Description
Clean install of stable 1.11.4 version on centos7 using MariaDB in an Active Directory Environment. on server 2012R2
Followed the procedure under /main/admin/settings.php?category=LDAP
After a bit of trial and error i got the following working config in auth.conf.php:
$extldap_config = array(
'base_dn' => 'OU=Company,DC=Company,DC=local', //base dommain string
'admin_dn' => 'Domain\Chamilo', //admin distinguished name
'admin_password' => 'undisclosed', //admin password
'host' => array('10.0.0.1'), //ldap hosts
// 'filter' => '', // no () arround the string
'port' => 389,
'protocol_version' => 3, //protocl version (2 or 3)
'referrals' => 0, // set this to 0 to connect to AD server
//String used to search the user in ldap. %username will ber replaced by the username.
'user_search' => 'sAMAccountName=%username%', // no () arround the string. See extldap_get_user_search_string() function below
'encoding' => 'UTF-8', //encoding used in ldap (most common are UTF-8 and ISO-8859-1
'update_userinfo' => false //Set to true if user info have to be update at each login
);
$extldap_user_correspondance = array(
'firstname' => 'givenname',
'lastname' => 'sn',
'status' => 'func',
'admin' => 'func',
'email' => 'mail',
'auth_source' => '!extldap',
'username' => 'samaccountname',
'language' => '!english',
//'password' => '!PLACEHOLDER',
'extra' => array(
'title' => 'employeeid',
'globalid' => 'employeeid',
'department' => 'company',
'country' => 'c',
'bu' => 'employeeid')
);
The 'port' line may NOT BE commented out. It throws an error...
Also uncommented the lines in configuration.php
$extAuthSource["extldap"]["login"] = $_configuration['root_sys']."main/auth/external_login/login.ldap.php";
$extAuthSource["extldap"]["newUser"] = $_configuration['root_sys']."main/auth/external_login/newUser.ldap.php";
After this i could still not login as an AD user, so i tried importing an ldap user via
/main/admin/ldap_users_list.php
This worked. I suppose it is not necessary to import all AD users by forehand in order to allow them to login using their AD account ? I thought that when no user was found, it would run authenticate against the ldap server and use the newUser.ldap.php script to create the user in chamilo?
After importing a user, i could still not login using AD, so i started debugging the local.inc.php script.
i put this in the script to see what was going on:
echo "<pre>";print_r($extAuthSource);print_r($uData);exit(1);
Array
(
[extldap] => Array
(
[login] => /var/www/html/main/auth/external_login/login.ldap.php
[newUser] => /var/www/html/main/auth/external_login/newUser.ldap.php
)
)
Array
(
[user_id] => 4
[username] => MyUserName
[password] => $2y$04$rcljczO0Pmsl8AdM.ProFetS8E/QGzpzYOdH/hedFN1qBnTfnc.ue
[auth_source] => ldap
[active] => 1
[expiration_date] => 2027-06-10 06:51:24
[status] => 5
[salt] => 3d3b3fd6bfbe0a9dbc291ac2d2ac8042a985e3d2
)
On line 500 of local.inc.php it says
} elseif (!empty($extAuthSource[$uData['auth_source']]['login'])
&& file_exists($extAuthSource[$uData['auth_source']]['login'])
) {
This is where the ldap should start ?....
If i use the echoed variables i get
$extAuthSource['ldap']['login']
instead of
$extAuthSource['extldap']['login']
??
How could i solve this ?
Thx.