Hi, i have a question.
I have configurate ldap.php with a simple metod:
==
$PMF_LDAP['ldap_server'] = 'ldap://cittadellasalute.to.it';
$PMF_LDAP['ldap_port'] = 389;
$PMF_LDAP['ldap_user'] = 'CN=myuser,CN=Users,DC=mysites,DC=to,DC=it';
$PMF_LDAP['ldap_password'] = 'mypassword';
$PMF_LDAP['ldap_base'] = 'DC=mysites,DC=to,DC=it';
==
This configuration it's work, but all of my ad user can access to my website.
If i want to deny access at all user, but allow access for only one ad group?
I have tried the same configuration with this add lines:
==
$PMF_LDAP['ldap_use_memberOf'] = true;
$PMF_LDAP['ldap_mapping']['memberOf'] = 'cn=faq_PdL,ou=groups,DC=cittadellasalute,DC=to,DC=it';
==
But it's not work.
We have a solution?
Thanks!
Thomas
LDAP Group Filter
Moderator: Thorsten
Re: LDAP Group Filter
Hi,
do you get any errors?
bye
Thorsten
do you get any errors?
bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
amazon.de Wishlist
Re: LDAP Group Filter
hi,
the error is "Wrong Credential". But the credential it's correct.
I have try to change configuration with this line:
==
$PMF_LDAP['ldap_group_filter'] = '(&(objectClass=group)(cn=faq_PdL))';
$PMF_LDAP['ldap_user_filter'] = '(&(objectClass=user)(memberOf=cn=faq_PdL,ou=groups,dc=cittadellasalute,dc=to,dc=it))';
==
But it's the same result.
Do you have an example for similar configuration?
Thanks,
Thomas
the error is "Wrong Credential". But the credential it's correct.
I have try to change configuration with this line:
==
$PMF_LDAP['ldap_group_filter'] = '(&(objectClass=group)(cn=faq_PdL))';
$PMF_LDAP['ldap_user_filter'] = '(&(objectClass=user)(memberOf=cn=faq_PdL,ou=groups,dc=cittadellasalute,dc=to,dc=it))';
==
But it's the same result.
Do you have an example for similar configuration?
Thanks,
Thomas
Re: LDAP Group Filter
Hi,
sadly I have no example configuration as this code was provided by a user.
Which version do you use?
bye
Thorsten
sadly I have no example configuration as this code was provided by a user.
Which version do you use?
bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
amazon.de Wishlist
Re: LDAP Group Filter
hi,
i use two different vesion, the lastest version 3.2.1 and 3.1.12, i have the same error for all vesrion.
Thomas
i use two different vesion, the lastest version 3.2.1 and 3.1.12, i have the same error for all vesrion.
Thomas
Re: LDAP Group Filter
Hi Thomas,
bye
Thorsten
where did you add this information? In the admin configuration?
bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
amazon.de Wishlist
Re: LDAP Group Filter
Hi Thorsten,
i have add this line into a file in a install directory config/ldap.php.
Byem
Thomas
i have add this line into a file in a install directory config/ldap.php.
Byem
Thomas
Re: LDAP Group Filter
Hi,
that won’t work, you have to change the values in the admin configuration for LDAP.
bye
Thorsten
that won’t work, you have to change the values in the admin configuration for LDAP.
bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
amazon.de Wishlist
Re: LDAP Group Filter
Hi Thrstenm,
i have tried to config /admin/configuration.php
I have add this line:
==
ldapServer = 'ldap://myldap'; // Indirizzo del server LDAP
$ldapPort = 389; // Porta del server LDAP
$ldapConn = ldap_connect($ldapServer, $ldapPort);
$ldapUser = 'CN=myuser,CN=Users,DC=mydc,DC=to,DC=it'; // DN dell'utente LDAP
$ldapPassword = 'mypassword'; // Password dell'utente LDAP
$ldapGroup = 'cn=mygroup,ou=groups,DC=mydc,DC=to,DC=it'; // DN del gruppo LDAP
$ldapFilter = "(member=$ldapUser)"; // Filtra per il membro dell'utente
$searchResult = ldap_search($ldapConn, $ldapGroup, $ldapFilter);
if ($searchResult !== false) {
$entries = ldap_get_entries($ldapConn, $searchResult);
if ($entries['count'] > 0) {
// L'utente è un membro del gruppo LDAP
// Puoi concedere l'accesso o le autorizzazioni
} else {
// L'utente non è un membro del gruppo LDAP
// Puoi negare l'accesso o le autorizzazioni
}
} else {
// Errore nella ricerca LDAP
die("Errore nella ricerca LDAP");
}
==
but i have the same result. All user can access. Do you have a solution for my problem? or you have a similar configuration?
My target is to deny access at all user ldap, except a member of a determinate group.
Thank's.
