designbyfront / LDAP-Authentication-for-ExpressionEngine

An ExpressionEngine Extension that allows the authentication of users via LDAP. LDAP details are copied to the EE database before standard MySQL authentication is performed. If user is not found on LDAP, MySQL authentication will still be performed (useful for EE users not in LDAP)
http://www.designbyfront.com
30 stars 16 forks source link

ldap_search Operations Error #14

Open leffj003 opened 12 years ago

leffj003 commented 12 years ago

I'm having a bit of trouble with this extension.

After installing the extension and enabling it, I get the following error message when a user attempts to login:

A PHP Error was encountered Severity: Warning Message: ldap_search() [function.ldap-search]: Search: Operations error Filename: nce_ldap/ext.nce_ldap.php Line Number: 332

I have verified that all LDAP settings are correct and that the server is working. Thanks!

ElusiveMind commented 12 years ago

I had this problem too. Are you trying to connect to MS Active Directory? If so, then that is your problem. I just recently modified this to patch the problem with newer versions of EE and add an option for Active Directory. If you need the code, let me know. I'm trying to contact the author to contribute back my work so it gets into GIT.

leffj003 commented 12 years ago

Yes we are using AD. That would be great if you could provide the code. Out of curiosity, what was the underlying issue?

Jeremy Leff IT Specialist/Webmaster Auburn University College of Business 210 Lowder Business Building Auburn University, AL 36849 Jeremy.Leff@auburn.edu

-----Original Message----- From: Michael R. Bagnall [mailto:reply@reply.github.com] Sent: Tuesday, June 19, 2012 8:53 AM To: leffj003 Subject: Re: [LDAP-Authentication-for-ExpressionEngine] ldap_search Operations Error (#14)

I had this problem too. Are you trying to connect to MS Active Directory? If so, then that is your problem. I just recently modified this to patch the problem with newer versions of EE and add an option for Active Directory. If you need the code, let me know. I'm trying to contact the author to contribute back my work so it gets into GIT.


Reply to this email directly or view it on GitHub: https://github.com/designbyfront/LDAP-Authentication-for-ExpressionEngine/issues/14#issuecomment-6425251

ElusiveMind commented 12 years ago

PHP has a few LDAP options which in their default states are not compatible with active directory. These need to be modified before PHP LDAP will connect. I have attached the module with an Active Directory setting. The lines of code int he extension are 386-389:

if ($this->settings['is_active_directory'] === 'yes') {
  ldap_set_option($conn, LDAP_OPT_REFERRALS, 0);
  ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);
}

That fixes the problem when the extensions sets up the connection to LDAP.

I've spent the last week working on this with the client. Finally able to figure it out using Google.

Also of note… I could not get this to work with Anonymous Binding. I still do not know if this is a module/PHP issue or on the client's Active Directory server. But it is untested with Anonymous Binding.

I'm emailing you the code now.

allnyguy commented 10 years ago

Where would this go within the ext.nce_ldap.php file??? i am having issues and this could possibly fix it, but i am not sure where in the code it would need to go... any help would be appreciated

ElusiveMind commented 10 years ago

This was a long time ago. I may need to review it a bit.

allnyguy commented 10 years ago

any help you could give would be appreciated

This was in the post: Just trying to figure out where it would need to be placed in the code... i am a novice when it comes to php and not sure exactly where it should go... thanks if you can remember...

if ($this->settings['is_active_directory'] === 'yes') { ldap_set_option($conn, LDAP_OPT_REFERRALS, 0); ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3); }

On Wed, Mar 26, 2014 at 11:49 AM, Michael R. Bagnall < notifications@github.com> wrote:

This was a long time ago. I may need to review it a bit.

Reply to this email directly or view it on GitHubhttps://github.com/designbyfront/LDAP-Authentication-for-ExpressionEngine/issues/14#issuecomment-38700565 .

allnyguy commented 10 years ago

nothing clicked yet??? lol

just curious... had some of our developers here looking over the code and what you posted and they made what they thought were modifications that would work... but still running into some issues. Weird thing is that it seems to bind, but cannot look-up any users, constantly returning incorrect username/password... EXCEPT for one, system user that we have... that one connects and creates a user with no problem?!?!?! crazy!

thanks again

On Wed, Mar 26, 2014 at 11:50 AM, allnyguy allnyguy@gmail.com wrote:

any help you could give would be appreciated

This was in the post: Just trying to figure out where it would need to be placed in the code... i am a novice when it comes to php and not sure exactly where it should go... thanks if you can remember...

if ($this->settings['is_active_directory'] === 'yes') { ldap_set_option($conn, LDAP_OPT_REFERRALS, 0); ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3); }

On Wed, Mar 26, 2014 at 11:49 AM, Michael R. Bagnall < notifications@github.com> wrote:

This was a long time ago. I may need to review it a bit.

Reply to this email directly or view it on GitHubhttps://github.com/designbyfront/LDAP-Authentication-for-ExpressionEngine/issues/14#issuecomment-38700565 .

allnyguy commented 10 years ago

hey... i think i figured it out and am getting some authentication/population of users now.. thanks for your help and at responding... my weird issue and i think it is just an AD issue on our side is certain users, like i said above, are not authenticating and i am thinking it is because of the amount of groups they belong to and their default cn that is being transmitted... it might be larger than can be handled... i think the max is 255 characters. users with no AD groups, authenticate fine and get created with no issues... weird.