>> And also your whole LDAP configurations
$conf['auth']['ldap']['server'] = 'ldap://servername.domain:389';
$conf['auth']['ldap']['usertree'] = 'ou=aic, ou=People, dc=ai';
$conf['auth']['ldap']['grouptree'] = 'ou=Groups, dc=ai';
$conf['auth']['ldap']['userfilter'] = '(&(uid=%{user})(objectClass=posixAccount))';
$conf['auth']['ldap']['groupfilter'] = '(&(objectClass=posixGroup)(memberUid=%{user}))';
$conf['auth']['ldap']['version'] = '3';
$conf['auth']['ldap']['debug'] = '1';
Anonymous bind is possible:
LDAP user search: Success [ldap.class.php:182]
LDAP search at: ou=aic, ou=People, dc=ai (&(uid=fischer)(objectClass=posixAccount)) [ldap.class.php:183]
LDAP group search: Success [ldap.class.php:229]
LDAP search at: ou=Groups, dc=ai (&(objectClass=posixGroup)(memberUid=fischer)) [ldap.class.php:230]
LDAP usergroup: Administrators [ldap.class.php:242]
LDAP usergroup: domusers [ldap.class.php:242]
LDAP usergroup: domadmin [ldap.class.php:242]
LDAP usergroup: poweruser [ldap.class.php:242]
LDAP usergroup: src [ldap.class.php:242]
LDAP usergroup: lpadmin [ldap.class.php:242]
LDAP usergroup: aistaff [ldap.class.php:242]
LDAP usergroup: officeadmin [ldap.class.php:242]
LDAP usergroup: plugdev [ldap.class.php:242]
LDAP usergroup: audio [ldap.class.php:242]
LDAP usergroup: floppy [ldap.class.php:242]
LDAP usergroup: cdrom [ldap.class.php:242]
LDAP usergroup: @wiki [ldap.class.php:242]
Those are my correct user groups. But until storing the cookie it seems that - as Josef points out - the information "gets lost".
You are currently logged in as fischer (fischer)
You are part of the groups
Your current permission for this page is 255
The current page is not writable by the webserver
The current page is writable by you
(That's the output on the same page!
If I understand Josef right:
- The first time getUserData is called, is in function checkPass($user,$pass){ in inc/auth/ldap.class.php
- The second time it _should_ be called in function auth_setCookie($user,$pass,$sticky) { inc/auth.php
So, just dug a little deeper: The fist time getUserData gets a lot of entries from $result = @ldap_get_entries($this->con, $sr); The second time not.
What is the difference? If I print_r out the $auth object,
First time:
auth_ldap Object
(
[cnf] => Array
(
[server] =>
ldap://xmassi.ai.wu.ac.at:389
[usertree] => ou=aic, ou=People, dc=ai
[grouptree] => ou=Groups, dc=ai
[userfilter] => (&(uid=%{user})(objectClass=posixAccount))
[groupfilter] => (&(objectClass=posixGroup)(memberUid=%{user}))
[version] => 3
[debug] => 1
[groupkey] => cn
[userscope] => sub
[groupscope] => sub
)
[con] => Resource id #48
[bound] => 0
[success] => 1
[cando] => Array
(
[addUser] =>
[delUser] =>
[modLogin] =>
[modPass] =>
[modName] =>
[modMail] =>
[modGroups] =>
[getUsers] =>
[getUserCount] =>
[getGroups] =>
[external] =>
[logout] => 1
)
[canDo] => Array
(
[getUsers] => 1
)
)
Second time:
auth_ldap Object
(
[cnf] => Array
(
[server] =>
ldap://xmassi.ai.wu.ac.at:389
[usertree] => ou=aic, ou=People, dc=ai
[grouptree] => ou=Groups, dc=ai
[userfilter] => (&(uid=%{user})(objectClass=posixAccount))
[groupfilter] => (&(objectClass=posixGroup)(memberUid=%{user}))
[version] => 3
[debug] => 1
[groupkey] => cn
[userscope] => sub
[groupscope] => sub
)
[con] => Resource id #48
[bound] => 1
[success] => 1
[cando] => Array
(
[addUser] =>
[delUser] =>
[modLogin] =>
[modPass] =>
[modName] =>
[modMail] =>
[modGroups] =>
[getUsers] =>
[getUserCount] =>
[getGroups] =>
[external] =>
[logout] => 1
)
[canDo] => Array
(
[getUsers] => 1
)
)
Difference? [bound] being 1 in the second case, but it does not make any difference if I change it manually. So that is probably not the problem.
