The other answer didn't work for me. my problem was apparently different.
My company stores its LDAP dn as:
CN=Last, First,OU=Users,OU=Boston,DC=mycompany,DC=com
I want people to login with their unix login accounts, but that won't work because the unix login does not appear in the LDAP search string (where USERNAME would be replaced)
However you don't need the dn to bind. You can ldap_bind with "mylogin@mycompany.com" However in order to ldap_search, you need the real dn.
So here's my solution:
- Select Generic LDAP server
- Set the Generic LDAP search string to "USERNAME@mycompany.com" which will get us past the ldap_bind
- add some code to the bindToLDAP function in qa-plugin/qa-ldap-login/GenericLDAPServer.php that will find the dn from the samaccoutnname whic is needed for the ldap_search
public function bindToLDAP($user,$pass) {
$ldap_search_strings = explode('/', qa_opt('ldap_login_generic_search'));
foreach ($ldap_search_strings as &$search_post) {
// check whether the search string contains USERNAME
if ( strpos($search_post, 'USERNAME') !== false ) {
$this->dn = str_replace("USERNAME", $user, $search_post);
// Check if it authenticates
error_reporting(E_ALL^ E_WARNING);
$bind = ldap_bind($this->con,$this->dn, $pass);
error_reporting(E_ALL);
//we have to preserve the username entered if auth was succesfull
if($bind) {
// get the real dn
$filter = "(samaccountname=$user)";
$dn = 'DC=mycompany,DC=com';
$res = ldap_search($this->con, $dn, $filter, array());
$first = ldap_first_entry($this->con, $res);
$this->dn = ldap_get_dn($this->con, $first);
// end get real dn
$this->authenticatedUser = $user;
return $bind;
}
}
}
return false;
}
|