Forums / Install & configuration / Help to implement LDAP Auth

Help to implement LDAP Auth

Next topic

Author	Message
Cristian Pacheco	Wednesday 20 February 2008 5:06:05 pm Hello, I am implementing Ez Publish 4.0 at our University as Intranet and once in production as Official site, I find problems to enable authentication LDAP running on Windows Server 2003, EzPublish is running on Linux (CentOS 5.0) I tried editing these files: Settings/override/ldap.ini.append.php And Settings/ldap.ini Which file must be edited? What is the function that performs EzPublish LDAP Auth: Authenticate user against LDAP or import username/password and stored in the database and then the user uses the same password Active Directory. LDAP is running because we have other applications running on Linux and Authenticating against LDAP/ActiveDirectory This is my setting: -------------------------------------------- #?ini charset="iso-8859-1"? # eZ Publish configuration file for connection and authentication of users via LDAP # [LDAPSettings] # Set LDAP version number LDAPVersion=2 # Set to true if use LDAP server LDAPEnabled=true # LDAP host LDAPServer=172.16.0.1 # Port nr for LDAP, default is 389 LDAPPort=389 # Specifies the base DN for the directory. LDAPBaseDn=DC--delta,DC--utn # If the server does not allow anonymous bind, specify the user name for the bind here. LDAPBindUser= alumno # If the server does not allow anonymous bind, specify the password for the bind here. LDAPBindPassword= ********** # Could be sub, one, base. LDAPSearchScope=sub # Use the equla sign to replace "=" when specify LDAPBaseDn or LDAPSearchFilters LDAPEqualSign=-- # Add extra search requirment. Uncomment it if you don't need it. # Example LDAPSearchFilters[]=objectClass--inetOrgPerson LDAPSearchFilters[] # LDAP attribute for login. Normally, uid #LDAPLoginAttribute=SAMAccountName LDAPLoginAttribute=uid # Could be id or name LDAPUserGroupType=id # Default place to store LDAP users. Could be content object id or group name for LDAP user group, # depends on LDAPUserGroupType. LDAPUserGroup[]=12 # LDAP attribute type for user group. Could be name or id LDAPUserGroupAttributeType=name # LDAP attribute for user group. For example, employeetype. If specified, LDAP users # will be saved under the same group as in LDAP server. LDAPUserGroupAttribute=employeetype # LDAP attribute for First name. Normally, givenname LDAPFirstNameAttribute=givenname # LDAP attribute for Last name. Normally, sn LDAPLastNameAttribute=sn # LDAP attribute for email. Normally, mail LDAPEmailAttribute=mail # LDAP encoding is utf-8 or not Utf8Encoding=false # if 'enabled' you can move LDAP users to a different group and they will not # be automatically moved back (to the group they are configured to be placed in) # when the user logs in again. KeepGroupAssignment=disabled -------------------------------------------- There is a way to test whether this working? We must modify / Configure something else? you can send any example Thank you in advance, any help will be welcome Cristian. UTN Facultad Regional Delta Campana, Bs. As. Argentina UTN Facultad Regional Delta Campana, Bs.As.-Argentina http://www.frd.utn.edu.ar
Abdelkader RHOUATI	Thursday 21 February 2008 3:39:50 am hi, you need also , to configurate your site ez to the auth LDAP. you need edit the site.ini. example for a configuration from a project (intranet) which I have already done. [SiteSettings] SiteName=Name Project SiteURL=URL Project DefaultPage=/content/view/full/2 LoginPage=custom [UserSettings] LoginHandler[]=LDAP LoginHandler[]=standard [SiteAccessSettings] RequireUserLogin=true RelatedSiteAccessList[]=site RelatedSiteAccessList[]=site_admin tks. Abdelkader. Abdelkader RHOUATI Blog (french) : http://arhouati.com ---- Extension arh_jdebug : EzDebug using jquery
Cristian Pacheco	Thursday 21 February 2008 4:07:54 am Hello, forget to mention it, but it was this change in settings/site.ini -------------------------------- [UserSettings] LoginHandler[]=LDAP -------------------------------- It is also necessary to add this: LoginHandler[]=standard Thanks, Cristian. UTN Facultad Regional Delta Campana, Bs.As.-Argentina http://www.frd.utn.edu.ar
