|
Leandro Alves
|
Wednesday 19 May 2004 4:47:33 am
Hello! I am trying to integrate my eZ Publish with my LDAP Server but it isnt working.. :-( I read too many documents in the forum, in the eZ Home, in the google search, but I didnt have a "clear" answer. Please, can somebody teach me to solve this "newbie-tipical" problem ? I already sent this question, but noboby answer me... ;( My system:
Red Hat Linux 9
Apache/1.3.27
PHP/4.3.2
Mysql/4.0.13
eZ Publish/3.4.0beta1
LDAP Server: Active Directory on Windows 2003
Company Domain: ceb.unicamp.br
LDAP Server name: real.ceb.unicamp.br LDAP support in PHP is enable, I compiled with "--with-ldap" configuration option...
I followed all steps on "Using LDAP server"
http://www.ez.no/ez_publish/documentation/configuration/configuration/login_handler/using_ldap_server document to configure my ldap.ini file, but I know that I did some mistake... :( I created a <ez dir>/settings/override/site.ini.append.php with:
[UserSettings]
#LoginHandler[]=standard
<b>LoginHandler[]=LDAP</b> And I created a <ez dir>/settings/override/ldap.ini.append.php file with following content.. <?php /* #?ini charset="iso-8859-1"?
[LDAPSettings]
# Set to true if use LDAP server
LDAPEnabled=true
# LDAP host
<b>LDAPServer=real.ceb.unicamp.br</b>
# Port nr for LDAP, default is 389
LDAPPort=389
# Specifies the base DN for the directory.
<b>LDAPBaseDn=ou--users,o--ceb,o--unicamp,o--br</b>
# Could be sub, one, base.
LDAPSearchScope=sub
# Use the equla sign to replace "=" when specify LDAPBaseDn or LDAPSearchFilters
LDAPEqualSign=--
# Add extra search requirment. Uncomment it if you don't need it.
# Example LDAPSearchFilters[]=objectClass--inetOrgPerson
LDAPSearchFilters[]
# LDAP attribute for login. Normally, uid
LDAPLoginAttribute=uid
# Could be id or name
LDAPUserGroupType=id
# Default place to store LDAP users. Could be content object id or group name for LDAP user group,
# depends on LDAPUserGroupType.
<b>LDAPUserGroup=12</b>
# LDAP attribute type for user group. Could be name or id
LDAPUserGroupAttributeType=name
# LDAP attribute for user group. For example, employeetype. If specified, LDAP users
# will be saved under the same group as in LDAP server.
<b>LDAPUserGroupAttribute=employeetype # I dont know what I put here!</b>
# LDAP attribute for First name. Normally, givenname
LDAPFirstNameAttribute=givenname
# LDAP attribute for Last name. Normally, sn
LDAPLastNameAttribute=sn
# LDAP attribute for email. Normally, mail
LDAPEmailAttribute=mail
# LDAP encoding is utf-8 or not
# Utf8Encoding=false
*/ ?> I dont know if my ldap.ini.append.php file is right!!! (Please help with it) After I did these modifications I opened my site on web browser and tried to login in it with a username and password of my LDAP Server... But it didnt work, I couldnt to access my site and appeared the message:
Could not login
A valid username and password is required to login <b>I did nothing after to modify the both ldap.ini.append.php and site.ini.append.php file...</b>
I need to modify anything in my eZ Publish?
I need to create anything??? PLEASE, What Can I do to my eZ Publish works with my LDAP Server???? I tried to use the eZ Publish 3.3-5, but it didnt work too. I saw all message in http://ez.no/content/search?SearchText=LDAP but I didnt find the answer... I have a squid proxy in my Linux authenticating in this LDAP Server and it is working fine!
Thanks a lot!
Leandro
|
|
Kenneth Colwell
|
Thursday 20 May 2004 4:25:50 am
Hi, I couldn't get ldap to work by using an ldap.ini.append.php file. I had to edit the main ldap.ini file in settings:
#?ini charset="iso-8859-1"?
# eZ publish configuration file for connection to LDAP server
#
[LDAPSettings]
# Set to true if use LDAP server
LDAPEnabled=true
# LDAP host
LDAPServer=--our server ip address --
# Port nr for LDAP, default is 389
LDAPPort=389
# Specifies the base DN for the directory
LDAPBaseDn=ou--staff,dc--campus,dc--muc,dc--prv
# Could be sub, one, base.
LDAPSearchScope=sub
# Use the equla sign to replace "=" when specify LDAPBaseDn or LDAPSearchFilters
LDAPEqualSign=--
# Add extra search requirment. Uncomment it if you don't need it.
# Example LDAPSearchFilters[]=objectClass--inetOrgPerson
LDAPSearchFilters[]
# LDAP attribute for login. Normally, uid
LDAPLoginAttribute=cn
# Could be id or name
LDAPUserGroupType=ldap_group
# Default place to store LDAP users. Could be content object id or group name for LDAP user group,
# depends on LDAPUserGroupType.
LDAPUserGroup=ldap_group
# LDAP attribute type for user group. Could be name or id
LDAPUserGroupAttributeType=ldap_group
# LDAP attribute for user group. For example, employeetype. If specified, LDAP users
# will be saved under the same group as in LDAP server.
LDAPUserGroupAttribute=employeetype
# LDAP attribute for First name. Normally, givenname
LDAPFirstNameAttribute=givenname
# LDAP attribute for Last name. Normally, sn
LDAPLastNameAttribute=sn
# LDAP attribute for email. Normally, mail
LDAPEmailAttribute=mail
# extra info from older ldap project page on ez.no
# Username for authentication against LDAP
# LDAPUserUsername=username
# Password for the authentication against LDAP
# LDAPLoginPassword=password Then I had to add sections of code to kernel/classes/datatypes/ezuser/ezldapuser.php to get it to work with the particular setup of our ldap server. For example at about line 210 I added the following:
if ( $ds )
{
//ken edit 2 lines
$login2= $login. "@campus.muc.prv";
$r = ldap_bind( $ds, $login2, $password ); Which appends @campus.muc.prv to the login which for some reason is the way that exchange seems to want logins to be formatted. At around 249 I added the following because we have different "ou="s in our exchange setup and you seem to need to declare the correct ou= for ldap_search to find the person.
