SSL Problem MS AD -> Can't enable loggin either
I decided, for the time being, to give up with SSL... It shouldn't be too bad since the AD and PHP Server run on the same machine (aka localhost)
As for logging, I've been able to enable it... Giving IIS_USER write access wasn't enough.. I gave "Everyone" write access to the folder were logs are written. This shouldn't be a problem since only logs are stored there!
My new problem now is trying to establish group based authorization. I beleive the problem resides with PHP function "ldap_search(), ldap_list() and ldap_read()" which doesn't use the correct scope (Not subtree for ldap_search() for example) on my system... I had the same problem while configuring Mantis Bug Tracker...
For mantis, I rewrote part of the code, to circuvent this problem... I intend to do the same for LDAP_Authentication.php
Well, I'll take patches, if you write it in a backwards compatible way, and do it consistently throughout the plugin.
I began writing my patch, but didn't go very far... I ran in a few problems since Mantis doesn't do authentication exactly in the same way...
In the end, I just gave up, and put the Full DN to a single group, and added all the users to that group. Since it isn't a big group, it wasn't too bad. As long as no subtree search was required, I'm ok!
The problem lies with the ldap extension in PHP, and it's that component that should be fixed in the end...
Plus, my patch wouldn't have been really great, putting a much larger load on LDAP. What I did for mantis, is to configure an array of DNs in the config file, and try them all, one after the other, until I get a good result, or returned the last failure. Not a great patch, just a quick and dirty workaround, which is all I needed!
