LDAP Plugin with openLDAP
The issue is with this bit of the query syntax.
We are doing an or between ‘(name=dsp)’ ad ‘)’ There is a missing parameter the other part of the or test or there is an extra ‘)’ in that syntax. I really need to count opening and closing parentheses here, but my gut feeling is its wrong. As well as the ‘memberuid=uid=dsptest’ test. I haven’t had time to see what changed in the ldap auth module but I’m a bit surprised that it authenticates AD since AD is really picky on the query syntax.
I’m pretty sure when Tom was debugging my code he was testing against an OpenLDAP server in his dev environment.
You can see the code in /var/www/[html/]fog/lib/plugin/ldap/class/ldap.class.php
functions: authLDAP() and _getAccessLevel()
The connection to the openLDAP server works fine but the problem is when the script try to know if the user belong to the admin group.
Well, I am seeing the code and the problem is that the value of $accessLevel variable is 0. The possible values of this variable is:
* Sets our default accessLevel to 0. * 0 = fail * 1 = mobile * 2 = admin
If dsp user is in the admin group then the script returns 2.
This variable changes his value when the code calls to _getAccessLevel($grpMemAttr, $userDN) function, I can suppose that the values of $grpMemAttr and $userDN are:
$grpMemAttr = memberuid
$userDN = uid=dsptest,ou=Users,dc=example,dc=com
With this, the code returns 0 result because the user is not in the admin group or not find nothing with the filter:
(&(|(name=dsp))(memberuid=uid=dsptest,ou=Users,dc=example,dc=com)); Result: 0
As you don’t have setup the mobile group the next filter:
(&(|(name=))(memberuid=uid=dsptest,ou=Users,dc=example,dc=com)); Result: 0
Then the code returns $accessLevel = 0. if the user is not in the admin group or in the mobile group then the user don’t have access.
@Fernando-Gietz knows the LDAP plugin best!