Wednesday, March 7, 2012

SimpleSAMLphp & Active Directory

For various reasons, the LDAP driver in simpleSAMLphp doesn't have referrals enabled, which causes an LDAP search to fail if your search base isn't the exact tree your users are in, i.e. searching 'dc=example,dc=com'

In the file:

/simplesamlphp/lib/SimpleSAML/Auth/LDAP.php


Add


@ldap_set_option($this->ldap, LDAP_OPT_REFERRALS,0); 


After the ldap_connect() line






If this has been helpful to anyone, let me know and I'll post some more SimpleSAMLphp tutorials

4 comments:

  1. Hello,

    can you post a simple tutorial on how to configure (everything) App-A + App-B (Applications A and B can be very very simple) to connect to an IdP?

    ReplyDelete
    Replies
    1. Your own idP using simplesaml or external?

      Delete
  2. Hello I just stumbled across your blog and I have the same question. I am looking to implement my own idP using simplesamlphp and active directory. Then I want to implement an external SP instance of simplesamlphp to protect a sample website, for a proof of concept. I am extremely new to SAML but I have gotten the example static-auth working in the idP test page and that's as far as I've gotten.

    My immediate question is: I am using the stable version of simplesamlphp (1.11.0), is this mod necessary or is the 'referrals' option good enough? The default is TRUE but I can't seem to get authentication working, I think its failing to locate the account similar to what you are stating here. I feel like the more I poke it the more broken I make it.

    If I could see a known-good example of active directory authentication that would really help me get the 'auth test' working.

    Thanks

    Ron

    ReplyDelete
  3. Hi, I've the same problem than the other.
    My configuration of my IdP for LDAP seems to be good but if I type a tcpdump(on the saml IdP) or a wireshark( on the ldap ) no packets are send or receive.
    And I don't know why :(

    ReplyDelete