Read the blogs!
Started by psa, July 02, 2008, 05:53:13 AM
Quote from: evil1dwk on July 30, 2008, 08:57:11 PMI'm new to smf and the mods in particular. I just set up a site for a client. They had an existing AD they wanted all their users to access a forum with health benefits information, a company hand book and other general information. They also added a forum for general queries to HR and other departments. SMF is great and I love the ldap authentication.
Quotesmf 1.1.5 on rpath linux VMAD is windows 2003 enterprise SP2 plus exchange 2003 SP2 server and primary DNS server (I did not set this up).
QuoteI installed the mod which went fine using the interface. I haven't tried manually yet. The default theme is the only theme with the ldap auth tab in features and options. Like I said I'm new to smf and mods so it might be normal or I might have screwed myself somehow. Not a big deal I leave the admin at the default and changed the overall forum default to the theme requested by the client.
QuoteA few feature requests;the ability to register AD groups rather than just users.
Quoteno registration required for ldap users. I can't login as an AD user unless the user is registered. I wouldn't mind this if I could register groups.
Quotebug (I noticed)I can't seem to log a user in unless the password is stored in the local database. I'm told the password is incorrect.
QuoteAwesome mod though. Big help in this case saved me from having to hear complaints about people forgetting how to log in to the forum.
Quote from: evil1dwk on August 05, 2008, 01:21:47 PMI'm posting two screen shots of the features and options page. One with the default theme the other using IG-OH for 1.1.5. It is not the only theme does not include the LDAP auth menu item. All themes were installed pre-mod.
QuoteI would like to register AD groups as local users and possibly groups. I want to take all domain admins and make them SMF admins. I don't really need group integration more group registration. Possibly allow future registration based on someone being added to a group in AD without changes in SMF. I only need this because I can't seem to log a user in until they are registered.
QuoteIf I disable Store LDAP passwords in the database I always receive Password incorrect. As soon as I re-enable store LDAP passwords it works fine. Not really a big deal as this instance is only accessible internally. I also noticed that the passwords are stored encrypted so again not deal breaker. Although I'm wondering how this will work come password change time. I do have Update User information from Ldap on every login enabled though but I noticed the note says name, location, email, etc.
QuoteI don't always have access to this server so I can't get the error logs. I'm building a local DC and rpath SMF on vmware locally to see if I can recreate the problems and get you the log files.
Quote from: psa on July 09, 2008, 06:21:49 PM0.6 changed a few things in the way the mod works so that passwords no longer have to be stored in the database (but can optionally be). I hope you don't have too much trouble getting your LDAP server back online. I've run a number of OpenLDAP servers in the past, but don't have any in production at the moment.
Quote from: psa on August 06, 2008, 12:42:28 PMMost of those errors are from not having the Ldap Auth strings in the languages/Modifications.english.php of the theme, as you said, but they are errors which will entirely prevent the ldap mod from working, since it bails when it encounters a string error.I assume your working configuration has the first four or so fields filled out (including the enable setting checked) unlike the one you posted. I'll try to replicate your other settings with your theme and see where that gets me in trying to reproduce the error.
Quote from: obat on August 26, 2008, 07:45:31 AMI've just installed and tested the mod on my smf-1.1.5. First error which I've seen was:"Fatal error: Call to undefined function isReservedName() in /var/www/phobos.romance.iki.rssi.ru/htdocs/forum/Sources/LdapAuth.php on line 29"I fixed this by modifying LdapAuth.php:I changed< global $db_prefix, $user_info, $modSettings, $func, $txt;to> global $db_prefix, $user_info, $modSettings, $func, $txt, $sourcedir;> require_once($sourcedir . '/Subs-Members.php');
QuoteNext change in the code was made because I'm using OpenLDAP server, not MSADI changed< if ($bd = ldap_bind($lds, $modSettings['ldapauth_userprefix'] . $username . $modSettings['ldapauth_usersuffix'], $thepasswrd))to> if ($bd = ldap_bind($lds, "uid=" . $username . "," . $modSettings['ldapauth_usersuffix'], $thepasswrd))'], $thepasswrd))and in ldapauth_usersuffix I put "ou=organization,dc=...,dc=..."
QuoteNow it's work. FYI, smf is running on Centos box with openldap 2.3.27Thanks for great work!
