System:
Windows 2000
IIS 5
php 5
Drupal 4.7

I am unable to get LDAP authentication working. I've tried various combinations of username, domain, dn, etc for the read and write user and also for the user attempting to log in. No matter what I try I get the following:

warning: ldap_bind() [function.ldap-bind]: Unable to bind to server: Invalid credentials in E:\drupal\drupal-4.7.0\modules\ldap_integration\LDAPInterface.php on line 74.
warning: ldap_search(): supplied argument is not a valid ldap link resource in E:\drupal\drupal-4.7.0\modules\ldap_integration\LDAPInterface.php on line 119.

I'll be happy to provide more details on my config if needed. Thought maybe someone would know off-hand if this is a common issue people face.

Comments

Nikkol’s picture

Nikkol commented

okay ... nevermind .... I had entered the read/write user incorrectly. I forgot I had moved the account into a subOU of the OU I had entered. Adding the subOU to the dn resolved the issue.

HOWEVER, is it possible not to require these read/write user info in the conf file? I do not intend to allow users to write to their AD accounts (even to change the password), so I wouldn't need write permissions. It seems that read permissions are needed to bind to the directory upon login and registration. Why is this necessary? Wouldn't the user that is attempting to login be able to bind to and read their own account? Is it possible to change the code to do this? (I've done this using .asp and adsi, but I have no clue how the ldap php extension works.)

pablobm’s picture

pablobm commented

Hi, I created the READER_USER because otherwise it would be necessary to store the user DN//password pair in the session variable, and it would be readable on the sessions table on the database.

How have you dealt with this before?.

pablobm’s picture

pablobm commented
Assigned: Unassigned » pablobm
Status: Active » Fixed

The way all this worked has changed, so I consider this fixed.

Anonymous’s picture

(not verified) commented
Status: Fixed » Closed (fixed)