Hello list,
I can't seem to get fallback_dn to work when setting the login_attr to
string. Perhaps my question is best framed with the settings themselves:
$ldapservers->SetValue($i,'login','attr','string');
$ldapservers->SetValue($i,'login','fallback_dn',true);
$ldapservers->SetValue($i,'login','string','uid=<username>,ou=Users,dc=my,dc=domain,dc=com');
I can log in with a regular uid (e.g., "username"), but if I enter my
root dn at the login screen (cn=admin,dc=my,dc=domain,dc=com), I get
kicked out with a "Bad username or password". I can see that it is, in
fact, sticking the whole dn in in place of username:
[0.001] 3-server_functions.php(3145): LDAPservers::GetValue: Entered
with (0,login,fallback_dn), Returning (1)
<snip>
[0.001] 80-server_functions.php(0158): LDAPserver::connect: CONFIG
auth_type settings, DN
[uid=cn=admin,dc=my,dc=domain,dc=com,ou=Users,dc=my,dc=domain,dc=com],
PASS [xxxxxxxxxxxx]
....which I assume is not the desired behavior. I then tried using uid
as the login_attr, and commenting out the login_string variable,
figuring maybe that would work, but it again fails. The useful stuff
from the logs seems to be:
[0.001] 16-server_functions.php(1724): LDAPserver::search: sub search
PREPARE.
[0.002] 1-functions.php(0093): pla_error_handler: Entered with
(2,ldap_search() [<a
href='function.ldap-search'>function.ldap-search</a>]: Search: No such
object,/path/to/phpldapadmin/lib/server_functions.php,1737)
[0.001] 16-server_functions.php(1742): LDAPserver::search: Search scope
[sub] base [] filter [uid=myusername] attrs [a:1:{i:0;s:2:"dn";}]
COMPLETE ().
<snip>
[0.001] 17-server_functions.php(1022): LDAPserver::isTLSEnabled:
Entered with ()
[0.002] 1-functions.php(0093): pla_error_handler: Entered with
(2,ldap_bind() [<a href='function.ldap-bind'>function.ldap-bind</a>]:
Unable to bind to server: Invalid DN
syntax,/path/to/phpldapadmin/lib/server_functions.php,328)
In that case, I can't connect with anything I tried.
Using 'dn' as the login_attr lets me login with fully qualified DN's,
but my users aren't going to want to do that.
So, what I'm asking is: is it possible to have fallback with string, or
some other method that allows users to log in using only their usernames
while still allowing me to bind as the administrator? If any more
detail is needed (logs, config.php, etc.) please let me know.
TIA,
Ryan
--
Ryan Steele [EMAIL PROTECTED]
Systems Administrator http://www.archer-group.com
The Archer Group http://www.meetbobarcher.com
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
phpldapadmin-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/phpldapadmin-users