Quote from: psa on August 26, 2008, 07:38:15 PMQuoteNext change in the code was made because I'm using OpenLDAP server, not MSADI changed< if ($bd = ldap_bind($lds, $modSettings['ldapauth_userprefix'] . $username . $modSettings['ldapauth_usersuffix'], $thepasswrd))to> if ($bd = ldap_bind($lds, "uid=" . $username . "," . $modSettings['ldapauth_usersuffix'], $thepasswrd))'], $thepasswrd))and in ldapauth_usersuffix I put "ou=organization,dc=...,dc=..."Is this different than leaving the code as is and setting the prefix to "uid=" and the suffix to ",ou=organization,dc=...,dc=..."? (Your code doesn't parse--I think you got an extra "$thepasswrd))'], " in there somehow when pasting the code.)The idea was that with the prefix and suffix settings these could be adjusted for use with other LDAP servers without requiring code changes.
$txt['mods_cat_ldapauth'] = 'Ldap Auth';$txt['ldapauth_Title'] = 'Ldap Authentication Mod Options';$txt['ldapauth_enable'] = 'Enable Ldap Authentication';$txt['ldapauth_serverurl'] = 'URL for ldap server<div class="smalltext">(eg ldap://yourldapserver.tld)</div>'$txt['ldapauth_usersuffix'] = 'Text to append to login for binding to ldap server<div class="smalltext">(eg for MSAD: @yourdomain.forest.tld)</div>';$txt['ldapauth_userprefix'] = 'Text to prepend to login for binding to ldap server';$txt['ldapauth_searchdn'] = 'Ldap search dn for your users<div class="smalltext">(eg OU=Your Users,DC=yourdomain,DC=yourtld)</div>';$txt['ldapauth_searchkey'] = 'Ldap search key for locating user<div class="smalltext">(often cn, but for MSAD, sAMAccountName)</div>';$txt['ldapauth_fullnameattr'] = 'Ldap Attribute from which to extract the real name<div class="smalltext">(cn for MSAD, name or fullname for others)</div>';$txt['ldapauth_emailuselogin'] = 'Use login username to construct email address';$txt['ldapauth_emailsuffix'] = ' Suffix to add to login for email address<div class="smalltext">(eg @domain.tld, above must be checked)</div>';$txt['ldapauth_emailattr'] = 'Ldap Attribute from which to extract email address<div class="smalltext">(if above is not checked)</div>';$txt['ldapauth_locationuseou'] = 'Use the top level ldap OU to extract the users location';$txt['ldapauth_locationattr'] = 'Ldap Attribute from which to extract location<div class="smalltext">(if above is not checked)</div>';$txt['ldapauth_updateonlogin'] = 'Update User information from Ldap on every login<div class="smalltext">(e.g. Name, Location, Email)</div>';$txt['ldapauth_passwdindb'] = 'Store LDAP passwords in the database';$txt['ldapauth_regresnames'] = 'Allow reserved login names to be autoregistered by Ldap Auth<div class="smalltext">May be a security risk with some ldap directories</div>';$txt['ldapauth_authresnames'] = 'Allow reserved login names to be authenticated by Ldap Auth<div class="smalltext">Useful to disable to enforce local accounts for e.g. admin</div>';$txt['ldapauth_bindusername'] = 'Username to use for binding to Ldap directory to query for new user registrations';$txt['ldapauth_bindpassword'] = 'Password to use for binding to Ldap directory';$txt['ldapregister_title'] = 'Register Ldap Member';$txt['ldapregister_description'] = 'Here you can register members from your LDAP directory who haven\'t logged into SMF yet. This is especially useful if you need to grant group membership or edit their profile prior to their first use of the board.';
Quote from: emacias on September 30, 2008, 06:21:53 PMHi SPA: i did some changes but ldap not working, I'm using a OpenLDAP server. At the begining of configuration i can register users but only fill address mail, when i checked table smf_members smf save a password but i don't know which
Quotewhen the user start autentication showed error, checked logs and show this error: smf: ldap_bind() [<a href='function.ldap-bind'>function.ldap-bind</a>]: Unable to bind to server: Invalid DN syntax
QuoteNext: i puted disable not storage password into database and other option but when start autentication, smf show blank page. Now I need to know where is the configuration save? I think is in a table but i don't know.
Quote from: emacias on September 30, 2008, 06:57:34 PMHi again SPA:I need start session with ldap authentication because in this moment, i can't start session and show blank page. Where i disable option "LDAP AUTH ENABLE", these options ldap_auth are in a file or a table from a database?I really appreciate your help
Quote from: emacias on September 30, 2008, 07:49:30 PMHello SPA: i haven't modifications in languages file yet. I just need deactive option "LDAP AUTH ENABLE" manually because i can't start session with any user.
QuoteFor otherside: dn ldap that i use is right because i probe with other applications like horde, joomla, etc.my dn is ou=People,dc=usb,dc=ve and my server is ldap.usb.veIn fact if you run ldapsearch command in linux you can get queries ldap usb.vee.g: ldapsearch -x -h ldap.usb.ve -b 'ou=People,dc=usb,dc=ve'