Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.Hi there - thanks for making such a tasty module - I love it!
I am a LAN Administrator, so I figured out how to get this to work without too many problems, but I had a few things on my end I needed to do to get my connection binding and searching, so I just wanted to offer a few suggestions to people so they don't clutter any module support issues with platform issues. Hopefully it is not completely useless.
I think it's easy to say, that using this module requires a steep learning curve and skillset. Also, since we are dealing with MS technology, it is fair to say that there can be many caveats to doing this. Just remember, patience is part of the MS licensing agreement.
My Environment:
Windows Server 2k3 - updated to the latest patches, except those that screw something up. NOTE: Everything is separated, Web server on Web Server, DB on DB Server, Domain Controllers, everything on different boxes. We follow best practices were applicable.
Using Anti virus, spyware blockers (client side), surf control, Firewalls and routers, with permissions assigned to allow traffic to flow properly.
PHP 5.1.4 - I cannot get the MSSQL db functions to work on later versions of PHP. Running on CGI - I have a lot of extensions enabled. I have found worse problems with using ISAPI, so I stick with CGI.
My SQL 5.x
What I did have to do.
Enable LDAP in my php configuration (Seems obvious, but could be overlooked) - NOTE: My config files and DLL's all reside in C:\PHP5, because I run 4&5 on the same IIS server. I think it is a bad idea to put your DLL's in %systemroot% on Win, but... your call.
I get Active directory's structure pretty well, but I do find an LDAP browser a useful tool. I used a third party software "Softera LDAP Administrator v2008.1". It was recommenced to me by Adobe on another issue and it's free to evaluate. Anyways, I'm not trying to promote anything, so use whatever you want, but finding your base dn (among many other things) is easy this way.
I had to add an DN//pass for non-anonymous search. It would not bind without it. I used my LDAP browser to get the proper string (which is really easy to figure out on your own as well), and put it straight in. Worked like a charm and I like to copy/paste whenever I can.
I used the highest level OU appropriate for my base DN - it searched in the branches just fine. You can do a lot and point to specific OU's with this.
Speaking of which - if you want to test your connection, use the attached script - it's on php's site - and this is the best one I found. I was setting this up on a new server, and used this script to test my connections first. If you get results, use that as a road map to setting the non-anonymous search and base dn.
What i did not have to do:
I have read on some sites, that when you enable the LDAP extension, you need to restart. I did not have to reset ISS or my Server. This may not be true in your case though if your dll's reside in your %systemroot%.
I did NOT have to use SSL to get this working. The directions say you must. Having said that though, we have moved over to an encrypted channel - it's just not safe otherwise.
Well, like I said I hope that this is not completely useless nonsense.
| Comment | File | Size | Author |
|---|---|---|---|
| ldap_test.php_.txt | 2.47 KB | kirikintha |
Comments
Comment #1
johnbarclay commentedClosing 5.x issues to clean out issue queue.