LDAPAuth :: Zikula Community :: Support at your fingertips

Get Zikula 1.3.3!New core, modules & more

Quick Links

Donate Today!Support your Software

Documentationlearn, share & develop

Watch

GitHub Core

Show your support for Zikula! Sign up at Github account and watch the Core project!

GitHub Modules

Forum Activity

mesteele101 responded to »ERR (3): E_USER_ERROR: Smarty error: [in pagesvar:pagesitem2en line XXX]…« 07:01 AM
mazdev responded to »Pages 2.5.0 and updating - Page not found« 06:41 AM
ehdwma created topic »Hide "Register new account" and change template to 3 col« 06:27 AM
mesteele101 responded to »Zikula 1.3.3 - Selecting a category in Pages not working« 01:29 AM
mdee created topic »How to implement returnpage ?« 01:00 AM
nestormateo responded to »Fillters in Clip« 24. May
damon responded to »Can the Updated Version Check be Turned Off (Z 1.3)« 24. May

» Visit forum | » View latest posts

Zikula Blog

Anatomy of Open Source Projects on Mar 07
Continuous Review on Mar 01
Not Invented Here on Feb 24
How to Contribute Your Code at Github on Jan 13
10 Steps to Coding-Nirvana: Tips for Successful Module Writing on Nov 12
Submitting Bug Report Tickets That Get Results on Aug 17
Cozi Tricks #1: Syntax Highlighting on Aug 07

LDAPAuth

Print topic

**unknown user**

Rank: Registered User

Registered: Mar 16, 2002

Last visit: Oct 21, 2009

Posts: 21
Posted: Sep 04, 2004 - 09:06 AM

Could someone please supply a copy of their LDAPAuth settings
markwest

Rank: Team Member

Registered: Mar 18, 2002

Last visit: Oct 21, 2009

Posts: 6606
Posted: Sep 04, 2004 - 10:00 PM

LDAP settings are entirely dependant on your directory services architecture so having someone else's settings won't help you. If in doubt contact your DS administrator.

-Mark

--
Visit My homepage and Zikula themes .
**unknown user**

Rank: Registered User

Registered: Mar 16, 2002

Last visit: Oct 21, 2009

Posts: 21
Posted: Sep 07, 2004 - 10:13 AM

Unfortunately my DS administrator is new to this as well. Our current settings in LDAPAuth are as below and I would like some confirmation that we are on the right lines and what are the likely errors:

Authentication using - PN and LDAP
Server Address - LDAP://10.1.0.18:389
Base DN - o=bell_college
Bind as -
Bind Password -
Search base - cn=users o=bell_college
Add new User to Group - Users

Bill
**unknown user**

Rank: Registered User

Registered: Mar 16, 2002

Last visit: Sep 28, 2004

Posts: 6
Posted: Sep 20, 2004 - 01:00 AM

Mark, would you be able to tell me if Bills configuration looks like it should work?

I dont know if its the configuration i have set up wrong or if i need to change some of the code of the module.

I think the main problem is in the BaseDN and the searchbase (if the code is correct)

and do you need to put "LDAP:// " in front of the server IP?

could you maybe show us an example of what the configuration should look like? (use dummy values if you want, just something to give me an idea)

Scott
markwest

Rank: Team Member

Registered: Mar 18, 2002

Last visit: Oct 21, 2009

Posts: 6606
Posted: Sep 20, 2004 - 01:43 AM

LDAP contexts are seperated by commas rather than dots (as per standard NDS contexts) plus there's no need specifiy things as a URL. In general turn on the LDAP debugger. In a Novell environment this is achieved via a dstrace setting - see TID's 10080854, 10059954 and 10062287 for more info on a debugging LDAP sessions in a novell environment.

-Mark

--
Visit My homepage and Zikula themes .
**unknown user**

Rank: Registered User

Registered: Mar 16, 2002

Last visit: Sep 28, 2004

Posts: 6
Posted: Sep 21, 2004 - 12:03 AM

We use a java program called LDAP Browser Editor v2.8.2 to test our LDAP connection from our server, unfortunately the information that is valid does not seem to work with LDAPAuth.

Is there no way you can knock up a mock configuration just so we can see how the configuration should look? Just to see if we are on the correct lines.

Scott
markwest

Rank: Team Member

Registered: Mar 18, 2002

Last visit: Oct 21, 2009

Posts: 6606
Posted: Sep 21, 2004 - 12:26 AM

Not really since the values an fully dependant on the design of your directory service and the specifc directory service in use. Again refer any questions over the specifics to your DS administrator who should be able to provide the answers to these questions. An LDAP browser is not the same as have diagnostics on the server side to diagnose the results of an LDAP query.

