AD group mapping in EzPublish

Next topic

Author	Message
nicholas king	Thursday 29 July 2010 2:24:21 am Hello, I am currently really struggling to get AD and Ezpublish group mappings to work. At the moment a user enters their details into the login boxes, ezpublish delves into AD finds the user and creates and adds them to the members group in Ezpublish. I have trawled the documentation and forums and tried all the things suggested and still i cannot stop users from going into the members group. Currently i can confirm that:- The Active directory Ezpublish connection is currently working. Ezpublish puts all AD users who log in into the members directory. my settings inside ldap.ini.append.php are as follows:- #?ini charset="iso-8859-1"? # eZ Publish configuration file for connection and authentication of users via LDAP # [LDAPSettings] LDAPDebugTrace=enabled # Enable tracing the the ldap login, outputs extensive debug info for use during setup # NOTE: Do not keep this enabled on production setup as login name and passwords will be # logged to logfiles or outputted if DebugOutput settings are enabled. LDAPDebugTrace=enabled # Set LDAP version number LDAPVersion=3 # Determines whether the LDAP library automatically follows referrals returned by LDAP servers or not. # set to 1 to enable LDAPFollowReferrals=0 # Set to true if use LDAP server LDAPEnabled=true # LDAP host LDAPServer=gcwwdc01.example.co.uk # Port nr for LDAP, default is 389 LDAPPort=389 # Specifies the base DN for the directory. LDAPBaseDn=DC--example,DC--co,DC--uk # If the server does not allow anonymous bind, specify the user name for the bind here. LDAPBindUser=<intranetuser> # If the server does not allow anonymous bind, specify the password for the bind here. LDAPBindPassword=<intranetpassword> # Could be sub, one, base. LDAPSearchScope=sub # Use the equla sign to replace "=" when specify LDAPBaseDn or LDAPSearchFilters LDAPEqualSign=-- # Add extra search requirment. Uncomment it if you don't need it. # Example LDAPSearchFilters[]=objectClass--inetOrgPerson LDAPSearchFilters[]=objectCategory--person # LDAP attribute for login. Normally, uid LDAPLoginAttribute=sAMAccountName LDAPDebugTrace=enabled LDAPUserGroupType=name LDAPUserGroupAttribute=intranetAdmin LDAPGroupBaseDN = DC--example, DC--co, DC--uk LDAPGroupMappingType=SimpleMapping LDAPGroupClass=group LDAPUserGroupAttribute=cn LDAPUserGroupMap[] LDAPUserGroupMap[intranetAdmin]=intranetAdmin Any help suggestions would be really appreciated many thanks Nicholas
Robin Muilwijk	Friday 27 August 2010 1:14:27 pm Hi Nicholas, Do you have this working already? I'm no expert on this, but can you check http://ez.no/doc/ez_publish/technical_manual/4_x/reference/configuration_files/ldap_ini/ldapsettings/ldapusergrouptype You use LDAPUserGroupType=name, and the link/doc page says you then need to set LDAPUsergroup, where instead you set the LDAPUserGroupAttribute ? This is the only inconsistency I've been able to find, as LDAP n00b ;) Regards Robin Board member, eZ Publish Community Project Board - Member of the share.ez.no team - Key values: Openness and Innovation. LinkedIn: http://nl.linkedin.com/in/robinmuilwijk // Twitter: http://twitter.com/i_robin // Skype: robin.muilwijk
Nicolas Pastorino	Monday 30 August 2010 12:24:14 am Hi Nicholas, You can also have a look here : http://share.ez.no/forums/install-configuration/ldap-user-groups-activedirectory-ez-publish Cheers ! -- Nicolas Pastorino Director Community - eZ Member of the Community Project Board eZ Publish Community on twitter: http://twitter.com/ezcommunity t : http://twitter.com/jeanvoye G+ : http://plus.tl/jeanvoye

Author

Message

Thursday 29 July 2010 2:24:21 am

Hello,
I am currently really struggling to get AD and Ezpublish group mappings to work. At the moment a user enters their details into the login boxes, ezpublish delves into AD finds the user and creates and adds them to the members group in Ezpublish.

I have trawled the documentation and forums and tried all the things suggested and still i cannot stop users from going into the members group.

