Multiple DN's in LDAP login

[mikehelms]

Hello everyone,

I have been using Mantis for about 3 years now and have been extremely happy with it. I have LDAP working well with Active Directory, but I'm wondering if there's a way in Mantis 1.2.1 to set it up to search multiple DN's on the same server.

Has anyone created a customization to do this? What I'm envisioning is that I'd have something like this in my config_inc.php file:

$g_ldap_root_dn = 'ou=Corporate;dc=mycompany,dc=com';
$g_ldap_root_dn2 = 'ou=Operations;dc=mycompany,dc=com';

Cheers,
-- Mike Helms
Raleigh, NC, USA

[atrol]

you are a lucky man,
just a few days ago someone provided a patch for this
http://www.mantisbt.org/bugs/view.php?id=9954

[mikehelms]

THANKS! I'll definitely give that a try and report my findings.

-- Mike

[mikehelms]

This worked brilliantly! Thank you!

[atrol]

Thanks for providing feedback.
This is the first open source project that I am contributing to and trying to push (after many years of working only for commercial products),
so it's really great for me to see that there is a growing community for it.

[jsiegel5]

Mike writes:
$g_ldap_root_dn = 'ou=Corporate;dc=mycompany,dc=com';
$g_ldap_root_dn2 = 'ou=Operations;dc=mycompany,dc=com';

I'll make the observation that these 2 DN have a commmon ancestor 'dc=mycompany,dc=com'. But attempt to use 'dc=mycompany,dc=com' as the value for $g_ldap_root_dn will result in an error in PHP function ldap-search().

My solution was to add this line of code to function ldap_connect_bind():
if ( $t_protocol_version > 0 ) {
ldap_set_option( $t_ds, LDAP_OPT_PROTOCOL_VERSION, $t_protocol_version );
}

# Added by Jeff Siegel 6/8/2010. Required when searching the
# root of an LDAP tree so we don't go off following referrals
ldap_set_option($t_ds, LDAP_OPT_REFERRALS, 0);

This now allows me to use 'dc=mycompany,dc=com' for my $g_ldap_root_dn

Regards,
Jeff

[pferate]

I'm going to share this for anyone who's still interested in this.

This morning, before I even checked here, I customized the LDAP API file to handle multiple DNs on the same LDAP (Active Directory) server in the format of:

Code: Select all

$g_ldap_root_dn_list = array('ou=Corporate;dc=mycompany,dc=com',
                             'ou=Operations;dc=mycompany,dc=com',
                             );

If anyone is interested in my patch, let me know; but the solution below worked for me.

Then I saw Jeff's solution to use:

Code: Select all

ldap_set_option($t_ds, LDAP_OPT_REFERRALS, 0);

That is exactly what I would need in my situation, so I went to implement it I noticed that there was something similar was already in the code, but it was using a global variable. So to not use referrals, you can just define this variable in your config:

Code: Select all

$g_ldap_follow_referrals = OFF;

I haven't looked through the history to see when this was added, but I am using the 1.2.2 released version.

[mminamoto]

Hi pferate,

I´m facing the same situation as described and I´m very interested in your solution. Could you please share it with me.

Thanks in advance.

Marcio

[pigbrain]

Hi, Pferate


I'm very intersted in your solution.
Could you share me more detail ?
Sorry for my poor English.
Thanks lots