Page 1 of 1

LDAP and Windows

Posted: 18 Nov 2016, 19:27
by smith5golf
I had a hard time finding information on getting OpenCATS to work with my Windows based LDAP. After doing some trouble shooting I finally got it to work the way I would like.

Ldap settings in my config.php
Code: Select all
define ('LDAP_HOST', '10.0.0.2');
define ('LDAP_PORT', '389');
define ('LDAP_PROTOCOL_VERSION', 3);

define ('LDAP_BASEDN', 'cn=Users,dc=my,dc=domain,dc=com');

define ('LDAP_BIND_DN', '');
define ('LDAP_BIND_PASSWORD', '');

define ('LDAP_ACCOUNT', '$username'); // '{$username}' cannot be changed, else can

define ('LDAP_ATTRIBUTE_UID', 'samaccountname'); //default uid
define ('LDAP_ATTRIBUTE_DN', 'dn');
define ('LDAP_ATTRIBUTE_LASTNAME', 'sn');
define ('LDAP_ATTRIBUTE_FIRSTNAME', 'givenname');
define ('LDAP_ATTRIBUTE_EMAIL', 'userprincipalname'); //default mail

define ('LDAP_SITEID', 1);

Changes I made in lib/LDAP.php
Code: Select all
//in the authenticate function
//$trans = array('{$username}' => $username); // My login failed with this
//$username = strtr(LDAP_ACCOUNT, $trans); // My login failed with this
$this->_bind = @ldap_bind($this->_connection, $username."@my.domain.com", $password);  //domain appears to be stripped out in users.php

//in the getUserInfo function
$search = @ldap_search( $this->_connection, LDAP_BASEDN, LDAP_ATTRIBUTE_UID . '=' . $username); 
There is more than likely a better way of doing this, but it is what I found to work for me, so I thought I'd share it. This could also be enhanced upon to add functions that sets security based on the group that the user is in, in AD.

Re: LDAP and Windows

Posted: 05 Dec 2016, 13:01
by RussH
Thanks for this update - I don't use LDAP myself, but I know it's been reworked in the past 6 months - which version of opencats do you have installed?

Can you see if you already have this code here or not? If you had problems after the commit, please can you log an issue against the commit.. and we'll ensure any gaps are fixed for everyone.

https://github.com/opencats/OpenCATS/pull/73/files

Re: LDAP and Windows

Posted: 13 Nov 2017, 14:07
by BertieRichards
I also had a hard time finding this information, so I finally decided to register an account here! The forum itself seems to have a lot of smart registered users!