WikiMatrix / Trying to get groups from MS ActiveDirectory Server

crocodile · 2006-03-20 14:59:55

Hi,

User Authentication via a MS AD Server works. Now I try to authenticate the group where the user belongs to. Unfortunately without sucess.

This is the filter: ou=Applications, ou=Groups, dc=domainPart1, dc=domainPart2, dc=domainPart3, dc=com. This works using ldapsearch in a shell.

I put in a msg(); to get information on the filter with this result:
(&(objectClass=group)(member=CN=user_id,OU=GenericUsers,OU=City,OU=Country,OU=AdminUnits,DC=domainPart1,DC=domainPart2,DC=domainPart3,DC=com))

So, for me it looks like the program has lost the complete group info ?

Any help is highly appreciated !!!

Regards,

Crocodile

Last edited by crocodile (2006-03-21 14:31:03)

crocodile · 2006-03-21 14:31:24

Well, today I spent a lot time to debug(and I'm not a PHP developer...) and found the problem but not the solution:

Problem: our AD Group naming convention includes the character "_". In program "auth.php" function "auth_aclcheck" variable "$matches" is being setup using "$matches = preg_grep('/^'.preg_quote($id,'/').'\s+('.$regexp.')\s+/',$AUTH_ACL);". $regexp contains in our case
"GROUP1%5fPART1%5fPART2" where "%5f" stands for "_" !

"$AUTH_ACL" contains the string "GROUP1_PART1_PART2". A "native" underscore is used here and that causes that the string compare fails.

How can I solve this ???

Any idea ?

tx

#1 2006-03-20 14:59:55

Trying to get groups from MS ActiveDirectory Server

#2 2006-03-21 14:31:24

Re: Trying to get groups from MS ActiveDirectory Server

Board footer