AuthenticationPluginLdap and
AuthenticationPluginLdap and
Posted:02 Jul 2009 (00:17 UTC)Not sure if this is the correct place to post but here goes.
I have seen a couple of posts about getting BitWeaver to authenticate against Active Directory. I have successfully manage to get this to work with a few modifications to AuthenticationPluginLdap. BTW I'm using the latest version pulled from CVS last week.
In function validate
After the block starting with:
if ( $this->mConfigreqcert>'reqcert' ) {
I added the following:
// added this as the correct name is start_tls and when tls is unchecked is null
if ( is_null($this->mConfigtls>'tls') == true) {
$this->mConfigstart_tls>'start_tls' = false;
}
else {
$this->mConfigstart_tls>'start_tls' = true;
}
// added this as when referrals is unchecked is null
if ( is_null($this->mConfigreferrals>'referrals') == true) {
$this->mConfigreferrals>'referrals' = false;
}
else {
$this->mConfigreferrals>'referrals' = true;
}
// added this to pull all properties from Active Directory
$this->mConfigattributes>'attributes' = (array) null;
I replaced the line:
$attributes = $a->getAuthData('attributes');
with:
$attributes = $a->getAuthData();
I replaced the lines:
$this->mInfo"login" = $attributes[ $this->mConfiguserattr>'userattr' ]0;
$this->mInfo"email" = $attributes[ $this->mConfigemail>'email' ]0;
$this->mInfo"real_name" = empty($attributes[$this->mConfigname>'name']0) ? $this->mInfo"login" : $attributes[$this->mConfigname>'name']0;
with these:
$this->mInfo"login" = $attributes[ $this->mConfiguserattr>'userattr' ];
$this->mInfo"email" = $attributes[ $this->mConfigemail>'email' ];
$this->mInfo"real_name" = empty($attributes[$this->mConfigname>'name']) ? $this->mInfo"login" : $attributes[$this->mConfigname>'name'];
In function getSettings
rename 'users_ldap_useroc' to 'users_ldap_userfilter' and changed the 'default' to '(objectClass=inetOrgPerson)'
rename 'users_ldap_groupoc' to 'users_ldap_groupfilter' and changed the 'default' to '(objectClass=groupOfUniqueNames)'
changed the type of 'users_ldap_memberisdn' to 'checkbox' and 'default' to 'n'
I guess it would help if I gave the settings that I used as well.
LDAP Host - someserver
LDAP Port - 389
Use Start-TLS? - unchecked
Skip the SSL Cert validation? - checked
Use Referrals? - unchecked
LDAP Base DN - dc=example,dc=com
LDAP User DN - ou=users
LDAP User Attribute - sAMAccountName
LDAP User E-Mail Address - mail
LDAP User Display Name - displayName
LDAP User OC - (objectClass=user)
LDAP Group DN - ou=somegroup
LDAP Group Atribte - sAMAccountName
LDAP Group OC - (objectClass=group)
LDAP Member Attribute - member
LDAP Member Is DN - checked
LDAP Bind DN - cn=some user,ou=somegroup,ou=users,dc=example,dc=com
LDAP Bind Pwd - secret
LDAP Scope to use when searching for users - sub
I have replaced some of these with dummy values.
I did notice that if a checkbox is unchecked then the value is set to null rather than false, and that the start_ is being stripped of start_tls.
Hope this helps someone somewhere.
Sorry for the long post.
I have seen a couple of posts about getting BitWeaver to authenticate against Active Directory. I have successfully manage to get this to work with a few modifications to AuthenticationPluginLdap. BTW I'm using the latest version pulled from CVS last week.
