On my Linux (CentOS 5.2) server, I have configued OpenLDAP (2.3.43)'s slapd daemon not to listen on TCP for better security, but only on Unix domain sockets instead (SLAPDURLLIST="ldapi:///" in /etc/sysconfig/ldap). I can successfully connect on the command line using "ldapsearch -x -H ldapi://" and LDAP user authentication also works fine this way with Moodle. However, there seems no way to connect via Drupal's LDAP Authentication module:
Going to "Administer -> Site configuration -> LDAP Authentication -> [ Add Server ] -> Server settings" in my Drupal 6.8, there are only the "LDAP Server" and "LDAP Port" settings to specify the LDAP server. So these settings assume an LDAP server is always running as a TCP service. Is there any way to also connect to a sockets listening server?
In Moodle (1.9.3) there is the built-in option "Site Administration -> Users -> Authentication -> LDAP server -> Host URL" which accepts the setting "ldapi://". Is this not possible with Drupal?
Comments
Comment #1
roball commentedComment #2
johnbarclay commentedI don't have a setup to test this on and I'm not sure if moodle is using the ldap_connect function (
http://us2.php.net/manual/en/function.ldap-connect.php).
When I put
ldapapi:// in the ldap server field and 0 in the port field, it is passed on correctly to the
ldap_connect($this->server, $this->port) function as:
ldap_connect("ldapapi://",0)
1. You could hard code lin 134 of LDAPInterface.php from:
if (!$con = ldap_connect($this->server, $this->port)) {to
if (!$con = ldap_connect("ldapapi://")) {for testing purposes. If it works, just comment out the core requiring a port:
lines 343-345 of ldapauth.admin.inc
Comment #3
roball commentedYes johnbarclay, Moodle also uses PHP's native ldap_connect() function. On which OS do you have Drupal 6 installed to test? Because there may exist a openldap package for it, for setting up a test case.
I will test your suggestion as soon as I have a stable Internet connection (which I don't have at the moment).
Comment #4
roball commentedI now have successfully tested this module's behaviour. It *is* possible, simply by using these Server settings:
LDAP Server: ldapi://
LDAP Port: 0
If the server is listening on ldap://localhost/ (which means it listens on TCP port 389), we could set:
LDAP Server: ldap://localhost/
LDAP Port: 0
Thus, there is no need to change the current code functionality - only the associated documentation should be corrected.
Problem solved :-)
Comment #5
miglius commentedComment #6
roball commentedComment #8
miglius commented