View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
ID | Project | Category | View Status | Date Submitted | Last Update | ||||
---|---|---|---|---|---|---|---|---|---|
0000947 | v3.0 Release | [All Projects] General | public | 2011-09-01 10:18 | 2013-08-28 11:25 | ||||
Reporter | gracedman | ||||||||
Assigned To | caseydk | ||||||||
Priority | normal | Severity | major | Reproducibility | always | ||||
Status | closed | Resolution | fixed | ||||||
Product Version | |||||||||
Target Version | Fixed in Version | 3.0.0 | |||||||
Summary | 0000947: LDAP authentication fails if the BINDDN is given as a complete DN | ||||||||
Description | We have a bug in the LDAP code. Edit web2project-2.4/classes/w2p/Authenticators/LDAP.class.php by changing line 53 from: $ldap_bind_dn = 'CN='.$this->ldap_search_user.',OU=users,'.$this->base_dn; to: $ldap_bind_dn = $this->ldap_search_user; I don't know if that is the proper fixed but it worked well enough for us to be able to get our work done. It looks like the logic assumes we are using an MS Active Directory server and that we have only supplied a short name. In our case, we are using RedHat Directory Server and we provide the complete DN of the ldap_search_user. | ||||||||
Tags | No tags attached. | ||||||||
Attached Files |
|
![]() |
|||||||||||||||||||
|
![]() |
|
GrandmaMoses (reporter) 2011-09-07 04:02 |
LDAP login when binding to Active Directory has not worked properly since v2.2. Rather than logging a new bug I'll post my comments here. Please see my forum post at http://forums.web2project.net/viewtopic.php?p=12673#12673. In the posting I've given a complete description of the problem and the errors I get. Many thanks |
fulda (reporter) 2011-09-07 11:06 |
I installed a fresh v2.4 and modified it to bind, but it fails to create the user |
GrandmaMoses (reporter) 2011-09-07 22:31 |
Yes it seems there is an SQL sytax problem when creating a new user or if your password changes. I can bind and login if I upgrade from v2.2 and login with a user already in the W2p DB. Once the password in AD changes then login fails. Error details in my forum post above. Sorry I'm not a programmer so can't help further. |
baturin (reporter) 2011-09-11 04:17 |
I can confirm this bug. The following errors are displayed ERROR: ...classes/w2p/Database/Query.class.php(1121) : query failed(SELECT user_username FROM ((`users` AS users)) WHERE user_id = ) - error was: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 Backtrace: 0 ...classes/w2p/Database/Query.class.php:1121 dprint() 1 ...classes/w2p/Extensions/Permissions.class.php:467 exec() 2 ...classes/w2p/Authenticators/LDAP.class.php:165 insertUserRole() 3 ...classes/w2p/Authenticators/LDAP.class.php:91 createsqluser() 4 ...classes/w2p/Core/CAppUI.class.php:825 authenticate() 5 ...index.php:125 login() ERROR: ...Extensions/Permissions.class.php(469) : Cannot add role, user does not exist! You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 Backtrace: 0 ...classes/w2p/Extensions/Permissions.class.php:469 dprint() 1 ...classes/w2p/Authenticators/LDAP.class.php:165 insertUserRole() 2 ...classes/w2p/Authenticators/LDAP.class.php:91 createsqluser() 3 ...classes/w2p/Core/CAppUI.class.php:825 authenticate() 4 ...index.php:125 login() |
fexadom (reporter) 2011-12-19 08:16 |
I can confirm this bug too. I installed a fresh v2.4 and modified it to bind, but it fails to create the user. I got this error: /classes/w2p/Database/Query.class.php(1121): query failed(SELECT user_username FROM ((`users` AS users)) WHERE user_id = ) - error was: <span style="color:red">You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1</span> |
tulanian (reporter) 2012-01-16 00:48 |
I can confirm this bug, too, and get the same errors listed previously. |
Rocko (reporter) 2012-01-25 11:28 |
Hello I can confirm this bug, too. Please, help us. |
Rocko (reporter) 2012-01-25 12:28 |
