I've been a user of Mantis for a few years now, but this time, I was hoping to use it on our LDAP. So far, with little success
I'm attempting to configure LDAP with Microsoft Active Directory (Windows Server 2008 R2)...
I've installed the latest stable version of Mantis ( 1.2.8 )
It's running under IIS and PHP 5.3.8.
PHP LDAP shouldn't be a problem, since I've configured LDAP to work with our MediaWiki (although I did have some problems, and never been able to make it work using SSL (port 636)...
Other than PHP, I have Java, Apache/Jetty, and .Net applications able to conect securely (through port 636) without any problems.
The way I've configured Mantis so far, it sort of works, like once in a gazillon times.... If I hit refresh in the browser a bunch of times, it will eventually get lucky and it passes... Why would that be?
However, I've noticed that Mantis is unable to fetch email and display name from the LDAP server, even though I've seen that it looks for the correct attributes...
Can anyone help me?
Thanks!
Edit:
You can see the first page, and displayed errors that I get MOST of the time, except once in a gazillon times
https://jeremfg.com/quadbt
LDAP Intermittent (works once in many attempts) [SOLVED]
Moderators: Developer, Contributor
LDAP Intermittent (works once in many attempts) [SOLVED]
Last edited by jeremfg on 22 Nov 2011, 14:02, edited 1 time in total.
Re: LDAP Intermittent [PROBLEM SOLVED]
I've tracked down the problem...
Apparently, on my machine at least, the php functions ldap_search(), ldap_list() and ldap_read() dont use the correct scope. For example, ldap_search() doesn't do a subtree search....
I've re-written part of the ldap api code to circumvent this problem... Now I configure an array in config_inc.php to setup the scopes to search (I have to look for users in 3 different scopes) instead of only giving the root dn... And I've re-routed the calls to ldap_search to a self-made function that iterate over that array, trying one after the other, until I get a result, or return the last try.
If my code interests anyone, I'll post it here!
Apparently, on my machine at least, the php functions ldap_search(), ldap_list() and ldap_read() dont use the correct scope. For example, ldap_search() doesn't do a subtree search....
I've re-written part of the ldap api code to circumvent this problem... Now I configure an array in config_inc.php to setup the scopes to search (I have to look for users in 3 different scopes) instead of only giving the root dn... And I've re-routed the calls to ldap_search to a self-made function that iterate over that array, trying one after the other, until I get a result, or return the last try.
If my code interests anyone, I'll post it here!
Re: LDAP Intermittent (works once in many attempts) [SOLVED]
Did you read http://www.php.net/manual/en/function.ldap-search.php ?
Seems there are other users with such kind of problems.
http://www.php.net/manual/en/function.l ... .php#93979
Please post your code to help other users with similiar problems.
Maybe using the parallel search would also fix your issue.There are some rare cases where the normal search returns FALSE while the parallel search returns an identifier.
Seems there are other users with such kind of problems.
http://www.php.net/manual/en/function.l ... .php#93979
Please post your code to help other users with similiar problems.
Re: LDAP Intermittent (works once in many attempts) [SOLVED]
I did read it before making my last post and implementing my own solution, but I haven't found much of anything usefull... Since I was familiar with PHP, I Just went ahead and implemented my own solution.
To be able to search for user in multiples location in the Directory by using my method, you will need to declare all possibles places where user could be in an array in config_inc.php like so:
And for Mantis to recognize and treat this array correctly, you will need to add the following function in "core\ldap_api.php"
... And replace all calls to in "core\ldap_api.php" with the function you just added by passing the same parameters as before, and returning to the same variable.
See, it isn't really complicated, but it works like a charm on my server...
What my function does, is to try every DN you enetered in the configuration file, and returns the result of the one that succeded... If all DNs in the array fail, it returns the failure of the last tried.
I know it adds quite a load on the LDAP Server, but, I was only after a quick fix, and not an elegant solution.
To be able to search for user in multiples location in the Directory by using my method, you will need to declare all possibles places where user could be in an array in config_inc.php like so:
Code: Select all
# DN to search... Where users could be
$g_ldap_root_dn = array();
$g_ldap_root_dn[] = 'cn=Users,dc=my,dc=domain,dc=com';
$g_ldap_root_dn[] = 'ou=Family,dc=my,dc=domain,dc=com';
$g_ldap_root_dn[] = 'ou=newUsers,dc=my,dc=domain,dc=com';
Code: Select all
/**
* Do a Search using an array to search multiple root dn
*
*
*/
function ldap_array_search( $t_ds, $t_ldap_root_dn, $t_search_filter, $t_search_attrs ) {
$arrayLength = count($t_ldap_root_dn);
for ($i=0; $i < $arrayLength; $i++)
{
$t_sr = ldap_search( $t_ds, $t_ldap_root_dn[$i], $t_search_filter, $t_search_attrs );
if ( $t_sr !== false ) {
$t_info = @ldap_get_entries( $t_ds, $t_sr );
if ($t_info !== false) {
if ( $t_info['count'] > 0 ) {
break;
}
}
}
}
return $t_sr;
}
Code: Select all
ldap_search(...)Code: Select all
ldap_array_search(...)See, it isn't really complicated, but it works like a charm on my server...
What my function does, is to try every DN you enetered in the configuration file, and returns the result of the one that succeded... If all DNs in the array fail, it returns the failure of the last tried.
I know it adds quite a load on the LDAP Server, but, I was only after a quick fix, and not an elegant solution.