Multiple LDAP Authentication Sources

Request and discuss new features you would like to have.
Post Reply
User avatar
Posts: 1
Joined: 13 May 2016 15:37
Location: Germany

Multiple LDAP Authentication Sources

Post by pricosoft » 13 May 2016 15:57


as we're using the feature "Linked Mailbox" from MS Exchange we have the need to check the user across two LDAP forests.
Cause of this I've now modified some php files to realize this.

Maybe you want to include these changes in the public release.


- Conf.php

Code: Select all

// LDAP settings
define('USE_LDAP',         true);
define('LDAP_SSL',         false); // set to true if using LDAP with SSL encryption
define('LDAP_PORT',        '389');
define('LDAP_DN',          'OU=Users,DC=Domain1,DC=local;OU=Users,DC=Domain2,DC=local');
define('LDAP_USER',        'LDAP UserName');
define('LDAP_PASS',        'LDAP UserPassword');
//define('LDAP_HOST',        'ldap.server.local');
//define('LDAP_SITE',        'default-site-name');
// can be set to 'proxyaddresses' or 'mail'. Please refer to your LDAP system manual for the right keyword
define('LDAP_EMAIL_FIELD', 'mail');
// Microsoft Active Directory compatibility support for searches from Domain Base DN
As you see I've commented some entries because I did not find any use in the functions.php.
LDAP_HOST is no longer requires as it uses the LDAP_DN to get correct LDAP-Server name. In Windows the domain name can be used to get (any) domain controller.

- functions.php

Code: Select all

function ldap_authenticate($user, $password, $ldapDN = NULL)
    $ldapDN = is_null($ldapDN) ? LDAP_DN : $ldapDN;
    $ldapDNArray = explode(';', $ldapDN);
    if (count($ldapDNArray) > 1){
      foreach ($ldapDNArray as $ldapDNItem){        
        if (!$ldapDNItem || $ldapDNItem == '') continue;
          $retVal = ldap_authenticate($user, $password, $ldapDNItem);
          if ($retVal) return $retVal;
        } catch (Exception $e) { /* ignore exceptions here */ };
      return null;
    $ldapServer = strtolower($ldapDN); 
    $temp = strpos($ldapServer, 'dc=');
    $ldapServer = substr($ldapServer, $temp);
    $ldapServer = str_replace('dc=', '.', $ldapServer);    
    $ldapServer = str_replace(',', '', $ldapServer);
    if ($ldapServer[0] == '.') $ldapServer = substr($ldapServer, 1);
    /* ... */
As you can maybe see all LDAP servers are contacted to verify the requesting user login.
At the first successfull login the function terminates and the script can continue. If no ldap server can authenticate the user the default authentication will continue.
With this kind of modification your're able to use multiple but also just one LDAP server for authentication.

So I think it's a nice feature and so maybe you want to include this in your public release.

Many thanks!
(24.59 KiB) Downloaded 156 times

User avatar
Posts: 3118
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA

Re: Multiple LDAP Authentication Sources

Post by shawniverson » 14 May 2016 15:44

Version eFa 4.0.2 now available!

Posts: 64
Joined: 28 Nov 2015 00:09

Re: Multiple LDAP Authentication Sources

Post by dbrunt » 25 Oct 2016 02:12

Added to and working in
Next up...

Post Reply