Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Plugin seems to be ignored #9

Open
branhendricks opened this issue Feb 3, 2016 · 8 comments
Open

Plugin seems to be ignored #9

branhendricks opened this issue Feb 3, 2016 · 8 comments

Comments

@branhendricks
Copy link

I have YOURLS 1.7.1 installed along with the latest version of the plugin. We are using Active Directory as our LDAP server. I have the info in config.php the same as we used on other AD related systems. When attempting to login with AD credentials I get invalid username or password, but am successful if I use the password that was entered in config.php. (I also tried removing the user all together from config.php, but it made no difference.)
@dave-lang
Copy link
Contributor

I haven't upgraded to 1.7.1, but from the changelog there doesn't seem to be anything that would break this plugin. You've definitely activated the plugin via the Manage Plugins screen?

If it's dieing for some reason it should output to the PHP log, I'd start with that, then add in some debugging output to make sure it's actually opening a connection

@branhendricks
Copy link
Author

I started doing some output debugging. So far, it looks like the search user name and pass are not optional but required. The search function called further down cannot search unless the connection is bound to a user account.

@branhendricks
Copy link
Author

I'm going to try to bind on the user credentials attempting to login rather than the search user. I'm just wondering if this could possibly create some security issue since the plugin wasn't written this way in the first place.

@dave-lang
Copy link
Contributor

Off the top of my head I wouldn't think so - but I haven't looked over the code recently.

I've tested it with using anonymous binding before though, and it has worked. Might be your LDAP/AD setup requires a user account to bind?

@branhendricks
Copy link
Author

Probably is the case of AD requiring a login first. I did get it to work using the method I mentioned. I can share the code if desired.

@k3a
Copy link
Collaborator

k3a commented Feb 12, 2016

Yes, share please. It may help others.

On February 11, 2016 11:35:10 AM PST, BrandonH-LSUHSC notifications@github.com wrote:

Probably is the case of AD requiring a login first. I did get it to
work using the method I mentioned. I can share the code if desired.

Reply to this email directly or view it on GitHub:
#9 (comment)

@jorrit
Copy link
Contributor

jorrit commented Jul 15, 2016

In my experience, the following things have to be changed for Active Directory:

  • ldap_set_option($ldapConnection, LDAP_OPT_REFERRALS, 0); needs to be added
  • The code should try to bind as the logging in user before searching if LDAPAUTH_SEARCH_USER is not set. However, this needs to be changed such that a prefix or suffix can be added.
  • I use the field sAMAccountName to get the user name. In the $searchResult array this key is lowercased, so it should be lowercased when looking it up in $searchResult.

Wikimedia has an LDAP plugin that works: https://www.mediawiki.org/wiki/Extension:LDAP_Authentication

@jorrit
Copy link
Contributor

jorrit commented Jul 15, 2016
edited
Loading

Also, the following change is necessary:

if (!$searchResult) return $value; -> if (empty($searchResult)) return $value; in case there are no results for the search.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@dave-lang @jorrit @k3a @branhendricks