Is the connection gone or something the second time?
The second time it consistently returns false at
// Don't accept more or less than one response
if(!is_array($result) || $result['count'] != 1){
return false; //user not found
}
$result as return value of ldap_get_entries is first time:
Array
(
[count] => 1
[0] => Array
(
[objectclass] => Array
(
[count] => 7
[0] => top
[1] => person
[2] => organizationalPerson
[3] => inetOrgPerson
[4] => posixAccount
[5] => shadowAccount
[6] => sambaSamAccount
)
[0] => objectclass
[cn] => Array
(
[count] => 1
[0] => rmf
)
[1] => cn
[sn] => Array
(
[count] => 1
[0] => rmf
)
[2] => sn
[givenname] => Array
(
[count] => 1
[0] => rmf
)
[3] => givenname
[uid] => Array
(
[count] => 1
[0] => rmf
)
[4] => uid
[uidnumber] => Array
(
[count] => 1
[0] => 5592
)
[5] => uidnumber
[gidnumber] => Array
(
[count] => 1
[0] => 513
)
[6] => gidnumber
[homedirectory] => Array
(
[count] => 1
[0] =>
)
[7] => homedirectory
[loginshell] => Array
(
[count] => 1
[0] => /bin/bash
)
[8] => loginshell
[gecos] => Array
(
[count] => 1
[0] => Reinhard Test
)
[9] => gecos
[sambalogontime] => Array
(
[count] => 1
[0] => 0
)
[10] => sambalogontime
[sambalogofftime] => Array
(
[count] => 1
[0] => 2147483647
)
[11] => sambalogofftime
[sambakickofftime] => Array
(
[count] => 1
[0] => 2147483647
)
[12] => sambakickofftime
[sambapwdcanchange] => Array
(
[count] => 1
[0] => 0
)
[13] => sambapwdcanchange
[displayname] => Array
(
[count] => 1
[0] => rmf
)
[14] => displayname
[sambasid] => Array
(
[count] => 1
[0] =>
)
[15] => sambasid
[sambaprimarygroupsid] => Array
(
[count] => 1
[0] =>
)
[16] => sambaprimarygroupsid
[sambalogonscript] => Array
(
[count] => 1
[0] => rmf.cmd
)
[17] => sambalogonscript
[sambaprofilepath] => Array
(
[count] => 1
[0] =>
)
[18] => sambaprofilepath
[sambahomepath] => Array
(
[count] => 1
[0] =>
)
[19] => sambahomepath
[sambahomedrive] => Array
(
[count] => 1
[0] => H:
)
[20] => sambahomedrive
[sambaacctflags] => Array
(
[count] => 1
[0] => [U]
)
[21] => sambaacctflags
[sambapwdlastset] => Array
(
[count] => 1
[0] => 1326283814
)
[22] => sambapwdlastset
[sambapwdmustchange] => Array
(
[count] => 1
[0] => 1452427814
)
[23] => sambapwdmustchange
[shadowlastchange] => Array
(
[count] => 1
[0] => 15350
)
[24] => shadowlastchange
[shadowmax] => Array
(
[count] => 1
[0] => 1460
)
[25] => shadowmax
[count] => 26
[dn] => uid=rmf,ou=aic,ou=People,dc=ai
)
)
Second time:
Array
(
[count] => 0
)
So the problem must be somewhere in getUserData and the functions called there?