Hi,

Firstly, huge thanks to all though helping to dev this module, it is the single most wanted solution for me for years, and will help me push drupal deeper into our non-profit-org.

I have actually got this module to correctly login an AD user, which is really promising.

My user testuser.user.myorg.local can login as testuser if the base dn is : cn=users,dn=myorg,dn=local

but we don't store our user object at this location, we have them all over our AD, eg:

user1.site1.dept1.myorg.local
user2.site1.dept2.myorg.local
user3.site2.dept3.myorg.local
user4.site2.dept4.myorg.local

I tried setting the DN to dn=myorg,dn=local hoping it would search recursively, but it doesn't.

I also tried setting the DN to test a specific users DN, ou=site1,ou=dept1,dn=myorg,dn=local but this did not work either.

Has anyone got this to work with anything other then cn=users ?

I would like to request a feature where it would either search for a match downwards from given point, or perhaps simpler, be able to enter several DNs and have the auth process try each DN until a username match is found.

Thanks

CommentFileSizeAuthor
#7 ldap_integration-4.6.0-multiDN_bug.tar.gz9.68 KBpablobm
#3 ldap_integration-4.6.0-multiple_baseDNs.tar.gz8.71 KBpablobm
#1 ldap_integration-multiple_base_DNs.module26.22 KBpablobm

Comments

pablobm’s picture

pablobm commented
Assigned: Unassigned » pablobm
Priority: Critical » Normal
StatusFileSize
new ldap_integration-multiple_base_DNs.module26.22 KB

Please try the attached archive and tell me how it went.

Use it instead of the provided ldap_integration.module archive. Please note I have patched it against the latest code, which I just released earlier today. Download it an try.

If it doesn't work, download the latest code again after 24 hours and try again. This is because the latest code is not yet available for download from the CVS as I write these lines. (Drupal.org takes some time to make it available after commiting the changes).

MJoyce-1’s picture

MJoyce-1 commented

Hi,

I tried the module you kindly posted but it did not work for me.

I entered two DNs : DN1,DN2
Tried to login with TestUser1 (DN2) and this worked.
Tried to login with my own user (DN1) and it doesn't.

I'll try some more tests later in the week, to see if the order is the problem.

Thanks

pablobm’s picture

pablobm commented
StatusFileSize
new ldap_integration-4.6.0-multiple_baseDNs.tar.gz8.71 KB

The problem is in my "sliding neuron" (as we say in Spain) and in the fact that I can't quite do AD testing due to the lack of such system.

Here's the fix. It's a quite stupid one :( .

MJoyce-1’s picture

MJoyce-1 commented

OK, well, this is starting to look good from where I am.
I have two DN listed and I have been able to login as users from both DNs, superb.

One issue we have noticed is the very first time a user logs in, they get the error :

warning: ldap_search(): Search: Invalid DN syntax in /var/www/support/modules/ldap_integration/LDAPInterface.php on line 102.

warning: Cannot modify header information - headers already sent by (output started at /var/www/support/includes/common.inc:384) in /var/www/support/includes/common.inc on line 192.

The user account does get created and the user is logged in, if they refresh the paghe, it loads ok.

Any ideas ?

Thanks for your efforts

Matt

appprooottiiy’s picture

appprooottiiy commented

Although I only have one AD, I still receive this error message as well. This is what I get:

warning: ldap_read() [function.ldap-read]: Search: Invalid DN syntax in /var/www/htdocs/modules/ldap_integration/LDAPInterface.php on line 173.

warning: ldap_get_entries(): supplied argument is not a valid ldap result resource in /var/www/htdocs/modules/ldap_integration/LDAPInterface.php on line 174.

warning: Cannot modify header information - headers already sent by (output started at /var/www/htdocs/includes/common.inc:384) in /var/www/htdocs/includes/common.inc on line 192.

I have tried with:
cn=Administrator,dc=globecastne,dc=com AND
cn=Administrator,ou=Users,dc=globecastne,dc=com

I have exactly the same issue, the first time the user logs in, you get this error, and also in the 'LDAP entry' page I can not make any of the fields appear.

mjbruder’s picture

mjbruder commented
Category: feature » support

When I upload this module to my modules directory, it will not allow me to display any of the modules on the modules page inside Drupal. I'm using Drupal version 4.6.3, so I'm assuming that that has something to do with it. I need multiple DN support, so any help would be greatly appreciated.

pablobm’s picture

pablobm commented
StatusFileSize
new ldap_integration-4.6.0-multiDN_bug.tar.gz9.68 KB

OK, sorry for the long wait. I think I finally found the problem. Here I attach a possible solution.

Just let me know how it went.

MJoyce-1’s picture

MJoyce-1 commented

OK, I deleted my test user accounts from Drupal and added the code you supplied.
When I tried to login with a test account, it fails.

Type	php
Date	Tuesday, November 15, 2005 - 11:48
User	Anonymous
Location	/support/?q=user/login&destination=node
Message	ldap_search(): Search: Bad search filter in /var/www/support/modules/ldap_integration/LDAPInterface.php on line 73.
Severity	error
Hostname	xxx.xx.xx.xx

Thanks

MJoyce-1’s picture

MJoyce-1 commented

Additional info: I removed my DNs, leaving only one and I was able to login and a user was created.

MJoyce-1’s picture

MJoyce-1 commented

Any progress with this one ?
I'd be happy to test.

pablobm’s picture

pablobm commented

Hi Matt,

This is one of the many issued related to AD I can't solve. The problem is that I don't have a handy AD setup to test my code against, so I have to work blindfolded.

I have tried to test the AD code using it against my OpenLDAP setup. It works, so I can't make out what is in AD making it so different.

Sorry about this. I really need a hand here.

MJoyce-1’s picture

MJoyce-1 commented

Everything work fine for me using a single DN, but multiple DN fail.
I thought perhaps it was not a ldap issue, more a looping through DN issue.

So it definitely works for you using multiple DNs ?
If so, I'll start my testing from scratch.

Thanks for trying, you've done a fantastic job.

pablobm’s picture

pablobm commented

This may be solved in last version... or maybe not. Again, I have no AD system to test against.

Anyway, there has been a severe code rewrite, so this might work properly with AD now. (Or might not!).

kreaper’s picture

kreaper commented
Assigned: pablobm » kreaper
Status: Active » Closed (fixed)

closing out older cases. Please d/l new code report if there is still error

geerlingguy’s picture

geerlingguy commented
Version: 4.6.x-1.x-dev » 6.x-1.x-dev

Subscribing for tracking... I want to be able to use multiple DNs as well, and it doesn't seem to work much...