Currently i can confirm that:-

*The Active directory Ezpublish connection is currently working.
*Ezpublish puts all AD users who log in into the members directory.

my settings inside ldap.ini.append.php are as follows:-

#?ini charset="iso-8859-1"?
# eZ Publish configuration file for connection and authentication of users via LDAP
#
[LDAPSettings]
LDAPDebugTrace=enabled
# Enable tracing the the ldap login, outputs extensive debug info for use during setup
# NOTE: Do not keep this enabled on production setup as login name and passwords will be
# logged to logfiles or outputted if DebugOutput settings are enabled.
LDAPDebugTrace=enabled
# Set LDAP version number
LDAPVersion=3
# Determines whether the LDAP library automatically follows referrals returned by LDAP servers or not.
# set to 1 to enable
LDAPFollowReferrals=0
# Set to true if use LDAP server
LDAPEnabled=true
# LDAP host
LDAPServer=gcwwdc01.example.co.uk
# Port nr for LDAP, default is 389
LDAPPort=389
# Specifies the base DN for the directory.
LDAPBaseDn=DC--example,DC--co,DC--uk
# If the server does not allow anonymous bind, specify the user name for the bind here.
LDAPBindUser=<intranetuser>
# If the server does not allow anonymous bind, specify the password for the bind here.
LDAPBindPassword=<intranetpassword>
# Could be sub, one, base.
LDAPSearchScope=sub
# Use the equla sign to replace "=" when specify LDAPBaseDn or LDAPSearchFilters
LDAPEqualSign=--
# Add extra search requirment. Uncomment it if you don't need it.
# Example LDAPSearchFilters[]=objectClass--inetOrgPerson
LDAPSearchFilters[]=objectCategory--person
# LDAP attribute for login. Normally, uid
LDAPLoginAttribute=sAMAccountName
LDAPDebugTrace=enabled
LDAPUserGroupType=name
LDAPUserGroupAttribute=intranetAdmin
LDAPGroupBaseDN = DC--example, DC--co, DC--uk
LDAPGroupMappingType=SimpleMapping
LDAPGroupClass=group
LDAPUserGroupAttribute=cn
LDAPUserGroupMap[]
LDAPUserGroupMap[intranetAdmin]=intranetAdmin

Any help suggestions would be really appreciated

many thanks

Nicholas

Robin Muilwijk

Friday 27 August 2010 1:14:27 pm

Hi Nicholas,

Do you have this working already? I'm no expert on this, but can you check http://ez.no/doc/ez_publish/technical_manual/4_x/reference/configuration_files/ldap_ini/ldapsettings/ldapusergrouptype

You use LDAPUserGroupType=name, and the link/doc page says you then need to set LDAPUsergroup, where instead you set the LDAPUserGroupAttribute ?

This is the only inconsistency I've been able to find, as LDAP n00b ;)

Regards Robin

Board member, eZ Publish Community Project Board - Member of the share.ez.no team - Key values: Openness and Innovation.

LinkedIn: http://nl.linkedin.com/in/robinmuilwijk // Twitter: http://twitter.com/i_robin // Skype: robin.muilwijk

Nicolas Pastorino

Monday 30 August 2010 12:24:14 am

Hi Nicholas,

You can also have a look here :
http://share.ez.no/forums/install-configuration/ldap-user-groups-activedirectory-ez-publish

Cheers !

--
Nicolas Pastorino
Director Community - eZ
Member of the Community Project Board

eZ Publish Community on twitter: http://twitter.com/ezcommunity

t : http://twitter.com/jeanvoye
G+ : http://plus.tl/jeanvoye

eZ debug

Timing:	Jan 29 2025 23:47:08
Script start
Timing:	Jan 29 2025 23:47:08
Module start 'layout'
Timing:	Jan 29 2025 23:47:08
Module start 'content'
Timing:	Jan 29 2025 23:47:08
Module end 'content'
Timing:	Jan 29 2025 23:47:08
Script end

Main resources:

Total runtime	0.0131 sec
Peak memory usage	2,048.0000 KB
Database Queries	3

Timing points:

Checkpoint	Start (sec)	Duration (sec)	Memory at start (KB)	Memory used (KB)
Script start	0.0000	0.0042	588.1328	151.2109
Module start 'layout'	0.0042	0.0021	739.3438	36.6484
Module start 'content'	0.0064	0.0054	775.9922	94.2344
Module end 'content'	0.0117	0.0013	870.2266	33.9922
Script end	0.0130		904.2188

Time accumulators:

Accumulator	Duration (sec)	Duration (%)	Count	Average (sec)
Ini load
Load cache	0.0023	17.3950	14	0.0002
Check MTime	0.0010	7.8772	14	0.0001
Mysql Total
Database connection	0.0006	4.5141	1	0.0006
Mysqli_queries	0.0019	14.8557	3	0.0006
Looping result	0.0000	0.1005	1	0.0000
Template Total	0.0010	7.8	1	0.0010
Template load	0.0008	6.4359	1	0.0008
Template processing	0.0002	1.2952	1	0.0002
Override
Cache load	0.0006	4.4903	1	0.0006
General
dbfile	0.0014	10.9262	8	0.0002
String conversion	0.0000	0.0438	4	0.0000
Note: percentages do not add up to 100% because some accumulators overlap

Templates used to render the page:

Usage	Requested template	Template	Template loaded	Edit	Override
1	print_pagelayout.tpl	<No override>	extension/community/design/community/templates/print_pagelayout.tpl
Number of times templates used: 1 Number of unique templates used: 1

Time used to render debug report: 0.0001 secs