2013/2/6 Scott Owen <[email protected]> > Greetings all, > > First, I would like to thank the dev's for making self service password a > GPL project !! > It is exactly what I was looking for. > > But I am having one problem. > > For a web server I am using windows7 with WAMP > http://www.wampserver.com/en/ this appears to be setup correctly and > working fine. > The Self Service Password page displays correctly, with no errors. > > The issue appears to be in my LDAPs connection string. > > I installed ldp.exe ( > http://www.computerperformance.co.uk/w2k3/utilities/ldp.htm ) and I am > able to connect to my AD server via SSL on port 636 from the Web Server. > I can Bind as the Administrator, and view my entire Directory Tree. > > > Below is the config I am using: > > > > #============================================================================== > # Configuration > > #============================================================================== > # LDAP > $ldap_url = "ldap://myserver.almaschools.net 636"; > $ldap_binddn = "cn=Administrator,CN=Users,dc=almaschools,dc=net"; > $ldap_bindpw = "mypassword"; > $ldap_base = "OU=AlmaSchools,DC=Almaschools,DC=net"; > $ldap_login_attribute = "uid"; > $ldap_fullname_attribute = "cn"; > $ldap_filter = > "(&(objectClass=user)(sAMAccountName={login})(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"; > > > > # Active Directory mode > # true: use unicodePwd as password field > # false: LDAPv3 standard behavior > $ad_mode = true; > # Force account unlock when password is changed > $ad_options['force_unlock'] = false; > # Force user change password at next login > $ad_options['force_pwd_change'] = false; > ~~~~~the rest of the code > > =============================================================================== > > > changing > $ldap_url = "ldap://myserver.almaschools.net 636"; > to > $ldap_url = "ldaps://myserver.almaschools.net "; > produces the following Apache error: > > "LDAP - Bind error -1 (Can't contact LDAP server)" > > > > changing > $ldap_url = "ldap://myserver.almaschools.net 636"; > to > $ldap_url = "ldaps://myserver.almaschools.net 636 "; > produces the following Apache error: > > "LDAP - User xxxxxx not found, referer:" > where xxxxx is the user that I attempt to login to the Self Service Password > page as. > > > > > I downloaded and installed the two scripts referenced on the page: > > http://www.mjdigital.co.uk/blog/ldap-authentication-active-directory-using-php/#comments > > > I am able to modify these scripts, and get both a LDAP test page, and an > LDAPS test page.... > (I get an error...but it's a SizeLimit error...) > > #################output of > LDAPStest.php################################################ > > LDAP bind successful... > > > ( ! ) Warning: ldap_search() [<a > href='function.ldap-search'>function.ldap-search</a>]: Partial search > results returned: Sizelimit exceeded in C:\wamp\www\LDAPStest.php on line > *27* Call Stack # Time Memory Function Location 1 0.0006 379768 {main}( ) > ..\LDAPStest.php*:*0 2 0.0215 381176 > ldap_search<http://www.php.net/ldap_search>( ) > ..\LDAPStest.php*:*27 Dump all data > > Array > ( > [count] => 1000 > [0] => Array > ( > [objectclass] => Array > ( > [count] => 2 > [0] => top > [1] => group > > > ##############################much much > more########################################### > > > > > =================LDAPStest.php============================================== > > <?php > set_time_limit(30); > error_reporting(E_ALL); > ini_set('error_reporting', E_ALL); > ini_set('display_errors',1); > > // config > $ldapserver = "ldaps://myserver.almaschools.net"; > $ldapport = 636; > $ldapuser = "CN=Administrator,CN=Users,DC=Almaschools,DC=net"; > $ldappass = "mypassword"; > $ldaptree = "OU=AlmaSchools,DC=Almaschools,DC=net"; > > $domain = "@almaschools.net"; > > // connect > $ldapconn = ldap_connect($ldapserver,$ldapport) or die("Could not connect > to LDAP server."); > > if($ldapconn) { > // binding to ldap server > $ldapbind = ldap_bind($ldapconn, $ldapuser, $ldappass) or die ("Error > trying to bind: ".ldap_error($ldapconn)); > //$ldapbind = ldap_bind($ldapconn, $ldapuser.$domain, $ldappass) or > die ("Error trying to bind: ".ldap_error($ldapconn)); > // verify binding > if ($ldapbind) { > echo "LDAP bind successful...<br /><br />"; > > $result = ldap_search($ldapconn,$ldaptree, "(cn=*)") or die > ("Error in search query: ".ldap_error($ldapconn)); > //ldap_search($ldapconn,$ldaptree, "(cn=*)") or die ("Error in > search query: ".ldap_error($ldapconn)); > $data = ldap_get_entries($ldapconn, $result); > > // SHOW ALL DATA > echo '<h1>Dump all data</h1><pre>'; > echo '<pre>'; > print_r($data); > echo '</pre>'; > > // iterate over array and print data for each entry > echo '<h1>Show me the users</h1>'; > for ($i=0; $i<$data["count"]; $i++) { > //echo "dn is: ". $data[$i]["dn"] ."<br />"; > echo "User: ". $data[$i]["cn"][0] ."<br />"; > if(isset($data[$i]["mail"][0])) { > echo "Email: ". $data[$i]["mail"][0] ."<br /><br />"; > } else { > echo "Email: None<br /><br />"; > } > } > // print number of entries found > echo "Number of entries found: " . ldap_count_entries($ldapconn, > $result); > } else { > echo "LDAP bind failed..."; > } > > } > > // all done? clean up > ldap_close($ldapconn); > ?> > ============================================================== > > > > > I seem to be able to connect to secure LDAP (port 636) on my AD server OK, > so I am assuming that my server setup is OK. > I can connect to the AD server on port 636 from my web server using PHP, > so I'm assuming that my PHP/LDAP setup is OK. > > Any idea why my connection string in self service password doesn't seem to > work ?? > Does someone have a working AD (2008r2) config that they would be will to > share ?? >
Hi, first of all, setting ldap://host port is a wrong syntax. The correct syntax is ldap://host:port. port can be omitted if it is the standard port (389 for ldap://, 636 for ldaps://) So in your case, the correct configuration would be: $ldap_url = "ldaps://myserver.almaschools.net "; Now, I do not understand why the connection fails in SSP and not in your sample PHP script. What is the content of C:\OpenLDAP\sysconf\ldap.conf ? Clément.
_______________________________________________ ltb-users mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-users
