HTML Logo by World Wide Web Consortium (www.w3.org). Click to learn more about our commitment to accessibility and standards.

Moving forward with Composr

ocPortal has been relaunched as Composr CMS, which is now in beta. ocPortal 9 will be superseded by Composr 10.

Head over to compo.sr for our new site, and to our migration roadmap. Existing ocPortal member accounts have been mirrored.


LDAP .php userpassword error

Login / Search

 [ Join | More ]
 Add topic 
Posted
Rating:
#88662 (In Topic #17950)

Non-joined user

LDAP

Recieving this error when users log into the website."PHP NOTICE [8] Undefined index: userpassword in sources\ocf_ldap.php on line 245 (version: 8.1.2, PHP version: 5.3.14, URL: /index.php?page=login&type=login)"
Any help would be great!!!!
LDAP Setting
basedn: dc=XXXX,dc=local
username: cn=someuser, ou=users, ou=servers, dc=xxxx, dc=local
password: somepassword
group: ou=group
user: ou=users
login: sAMAccountName
group class: group
user class: user
I can retrieve the groups fine, but when the user logs in it fails.
This is the first setup to OcPortal that we have, I really have never used this product, but it looked so good and user friendly that I thought we would try. I do know .php, but the php file of ocf_ldap looks correct and I have used similar php code like this before, not sure what is wrong.












Back to the top
 
Posted
Rating:
#88665
Avatar

LDAP is not something easy for us to test unfortunately, as we don't have any live LDAP server.

However!

Looking at the code I saw an obvious problem right away. 'userpassword' should be 'userPassword' (line 245), for it to be consistent with the query code being run a few lines up.

Also, this bit of code only runs if the 'Manual authentication checks' option is enabled, which for most servers probably shouldn't be.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#88666

Non-joined user

Thanks Chris, but changing that line of code does not fix anything. Also, if I uncheck the manual box then the users get a message that their password is invalid.
Back to the top
 
Posted
Rating:
#88670

Non-joined user

Chris, if this helps her is the trace error, I remove the username and put "username" and the password I changes to "test"
It appears at some point it may not be passing an array

File -> 'E:\inetpub\OC_Portal\sources\failure.php'
Line -> 692
Function -> 'critical_error'
Args -> array ( 0 => 'EMERGENCY', 1 => 'PHP NOTICE [8] Undefined index: userPassword in sources\ocf_ldap.php on line 245 (version: 8.1.2, PHP version: 5.3.14, URL: /index.php?page=login&type=login)', )


File -> 'E:\inetpub\OC_Portal\sources\global2.php'
Line -> 985
Function -> '_fatal_exit'
Args -> array ( 0 => 'PHP NOTICE [8] Undefined index: userPassword in sources\ocf_ldap.php on line 245', )


File -> 'E:\inetpub\OC_Portal\sources\failure.php'
Line -> 218
Function -> 'fatal_exit'
Args -> array ( 0 => 'PHP NOTICE [8] Undefined index: userPassword in sources\ocf_ldap.php on line 245', )


File -> 'E:\inetpub\OC_Portal\sources\global2.php'
Line -> 859
Function -> '_ocportal_error_handler'
Args -> array ( 0 => 'notice', 1 => 8, 2 => 'Undefined index: userPassword', 3 => 'sources\ocf_ldap.php', 4 => 245, )


File -> 'E:\inetpub\OC_Portal\sources\ocf_ldap.php'
Line -> 245
Function -> 'ocportal_error_handler'
Args -> array ( 0 => 8, 1 => 'Undefined index: userPassword', 2 => 'E:\inetpub\OC_Portal\sources\ocf_ldap.php', 3 => 245, 4 => array ( 'cn' => 'username', 'LDAP_CONNECTION' => NULL, 'results' => NULL, 'entries' => array ( 'count' => 1, 0 => array ( 'count' => 0, 'dn' => 'CN=test user,OU=user,DC=xxxx,DC=local', ), ), ), )


File -> 'E:\inetpub\OC_Portal\sources\ocf_ldap.php'
Line -> 262
Function -> 'ocf_get_ldap_hash'
Args -> array ( 0 => 'username', )


File -> 'E:\inetpub\OC_Portal\sources\ocf_ldap.php'
Line -> 303
Function -> 'ocf_ldap_hash'
Args -> array ( 0 => 'username', 1 => 'test', )


File -> 'E:\inetpub\OC_Portal\sources\forum\ocf.php'
Line -> 1328
Function -> 'ocf_ldap_authorise_login'
Args -> array ( 0 => 'username', 1 => 'test', )