Philip K.	Wednesday 26 May 2010 2:55:02 am Hi there. I am also trying to set up LDAP but it still doesn't work. Here is what I did: Users I created a user with login id "eZLDAP" on our Domain-Controller (Windows SBS 2008). After that I created the same user inside of eZ Publish. Settings in override/ldap.ini.append.php [LDAPSettings] LDAPDebugTrace=enabled # Set LDAP version number LDAPVersion=3 # Set to true if use LDAP server LDAPEnabled=true # LDAP host LDAPServer=sbs2008 # Port nr for LDAP, default is 389 LDAPPort=389 # Specifies the base DN for the directory. LDAPBaseDn=DC--Office,DC--local # If the server does not allow anonymous bind, specify the user name for the bind here. LDAPBindUser=eZLDAP # If the server does not allow anonymous bind, specify the password for the bind here. LDAPBindPassword=**** # Could be sub, one, base. LDAPSearchScope=sub # Use the equla sign to replace "=" when specify LDAPBaseDn or LDAPSearchFilters LDAPEqualSign=-- # Add extra search requirment. Uncomment it if you don't need it. # Example LDAPSearchFilters[]=objectClass--inetOrgPerson LDAPSearchFilters[] # LDAP attribute for login. Normally, uid LDAPLoginAttribute=uid # Could be id or name LDAPUserGroupType=id # Default place to store LDAP users. Could be content object id or group name for LDAP user group, # depends on LDAPUserGroupType. LDAPUserGroup[]=5 # LDAP attribute type for user group. Could be name or id LDAPUserGroupAttributeType=name # LDAP attribute for user group. For example, employeetype. If specified, LDAP users # will be saved under the same group as in LDAP server. LDAPUserGroupAttribute=employeetype # LDAP attribute for First name. Normally, givenname LDAPFirstNameAttribute=givenname # LDAP attribute for Last name. Normally, sn LDAPLastNameAttribute=sn # LDAP attribute for email. Normally, mail LDAPEmailAttribute=mail # LDAP encoding is utf-8 or not Utf8Encoding=false # if 'enabled' you can move LDAP users to a different group and they will not # be automatically moved back (to the group they are configured to be placed in) # when the user logs in again. KeepGroupAssignment=disabled Settings in override/site.ini.append.php** [UserSettings] LoginHandler[]=LDAP LoginHandler[]=standard If I want to login with my own username/password I get the fopllowing debug output: Notice: eZLDAPUser::loginUser May 26 2010 11:40:35 array ( 'stage' => '1/5: Connecting and Binding to LDAP server', 'LDAPServer' => 'sbs2008', 'LDAPPort' => '389', 'LDAPBindUser' => 'eZLDAP', 'LDAPVersion' => '3', ) Error: eZLDAPUser::loginUser() May 26 2010 11:40:35 Cannot initialize connection for LDAP server Is there anything to setup on servers' side? Any ideas why I cannot connect? Would be nice to get some help. Thanks a lot! Linux is like a wigwam; no windows, now gates, and apache inside!
Philip K.	Monday 31 May 2010 6:32:07 am I found a solution! Windows-AD requires the following settings: [LDAPSettings] # Enable tracing the the ldap login, outputs extensive debug info for use during setup # NOTE: Do not keep this enabled on production setup as login name and passwords will be # logged to logfiles or outputted if DebugOutput settings are enabled. LDAPDebugTrace=enabled # Set LDAP version number LDAPVersion=3 # Set to true if use LDAP server LDAPEnabled=true # LDAP host LDAPServer=<YourHostIP> # Port nr for LDAP, default is 389 LDAPPort=389 # Specifies the base DN for the directory. LDAPBaseDn=DC--Example,DC--com # If the server does not allow anonymous bind, specify the user name for the bind here. LDAPBindUser=<someone>@example.com # If the server does not allow anonymous bind, specify the password for the bind here. LDAPBindPassword=******** # Use the equla sign to replace "=" when specify LDAPBaseDn or LDAPSearchFilters LDAPEqualSign=-- # LDAP attribute for login. Normally, uid LDAPLoginAttribute=sAMAccountName Linux is like a wigwam; no windows, now gates, and apache inside!