//ken edit
$sr = ldap_search( $ds, "ou=staff,dc=campus,dc=muc,dc=prv", "cn=$login" ) ;
$info = ldap_get_entries( $ds, $sr ) ;
if ($info["count"] == 0)
{
// Staff Failed Trying Student
$sr = ldap_search( $ds, "ou=students,dc=campus,dc=muc,dc=prv", "cn=$login" ) ;
$info = ldap_get_entries( $ds, $sr ) ;
}
if ($info["count"] == 0)
{
// Staff and Student Failed Trying Faculty
$faculty_ou = array("fl", "ROTC", "SO", "TH", "ar", "BA", "bi", "CH", "CO", "CSIS", "ed", "FL", "eh", "gy",
"HI", "MU", "ma", "pe", "ph", "ps", "py", "re", );
for ($i = 0; $i <= count($faculty_ou); $i++)
{
$sr = ldap_search( $ds, "ou=$faculty_ou[$i],ou=faculty,dc=campus,dc=muc,dc=prv", "cn=$login" ) ;
$info = ldap_get_entries( $ds, $sr ) ;
// Was Faculty Successful if so stop the loop.
if ($info["count"] != 0)
{
break;
}
}
}
// end ken edit I hope this helps or at least doesn't make it even more confusing.
Thanks,
Ken Colwell
|
|
Leandro Alves
|
Friday 21 May 2004 8:27:25 am
Hi!!! First of all tanks a lot for your help Ken Colwell... I made all changes that you said, but I could not access with LDAP user yet... When I try to access the message <b>A valid username and password is required to login</b> still appear... :( In eZ debug show this:
Timing: May 21 2004 12:08:02
Script start
Timing: May 21 2004 12:08:02
Module start 'user'
Error: eZINI May 21 2004 12:08:02
<b>Undefined group: 'LDAPSettings'</b>
Error: eZINI May 21 2004 12:08:02
<b>Undefined group: 'LDAPSettings'</b>
Warning: ezi18n May 21 2004 12:08:02
No translation for file(translation.ts) in context(design/standard/user): 'You need to log in to get access to the intranet.' with comment()
Timing: May 21 2004 12:08:02
Module end 'user'
Warning: ezi18n May 21 2004 12:08:02
No translation for file(translation.ts) in context(kernel/classes/datatypes): 'Ini
Setting' with comment(Datatype name)
Warning: ezi18n May 21 2004 12:08:02 No translation for file(translation.ts) in context(design/shop/layout): 'login' with comment()
Timing: May 21 2004 12:08:02
End
#?ini charset="iso-8859-1"?
# eZ publish configuration file for connection to LDAP server
# My settings/ldap.ini file is:
LDAPSettings]
# Set to true if use LDAP server
LDAPEnabled=true
# LDAP host
<b>LDAPServer=<my server IP></b>
# Port nr for LDAP, default is 389
LDAPPort=389
# Specifies the base DN for the directory
<b>LDAPBaseDn=ou--users,dc--ceb,dc--unicamp,dc--br</b>
# Could be sub, one, base.
LDAPSearchScope=sub
# Use the equla sign to replace "=" when specify LDAPBaseDn or LDAPSearchFilters
LDAPEqualSign=--
# Add extra search requirment. Uncomment it if you don't need it.
# Example LDAPSearchFilters[]=objectClass--inetOrgPerson
LDAPSearchFilters[]
# LDAP attribute for login. Normally, uid
<b>LDAPLoginAttribute=cn</b>
# Could be id or name
<b>LDAPUserGroupType=ldap_group</b>
# Default place to store LDAP users. Could be content object id or group name for LDAP user group,
# depends on LDAPUserGroupType.
<b>LDAPUserGroup=ldap_group</b>
# LDAP attribute type for user group. Could be name or id
<b>LDAPUserGroupAttributeType=ldap_group</b>
# LDAP attribute for user group. For example, employeetype. If specified, LDAP users
# will be saved under the same group as in LDAP server.
<b>LDAPUserGroupAttribute=employeetype</b>
# LDAP attribute for First name. Normally, givenname
LDAPFirstNameAttribute=givenname
# LDAP attribute for Last name. Normally, sn
LDAPLastNameAttribute=sn
# LDAP attribute for email. Normally, mail
LDAPEmailAttribute=mail
# extra info from older ldap project page on ez.no
# Username for authentication against LDAP
# LDAPUserUsername=username
# Password for the authentication against LDAP
# LDAPLoginPassword=password
What Can I do now?!!
Is there anything to do? I am trying this in eZ 3.3-5... I tried in eZ 3.4.0 too, but a lot of error appeared... :(
Thanks a lot!!
Leandro
|
