( $p_username ) { $t_ldap_organization = config_get( 'ldap_organization' ); $t_ldap_root_dn = config_get( 'ldap_root_dn' ); $t_ldap_uid_field = config_get( 'ldap_uid_field', 'uid' ) ; $t_search_filter = "(&$t_ldap_organization($t_ldap_uid_field=$p_username))"; $t_search_attrs = array( $t_ldap_uid_field, 'mail', 'dn' ); $t_ds = ldap_connect_bind(); $t_sr = ldap_search( $t_ds, $t_ldap_root_dn, $t_search_filter, $t_search_attrs ); $t_info = ldap_get_entries( $t_ds, $t_sr ); ldap_free_result( $t_sr ); ldap_unbind( $t_ds ); return $t_info[0]['mail'][0]; } # -------------------- # Return true if the $uid has an assigngroup=$p_group tag, false otherwise function ldap_has_group( $p_user_id, $p_group ) { $t_ldap_organization = config_get( 'ldap_organization' ); $t_ldap_root_dn = config_get( 'ldap_root_dn' ); $t_username = user_get_field( $p_user_id, 'username' ); $t_ldap_uid_field = config_get( 'ldap_uid_field', 'uid' ) ; $t_search_filter = "(&$t_ldap_organization($t_ldap_uid_field=$t_username)(assignedgroup=$p_group))"; $t_search_attrs = array( $t_ldap_uid_field, 'dn', 'assignedgroup' ); $t_ds = ldap_connect_bind(); $t_sr = ldap_search( $t_ds, $t_ldap_root_dn, $t_search_filter, $t_search_attrs ); $t_entries = ldap_count_entries( $t_ds, $t_sr ); ldap_free_result( $t_sr ); ldap_unbind( $t_ds ); if ( $t_entries > 0 ) { return true; } else { return false; } } # -------------------- # Attempt to authenticate the user against the LDAP directory # return true on successful authentication, false otherwise function ldap_authenticate( $p_user_id, $p_password ) { # if password is empty and ldap allows anonymous login, then # the user will be able to login, hence, we need to check # for this special case. if ( is_blank( $p_password ) ) { return false; } $t_ldap_organization = config_get( 'ldap_organization' ); $t_ldap_root_dn = config_get( 'ldap_root_dn' ); $t_username = user_get_field( $p_user_id, 'username' ); $t_ldap_uid_field = config_get( 'ldap_uid_field', 'uid' ) ; $t_search_filter = "(&$t_ldap_organization($t_ldap_uid_field=$t_username))"; $t_search_attrs = array( $t_ldap_uid_field, 'dn' ); $t_ds = ldap_connect_bind(); # Search for the user id $t_sr = ldap_search( $t_ds, $t_ldap_root_dn, $t_search_filter, $t_search_attrs ); $t_info = ldap_get_entries( $t_ds, $t_sr ); $t_authenticated = false; if ( $t_info ) { # Try to authenticate to each until we get a match for ( $i = 0 ; $i < $t_info['count'] ; $i++ ) { $t_dn = $t_info[$i]['dn']; # Attempt to bind with the DN and password if ( @ldap_bind( $t_ds, $t_dn, $p_password ) ) { $t_authenticated = true; break; # Don't need to go any further } } } ldap_free_result( $t_sr ); ldap_unbind( $t_ds ); return $t_authenticated; } # -------------------- # Create a new user account in the LDAP Directory. # -------------------- # Update the user's account in the LDAP Directory # -------------------- # Change the user's password in the LDAP Directory ?> ldap_api.php (5,401 bytes)

tk 2008-11-21 03:58 reporter ~0019965	duplicate of 0007620 ?

ashu 2009-04-07 11:09 reporter ~0021416	confirmed on Win2k3, Mantis 1.2.0a3

vboctor 2009-07-06 04:30 manager ~0022412	Here are the fixes that I just checked in to master and master-1.2.x: Added support for $g_ldap_port. Added support for referrals option via configuration. Added documentation about Active Directory settings.

MantisBT: master 1fc901f9 2009-07-06 04:28 vboctor Details Diff	Fixes 0007432: LDAP integration with Active Directory.		Affected Issues 0007432
	mod - config_defaults_inc.php		Diff File
	mod - core/ldap_api.php		Diff File
	mod - docbook/adminguide/en/configuration.sgml		Diff File
MantisBT: master-1.2.x d7d3f957 2009-07-06 04:28 vboctor Details Diff	Fixes 0007432: LDAP integration with Active Directory.		Affected Issues 0007432
	mod - config_defaults_inc.php		Diff File
	mod - docbook/adminguide/en/configuration.sgml		Diff File
	mod - core/ldap_api.php		Diff File