Hi,trying to activate LDAP authentication. settings configured… but only ldap code i see is in the cfg file:// Global LDAP object
$Ldap = NULL;are there any particular files that need to be re-generated
i did login & ewcfg14…
You need to enter your LDAP info to the advanced settings, see help file topic Tools > Advanced Settings and find “LDAP”. Also read help file topic "Server Events and client Scripts’, also find “LDAP”.You also need to regenerate the phpfn14.php as the cLdap class is in the phpfn14.php.
Make sure you have already defined all the LDAP items setting from “Tools” → “Advanced Settings”. Search for “LDAP” word, then define your own settings, afterwards regenerate ALL the script files again.
the ldap code is now included in the phpfn14 file.Questions:why is the User_CustomValidate function included in the phpfn14 file, will your custom code not get overwritten, I don’t see anywhere else to include code if neededwhere is the: Ldap_Validated function() ?so what exactly is the sequence of login events:
- LDAP Validation
- Local Table Validation
what i want to do is to keep the pwd’s synced so in the event the AD/LDAP servers are DOA, the user can still login, i was thinking of auto-updating the user pwd in the table once authenticated.where are you to set the bindings, as it stands, I an’t authenticate to the AD…
do we not need to set the:
Bind Attribute,
Login Attribute,
and
authentication account to use?
are these to be set in the ldap options string
Read the explanation for User_CustomValidate and Ldap_Validated in “Server Events and Client Events” in the help file first. Also read the descriptions about the LDAP settings under Tools → Advanced Settings in the help file.If you use LDAP validation, the user table does not need password (although the password field is still required). The user table is used to store the user’s User ID and User Level for Advanced Security.To explain the LDAP settings in Advanced Settings, please post an example settings on how to login your system (including the host, port, distinguished name for login, password, etc.)
thanks, but i’m still unable to connect…
I tested the $DN variable options, with an ldap client along with the Server IP and ports… all tested and connected successfully, but only if I connected with the domain admin account. I tried anonymous and a regular user account and they both failed, so it appears that I will need to use a admin domain account to connect the the AD first, then authenticate the user.i’m just not sure where to set the account to connect to the AD to make the successful connection. is it in the __construct options that I need to set the authorized account able to connect to the AD ?in the Bind function, it is passing the user info attempting to authenticate – resulting in failures…for testing
I changed the bind parameters as a test to:$this->_bind = ldap_bind($this->Conn, “administrator_username”, “administrator_password”);and it connected successfully. but as expected, its authenticating everything successfully because of the hardcoded admin account.thanks,
Webmaster wrote:
To explain the LDAP settings in Advanced Settings, please post an example settings on how to login your system (including the host, port, distinguished name for login, password, etc.)Without a correct distinguished name to identify the user, your LDAP server cannot log you in. You need to find out what your LDAP server accepts first, e.g. some login credentials you used for other LDAP clients. You can continue to test your system until you find out the credentails that pass ldap_bind().
ok thanks, finally got the correct sequence… (needed the domain prefix and removed all the OU’s)didn’t need an containers or other items in the $DN string, the following worked to connect to a windows 2016 Server:In the LDAP distinguished name settings in the advanced tab:YOUR_DOMAIN_NAME{username}
ex:
phpmaker{username}
Can you please help for Windows authentication settings? i tried but no luck