File -> 'E:\inetpub\OC_Portal\sources\users_active_actions.php'
Line -> 84
Function -> 'forum_authorise_login'
Class -> 'forum_driver_ocf'
Object -> forum_driver_ocf::__set_state(array( 'connection' => database_driver::__set_state(array( 'table_prefix' => 'ocp_', 'connection_read' => array ( 0 => NULL, 1 => 'ocf', ), 'connection_write' => array ( 0 => NULL, 1 => 'ocf', ), 'text_lookup_original_cache' => array ( 32 => 'Guests', 33 => 'Guest user', 67 => '', 68 => '', ), 'text_lookup_cache' => array ( 32 => '', 33 => '', 67 => '', 68 => '', ), 'table_exists_cache' => array ( ), 'static_ob' => Database_Static_mysql::__set_state(array( )), )), 'MEMBER_ROWS_CACHED' => array ( 1 => array ( 'id' => 1, 'm_username' => 'Guest', 'm_pass_hash_salted' => '9681f262852841acf8597998f212fa93', 'm_pass_salt' => '50008cfb1ecb35.94018860', 'm_theme' => '', 'm_avatar_url' => '', 'm_validated' => 1, 'm_validated_email_confirm_code' => '', 'm_cache_num_posts' => 0, 'm_cache_warnings' => 0, 'm_join_time' => 1342213371, 'm_timezone_offset' => 'UTC', 'm_primary_group' => 1, 'm_last_visit_time' => 1342744159, 'm_last_submit_time' => 1342744159, 'm_signature' => 67, 'm_is_perm_banned' => 0, 'm_preview_posts' => 1, 'm_dob_day' => NULL, 'm_dob_month' => NULL, 'm_dob_year' => NULL, 'm_reveal_age' => 1, 'm_email_address' => '', 'm_title' => '', 'm_photo_url' => '', 'm_photo_thumb_url' => '', 'm_views_signatures' => 1, 'm_auto_monitor_contrib_content' => 0, 'm_language' => '', 'm_ip_address' => '172.31.60.59', 'm_allow_emails' => 1, 'm_allow_emails_from_staff' => 1, 'm_notes' => '', 'm_zone_wide' => 1, 'm_highlighted_name' => 0, 'm_pt_allow' => '*', 'm_pt_rules_text' => 68, 'm_max_email_attach_size_mb' => 5, 'm_password_change_code' => '', 'm_password_compat_scheme' => '', 'm_on_probation_until' => NULL, 't0__text_original' => '', 't0__text_parsed' => '', 't1__text_original' => '', 't1__text_parsed' => '', ), '' => NULL, ), ))
Type -> '->'
Args -> array ( 0 => 'username', 1 => NULL, 2 => 'test', 3 => 'test', )


File -> 'E:\inetpub\OC_Portal\sources\users.php'
Line -> 110
Function -> 'handle_active_login'
Args -> array ( 0 => 'username', )


File -> 'E:\inetpub\OC_Portal\sources\global2.php'
Line -> 395
Function -> 'handle_logins'
Args -> array ( )


Function -> 'init__global2'
Args -> array ( )


File -> 'E:\inetpub\OC_Portal\sources\global.php'
Line -> 318
Function -> 'call_user_func'
Args -> array ( 0 => 'init__global2', )


File -> 'E:\inetpub\OC_Portal\sources\global.php'
Line -> 555
Function -> 'require_code'
Args -> array ( 0 => 'global2', )


File -> 'E:\inetpub\OC_Portal\index.php'
Line -> 101
Args -> array ( 0 => 'E:\inetpub\OC_Portal\sources\global.php', )
Function -> 'require'
Back to the top
 
Posted
Rating:
#88673
Avatar

If you can provide remote access to test on your server, I may be able to debug it for you at no charge. Otherwise it's really difficult, as I could spend a day setting up my own LDAP server, and it probably wouldn't replicate your environment well enough to test on.

LDAP's a tricky beast. Different servers have different schemas, and the queries tend to return different data structures in different contexts.

Did you try turning off that option I mentioned? Active Directory may well not support it.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#88674
Avatar

Chris Graham said

LDAP is not something easy for us to test unfortunately, as we don't have any live LDAP server.

However!

Looking at the code I saw an obvious problem right away. 'userpassword' should be 'userPassword' (line 245), for it to be consistent with the query code being run a few lines up.

Also, this bit of code only runs if the 'Manual authentication checks' option is enabled, which for most servers probably shouldn't be.