Hello The solution is modify, web2project-2.4/classes/w2p/Authenticators/LDAP.class.php function createsqluser changes public function createsqluser($username, $password, $ldap_attribs = array()) { global $AppUI, $db; $hash_pass = MD5($password); if (!count($ldap_attribs) == 0) { // Contact information based on the inetOrgPerson class schema $c = new CContact(); $c->contact_first_name = $ldap_attribs['givenname'][0]; $c->contact_last_name = $ldap_attribs['sn'][0]; $c->contact_city = $ldap_attribs['l'][0]; $c->contact_country = $ldap_attribs['country'][0]; $c->contact_state = $ldap_attribs['st'][0]; $c->contact_zip = $ldap_attribs['postalcode'][0]; $c->contact_job = $ldap_attribs['title'][0]; $c->contact_email = $ldap_attribs['mail'][0]; $c->contact_phone = $ldap_attribs['telephonenumber'][0]; $c->contact_owner = $AppUI->user_id; $c->contact_display_name = $ldap_attribs['displayName']; $c->contact_order_by = $ldap_attribs['displayName']; $c->contact_company = 24; //query to get department ID from W2P database... $q = new w2p_Database_Query; $q->addTable('departments'); $q->addQuery('dept_id'); $q->addWhere('dept_name = "' . $ldap_attribs['department'][0].'";'); if (!$q->exec()) { die($AppUI->_('Failed to get departments')); } else { $dept = $q->fetchRow(); $c->contact_department = $dept['dept_id']; } $q->clear(); $contactArray = array('phone_mobile' => $ldap_attribs['mobile'][0]); $c->setContactMethods($contactArray); $c->store($AppUI); } $contact_id = ($c->contact_id == null) ? 'NULL' : $c->contact_id; $q = new w2p_Database_Query; $q->addTable('users'); $q->addInsert('user_username', $username); $q->addInsert('user_password', $hash_pass); $q->addInsert('user_type', '0'); $q->addInsert('user_contact', $c->contact_id); if (!$q->exec()) { die($AppUI->_('Failed to create user credentials')); } $user_id = $db->Insert_ID(); $this->user_id = $user_id; $q->clear(); $acl = &$AppUI->acl(); $acl->insertUserRole($acl->get_group_id('normal'), $this->user_id); } source: http://forums.web2project.net/viewtopic.php?t=3590&sid=84770cb20530a2e70f8fbc665f240376 |
caseydk (administrator) 2012-08-07 21:09 |
I've removed myself from assignment because I don't use LDAP or have a server to test against to validate these solutions currently.. trying to figure out an interim solution. |
caseydk (administrator) 2012-10-28 20:22 |
If you insert this: $ldap_bind_dn = $this->ldap_search_user; into line 66 of the current development, I *think* this should work. For context, that should be immediately before this line: if ($bindok = ldap_bind($rs, $ldap_bind_dn, $ldap_bind_pw)) { |
GrandmaMoses (reporter) 2012-11-04 10:07 |
I think you've cracked it! You have to insert "$ldap_bind_dn = $this->ldap_search_user;" into line 65 of LDAP.Class.php (current github ver downloaded 04/11/2012. All Working now authenticating against active directory. My settings in lab environment that work: LDAP Base DN --> dc=test,dc=domain,dc=com LDAP Host --> servername, FQDN or IP of domain controller LDAP Port --> 389 LDAP Search User Password --> ******* LDAP Search User --> ldap LDAP User Filter --> sAMAccountName=%USERNAME% LDAP Version --> 3 Full LDAP Connect String --> These settings seem to work irrespective of the container or OU of the LDAP search user or user account being authenticated. Thanks Keith! |
caseydk (administrator) 2012-11-04 17:50 |
Resolved: https://github.com/caseysoftware/web2project/pull/161 |
![]() |
|||
Date Modified | Username | Field | Change |
---|---|---|---|
2011-09-01 10:18 | gracedman | New Issue | |
2011-09-07 04:02 | GrandmaMoses | Note Added: 0002192 | |
2011-09-07 11:06 | fulda | Note Added: 0002193 | |
2011-09-07 22:31 | GrandmaMoses | Note Added: 0002194 | |
2011-09-11 04:17 | baturin | Note Added: 0002198 | |
2011-09-11 20:10 | caseydk | Relationship added | related to 0000932 |
2011-09-27 23:18 | caseydk | Project | v2.4 Release (Closed) => v3.0 Release |
2011-12-19 08:16 | fexadom | Note Added: 0002357 | |
2011-12-19 23:51 | caseydk | Status | new => assigned |
2011-12-19 23:51 | caseydk | Assigned To | => caseydk |
2012-01-16 00:48 | tulanian | Note Added: 0002381 | |
2012-01-25 11:28 | Rocko | Note Added: 0002383 | |
2012-01-25 12:28 | Rocko | Note Added: 0002384 | |
2012-07-29 10:16 | caseydk | Relationship added | has duplicate 0001143 |
2012-08-07 21:08 | caseydk | Assigned To | caseydk => |
2012-08-07 21:09 | caseydk | Note Added: 0002630 | |
2012-08-07 21:09 | caseydk | Status | assigned => acknowledged |
2012-10-28 20:20 | caseydk | Relationship added | has duplicate 0001110 |
2012-10-28 20:22 | caseydk | Note Added: 0002675 | |
2012-10-28 20:22 | caseydk | Status | acknowledged => feedback |
2012-11-04 10:07 | GrandmaMoses | Note Added: 0002689 | |
2012-11-04 17:50 | caseydk | Note Added: 0002693 | |
2012-11-04 17:50 | caseydk | Status | feedback => resolved |
2012-11-04 17:50 | caseydk | Resolution | open => fixed |
2012-11-04 17:50 | caseydk | Assigned To | => caseydk |
2013-08-28 11:14 | caseydk | Fixed in Version | => 3.0.0 |
2013-08-28 11:25 | caseydk | Status | resolved => closed |