LDAP,AD Einschränkung auf Gruppen

You have a suggestion for a future version of phpMyFAQ? Then post it here!

Moderator: Thorsten

rybal06
Posts: 9
Joined: Wed Mar 09, 2011 5:45 pm

Re: LDAP,AD Einschränkung auf Gruppen

Post by rybal06 » Wed Mar 09, 2011 7:02 pm

EBUG INFORMATION:
/var/www/myfaq/inc/Init.php:
PMF_Configuration->getAll() in line 106:

SELECT
config_name, config_value
FROM
faqconfig


/var/www/myfaq/inc/PMF_User/CurrentUser.php:
PMF_Auth_AuthDb->checkLogin() in line 155:

SELECT
login
FROM
faquserlogin
WHERE
login = 'test1'


/var/www/myfaq/inc/Logging.php:
PMF_DB_Mysql->nextID() in line 125:

SELECT
MAX(id) AS current_id
FROM
faqadminlog


/var/www/myfaq/inc/Logging.php:
PMF_User_UserData->get() in line 127:

SELECT
user_id
FROM
faquserdata
WHERE
user_id = 0


/var/www/myfaq/admin/index.php:
PMF_Logging->logAdmin() in line 126:

INSERT INTO
faqadminlog
(id, time, usr, text, ip)
VALUES
(273, 1299698709, 0, 'Loginerror\\nLogin: domain\\test1\\nErrors: Specified login could not be found. ', 'ipaddress')
Last edited by rybal06 on Wed Mar 09, 2011 8:24 pm, edited 1 time in total.

Thorsten
Posts: 14480
Joined: Tue Sep 25, 2001 11:14 am
Location: #phpmyfaq
Contact:

Re: LDAP,AD Einschränkung auf Gruppen

Post by Thorsten » Wed Mar 09, 2011 8:23 pm

Hi,

I don't have any LDAP environment to test, so any feedback is highly appreciate! :-)

bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist

cRw`
Posts: 10
Joined: Wed Aug 19, 2009 4:09 pm

Re: LDAP,AD Einschränkung auf Gruppen

Post by cRw` » Thu Mar 10, 2011 8:34 am

@rybal06

try this Code, worked for me. git changes didnt work me too.

Code: Select all

if (true === $PMF_LDAP['ldap_use_memberOf']) {
   $filter = sprintf('(&%s(memberof=%s))', $filter, $PMF_LDAP['ldap_mapping']['memberOf']);
}

rybal06
Posts: 9
Joined: Wed Mar 09, 2011 5:45 pm

Re: LDAP,AD Einschränkung auf Gruppen

Post by rybal06 » Mon Jun 13, 2011 7:33 pm

Thanks for the alternate php code.

It is acting the same as the code from git, it does not allow any users to log in. When I set the ldap use memberOf to false, every user can log in as expected.

Here is what I have added to constants_ldap.php:

Code: Select all

$PMF_LDAP['ldap_use_memberOf'] = true;
$PMF_LDAP['ldap_mapping']['memberOf'] = 'cn=helpdesk,ou=Users,dc=testdomain,dc=edu';
Here are the changes I made to inc\ldap.php
Removed the line

Code: Select all

$filter = "(" . $PMF_LDAP['ldap_mapping']['username'] . "=" . $username . ")";
and put this in its place:

Code: Select all

$filter = sprintf('(%s=%s)', $PMF_LDAP['ldap_mapping']['username'], $username);
        if (true === $PMF_LDAP['ldap_use_memberOf']) {
            $filter = sprintf('(&%s(memberof=%s))', $filter, $PMF_LDAP['ldap_mapping']['memberOf']);
        }
When I turned on debugging in the Init.php file, a log in attempt results in this error:

Code: Select all

phpMyFAQ warning [2]: ldap_get_values() expects parameter 2 to be resource, boolean given in /var/www/myfaq/inc/Ldap.php on line 229
and

Code: Select all

/var/www/myfaq/admin/index.php:
PMF_Logging->logAdmin() in line 126:

                INSERT INTO
                    faqadminlog
                (id, time, usr, text, ip)
                    VALUES 
                (690, 1307989048, 0, 'Loginerror\\nLogin: test1\\nErrors: Specified password is not correct.',

Has anyone gotten the memberOf filter to work with MS Active Directory? Thanks!

