Read about OpenEMR's Response to the COVID-19 Pandemic at https://www.open-emr.org/covid19/

OpenLDAP user authentication (5.0.2)

Hi,

After some struggling, I’ve been able to activate LDAP authentication.

If you make these changes you should be able to login.

It does seem to handle admin type accounts at all. It may need to check LDAP and then locally to see if it can login.

Enjoy

Mr Zooty

#########################################################
openemr/src/Menu/MainMenuRole.php
line 115: if (isset($user)) { $mainMenuRole = $user->getMainMenuRole(); }

#########################################################
openemr/library/authentication/login_operations.php
in function verify_user_gacl_group after collectIpAddresses():
if ($GLOBALS[‘use_active_directory’]) { return true; }

    wrap if around $getUserSQL (lines 81-90) and $authGroup (lines 97-113) queries
            if ($GLOBALS['use_active_directory'] == 0) {

    #### Replace the existing function with this code #######

function active_directory_validation($user, $pass)
{
$valid = false;

$ldapconn = ldap_connect(“ldap://localhost/”);

if ($ldapconn) {
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3) ;
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
// change this to your details
$ldapbind = ldap_bind($ldapconn, “uid=$user,dc=mydc,dc=com”, $pass);

  if ($ldapbind) {
                            // change this to your details
     $ldapfind = ldap_search($ldapconn, "dc=mydc,dc=com", "(uid=$user)", ["uidnumber"]);
     if ($ldapfind) {
        $ldapdata = ldap_get_entries($ldapconn, $ldapfind);
        $uid = $ldapdata[0]["uidnumber"];
        $_SESSION['authUserID'] = $uid[0];
        $_SESSION['authId'] = $uid[0];
     }
                            // check to see they are in the OPENEMR group
     $ldapfind = ldap_search($ldapconn, "cn=openemr,dc=mydc,dc=com", "(memberuid=*$user*)", ["memberuid"]);
     $valid = ldap_count_entries($ldapconn, $ldapfind);
     ldap_close($ldapconn);
                    if ($valid) {
                            $_SESSION['authUser'] = $user;
                            $_SESSION['authPass'] = $pass;
                            $_SESSION['authGroup'] = 'Default';
                            $_SESSION['authProvider'] = 'Default';
                            $_SESSION['userauthorized'] = 1;
                            $valid = true;
                    }
  }

}
return $valid;
}