The 'obvious problem' I saw wasn't actually a bug (concerned me that something like this would be in the code). I researched and found:
While LDAP is not case sensitive, many programming language are. Any query being made to the LDAP server will be case insensitive. However, once an ldap result is being used inside a case sensitive programming language, the language will treat attribute names as case sensitive. This is the case in PHP. PHP will automatically lowercase all attribute names in a result hash to avoid confusion.

So it may simply be that Active Directory doesn't support this schema (which is likely, as IIRC this schema is for posix logins on Linux) and requires that option off, and thus authentication works via the bind operation instead.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#88733

Non-joined user

Chris, I did uncheck the manual check box in the LDAP setup, but now when the user logs on they get a message "The password you gave is no corrct." Also, should the portal display a list of all users in LDAP in the member section. I gave get the usergroups from LDAP, so I know it is hooking to the AD. This is on an internal test system so access remotely is kinda tricky. I really need to get this, I have been trying to move away from Metadot for awhile and this is by far the best CMS I have seen, but if I cant get it to connect to LDAP then they wont use it, and we have another dozen internal and customer portal that I would really like to contract out to OCproducts to do, but they all need to connect to LDAP, I just need one working site to present to the board. Any and all help would be great.
Back to the top
 
Posted
Rating:
#88746
Avatar

Hi,

As there seems to be some work hanging on it, you have my attention to spend some time trying to reproduce a test environment :lol:.

I'm downloading Microsoft's trial Windows server virtual machine images (Download: Windows Server 2003 R2 VHD - Microsoft Download Center - Download Details) and I'll set up a VM, and get my local PHP install running LDAP, and see if I can find/resolve any issues. I wrote the ocPortal LDAP support so if there are any issues I should be able to resolve them.

I'm interested in the company you're at, the projects, and your goals. Also if there's potentially a lot of work, I'd appreciate a heads up so I can do resource planning.
So you may want to open a ticket :):
Add a new support ticket - ocPortal.com

Regards,
Chris


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#88747

Non-joined user

THanks Chris, I think you product could be a game changer for us, as I stated before, the best CMS I have seen, both functionality and graphically.
Back to the top
 
Important!
Posted
Rating:
#88751
Avatar

Automated fix message

David said

Recieving this error when users log into the website."PHP NOTICE [8] Undefined index: userpassword in sources\ocf_ldap.php on line 245 (version: 8.1.2, PHP version: 5.3.14, URL: /index.php?page=login&type=login)"
Any help would be great!!!!
LDAP Setting
basedn: dc=XXXX,dc=local
username: cn=someuser, ou=users, ou=servers, dc=xxxx, dc=local
password: somepassword
group: ou=group
user: ou=users
login: sAMAccountName
group class: group
user class: user
I can retrieve the groups fine, but when the user logs in it fails.
This is the first setup to OcPortal that we have, I really have never used this product, but it looked so good and user friendly that I thought we would try. I do know .php, but the php file of ocf_ldap looks correct and I have used similar php code like this before, not sure what is wrong.












This issue has been filed on the tracker as issue #699, with a fix.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Important!
 
Posted
Rating:
#88752
Avatar

Also, should the portal display a list of all users in LDAP in the member section.

Currently, no. Members are synched upon login, and there's a module in the Admin Zone for further synching. So if a member has never logged in they won't show in the directory.

It looks like you have some potential budget, so we could add in some direct LDAP querying for the member directory if required, and probably make a way to view the profiles of non-synced users to do basic stuff like email contact.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#88753
Avatar

I ended up testing on Windows 2003 Server, so my Active Directory tree may be different to whatever your on.

basedn: dc=XXXX,dc=local

Yes

username: cn=someuser, ou=users, ou=servers, dc=xxxx, dc=local

a– I wonder what "ou=servers" is in there. Is that an extra branch in the tree? I'll come back to this.

b– It should be as simple as 'someuser' for this setting. The rest is assembled from other settings.

group: ou=group

You may leave this blank if you like. If blank, it won't scope under a particular node, but you probably don't need it to.

user: ou=users

You may leave this blank (for same reason as above).

That said, based on the username setting above ("I'll come back to this"), I wonder if your setting should have been "ou=users,ou=servers".

But never-mind, I'd leave it blank.

login: sAMAccountName

This was recommended I know, but actually today I've found it does need to be 'cn'. 'sAMAccountName' exists in the Active Directory schema but bind (login) operations require a DN and this doesn't form part of the DN (the 'cn' does though).