In function validate
After the block starting with:
if ( $this->mConfigreqcert>'reqcert' ) {
I added the following:
// added this as the correct name is start_tls and when tls is unchecked is null
if ( is_null($this->mConfigtls>'tls') == true) {
$this->mConfigstart_tls>'start_tls' = false;
}
else {
$this->mConfigstart_tls>'start_tls' = true;
}
// added this as when referrals is unchecked is null
if ( is_null($this->mConfigreferrals>'referrals') == true) {
$this->mConfigreferrals>'referrals' = false;
}
else {
$this->mConfigreferrals>'referrals' = true;
}
// added this to pull all properties from Active Directory
$this->mConfigattributes>'attributes' = (array) null;
I replaced the line:
$attributes = $a->getAuthData('attributes');
with:
$attributes = $a->getAuthData();
I replaced the lines:
$this->mInfo"login" = $attributes[ $this->mConfiguserattr>'userattr' ]0;
$this->mInfo"email" = $attributes[ $this->mConfigemail>'email' ]0;
$this->mInfo"real_name" = empty($attributes[$this->mConfigname>'name']0) ? $this->mInfo"login" : $attributes[$this->mConfigname>'name']0;
with these:
$this->mInfo"login" = $attributes[ $this->mConfiguserattr>'userattr' ];
$this->mInfo"email" = $attributes[ $this->mConfigemail>'email' ];
$this->mInfo"real_name" = empty($attributes[$this->mConfigname>'name']) ? $this->mInfo"login" : $attributes[$this->mConfigname>'name'];
In function getSettings
rename 'users_ldap_useroc' to 'users_ldap_userfilter' and changed the 'default' to '(objectClass=inetOrgPerson)'
rename 'users_ldap_groupoc' to 'users_ldap_groupfilter' and changed the 'default' to '(objectClass=groupOfUniqueNames)'
changed the type of 'users_ldap_memberisdn' to 'checkbox' and 'default' to 'n'
I guess it would help if I gave the settings that I used as well.
LDAP Host - someserver
LDAP Port - 389
Use Start-TLS? - unchecked
Skip the SSL Cert validation? - checked
Use Referrals? - unchecked
LDAP Base DN - dc=example,dc=com
LDAP User DN - ou=users
LDAP User Attribute - sAMAccountName
LDAP User E-Mail Address - mail
LDAP User Display Name - displayName
LDAP User OC - (objectClass=user)
LDAP Group DN - ou=somegroup
LDAP Group Atribte - sAMAccountName
LDAP Group OC - (objectClass=group)
LDAP Member Attribute - member
LDAP Member Is DN - checked
LDAP Bind DN - cn=some user,ou=somegroup,ou=users,dc=example,dc=com
LDAP Bind Pwd - secret
LDAP Scope to use when searching for users - sub
I have replaced some of these with dummy values.
I did notice that if a checkbox is unchecked then the value is set to null rather than false, and that the start_ is being stripped of start_tls.
Hope this helps someone somewhere.
Sorry for the long post.
Re: AuthenticationPluginLdap and
Posted:09 Jun 2010 (17:08 UTC)Tochinet the only documentation is in the wiki. I have ldap autentication working, but it needs some manual assistance to mirror information back into the bw database for new users created in ldap. It does need a little more work especially for the AD veariations.
AuthenticationPluginLdap
AuthenticationPluginLdap
Re: AuthenticationPluginLdap and
Posted:11 Jun 2010 (07:13 UTC)Thanks Lester,
I was stopped at the PEAR installation at the moment (proxy issues it seems). I'll first have to clear that out.
In the meantime, can you confirm the following :
- the "LDAP is broken in 2.6" remark does not apply to 2.7
- the first article in this thread, talking about a needed change in the 'validate' function has been integrated in 2.7 already.
I was stopped at the PEAR installation at the moment (proxy issues it seems). I'll first have to clear that out.
In the meantime, can you confirm the following :
- the "LDAP is broken in 2.6" remark does not apply to 2.7
- the first article in this thread, talking about a needed change in the 'validate' function has been integrated in 2.7 already.
Re: AuthenticationPluginLdap and
Posted:23 Aug 2010 (20:25 UTC)I was wondering if anybody could help me with debugging an LDAP setup on bitweaver? Is there anywhere that I can see what the local error messages returned by the LDAP authentication mechanism (I don't have access to the LDAP server).
I'm trying to authenticate against an AD server and it's bombing out someplace and I'd like to be able to see where the problem is without having to hack the authentication code if it's at all possible. I've already discovered one oddity in that bitweaver only seems to be storing the first letter of the bind password.
I'm using v2.7 & 2.8 of bitweaver and I've had little joy on either.
Thanks
Faye
I'm trying to authenticate against an AD server and it's bombing out someplace and I'd like to be able to see where the problem is without having to hack the authentication code if it's at all possible. I've already discovered one oddity in that bitweaver only seems to be storing the first letter of the bind password.
I'm using v2.7 & 2.8 of bitweaver and I've had little joy on either.
Thanks
Faye
Page 1 of 1 1