LDAP,AD Einschränkung auf Gruppen

You have a suggestion for a future version of phpMyFAQ? Then post it here!

Moderator: Thorsten

rybal06
Posts: 9
Joined: Wed Mar 09, 2011 5:45 pm

Re: LDAP,AD Einschränkung auf Gruppen

Post by rybal06 »

EBUG INFORMATION:
/var/www/myfaq/inc/Init.php:
PMF_Configuration->getAll() in line 106:

SELECT
config_name, config_value
FROM
faqconfig


/var/www/myfaq/inc/PMF_User/CurrentUser.php:
PMF_Auth_AuthDb->checkLogin() in line 155:

SELECT
login
FROM
faquserlogin
WHERE
login = 'test1'


/var/www/myfaq/inc/Logging.php:
PMF_DB_Mysql->nextID() in line 125:

SELECT
MAX(id) AS current_id
FROM
faqadminlog


/var/www/myfaq/inc/Logging.php:
PMF_User_UserData->get() in line 127:

SELECT
user_id
FROM
faquserdata
WHERE
user_id = 0


/var/www/myfaq/admin/index.php:
PMF_Logging->logAdmin() in line 126:

INSERT INTO
faqadminlog
(id, time, usr, text, ip)
VALUES
(273, 1299698709, 0, 'Loginerror\\nLogin: domain\\test1\\nErrors: Specified login could not be found. ', 'ipaddress')
Last edited by rybal06 on Wed Mar 09, 2011 8:24 pm, edited 1 time in total.
Thorsten
Posts: 15560
Joined: Tue Sep 25, 2001 11:14 am
Location: #phpmyfaq
Contact:

Re: LDAP,AD Einschränkung auf Gruppen

Post by Thorsten »

Hi,

I don't have any LDAP environment to test, so any feedback is highly appreciate! :-)

bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
cRw`
Posts: 10
Joined: Wed Aug 19, 2009 4:09 pm

Re: LDAP,AD Einschränkung auf Gruppen

Post by cRw` »

@rybal06

try this Code, worked for me. git changes didnt work me too.

Code: Select all

if (true === $PMF_LDAP['ldap_use_memberOf']) {
   $filter = sprintf('(&%s(memberof=%s))', $filter, $PMF_LDAP['ldap_mapping']['memberOf']);
}
rybal06
Posts: 9
Joined: Wed Mar 09, 2011 5:45 pm

Re: LDAP,AD Einschränkung auf Gruppen

Post by rybal06 »

Thanks for the alternate php code.

It is acting the same as the code from git, it does not allow any users to log in. When I set the ldap use memberOf to false, every user can log in as expected.

Here is what I have added to constants_ldap.php:

Code: Select all

$PMF_LDAP['ldap_use_memberOf'] = true;
$PMF_LDAP['ldap_mapping']['memberOf'] = 'cn=helpdesk,ou=Users,dc=testdomain,dc=edu';
Here are the changes I made to inc\ldap.php
Removed the line

Code: Select all

$filter = "(" . $PMF_LDAP['ldap_mapping']['username'] . "=" . $username . ")";
and put this in its place:

Code: Select all

$filter = sprintf('(%s=%s)', $PMF_LDAP['ldap_mapping']['username'], $username);
        if (true === $PMF_LDAP['ldap_use_memberOf']) {
            $filter = sprintf('(&%s(memberof=%s))', $filter, $PMF_LDAP['ldap_mapping']['memberOf']);
        }
When I turned on debugging in the Init.php file, a log in attempt results in this error:

Code: Select all

phpMyFAQ warning [2]: ldap_get_values() expects parameter 2 to be resource, boolean given in /var/www/myfaq/inc/Ldap.php on line 229
and

Code: Select all

/var/www/myfaq/admin/index.php:
PMF_Logging->logAdmin() in line 126:

                INSERT INTO
                    faqadminlog
                (id, time, usr, text, ip)
                    VALUES 
                (690, 1307989048, 0, 'Loginerror\\nLogin: test1\\nErrors: Specified password is not correct.',

Has anyone gotten the memberOf filter to work with MS Active Directory? Thanks!

