Lee Brophy posted this some weeks ago on the Xerte mailing-list. Perhaps this will solve your issues too.
Hello all,
Apologies if this has been brought up before (I certainly couldn’t find it in the archives), but I thought it may be useful to share a simple solution I have come across for those using LDAP authentication in Xerte, specifically V2.0 in my case but applicable for other versions I suspect. For those who want to skip to the solution (in red below) this fix will allow you to authenticate with AD by specifying the root DN as opposed to a specific OU.
We are running Xerte 2.0 under XAMPP in Windows 2008 and I have spent days trying to resolve the issue of authenticating against multiple OU’s within AD. Setting up authentication for a single OU worked a treat from the off, however adding a second “base_dn” to search just would not behave as I thought it should as any users contained within the secondary OU simply couldn’t log in (failed at the last stage with error "Issue connecting to ldap server (#4) : No entries found ").
I tried various configurations and edited the database manually, which got me a little further than using the $$$ delimiters in the management interface. I also tried a little code hacking to output the parameters being pulled from the database by the PHP code and all seemed fine, but still no joy, so I took the plunge and decided to read the LDAP section of the PHP manual!
Within about 10 minutes of searching through the PHP manual I came across the following page;
php.net/manual/en/function.ldap-search.php
If you search the above page for “ldap referrals” you should find a post relating to these ldap referrals, which are what prevent successful AD searches from the root DN of the domain, you will also find the code to turn these off.
HERE’S THE SOLUTION!
For me personally the fix was as follows;
Set up ldap through the xerte management page (should be pretty straight forward) or edit the ldap table in phpMyAdmin by following the “ldap” document in “%installdir%\xertetoolkits_2.0\documentation\”
For “base_dn” specify your AD root DN e.g. “DN=MyDomain,DN=com”
Next you need to edit the “Ldap.php” file contained within “%installdir%\xertetoolkits_2.0\library\Xerte\Authentication\” and add the following line
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
I have added it near to the top of the file, but within the php tags so mine looks like this;
<?php
/**
* For this to work, you'll need to have at least one entry in the XOT 'ldap' table. Example values (which work for me) are below :
*
* ldap_host = localhost
* ldap_port = 389
* ldap_username = cn=admin,dc=blah,dc=com
* ldap_password = <plain text password which you can connect to ldap with>
* ldap_basedn = ou=xot,dc=blah,dc=com -- this is where in the LDAP tree your XOT stuff lives.
* ldap_filter = cn - field we try to do a match for the end user's username on.
* ldap_filter_attr = uid
*
*
*/
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
etc…
Other than this the file stays the same. I am now able to authenticate using LDAP for a user regardless of their account location in AD and there is no need for multiple entries in the LDAP table.
Hopefully this will be of use to somebody, I know it has caused me somewhat of a headache!
Apologies for the essay!
Regards
Lee
Lee Brophy
Network Technician