Ryan

Thorsten
Posts: 14480
Joined: Tue Sep 25, 2001 11:14 am
Location: #phpmyfaq
Contact:

Re: LDAP,AD Einschränkung auf Gruppen

Post by Thorsten » Mon Jun 13, 2011 7:56 pm

Hi,

from which branch did you fetched the code?

bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist

Hiteswar
Posts: 9
Joined: Mon Jun 13, 2011 9:57 am

Re: LDAP,AD Einschränkung auf Gruppen

Post by Hiteswar » Wed Jun 15, 2011 10:02 am

i am not able to understand language used here for this discussion . i am interested to look this discussion.
is there any setting in forum.phpmyfaq.de to view discussion in language (english)?

Thorsten
Posts: 14480
Joined: Tue Sep 25, 2001 11:14 am
Location: #phpmyfaq
Contact:

Re: LDAP,AD Einschränkung auf Gruppen

Post by Thorsten » Wed Jun 15, 2011 5:07 pm

Hi,

user generated content won't be translated...

bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist

rybal06
Posts: 9
Joined: Wed Mar 09, 2011 5:45 pm

Re: LDAP,AD Einschränkung auf Gruppen

Post by rybal06 » Thu Jun 16, 2011 3:49 pm

Thorsten wrote:Hi,

from which branch did you fetched the code?

bye
Thorsten
From this link: https://github.com/thorsten/phpMyFAQ/co ... 9c585712ad

Is their a newer version?

Thorsten
Posts: 14480
Joined: Tue Sep 25, 2001 11:14 am
Location: #phpmyfaq
Contact:

Re: LDAP,AD Einschränkung auf Gruppen

Post by Thorsten » Thu Jun 16, 2011 8:25 pm

Hi,

please try this branch: https://github.com/thorsten/phpMyFAQ/tree/2.7

bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist

rybal06
Posts: 9
Joined: Wed Mar 09, 2011 5:45 pm

Re: LDAP,AD Einschränkung auf Gruppen

Post by rybal06 » Thu Jun 16, 2011 8:55 pm

Thanks for the suggestion Thorsten, I greatly appreciate it!

I replaced my Ldap.php with the file from the link, and I am still having trouble using the ldap group authentication with AD. The printed errors are the same as before.

It is entirely possible I am missing something simple to make this work, any help would be appreciated.

Thanks,
Ryan

Thorsten
Posts: 14480
Joined: Tue Sep 25, 2001 11:14 am
Location: #phpmyfaq
Contact:

Re: LDAP,AD Einschränkung auf Gruppen

Post by Thorsten » Thu Jun 16, 2011 9:03 pm

Hi,

we need help from "fraggler" because I don't have this kind of test environment... or is it possible to get access to your server?

bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist

rybal06
Posts: 9
Joined: Wed Mar 09, 2011 5:45 pm

Re: LDAP,AD Einschränkung auf Gruppen

Post by rybal06 » Fri Jun 17, 2011 3:53 am

I apologize! I found a simple syntax error, I had ou= where I needed cn= in my ldap group definition. I am using the ldap.php from the 2.7 git link you sent earlier.

Thanks for your quick assistance, your product works well, and my organization is very close to adopting this, and we are excited for the release of 2.7. If we end up going with this product, we will definitely find a way to make a donation in some way for all of your
(and the other developers) time and hard work. If there is ever any other way I can be of assistance, please let me know. I have very little php experience, but I do have a test server with a daily copy of my production faq for testing.

Thorsten
Posts: 14480
Joined: Tue Sep 25, 2001 11:14 am
Location: #phpmyfaq
Contact:

Re: LDAP,AD Einschränkung auf Gruppen

Post by Thorsten » Fri Jun 17, 2011 8:26 am

Hi,

is it working now?

Thanks for using phpMyFAQ!

bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist

rybal06
Posts: 9
Joined: Wed Mar 09, 2011 5:45 pm

Re: LDAP,AD Einschränkung auf Gruppen

Post by rybal06 » Fri Jun 17, 2011 4:29 pm

All is working well.

Thanks!

Thorsten
Posts: 14480
Joined: Tue Sep 25, 2001 11:14 am
Location: #phpmyfaq
Contact:

Re: LDAP,AD Einschränkung auf Gruppen

Post by Thorsten » Fri Jun 17, 2011 9:58 pm

Hi,

thanks! This is great! :-)

bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest