Test of your LDAP configuration

ERROR: Please provide a valid login in testldap.php.

' . PHP_EOL; } else { if ($configFileExists && $dBFileExists) { if (extension_loaded('ldap')) { include $pathConfigFile; try { if ($config['ldap_enabled'] == FALSE) { echo 'WARNING: LDAP is disabled into Jorani configuration file.
' . PHP_EOL; } $ldapUrl = 'ldap://' . $config['ldap_host'] . ':' . $config['ldap_port'] . '/'; $handle = @ldap_connect($ldapUrl); if ($handle == FALSE) { //This is tricky because LDAP 2.x.x will always return a resource id, next call might fail echo 'ERROR: Impossible to connect to LDAP server.
' . PHP_EOL; } //Protocol v3 is mandatory, because we might use Microsoft AD ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7); ldap_set_option($handle, LDAP_OPT_PROTOCOL_VERSION, 3); $basedn = ""; if ($config['ldap_basedn_db'] == TRUE) { echo 'INFO: Using BaseDN defined into database.
' . PHP_EOL; include $pathDbFile; $dbConn = new mysqli($db['default']['hostname'], $db['default']['username'], $db['default']['password']); $dbConn->select_db($db['default']['database']); $sql = "SELECT ldap_path FROM users WHERE login = ?"; $stmt = $dbConn->prepare($sql); $stmt->bind_param('s', $login); $login = LDAP_LOGIN; $stmt->execute(); $res = $stmt->get_result(); $row = $res->fetch_assoc(); if (count($row) == 0) { echo 'ERROR: The user wasn\'t found into Jorani\'s database.
' . PHP_EOL; } else { $basedn = $row['ldap_path']; if ($basedn == "") { echo 'ERROR: The baseDN from DB is empty.
' . PHP_EOL; } } } else { echo 'INFO: Using BaseDN defined into configuration file.
' . PHP_EOL; $basedn = sprintf($config['ldap_basedn'], LDAP_LOGIN); } //Try to search for user if ($basedn != "") { $bind = @ldap_bind($handle, $basedn, LDAP_PASSWORD); if (!$bind) { echo 'ERROR:Binding to LDAP. Message = ' . ldap_error($handle) . '
' . PHP_EOL; } else { echo 'INFO: Connection is successful.
' . PHP_EOL; } } ldap_close($handle); } catch (Exception $e) { echo 'ERROR: Unexpected error.
' . PHP_EOL; $text = $e->getMessage(); $text = iconv(mb_detect_encoding($text, mb_detect_order(), true), "UTF-8", $text); echo $text . PHP_EOL; } } else { echo '

ERROR: PHP LDAP extension is not loaded.

' . PHP_EOL; } } else { echo '

ERROR: The configuration files were not found.

' . PHP_EOL; } } ?>

Troubleshooting

In case of error, here are some additional steps:

Whether you are using LDAP or Microsoft Active Directory, the users must be created into Jorani (of course, we'll not use the password stored into DB).
If you are using Microsoft Active Directory, you must enable LDAP v3 protocol.
Check the configuration with your IT Admin team. Ask them about the pattern to be used for binding to LDAP.
The LDAP port may be blocked by your organization/server's security policy (or firewall).
When running SELinux, the webserver is blocked by default (it cannot open a network connection). Please consider unblocking it:
```
$ setsebool -P httpd_can_network_connect 1
```
Some LDAP servers require the application server (eg Jorani) to be whitelisted.

Examples of BaseURL

With LDAP, if your users are all into the same OU, you'd use a common pattern:

uid=%s,ou=people,dc=company,dc=com

With Microsoft Active Directory, you would associate a user with its LDAP full path into the DB table users:

CN=BALET benjamin,OU=Users,DC=COMMON,DC=AD,DC=COMPANY,DC=FR