Page 1 of 1

LDAP configuration

Posted: Mon Jun 08, 2020 7:14 am
by forstera
Hello all,
Just a small question ...
My LDAP has been activated in my PHP system but I can't login. Reading the last messages in the forum pointed me to the constants_ldap.php file.
is this file still needed because it's not present in my system ?
thanks to all for your help :)

Re: LDAP configuration

Posted: Mon Jun 08, 2020 7:38 am
by Thorsten

it's not needed in v3 anymore, you can configure LDAP in the admin configuration, there's a special LDAP tab for that.


Re: LDAP configuration

Posted: Mon Jun 08, 2020 8:07 am
by forstera
Thank you Thorsten,
Yes, I noticed that :)
As I still can't login using my ldap users, can I activate a log to look for the source of my problem ?
I already had a look in http logs and php-fmp logs but this didnt helped my very much.

Ok, I solved my problem by removing the option 'LDAP dynamic user binding '
I dont know really what is the meaning of that option ... but now I can connect to my php using my ldap users ...

Do you have informations about that option ?
thanks very much :)

Re: LDAP configuration

Posted: Mon Jun 08, 2020 10:13 am
by Thorsten

it works like this:

Code: Select all

        if ($this->config->get('ldap.ldap_use_dynamic_login')) {
            // Check for dynamic user binding
            $ldapRdn = $this->config->get('ldap.ldap_dynamic_login_attribute') . '=' . $ldapUser . ',' . $ldapBase;
            $ldapBind = $this->bind($ldapRdn, $ldapPassword);
        } elseif ($this->config->get('ldap.ldap_use_anonymous_login')) {
            // Check for anonymous binding
            $ldapBind = $this->bind();
        } else {
            // Check for user binding without RDN
            $ldapBind = $this->bind($ldapUser, $ldapPassword);
The dynamic login uses the the information for the LDAP binding with the given attribute.


Re: LDAP configuration

Posted: Mon Jun 08, 2020 12:51 pm
by forstera
thanks very much, users can log in with their ldap accounts :)

But now I wanted to give some of them some permissions. so, In the users management, I give some permissions to them (for example, Editing, adding, removing an article).
So one of my user connected to the system and then I could use it to give some special permissions. But, after a reconnexion, no change : the new permissions are not Added to my user.
So I created a group a gave some special permissions to the group. I then Added 2 users into this group. One from my ldap and one i juste created in my phpmyfaq. The one I created received the new permissions but not the one coming from my ldap system.

In fact, I realized I need to give the 'View admin link' permission to allow a user to receive mot permissions. Can you confirm that ?

Thanks very much for your help