(this isn't strictly 100% true, as there is an alternate form of Active Directory binding, but I don't want to confuse things)

group class: group

Yes

user class: user

Yes


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#88763

Non-joined user

Chris,
I am not sure that I agree with all of this, 'cn' in AD refers to the users full name, and when I try this I get that the user is not found. I am using 2008 R2, and there were no major changes from 2003 to 2008 as far as the AD is concered. Also, with the binding username for LDAP login, I need to use the full path of where that user is stored in AD.

sAMAccountName is the only reference in attributes that uses the user name alone, there is also userPrincipalName, but you get the @domain.local.
Back to the top
 
Posted
Rating:
#88765
Avatar

The code is designed to be a bit flexible, so will have some tolerance away from what I said above. In particular, if the Username option has a full DN configured it will use that rather than constructing one automatically, based on this code:

Code

            if (strpos($cn,'=')===false)
            {
               $login=member_property().'='.$cn.','.member_search_qualifier().get_option('ldap_base_dn');
            } else
            {
               $login=$cn;
            }
i.e. if it has no "=" in, it is not a DN, so it constructs a DN using other options, otherwise it uses it directly as a DN.

I really would recommend to not use a DN with this option, as it'll just hide problems till later. The likely real cause would be the member_search_qualifier() function, which is essentially the Member search qualifier option, having the wrong value.

I am attaching the latest ocf_ldap.php:
Attachment
sources/ocf_ldap.php
» Download: ocf_ldap.php (26 Kb, 103 downloads so far)


I added support for the alternate bind mechanism to this. As it is experimental, for it to run you need to go to OcCLE in the Admin Zone and type this:

Code

:set_value('sam_bind','1');
This bind mechanism still should have a simple Username setting (not a DN), but the code runs the bind to "<username>@<domain>", which is more like a native Windows login.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#88772

Non-joined user

Chris,
Recieving this message now;
"LDAP: Invalid credentials; 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1772"

This error is usally related to "UsePrincipalName" errors, "user@domain.local" as opposed to "user", this error is happening when the it is trying to "bind" with AD
Back to the top
 
Posted
Rating:
#88773

Non-joined user

Chirs,
Now I get this error;
"LDAP: Invalid credentials; 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1772"

What do you believe the LDAP settings should be?

hostname=AD.domain.local

basedn=dc=domain, dc=local

username=cn=user, ou=users, ou=servers, dc=domain, dc= local

password=somepassword

loginproperty=sAMAccountName

groupqualifier='left blank'

memberquilifer='left blank'

manualcheck=NO

groupclass=group

userclass=user
Back to the top
 
Posted
Rating:
#88774
Avatar

loginproperty=sAMAccountName definitely won't work, because I got this error with it.

I am going to have another look at this all soon, with accounts with different names and logins, and see if I need to do some rewriting. It may be using DN's for representing usernames is not valid in Active Directory.

(Historic note - the LDAP support was originally written for Linux, Active Directory was more of an afterthought – but I will make sure this works for you)


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Item has a rating of 5 (Liked by Guest)  
Rating:
#88779
Avatar

This is definitely looking like a "Chris underestimated Microsoft's stupidity" moment  :lol:.

So, yes, the full name is used as the CN, which forms part of the DN (Distinguished Name). That means the CN has to be unique, and yes Active Directory enforces that. Yet obviously people's full names are NOT unique, which is why we use usernames. You can't even add two Active Directory users with the same human name without fudging it. So I wonder why Microsoft did not use Usernames as the CN :lol:. Maybe they took 'Common name' too literally.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Important!
Posted
Rating:
#88786
Avatar

Automated fix message

Chris Graham said

This is definitely looking like a "Chris underestimated Microsoft's stupidity" moment  :lol:.

So, yes, the full name is used as the CN, which forms part of the DN (Distinguished Name). That means the CN has to be unique, and yes Active Directory enforces that. Yet obviously people's full names are NOT unique, which is why we use usernames. You can't even add two Active Directory users with the same human name without fudging it. So I wonder why Microsoft did not use Usernames as the CN :lol:. Maybe they took 'Common name' too literally.
This issue has been filed on the tracker as issue #702, with a fix.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Important!
 
Posted
Rating:
#88787
Avatar



This was tested to work, using users with a different login name to their full name. ocPortal will use the login name as the username throughout.

Full names are not used at all, although I could imagine someone wanting that – so a future expansion might be to import the CN's to the ocPortal "full name" custom profile field.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
1 guests and 0 members have just viewed this: None
Control functions:

Quick reply   Contract

Your name:
Your message: