LDAP,AD Einschränkung auf Gruppen

You have a suggestion for a future version of phpMyFAQ? Then post it here!

Moderator: Thorsten

shenglu
Posts: 1
Joined: Wed Sep 28, 2011 9:36 am

Re: LDAP,AD Einschränkung auf Gruppen

Post by shenglu »

I am currently evaluating the software used a university's IT help desk. So far, I really like it, but I can not get the LDAP group filter work. I'm running 2.6.14, PHP5, MYSQL, Ubuntu 10.10.
Thorsten
Posts: 15560
Joined: Tue Sep 25, 2001 11:14 am
Location: #phpmyfaq
Contact:

Re: LDAP,AD Einschränkung auf Gruppen

Post by Thorsten »

Hi,

LDAP groups are only supported in phpMyFAQ 2.7

bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
Marela
Posts: 1
Joined: Wed Dec 12, 2012 5:29 pm

Re: LDAP,AD Einschränkung auf Gruppen

Post by Marela »

Thorsten wrote:Hi,

please try this branch: https://github.com/thorsten/phpMyFAQ/tree/2.7

bye
Thorsten
I will try this today and test it for bugs. Thank you for your hard work to keep phpMyFAQ easy.
robin-masters
Posts: 40
Joined: Mon Aug 11, 2014 10:09 am

Re: LDAP,AD Einschränkung auf Gruppen

Post by robin-masters »

Hello @all

i use Version 2.8.11 of phpmyfaq and i try to configure a restricted login to one ad\ldap Group.

Which files must i change to get it work?
Some of the mentioned files doesn`t exist in 2.8.11? (not in the mentioned path)

LDAP Login with all user`s works. I modified the \config\ldap.php for this.
When i modified the constants_ldap.php for Groups in this way:

Code: Select all

// Option for adding a check on LDAP groups
// Default: false
$PMF_LDAP['ldap_use_memberOf'] = true;
$PMF_LDAP['ldap_mapping']['memberOf'] = 'CN=Domain-Admins,CN=Users,DC=example,DC=net';
No one can Login but the admin user for phpmyfaq.
Domain-Admins etc. is the distingushedName from Active Directory.

There are any other files i have to modified? - in Version 2.8.11?
Thorsten
Posts: 15560
Joined: Tue Sep 25, 2001 11:14 am
Location: #phpmyfaq
Contact:

Re: LDAP,AD Einschränkung auf Gruppen

Post by Thorsten »

Hi,

please use 2.8.12 äs we fixed some LDAP related issues in this release.

bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
robin-masters
Posts: 40
Joined: Mon Aug 11, 2014 10:09 am

Re: LDAP,AD Einschränkung auf Gruppen

Post by robin-masters »

Hey, Thorsten

thx for answering my question, by the way is phpmyfaq realy good stuff. (simple and not to much features which no one needs)

In Version 2.8.12 with the \config\ldap.php from 2.8.11 no login is possible. The member_of function is false because i want
the standard ldap login at first.

That works in 2.8.11:

Code: Select all

$PMF_LDAP['ldap_server'] = 'domain.net';
$PMF_LDAP['ldap_port'] = 389;
$PMF_LDAP['ldap_user'] = 'username@domain.net';
$PMF_LDAP['ldap_password'] = 'password;
$PMF_LDAP['ldap_base'] = 'dc=domain,dc=net';
Now what i have tried in 2.8.12 with the created ldap.php from the setup. (ldap Support is switched to active in the admin panel):

Code: Select all

$PMF_LDAP['ldap_server'] = 'Domain.net\hostname\ip-adress';
$PMF_LDAP['ldap_port'] = '389';
$PMF_LDAP['ldap_user'] = 'distingushedName\sAMAaccount\username@domain.net';
$PMF_LDAP['ldap_password'] = 'password';
$PMF_LDAP['ldap_base'] = 'dc=domain,dc=net\cn=users,dc=Domain,dc=net';
"\" seperates the variants i have tried but nothing works?
Any idea?
robin-masters
Posts: 40
Joined: Mon Aug 11, 2014 10:09 am

Re: LDAP,AD Einschränkung auf Gruppen

Post by robin-masters »

Okay i compared the two versions of phpmyfaq (2.8.11 vs 2.8.12) and i found the "problem".

In the \config\constants_ldap.php
Multi-Domain Environment is on by default! (not like in version 2.8.11)

Code: Select all

$PMF_LDAP['ldap_use_domain_prefix'] = true;
So you have to Login with the username: "DOMAIN\username".
I need some time to notice this... :roll:

For all phpmyfaq users who wants to use active directory\ldap login with group restriction.
My working configuration looks like this: (Version 2.8.12!)

\config\ldap.php

Code: Select all

$PMF_LDAP['ldap_server'] = 'domain.net';
$PMF_LDAP['ldap_port'] = '389';
$PMF_LDAP['ldap_user'] = 'username';
$PMF_LDAP['ldap_password'] = 'password';
$PMF_LDAP['ldap_base'] = 'dc=domain,dc=net';
\config\constants_ldap.php

Code: Select all

$PMF_LDAP['ldap_use_memberOf'] = true;
$PMF_LDAP['ldap_mapping']['memberOf'] = 'CN=phpmyfaq-users,CN=Users,DC=domain,DC=net';
to switch off multi-domain use (loginname without Domain\username)
\config\constants_ldap.php

Code: Select all

$PMF_LDAP['ldap_use_domain_prefix'] = false;
I tried before the group "Domänen-Admins" (Windows Server 2012 german lang) seems not work with umlauts or
there are special rights for this group in active Directory.
So it`s better to use a seperate phpmyfaq-users group.

So great THX @Thorsten for the new version. Not so easy for silly user`s to understand the
capabilities of this mighty stuff... ;-)
Last edited by robin-masters on Wed Aug 13, 2014 2:37 pm, edited 5 times in total.
Thorsten
Posts: 15560
Joined: Tue Sep 25, 2001 11:14 am
Location: #phpmyfaq
Contact:

Re: LDAP,AD Einschränkung auf Gruppen

Post by Thorsten »

Hi,

good news.

I know this LDAP/AD stuff is not as simple as it should be. I'll try to improve the documentation!

bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
Post Reply