Welcome, Guest. Please login or register.

Author Topic: 2nd basedn for LDAP  (Read 1631 times)

ascii

  • Jr. Member
  • **
  • Posts: 68
    • View Profile
2nd basedn for LDAP
« on: January 18, 2013, 08:27:22 AM »
Hello together,

i needed to modify the config and libldap.php a little bit.
in our LDAP structure there are internal and external Users. I can't change these because I'm not an AD admin.
so i added a couple lines to the LDAP function. Since i'm not really a programmer it is probably a very quick&dirty solution

in nedi.conf add:
Code: [Select]
ldapsrvext       ou=user,ou=Extranet,o=base,c=DEldapsrvext is the varibale used in libldap.php

in html/inc/libldap.php i changed the function ldapFindDn
Code: [Select]
/** Find User dn
 *
 * @param   $login  dn of the user to find
*/
function ldapFindDn($login) {
        global $ldapsrv, $user_dn, $ldapmap;

        //Connect to the directory
        $ds = connect_ldap($ldapsrv[0], $ldapsrv[1], $ldapsrv[4], $ldapsrv[2], 0,0);
        if ($ds) {
                //Get the user's dn
                $user_dn = ldap_search_user_dn($ds, $ldapsrv[3], $ldapsrv[5], stripslashes($login), '');
                $user_dnext = ldap_search_user_dn($ds, $ldapsrvext[0], $ldapsrv[5], stripslashes($login), '');
                if ($user_dn) {
                        if ((getFromLDAP($ds, $user_dn, addslashes($login))) and (getldapusersgroups($ds, $user_dn, addslashes($login)))) {
                                return true;
                        } else {
                                if ((getFromLDAP($ds, $user_dnext, addslashes($login))) and (getldapusersgroups($ds, $user_dnext, addslashes($login)))) {
                                        $user_dn = $user_dnext;
                                        return true;
                                } else {
                                        return false;
                                }
                                // return false;
                        }
                }
        } else {
                return false;
        }
}

maybe same of you are looking for such a feature