Error with Openldap

[intropedro]

I dont can use openldap with adLDAP:

$adldap = new LDAP\adLDAP\adLDAP( array( 'base_dn' => 'o=mycompany,dc=es', 'account_suffix' => '', 'domain_controllers' => array('192.168.0.1') ) ); $adldap->authenticate($username, $passwordClear);

The error is: Invalid DN syntax

My user in ldap:

dn: uid=usertest,ou=mycompany,dc=es objectClass: top objectClass: posixAccount objectClass: shadowAccount objectClass: inetOrgPerson objectClass: person givenName: Name1 sn: Name1 displayName: Name1 userPassword: cn: Name1 mobile: 4444444 gecos: Name1 homePhone: 4444444 uid: mariomv uidNumber: 50 gidNumber: 50 homeDirectory: /home/usertest st: XXXX l: XXX postalCode: 50000 mail: usertest@mycompany.com description: XXXXX

And I put the password this:

$ ldappasswd -Wx -D "cn=root,dc=es" -H ldap://localhost -S "uid=usertest,ou=mycompany,dc=es"

[ChadSikorra]

Well...it is called adLDAP for a reason ;) The issue is likely that the domain name is being tacked on to the username when you authenticate. This is often a sensible thing for the library to do, but it doesn't always fit everyone's use case (such as this).

A way to solve this would be to add a configurable setting like bind_format that can be set in the library. Then that option could accept a parameter setting like %username% and %domainname%. So the default value of bind_format could be %username%@%domainname% (which is essentially what it does now) but this would still allow people to set it to whatever they choose. Such as simply %username% or CN=%username%,OU=Employees,DC=test,DC=local or other such variations.

I recently implemented that solution in a separate library and it seems to work great. Hesitant to submit a PR here as I'm not sure that this library is being actively maintained anymore...?

[strebl]

@ChadSikorra Read through our discussion at https://github.com/adldap/adLDAP/issues/69. There will be a maintained library soon: https://github.com/stevebauman/adldap-fork

[ChadSikorra]

@strebl Thanks for the heads-up. I thought I saw that somewhere else too. It's a nice step in the right direction. To be honest, I don't use this library anymore for new projects. But I still have it lingering in some old stuff. But with so much code cleanup needed in this library, and the complete lack of tests, I stopped trying to fix it and just wrote my own library: https://github.com/ldaptools/ldaptools