For my setup I use
ip address ip address of my LDAP server (e.g. 192.168.1.1)
base dn o=ku
bind as, password not set since my DS allows for an anonymous bind
search base o=ku
search attribute cn (although uid will work too since that's an LDAP standard - I just use cn as i'm a novell person).

As you can see each setting is specifc to my environment (with the exception of the search attribute).

-Mark

--
Visit My homepage and Zikula themes .
mcu

Rank: Registered User

Registered: Sep 26, 2002

Last visit: Nov 02, 2009

Posts: 20
Posted: Nov 14, 2005 - 06:49 PM

I have just installed PN 7.61 and added the ldapauth 02 module, but I can't get it to work. Trying to get it to authenticate to a Netware LDAP server.
I don't seem to be able to get it to do anything. It won't even lock me out when I choose LDAP only when I choose a user not in LDAP.
DSTrace is not showing any information.
Search attribute does not appear to be a configurable option.
Are there any changes that need to be made other than install the module and activate it?
My own PHP apps with LDAP atuthentication work OK.
**unknown user**

Rank: Freshman

Registered: Mar 16, 2002

Last visit: Nov 22, 2006

Posts: 53
Posted: Nov 15, 2005 - 02:24 AM

It sounds like you don't have the pnUser.php file in the includes folder. Aslo, you may need a new version of pnUser.php than what comes with LDAPAuth. I found when upgrading our site that it did not work correctly. If you want I can send you a copy of the file.
mcu

Rank: Registered User

Registered: Sep 26, 2002

Last visit: Nov 02, 2009

Posts: 20
Posted: Dec 31, 2005 - 04:11 PM

Kandiil
It sounds like you don't have the pnUser.php file in the includes folder. Aslo, you may need a new version of pnUser.php than what comes with LDAPAuth. I found when upgrading our site that it did not work correctly. If you want I can send you a copy of the file.

You were right. I did not follow the instructions very well. I downloaded my copy of LDAPAuth02 from http://www.markwest.…=viewdownload&cid=6. There was a text file in the docs that had the changes to be made to pnUser.php but no instructions as to where to make these changes.

In this thread http://forums.postnu…e=viewtopic&t=46161 there are links to another .02 version. This has a clear install instruction htm file included. It though makes different changes to pnUser.php. Mark in his tells about the changes he made although I think it has branched separate from Mark's. I installed both to test. Mark's has changed the code to search on cn rather than uid whereas the other allows you to choose the search 'field'. The hard code for cn though is clear in the API. So there are two .02 versions out there.

I am using the Mark West version. I also use Novell's eDirectory. I had difficulty though getting it to authenticate. I found that I had to put the fully distinguished name into the admin form for the 'bind as'. I used
cn=readuser,o=test
I thought it may add the base dn to the user. I haven't had time to look to find what it does with the base dn.

I am very happy now that I have LDAP authentication working well.
mcu

Rank: Registered User

Registered: Sep 26, 2002

Last visit: Nov 02, 2009

Posts: 20
Posted: Dec 31, 2005 - 04:30 PM

Just thought I might add some comments about the use of cn and uid that I have gleaned. In the past Novell did not use uid. The main identifier was cn. It is possible though in Novell's eDirectory to have multiple objects with the same cn if they reside in different ou. Novell now though is using LDAP quite extensively for authentication which makes contextless logins easy. These logins require a unique id (uid). Newer features such as iPrint require the use of uid. Users created with old tools in Novell are not given a uid and so cannot use iPrint. I have up until this year been importing with 'uimport' which does not create a uid. So even if using eDirectory it seems it would be better to use uid if all of your users have a uid.
**unknown user**

Rank: Freshman

Registered: Mar 16, 2002

Last visit: Oct 21, 2009

Posts: 52
Posted: Apr 14, 2006 - 12:14 PM

The uid can and should be added for users who do not have one. I was working with Dans Guardian and Squid and found a neat Novell Cool Solutions for LDAP authentication with Squid. I used an LDAP client tool on a linux box to query all the users who were missing a uid attribute. I then took that list and added the uid to those user accounts using Console One. I believe that attribute is on the last tab of the user account. What this allowed me to do was setup ACLs in SQUID using the existing Novell tree, and enable users to authenticate to the Internet with their Novell account.