Thomas
i have tried to config /admin/configuration.php
I have add this line:
==
ldapServer = 'ldap://myldap'; // Indirizzo del server LDAP
$ldapPort = 389; // Porta del server LDAP
$ldapConn = ldap_connect($ldapServer, $ldapPort);
$ldapUser = 'CN=myuser,CN=Users,DC=mydc,DC=to,DC=it'; // DN dell'utente LDAP
$ldapPassword = 'mypassword'; // Password dell'utente LDAP
$ldapGroup = 'cn=mygroup,ou=groups,DC=mydc,DC=to,DC=it'; // DN del gruppo LDAP
$ldapFilter = "(member=$ldapUser)"; // Filtra per il membro dell'utente
$searchResult = ldap_search($ldapConn, $ldapGroup, $ldapFilter);
if ($searchResult !== false) {
$entries = ldap_get_entries($ldapConn, $searchResult);
if ($entries['count'] > 0) {
// L'utente è un membro del gruppo LDAP
// Puoi concedere l'accesso o le autorizzazioni
} else {
// L'utente non è un membro del gruppo LDAP
// Puoi negare l'accesso o le autorizzazioni
}
} else {
// Errore nella ricerca LDAP
die("Errore nella ricerca LDAP");
}
==
but i have the same result. All user can access. Do you have a solution for my problem? or you have a similar configuration?
My target is to deny access at all user ldap, except a member of a determinate group.
Thank's.
Thomas
Re: LDAP Group Filter
Hi,
you don't have to do that in the PHP files. Use the admin configuration user interface via your browser.
All LDAP configuration can be configured via your browser.
bye
Thorsten
you don't have to do that in the PHP files. Use the admin configuration user interface via your browser.
All LDAP configuration can be configured via your browser.
bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
amazon.de Wishlist
Re: LDAP Group Filter
hi,
i don't have all configuration LDAP on web admin:
LDAP mapping for name, "cn" when using an ADS
LDAP mapping for username, "samAccountName" when using an ADS
LDAP mapping for email, "mail" when using an ADS
LDAP mapping for "member of" when using LDAP groups
LDAP domain prefix, e.g. "DOMAIN\username"
LDAP protocol version (default: 3)
LDAP referrals (default: 0)
Enable LDAP group support, e.g. "DOMAIN\username"
Enable LDAP SASL support
Enable multiple LDAP servers support
Enable anonymous LDAP connections
Enable LDAP dynamic user binding
LDAP attribute for dynamic user binding, "uid" when using an ADS
How to configure for my target? i cant' specify the member group.
bye,
Thomas
i don't have all configuration LDAP on web admin:
LDAP mapping for name, "cn" when using an ADS
LDAP mapping for username, "samAccountName" when using an ADS
LDAP mapping for email, "mail" when using an ADS
LDAP mapping for "member of" when using LDAP groups
LDAP domain prefix, e.g. "DOMAIN\username"
LDAP protocol version (default: 3)
LDAP referrals (default: 0)
Enable LDAP group support, e.g. "DOMAIN\username"
Enable LDAP SASL support
Enable multiple LDAP servers support
Enable anonymous LDAP connections
Enable LDAP dynamic user binding
LDAP attribute for dynamic user binding, "uid" when using an ADS
How to configure for my target? i cant' specify the member group.
bye,
Thomas
Re: LDAP Group Filter
Hi,
it's "LDAP mapping for "member of" when using LDAP groups"
bye
Thorsten
it's "LDAP mapping for "member of" when using LDAP groups"
bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
amazon.de Wishlist
Re: LDAP Group Filter
hi Thorsten,
i have configurate web admin page, with correct mebmer of. But not work.
I don't find a log, for determinate the errore.
Do you have an idea?
Bye
Thomas
i have configurate web admin page, with correct mebmer of. But not work.
I don't find a log, for determinate the errore.
Do you have an idea?
Bye
Thomas
Re: LDAP Group Filter
Hi,
you can enable the debug mode in src/Bootstrap.php
bye
Thorsten
you can enable the debug mode in src/Bootstrap.php
bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
amazon.de Wishlist
Re: LDAP Group Filter
Hi,
I don't find any problem.
I don't undertand the problem.
For Recap:
I have configurate dhe ldap.php with this line:
==
PMF_LDAP['ldap_server'] = 'ldap://myldap';
$PMF_LDAP['ldap_port'] = 389;
$PMF_LDAP['ldap_user'] = 'CN=myuser,CN=Users,DC=myldap,DC=to,DC=it';
$PMF_LDAP['ldap_password'] = 'mypassword';
$PMF_LDAP['ldap_base'] = 'dc=myldap,dc=to,dc=it';
==
an the web admin console meber of "mygroup".
Where is my error?
Thomas
I don't find any problem.
I don't undertand the problem.
For Recap:
I have configurate dhe ldap.php with this line:
==
PMF_LDAP['ldap_server'] = 'ldap://myldap';
$PMF_LDAP['ldap_port'] = 389;
$PMF_LDAP['ldap_user'] = 'CN=myuser,CN=Users,DC=myldap,DC=to,DC=it';
$PMF_LDAP['ldap_password'] = 'mypassword';
$PMF_LDAP['ldap_base'] = 'dc=myldap,dc=to,dc=it';
==
an the web admin console meber of "mygroup".
Where is my error?
Thomas