Recently we moved our active Directory server to a virtual server.
Since then, users can log in without entering a password.
After further debugging it seems that the array “UACF” is NULL.
Please help!
Petras
After some research, I have finally got the LDAP settings correct so that the “auth” bind works and the user “search” works.
However the LDAP->Dolibarr syncing is not updating the user’s password and is allowing a blank password for some users.
Can the LDAP developer look into this and suggest what I may do to correct the situation.
Rgds
Petras
synchronization “LDAP-> dolibarr” does not synchronize the password. is dolibarr will check LDAP password that was entered during authentication.
Thanks for the reply.
Looking at the code there seems to be a “TO DO” section for “LDAP2Dolibarr” synchronisation.
For this reason, I had to manually create users with blank passwords because Dolibarr would not check LDAP to check a user’s existence and create them if need be.
It seems that some work is still needed for the LDAP module to work correctly similar to WordPress, Joomla etc. where users are automatically created using LDAP credentials.
Rgds
Petras
normally there is a system of import ldap user information when creating a user dolibarr, this is not the case?
Synchronization of password is not done because not required because you can set your conf.php file to ask to use LDAP to validate if a password is ok.
Take a look at conf.php.example file.
You have missed the underlying problem.
If a user enters their LDAP password it is validated and they are allowed through.
If they enter an incorrect password, Dolibarr stops them from entering.
However, if they enter a blank password, Dolibarr lets them through because I believe the code checks Dolibarr’s user table and because the user has a blank password, allows them through.
All I ask is that the code be changed so that Dolibarr checks the LDAP credentials BEFORE reverting to the Dolibarr user table.
Rgds
Petras
PS. I still believe that Dolibarr should automatically create users using their LDAP credentials and that the “LDAP2Dolibarr” option be extended to passwords.
I appreciate all the hard-work Dolibarr has made for LDAP. Are there any updates for this ldap ad -> Dolibarr issue?
I’m work in LDAP and active directory today with some expected function but it is not available/functional for active directory. I would like to see if following feature available soon in the feature.
- get user’s objectclass=password from AD
- sync user’s password.
- automatically add the current created AD users into the group.
I am now move to test the openldap. I hope all expected function are there 