Ryan
Thorsten
Posts: 15560
Joined: Tue Sep 25, 2001 11:14 am
Location: #phpmyfaq
Contact:

Re: LDAP,AD Einschränkung auf Gruppen

Post by Thorsten »

Hi,

from which branch did you fetched the code?

bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
Hiteswar
Posts: 9
Joined: Mon Jun 13, 2011 9:57 am

Re: LDAP,AD Einschränkung auf Gruppen

Post by Hiteswar »

i am not able to understand language used here for this discussion . i am interested to look this discussion.
is there any setting in forum.phpmyfaq.de to view discussion in language (english)?
Thorsten
Posts: 15560
Joined: Tue Sep 25, 2001 11:14 am
Location: #phpmyfaq
Contact:

Re: LDAP,AD Einschränkung auf Gruppen

Post by Thorsten »

Hi,

user generated content won't be translated...

bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
rybal06
Posts: 9
Joined: Wed Mar 09, 2011 5:45 pm

Re: LDAP,AD Einschränkung auf Gruppen

Post by rybal06 »

Thorsten wrote:Hi,

from which branch did you fetched the code?

bye
Thorsten
From this link: https://github.com/thorsten/phpMyFAQ/co ... 9c585712ad

Is their a newer version?
Thorsten
Posts: 15560
Joined: Tue Sep 25, 2001 11:14 am
Location: #phpmyfaq
Contact:

Re: LDAP,AD Einschränkung auf Gruppen

Post by Thorsten »

Hi,

please try this branch: https://github.com/thorsten/phpMyFAQ/tree/2.7

bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
rybal06
Posts: 9
Joined: Wed Mar 09, 2011 5:45 pm

Re: LDAP,AD Einschränkung auf Gruppen

Post by rybal06 »

Thanks for the suggestion Thorsten, I greatly appreciate it!

I replaced my Ldap.php with the file from the link, and I am still having trouble using the ldap group authentication with AD. The printed errors are the same as before.

It is entirely possible I am missing something simple to make this work, any help would be appreciated.

Thanks,
Ryan
Thorsten
Posts: 15560
Joined: Tue Sep 25, 2001 11:14 am
Location: #phpmyfaq
Contact:

Re: LDAP,AD Einschränkung auf Gruppen

Post by Thorsten »

Hi,

we need help from "fraggler" because I don't have this kind of test environment... or is it possible to get access to your server?

bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
rybal06
Posts: 9
Joined: Wed Mar 09, 2011 5:45 pm

Re: LDAP,AD Einschränkung auf Gruppen

Post by rybal06 »

I apologize! I found a simple syntax error, I had ou= where I needed cn= in my ldap group definition. I am using the ldap.php from the 2.7 git link you sent earlier.

Thanks for your quick assistance, your product works well, and my organization is very close to adopting this, and we are excited for the release of 2.7. If we end up going with this product, we will definitely find a way to make a donation in some way for all of your
(and the other developers) time and hard work. If there is ever any other way I can be of assistance, please let me know. I have very little php experience, but I do have a test server with a daily copy of my production faq for testing.
Thorsten
Posts: 15560
Joined: Tue Sep 25, 2001 11:14 am
Location: #phpmyfaq
Contact:

Re: LDAP,AD Einschränkung auf Gruppen

Post by Thorsten »

Hi,

is it working now?

Thanks for using phpMyFAQ!

bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
rybal06
Posts: 9
Joined: Wed Mar 09, 2011 5:45 pm

Re: LDAP,AD Einschränkung auf Gruppen

Post by rybal06 »

All is working well.

Thanks!
Thorsten
Posts: 15560
Joined: Tue Sep 25, 2001 11:14 am
Location: #phpmyfaq
Contact:

Re: LDAP,AD Einschränkung auf Gruppen

Post by Thorsten »

Hi,

thanks! This is great! :-)

bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
Post Reply