Help Needed.
We have a pilot VCL running using local user accounts, and are now attempting
authentication through our Active Directory (Windows Server 2003 /LDAP v.3)
infrastructure. We can successfully authenticate with 'service accounts' (such
as <vclservice>), but not with normal user accounts. We consistently get
'Error 49 invalid credentials'. We run Exchange here as well.
We would appreciate any hints as to where our failure lies. I have included a
segment of our 'conf.php' file for your perusal.
Thanks in advance for any advice on where to look.
Neil Fay
CTO, Hood College
/*
Snippet from VCL conf.php, trying to authenticate to Microsoft Active
Directory (MSAD) via LDAP
- removed all the other examples etc
- Service domain works, but Hood domain does not
*/
$authMechs = array(
"Hood" => array("type" => "ldap",
"server" => "x.x.x.x:389",
"binddn" => "dc=hood,dc=edu",
"userid" =>
"sAMAccountName=%s,cn=Users,dc=hood,dc=edu",
"unityid" => "samAccountName",
"firstname" => "givenname",
"lastname" => "sn",
"email" => "userPrincpalName",
"defaultemail" =>
"@example.com<http://example.com>",
"masterlogin" =>
"cn=vclservice,ou=serviceaccounts,dc=hood,dc=edu",
"masterpwd" => "xxxxxxx",
"affiliationid" => 3,
"help" => "Use Hood for testing Hood
Domain"),
"Service" => array("type" => "ldap",
"server" => "x.x.x.x:389",
"binddn" => "dc=hood,dc=edu",
"userid" =>
"cn=%s,ou=serviceaccounts,dc=hood,dc=edu",
"unityid" => "samAccountName",
"firstname" => "givenname",
"lastname" => "sn",
"email" => "userPrincipalName",
"defaultemail" =>
"@hood.edu<http://hood.edu>",
"masterlogin" =>
"cn=vclservice,ou=serviceaccounts,dc=hood,dc=edu",
"masterpwd" => "xxxxxxx",
"affiliationid" => 5,
"help" => "Use Service to test login using
service account"),
"Local Account" => array("type" => "local",
"affiliationid" => 1,
"help" => "Only use Local Account if there
are no other options"),
