Newsletter

 

NEW LDAP IMPLEMENTATION

afbeelding van Noel

Hi all,

As there are a lot of problems with the old ldap doekos implementation. I wrote another one. It has all the features the old one had and can be easily customised to do pretty much everything.

Installation

Here is the setp to install it :

1. Download the tar.gz file here : http://www.dokeos.com/download/newldap-dokeos-2.1.tar.gz

1. backup your main/auth/ldap/folder

2. Uncompress the downloaded file to main/auth/ldap/ folder overwriting login.php and newUser.php

 

And that's it. All your paramters of the old ldap implementaiton will still  be taken.

Configuration

To activate ldap, you have to uncomment thos 2 lines in main/inc/conf/configuration.php (as in the old version) :

// Uncomment these lines to activate ldap
 $extAuthSource["ldap"]["login"]            = $_configuration['root_sys'].$_configuration['code_append']."auth/ldap/login.php";
 $extAuthSource["ldap"]["newUser"]          = $_configuration['root_sys'].$_configuration['code_append']."auth/ldap/newUser.php";
 

For a basic configuration, you can use the dokeos administrration section ldap (main/admin/settings.php?category=LDAP)

If you want to do things more complicated, edit the main/auth/ldap/ldap.conf.php file. It is self documented and permit to do a lot of things. See the $ldap_user_correspondance variable

 

Debug

One thing that has been improved is the debug.

If it does not work, open your error.log file and it should tell you why.

 

If you have any questions or comment,...

‹ Dokeos ldap configuration guide LDAP import into sessions ›
ma, 26/03/2012 - 09:26 — graveler

Hi,  We experience new

Hi, 

We experience new problem here with the dokeos ldap. 

---

 

[Mon Mar 26 21:26:49 2012] [error] [client 10.150.4.3] LDAP ERROR : cannot connect with admin login/password, referer: http://ourdokoes/
[Mon Mar 26 21:26:49 2012] [error] [client 10.150.4.3] PHP Notice:  Undefined variable: _user in /var/www/html/main/auth/ldap/login.php on line 63, referer: http://ourdokeos/
[Mon Mar 26 21:26:49 2012] [error] [client 10.150.4.3] PHP Notice:  Use of undefined constant WEB_ROOT - assumed 'WEB_ROOT' in /var/www/html/main/auth/ldap/login.php on
 
---
 
our DC Password is exactly the same because we use another lms to try and no facing a problem.
Please help us. Thanks. 
wo, 28/03/2012 - 14:51 — mohan
afbeelding van mohan

Hi

Hi,

 

Reg your problem with LDAP we have forwarded your problem to our dev team and I will check with our dev team and update you ASAP.
 
Thanking you,
do, 29/03/2012 - 07:36 — theHAAG
afbeelding van theHAAG

LDAP issues

Hi,


 


Ive tried your new LDAP but for some reason i just cannot login or lookup any of my ldap users... so im doing this right, is the search term samaccountname? Or something else???


 


thanks


 


Trev

do, 29/03/2012 - 07:48 — theHAAG
afbeelding van theHAAG

LDAP still no success

Im still have trouble getting any configurations working...


 


search term is samaccountname right??


Ive tried all i can.... please find a solution soon, this is the only thing stopping our school using this awseome piece of software.


Development issues are listed below if they help you??


http://community.spiceworks.com/topic/195048-php-ldap-on-microsoft-active-directory-troubleshooting


 

vr, 06/04/2012 - 16:16 — Noel
afbeelding van Noel

wrong admin account

Hi Graveler,

what have you put in  Authentication login field in dokeos configuration interface.

If you open the main/auth/ldap/ldap.conf.php you 'll see that admin_dn is computed as below :

 'admin_dn' => 'CN='.api_get_setting('ldap_authentication_login').','.api_get_setting('ldap_domain'),
 

So if your admin dn is 'CN=admin,dn=...', you just have to put admin in the configuration field.

What did you put in dokeos configuration and what did you put in your other ldap application?

Please note that you can directly edit ldap.conf.php file and put admin_dn directly if you want.

Hope this could help you. If you still have problems post here your admin dn tou've put for dokeos and the one you put in your other ldap application.

 

Noel

di, 10/04/2012 - 15:24 — graveler

Hi,  We use Active Directory

Hi, 

We use Active Directory with LDAP Version is 3 and configuration in authentication field is :

cn=Administrator,cn=Users,dc=ourdomain,dc=local

is there any wrong config ? 

di, 10/04/2012 - 15:53 — graveler

  Well its hardcode and its

 

Well its hardcode and its working, but i think this is not good because we have to change in coding section. 
 
$ldap_config = array(
  //base dommain string
  //'base_dn' => api_get_setting('ldap_domain'),
  'base_dn' => 'dc=ourdomain,dc=local',
  //admin distinguished name
  //'admin_dn' => 'CN='.api_get_setting('ldap_authentication_login').','.api_get_setting('ldap_domain'),
  'admin_dn' => 'CN=Administrator,CN=Users,DC=ourdomain,DC=local',
  //admin password
  //'admin_password' => api_get_setting('ldap_authentication_password'),
  'admin_password' => 'mypassword',
  //ldap host
  //'host' => array(api_get_setting('ldap_main_server_address'), api_get_setting('ldap_replicate_server_address')),
  'host' => '10.150.9.90', '10.150.9.90',
  // filter
  // 'filter' => '', // no () arround the string
  'port' => api_get_setting('ldap_main_server_port'),
  //protocl version (2 or 3)
  //'protocol_version' => api_get_setting('ldap_version'),
  'protocol_version' => '3',
  // set this to 0 to connect to AD server
  'referrals' => 0,
  //String used to search the user in ldap. %username will ber replaced by the username.
  //See ldap_get_user_search_string() function below
  //'user_search' => 'sAMAccountName=%username%',  // (for ACTIVE DIRECTORY) no () arround the string
  //'user_search' => api_get_setting('ldap_search_term').'=%username%',  // no () arround the string
  'user_search' => 'sAMAccountName=%username%',  // no () arround the string
  //encoding used in ldap (most common are UTF-8 and ISO-8859-1
  'encoding' => 'UTF-8',
  //Set to true if user info have to be updated at each login
  'update_userinfo' => true
);
 
and what about tutor identification ? i cant see in the code
 
Tutor identification value
When a check is done on the tutor field given above, this value has to be inside one of the tutor fields sub-elements for the user to be considered as a trainer. If you leave this field blank, the only condition is that the field exists for this LDAP user to be considered as a trainer. As an example, the field could be "memberof" and the value to search for could be "CN=G_TRAINER,OU=Trainer".