there doesn't seem to be a description how it has to work
(and I'm not rellay sure, if there is  someone who knows how it should work).

Searching on this website doesn't help very much.

After setting up a LDAP-Server with a inetOrgPerson scheme, it wasn't a big problem
to initiate WebGUI users from LDAP. However, logging in wasn't possible.

To change this, I changed Auth::LDAP:

• in _isValidLDAPUser:
  (because there is no password-field)

                #Try to bind to the directory using the users dn and password
                #  $auth = $ldap->bind(dn=>$connectDN, password=>$password);
                $auth = $ldap->bind(dn=>$connectDN);

• in createAccountSave:
  (because there was no connectDN in the new account)

                my $properties;
                # $properties->{connectDN} = $connectDN
                $properties->{connectDN} = $connectDN   || "cn=".$username.",".$connection->{ldapUserRDN};

My question to all, who know:

Was this a bug or, if not, what did I wrong in the process to get it running?

--- (Edited on 13.01.2010 15:29 [GMT+0100] by martien) ---

There are several users, from different companies, who use WebGUI's LDAP without any problem.  One example setup, which is only used for testing, can be found in the wiki.

 

I did the setup as explained in this wiki, but it doesn't work without the changes I made, i.e:

1. preventing to use a user password to search for a user at creation time
2. the dn isn't written to the account profile

Without the first change, at creation time, the password was sent in clear text to Net::LDAP.

A login afterwards checks against the userPassword (SHA) field.

This explains, that under 1. a user is found if I don't send a password.

So there must be some other, not mentioned, prerequisites on the server installation/WebGUI settings, but which exactly?

--- (Edited on 13.01.2010 19:30 [GMT+0100] by martien) ---

No, we use that setup exactly for the regression tests.  They get run almost daily with no problems.

Could this be due to other changes you've made to the WebGUI core code?

Which LDAP server are you using?

--- (Edited on 1/13/2010 11:37 am [GMT-0800] by perlDreamer) ---