ldap_search Operations Error

Question

ldap_search Operations Error

Opened this issue 12 years ago · 8 comments

I'm having a bit of trouble with this extension.

After installing the extension and enabling it, I get the following error message when a user attempts to login:

A PHP Error was encountered
Severity: Warning
Message: ldap_search() [function.ldap-search]: Search: Operations error
Filename: nce_ldap/ext.nce_ldap.php
Line Number: 332

I have verified that all LDAP settings are correct and that the server is working. Thanks!

Answer 1 · 2012-06-19T13:52:38.000Z

I had this problem too. Are you trying to connect to MS Active Directory? If so, then that is your problem. I just recently modified this to patch the problem with newer versions of EE and add an option for Active Directory. If you need the code, let me know. I'm trying to contact the author to contribute back my work so it gets into GIT.

Answer 2 · 2012-06-19T14:33:34.000Z

Yes we are using AD. That would be great if you could provide the code. Out of curiosity, what was the underlying issue?

Jeremy Leff
IT Specialist/Webmaster
Auburn University College of Business
210 Lowder Business Building
Auburn University, AL 36849
Jeremy.Leff@auburn.edu

-----Original Message-----
From: Michael R. Bagnall [mailto:reply@reply.github.com]
Sent: Tuesday, June 19, 2012 8:53 AM
To: leffj003
Subject: Re: [LDAP-Authentication-for-ExpressionEngine] ldap_search Operations Error (#14)

I had this problem too. Are you trying to connect to MS Active Directory? If so, then that is your problem. I just recently modified this to patch the problem with newer versions of EE and add an option for Active Directory. If you need the code, let me know. I'm trying to contact the author to contribute back my work so it gets into GIT.

Reply to this email directly or view it on GitHub:
#14 (comment)

Answer 3 · 2012-06-19T14:46:15.000Z

PHP has a few LDAP options which in their default states are not compatible with active directory. These need to be modified before PHP LDAP will connect. I have attached the module with an Active Directory setting. The lines of code int he extension are 386-389:

if ($this->settings['is_active_directory'] === 'yes') {
  ldap_set_option($conn, LDAP_OPT_REFERRALS, 0);
  ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);
}

That fixes the problem when the extensions sets up the connection to LDAP.

I've spent the last week working on this with the client. Finally able to figure it out using Google.

Also of note… I could not get this to work with Anonymous Binding. I still do not know if this is a module/PHP issue or on the client's Active Directory server. But it is untested with Anonymous Binding.

I'm emailing you the code now.

Answer 4 · 2014-03-26T15:46:14.000Z

Where would this go within the ext.nce_ldap.php file??? i am having issues and this could possibly fix it, but i am not sure where in the code it would need to go... any help would be appreciated

Answer 5 · 2014-03-26T15:49:08.000Z

This was a long time ago. I may need to review it a bit.

Answer 6 · 2014-03-26T15:51:07.000Z

any help you could give would be appreciated

This was in the post:
Just trying to figure out where it would need to be placed in the code... i
am a novice when it comes to php and not sure exactly where it should go...
thanks if you can remember...

if ($this->settings['is_active_directory'] === 'yes') {
ldap_set_option($conn, LDAP_OPT_REFERRALS, 0);
ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);
}

On Wed, Mar 26, 2014 at 11:49 AM, Michael R. Bagnall <
notifications@github.com> wrote:

This was a long time ago. I may need to review it a bit.

Reply to this email directly or view it on GitHubhttps://github.com//issues/14#issuecomment-38700565
.

Answer 7 · 2014-03-27T17:20:29.000Z

nothing clicked yet??? lol

just curious... had some of our developers here looking over the code and
what you posted and they made what they thought were modifications that
would work... but still running into some issues. Weird thing is that it
seems to bind, but cannot look-up any users, constantly returning incorrect
username/password... EXCEPT for one, system user that we have... that one
connects and creates a user with no problem?!?!?! crazy!

thanks again

On Wed, Mar 26, 2014 at 11:50 AM, allnyguy allnyguy@gmail.com wrote:

any help you could give would be appreciated

This was in the post:
Just trying to figure out where it would need to be placed in the code...
i am a novice when it comes to php and not sure exactly where it should
go...
thanks if you can remember...

if ($this->settings['is_active_directory'] === 'yes') {
ldap_set_option($conn, LDAP_OPT_REFERRALS, 0);
ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);
}

On Wed, Mar 26, 2014 at 11:49 AM, Michael R. Bagnall <
notifications@github.com> wrote:

This was a long time ago. I may need to review it a bit.

Reply to this email directly or view it on GitHubhttps://github.com//issues/14#issuecomment-38700565
.

Answer 8 · 2014-03-28T13:33:44.000Z

hey... i think i figured it out and am getting some authentication/population of users now.. thanks for your help and at responding... my weird issue and i think it is just an AD issue on our side is certain users, like i said above, are not authenticating and i am thinking it is because of the amount of groups they belong to and their default cn that is being transmitted... it might be larger than can be handled... i think the max is 255 characters. users with no AD groups, authenticate fine and get created with no issues... weird.