Timing:	Jan 18 2025 02:58:34
Script start
Timing:	Jan 18 2025 02:58:34
Module start 'content'
Timing:	Jan 18 2025 02:58:35
Module end 'content'
Timing:	Jan 18 2025 02:58:35
Script end

Total runtime	0.7454 sec
Peak memory usage	4,096.0000 KB
Database Queries	202

Checkpoint	Start (sec)	Duration (sec)	Memory at start (KB)	Memory used (KB)
Script start	0.0000	0.0067	587.8281	180.8281
Module start 'content'	0.0067	0.6089	768.6563	639.9688
Module end 'content'	0.6156	0.1297	1,408.6250	345.3828
Script end	0.7453		1,754.0078

Accumulator	Duration (sec)	Duration (%)	Count	Average (sec)
Ini load
Load cache	0.0041	0.5463	21	0.0002
Check MTime	0.0015	0.1970	21	0.0001
Mysql Total
Database connection	0.0008	0.1072	1	0.0008
Mysqli_queries	0.6457	86.6263	202	0.0032
Looping result	0.0021	0.2839	200	0.0000
Template Total	0.7167	96.2	2	0.3584
Template load	0.0021	0.2820	2	0.0011
Template processing	0.7146	95.8717	2	0.3573
Template load and register function	0.0002	0.0204	1	0.0002
states
state_id_array	0.0008	0.1071	1	0.0008
state_identifier_array	0.0009	0.1166	2	0.0004
Override
Cache load	0.0020	0.2687	115	0.0000
Sytem overhead
Fetch class attribute can translate value	0.0014	0.1868	4	0.0003
Fetch class attribute name	0.0012	0.1610	7	0.0002
XML
Image XML parsing	0.0015	0.2032	4	0.0004
class_abstraction
Instantiating content class attribute	0.0000	0.0030	8	0.0000
General
dbfile	0.0060	0.8112	33	0.0002
String conversion	0.0000	0.0008	3	0.0000
Note: percentages do not add up to 100% because some accumulators overlap

Cache	Type	Packlevel	SourceFiles
	CSS	0	extension/community/design/community/stylesheets/ext/jquery.autocomplete.css extension/community_design/design/suncana/stylesheets/scrollbars.css extension/community_design/design/suncana/stylesheets/tabs.css extension/community_design/design/suncana/stylesheets/roadmap.css extension/community_design/design/suncana/stylesheets/content.css extension/community_design/design/suncana/stylesheets/star-rating.css extension/community_design/design/suncana/stylesheets/syntax_and_custom_tags.css extension/community_design/design/suncana/stylesheets/buttons.css extension/community_design/design/suncana/stylesheets/tweetbox.css extension/community_design/design/suncana/stylesheets/jquery.fancybox-1.3.4.css extension/bcsmoothgallery/design/standard/stylesheets/magnific-popup.css extension/sevenx/design/simple/stylesheets/star_rating.css extension/sevenx/design/simple/stylesheets/libs/fontawesome/css/all.min.css extension/sevenx/design/simple/stylesheets/main.v02.css extension/sevenx/design/simple/stylesheets/main.v02.res.css
	JS	0	extension/ezjscore/design/standard/lib/yui/3.17.2/build/yui/yui-min.js extension/ezjscore/design/standard/javascript/jquery-3.7.0.min.js extension/community_design/design/suncana/javascript/jquery.ui.core.min.js extension/community_design/design/suncana/javascript/jquery.ui.widget.min.js extension/community_design/design/suncana/javascript/jquery.easing.1.3.js extension/community_design/design/suncana/javascript/jquery.ui.tabs.js extension/community_design/design/suncana/javascript/jquery.hoverIntent.min.js extension/community_design/design/suncana/javascript/jquery.popmenu.js extension/community_design/design/suncana/javascript/jScrollPane.js extension/community_design/design/suncana/javascript/jquery.mousewheel.js extension/community_design/design/suncana/javascript/jquery.cycle.all.js extension/sevenx/design/simple/javascript/jquery.scrollTo.js extension/community_design/design/suncana/javascript/jquery.cookie.js extension/community_design/design/suncana/javascript/ezstarrating_jquery.js extension/community_design/design/suncana/javascript/jquery.initboxes.js extension/community_design/design/suncana/javascript/app.js extension/community_design/design/suncana/javascript/twitterwidget.js extension/community_design/design/suncana/javascript/community.js extension/community_design/design/suncana/javascript/roadmap.js extension/community_design/design/suncana/javascript/ez.js extension/community_design/design/suncana/javascript/ezshareevents.js extension/sevenx/design/simple/javascript/main.js

Help to implement LDAP Auth

eZ debug

Main resources:

Timing points:

Time accumulators:

CSS/JS files loaded with "ezjscPacker" during request:

Templates used to render the page:

Usage	Requested template	Template	Template loaded
1	node/view/full.tpl	full/forum_topic.tpl	extension/sevenx/design/simple/override/templates/full/forum_topic.tpl
5	content/datatype/view/ezxmltext.tpl	<No override>	extension/community_design/design/suncana/templates/content/datatype/view/ezxmltext.tpl
6	content/datatype/view/ezxmltags/line.tpl	<No override>	design/standard/templates/content/datatype/view/ezxmltags/line.tpl
16	content/datatype/view/ezxmltags/paragraph.tpl	<No override>	extension/ezwebin/design/ezwebin/templates/content/datatype/view/ezxmltags/paragraph.tpl
3	content/datatype/view/ezimage.tpl	<No override>	extension/sevenx/design/simple/templates/content/datatype/view/ezimage.tpl
5	content/datatype/view/ezxmltags/literal.tpl	<No override>	extension/community/design/standard/templates/content/datatype/view/ezxmltags/literal.tpl
4	content/datatype/view/ezxmltags/strong.tpl	<No override>	design/standard/templates/content/datatype/view/ezxmltags/strong.tpl
1	pagelayout.tpl	<No override>	extension/sevenx/design/simple/templates/pagelayout.tpl
Number of times templates used: 41 Number of unique templates used: 8