LDAP and Windows

have you installed OpenCATS? Proud of your customizations and want to share it? Post here and wait for the praise...

Moderators: RussH, cptr13

Forum rules
Just please remember to play nicely once you walk through the door. You can disagree with us, or any other commenters in this forum, but keep your comments directed to the topic at hand - not at the commenter.
Post Reply
smith5golf
Posts: 1
Joined: 18 Nov 2016, 19:11
what is two(2) plus three(3) ?: 5

LDAP and Windows

Post by smith5golf » 18 Nov 2016, 19:27

I had a hard time finding information on getting OpenCATS to work with my Windows based LDAP. After doing some trouble shooting I finally got it to work the way I would like.

Ldap settings in my config.php

Code: Select all

define ('LDAP_HOST', '10.0.0.2');
define ('LDAP_PORT', '389');
define ('LDAP_PROTOCOL_VERSION', 3);

define ('LDAP_BASEDN', 'cn=Users,dc=my,dc=domain,dc=com');

define ('LDAP_BIND_DN', '');
define ('LDAP_BIND_PASSWORD', '');

define ('LDAP_ACCOUNT', '$username'); // '{$username}' cannot be changed, else can

define ('LDAP_ATTRIBUTE_UID', 'samaccountname'); //default uid
define ('LDAP_ATTRIBUTE_DN', 'dn');
define ('LDAP_ATTRIBUTE_LASTNAME', 'sn');
define ('LDAP_ATTRIBUTE_FIRSTNAME', 'givenname');
define ('LDAP_ATTRIBUTE_EMAIL', 'userprincipalname'); //default mail

define ('LDAP_SITEID', 1);

Changes I made in lib/LDAP.php

Code: Select all

//in the authenticate function
//$trans = array('{$username}' => $username); // My login failed with this
//$username = strtr(LDAP_ACCOUNT, $trans); // My login failed with this
$this->_bind = @ldap_bind($this->_connection, $username."@my.domain.com", $password);  //domain appears to be stripped out in users.php

//in the getUserInfo function
$search = @ldap_search( $this->_connection, LDAP_BASEDN, LDAP_ATTRIBUTE_UID . '=' . $username); 
There is more than likely a better way of doing this, but it is what I found to work for me, so I thought I'd share it. This could also be enhanced upon to add functions that sets security based on the group that the user is in, in AD.

User avatar
RussH
Site Admin
Posts: 802
Joined: 12 Apr 2008, 08:28
what is two(2) plus three(3) ?: 5
Location: UK
Contact:

Re: LDAP and Windows

Post by RussH » 05 Dec 2016, 13:01

Thanks for this update - I don't use LDAP myself, but I know it's been reworked in the past 6 months - which version of opencats do you have installed?

Can you see if you already have this code here or not? If you had problems after the commit, please can you log an issue against the commit.. and we'll ensure any gaps are fixed for everyone.

https://github.com/opencats/OpenCATS/pull/73/files
RussH

Report your issues and feature requests;
https://github.com/opencats/opencats/issues

Please CLICK THE TICK to accept the answer!

BertieRichards
Posts: 1
Joined: 13 Nov 2017, 14:05
what is two(2) plus three(3) ?: 5
Location: USA
Contact:

Re: LDAP and Windows

Post by BertieRichards » 13 Nov 2017, 14:07

I also had a hard time finding this information, so I finally decided to register an account here! The forum itself seems to have a lot of smart registered users!

Post Reply