You are not logged in.
Pages: 1
Good morning.
I'm having problems authenticating users againt a w2k3 Domain through LDAP. If the user can login in any machine of the domain, there is no problem authenticating. However, every user in my domain can only log in into their own machine (User preferences/account/log in form). If the user cant login in every machine an error is thrown. It says "user not found or found many users". if i change the user to be able to log in in every machine it works. It doesnt even work even if the user that tries to login in glpi is located in the machine he is allowed to use.
Offline
I've been doing some research with WireShark and found a problem googling the results.
http://64.233.183.104/search?q=cache:Jg … cd=2&gl=es
It seems that when using simple auth the machine that gets compared is the DC, so that if the DC is not in the "allowed machines to log in" form, it cant log into glpi. If i add the DC into the "allowed machines list" i can log in without problems. However that's not the solution i would like to use....
Offline
Is there any posibility of this being fixed, or is the problem PHP or OpenLDAP related?
Offline
From what i've seen in the code, you are using simple authentication method (http://www.openldap.org/doc/admin24/security.html) through the ldap_bind method from PHP. The way for this to work in an environment with users who have restricted machines in which they can login, would be to use SASL (http://www.php.net/manual/en/function.l … l-bind.php) using Kerberos V mechanism.
Offline
Pages: 1