LDAP plugin changes [message #161976] |
Tue, 02 March 2010 23:12 |
wsaxon
Messages: 3 Registered: March 2010
Karma:
|
Junior Member |
|
|
Hello,
Apologies in advance if this has already been addressed.
I just tried to use FUDforum 3.0 with the LDAP plugin against a Windows 2003 Active Directory. It does not work out of the box.
I identified two problems:
1. The plugin does not use the LDAP_UID ini parameter when checking the login variable against the LDAP results - it assumes the attribute is 'uid', which is not usually valid for Active Directory LDAP servers.
2. Case sensitivity is a problem in two places.
First, ldap_get_entries makes all the array keys lowercase, so if 'uid' is replaced with $ini['LDAP_UID'] as suggested above, and $ini['LDAP_UID'] is not all lowercase, it wont work.
Second, while Windows is case insensitive, Active Directory stores case in the account name. So if someone's account is set up as 'UserName', they won't be able to log in as 'username'. I don't think this is FUDforum's problem, but it would be nice if FUDforum offered an option to treat login names as case insensitive.
I have attached a diff of changes I made to address the above on my installation.
|
|
|