LDAP,AD Einschränkung auf Gruppen

[shenglu]

I am currently evaluating the software used a university's IT help desk. So far, I really like it, but I can not get the LDAP group filter work. I'm running 2.6.14, PHP5, MYSQL, Ubuntu 10.10.

[Thorsten]

Hi,

LDAP groups are only supported in phpMyFAQ 2.7

bye
Thorsten

[Marela]

Hi,

please try this branch: https://github.com/thorsten/phpMyFAQ/tree/2.7

bye
Thorsten

I will try this today and test it for bugs. Thank you for your hard work to keep phpMyFAQ easy.

[robin-masters]

Hello @all

i use Version 2.8.11 of phpmyfaq and i try to configure a restricted login to one ad\ldap Group.

Which files must i change to get it work?
Some of the mentioned files doesn`t exist in 2.8.11? (not in the mentioned path)

LDAP Login with all user`s works. I modified the \config\ldap.php for this.
When i modified the constants_ldap.php for Groups in this way:

Code: Select all

// Option for adding a check on LDAP groups
// Default: false
$PMF_LDAP['ldap_use_memberOf'] = true;
$PMF_LDAP['ldap_mapping']['memberOf'] = 'CN=Domain-Admins,CN=Users,DC=example,DC=net';

No one can Login but the admin user for phpmyfaq.
Domain-Admins etc. is the distingushedName from Active Directory.

There are any other files i have to modified? - in Version 2.8.11?

[Thorsten]

Hi,

please use 2.8.12 äs we fixed some LDAP related issues in this release.

bye
Thorsten

[robin-masters]

Hey, Thorsten

thx for answering my question, by the way is phpmyfaq realy good stuff. (simple and not to much features which no one needs)

In Version 2.8.12 with the \config\ldap.php from 2.8.11 no login is possible. The member_of function is false because i want
the standard ldap login at first.

That works in 2.8.11:

Code: Select all

$PMF_LDAP['ldap_server'] = 'domain.net';
$PMF_LDAP['ldap_port'] = 389;
$PMF_LDAP['ldap_user'] = 'username@domain.net';
$PMF_LDAP['ldap_password'] = 'password;
$PMF_LDAP['ldap_base'] = 'dc=domain,dc=net';

Now what i have tried in 2.8.12 with the created ldap.php from the setup. (ldap Support is switched to active in the admin panel):

Code: Select all

$PMF_LDAP['ldap_server'] = 'Domain.net\hostname\ip-adress';
$PMF_LDAP['ldap_port'] = '389';
$PMF_LDAP['ldap_user'] = 'distingushedName\sAMAaccount\username@domain.net';
$PMF_LDAP['ldap_password'] = 'password';
$PMF_LDAP['ldap_base'] = 'dc=domain,dc=net\cn=users,dc=Domain,dc=net';

"\" seperates the variants i have tried but nothing works?
Any idea?

[robin-masters]

Okay i compared the two versions of phpmyfaq (2.8.11 vs 2.8.12) and i found the "problem".

In the \config\constants_ldap.php
Multi-Domain Environment is on by default! (not like in version 2.8.11)

Code: Select all

$PMF_LDAP['ldap_use_domain_prefix'] = true;

So you have to Login with the username: "DOMAIN\username".
I need some time to notice this...

For all phpmyfaq users who wants to use active directory\ldap login with group restriction.
My working configuration looks like this: (Version 2.8.12!)

\config\ldap.php

Code: Select all

$PMF_LDAP['ldap_server'] = 'domain.net';
$PMF_LDAP['ldap_port'] = '389';
$PMF_LDAP['ldap_user'] = 'username';
$PMF_LDAP['ldap_password'] = 'password';
$PMF_LDAP['ldap_base'] = 'dc=domain,dc=net';

\config\constants_ldap.php

Code: Select all

$PMF_LDAP['ldap_use_memberOf'] = true;
$PMF_LDAP['ldap_mapping']['memberOf'] = 'CN=phpmyfaq-users,CN=Users,DC=domain,DC=net';

to switch off multi-domain use (loginname without Domain\username)
\config\constants_ldap.php

Code: Select all

$PMF_LDAP['ldap_use_domain_prefix'] = false;

I tried before the group "Domänen-Admins" (Windows Server 2012 german lang) seems not work with umlauts or
there are special rights for this group in active Directory.
So it`s better to use a seperate phpmyfaq-users group.

So great THX @Thorsten for the new version. Not so easy for silly user`s to understand the
capabilities of this mighty stuff...

[Thorsten]

Hi,

good news.

I know this LDAP/AD stuff is not as simple as it should be. I'll try to improve the documentation!

bye
Thorsten