MeetMe and LDAP

This turned out to be an easy fix. I couldn't find a pre-packaged RPM for RHEL or CentOS directly, but this one for Startcom Linux (based on RHEL) worked fine.

ftp://ftp.pbone.net/mirror/www.startcom.org/ML-6.0.6/os/i386/Star...

one other thing - did you enable the CentOS repositories and check in the package manager for the ldap module?

I know you can hunt down this information elsewhere, but seeing that it is right on the wiki, I'd figure I'd just throw some explanations here.

You need to enter in the Fully Qualified Domain Name everywhere it talks about domains in the adLDAP file.
So, lets say we're working with a domain called SALES which is a sub-domain of Corp.com. The FQDN is "sales.corp.com".

Therefore the adLDAP settings would look like this:
var $_account_suffix="@sales.corp.com";
var $_base_dn = "DC=sales,DC=corp,DC=com";
var $_domain_controllers = array ("domainserver.sales.corp.com");
...........................................................^^^Try the Domain Controller's IP here if the FQDN of the server doesn't work.
One level domain (like just corp.com) would be DC=corp,DC=com, that's it.

I did not need to set the username parameter below, so comment them out first to see if it will work without them. You may need to reboot after commenting them out.
// var $_ad_username="username";
// var $_ad_password="password";

Otherwise, if you do need to specify a username and password, you enter in the username by itself, you should not need to add the domain (i.e. sales\username or username@sales.corp.com). If it doesn't work, try it with the domain in there too.

To run "yum install php-ldap" you need to connect to your TrixBox using SSH logging in the with the regular root username and password . Reboot your machine after running the command.

If you get things working via CLI php (ie, dump a simple ldap_connect() and ldap_bind() into a test file and run it, see the ldap_bind page on php.net for an example) but it still fails with "undefined function ldap_connect()" on the web, try apachectl restart. Apache might need to pick up on some of the changes made, specially if php_ldap was installed since last restart.

I got this working for my openldap directory quite simply:

create a new php class in lib/ called openLDAP.php from this diff against adLDAP.php:

71c71
< class adLDAP {
---
> class openLDAP {
76,77c76,78
<       var $_account_suffix="@mydcomain.local";
<       var $_base_dn = "DC=mydomain,DC=local"; 
---
>       // this is basically the userBaseDn
>       var $_account_suffix="ou=people,dc=example,dc=com";
>       var $_base_dn = "DC=example,DC=com";
79c80
<       // An array of domain controllers. Specify multiple controllers if you 
---
>       // An array of ldap server URIs. Specify multiple controllers if you 
81c82
<       var $_domain_controllers = array ("dc01.mydomain.local");
---
>       var $_domain_controllers = array ("ldaps://ldap1.example.com","ldap://ldap2.example.com");
91c92
<       var $_real_primarygroup=true;
---
>       var $_real_primarygroup=false;
96c97
<       var $_recursive_groups=true;
---
>       var $_recursive_groups=false;
108c109
<       function adLDAP(){
---
>       function openLDAP(){
133c134
<                       $this->_user_dn=$username.$this->_account_suffix;
---
>                       $this->_user_dn="cn=".$username.",".$this->_account_suffix;

and change the functions.php to include a switch for openLDAP:

       case "openLDAP":
                                $ldap = new openLDAP();
                                if ($ldap -> authenticate($user,$password)){
                                        $expires = time() + AUTH_TIMEOUT*3600;
                                        $_SESSION['userid']=$user;
                                        $_SESSION['auth']="true";
                                        $_SESSION['privilege']="User";
                                        $_SESSION['lifetime']=$expires;
                                         if (true){  // ($ldap -> can_conference($user)){
                                                 $_SESSION['privilege']="Admin";
                                        }

                                }
                        break;

and then define the AUTH_TYPE as openLDAP in defines.php

Note that the if(true){ bit makes ANYONE that can login via the openLDAP php functions (anyone in the dn set as user_suffix) an admin . The commented out bit is a simple function I created in openLDAP.php replacing the is_ingroup() check (that function and some others also need major changes to work, I can post my diff if requested), so that it checks a custom schema boolean attribute I created called canConference instead of group membership attributes.