Need help with LDAP integration

«

Previous topic

|

|

Next topic

»

Author	Message
Jason Senich	Monday 29 November 2004 8:40:18 am I've looked through every forum posting and still can't seem to figure out why I cant get LDAP authentication working. I suspect that either the way I'm structuring my directory in LDAP or my users/groups in eZ publish are incorrect or both. Can somebody post an example of how the data needs to be structured on both sides to get this to work and a sample of a working ldap.ini for this structure? If not, can somebody point me in the right direction to find this information?
Jonny Bergkvist	Monday 29 November 2004 10:39:25 pm First make sure you have the ldap-functions available in php. Then edit your ini-files: settings/override/site.ini.append.php: [UserSettings] LoginHandler[]=LDAP settings/override/ldap.ini.append.php: [LDAPSettings] # Set to true if use LDAP server LDAPEnabled=true # LDAP host # This example uses stunnel from localhost to ldap-server. LDAPServer=ldapserverhostname # Port nr for LDAP, default is 389 # 636 is ldaps (ldap over SSL/TLS) LDAPPort=389 # Specifies the base DN for the directory. # Ex: dc=example,dc=com LDAPBaseDn=<your base DN> # LDAP attribute for login. Normally, uid LDAPLoginAttribute=uid # Could be id or name LDAPUserGroupType=id # Default place to store LDAP users. Could be content object id or group name for LDAP user group, depends on LDAPUserGroupType. LDAPUserGroup=<your content object id where you store ldap-users in eZ> # LDAP attribute type for user group. Could be name or id. Optional # Having different user-type (ie. Employees and students? Then you could put them into different user-groups in eZ to assign different roles/rights. LDAPUserGroupAttributeType= # LDAP attribute for user group. For example, employeetype. If specified, LDAP users will be saved under the same group as in LDAP server. Depends on LDAPUserGroupAttributeType. LDAPUserGroupAttribute= Start doing a test with ie. ldapsearch on your ez-server to check that it has access to getting information from the ldap-server. The structure of objects in the ldap-server is not important. eZ-ldap-handler can do a sub-tree search on your ldap-server starting at the base-dn. There is also some issues with the ldap-ssl functionality. Try non-ssl first is my tip (port 389).
Jason Senich	Tuesday 30 November 2004 11:05:11 am Okay, I have it working now but I still think there is something that I am doing wrong. In order for me to log in using LDAP authentication I had to enter the id as the username rather than the username and once I did this and logged in, a duplicate user was created in eZ Publish based on the information that was stored in LDAP. Is this what is supposed to happen? If not, what am I doing wrong? If it is supposed to work like this, how can I change it to log in with the username rather than the id?
Jonny Bergkvist	Wednesday 01 December 2004 3:47:43 am Yes, it is supposed to create a local eZ-users for several reasons: -content is stamped with the user that created/edited it. -have the possibility to manage user-groups within eZ if you don't have that information in ldap-directory. There is also a cron-job that sync's the local eZ-users against ldap-directory (ldapusermanage.php). If a user is deleted from ldap, then this script will disable the eZ-user (but not delete it). For the login-name try changing LDAPLoginAttribute to the attribute you use in your ldap-directory that store the usernames. (Ex: In Novell it would often be the CN attribute).

Powered by eZ Publish™ CMS Open Source Web Content Management. Copyright © 1999-2014 eZ Systems AS (except where otherwise noted). All rights reserved.

eZ debug

Timing:	Jan 31 2025 06:17:26
Script start
Timing:	Jan 31 2025 06:17:26
Module start 'layout'
Timing:	Jan 31 2025 06:17:26
Module start 'content'
Timing:	Jan 31 2025 06:17:26
Module end 'content'
Timing:	Jan 31 2025 06:17:26
Script end

Main resources:

Total runtime	0.0148 sec
Peak memory usage	2,048.0000 KB
Database Queries	3

Timing points:

Checkpoint	Start (sec)	Duration (sec)	Memory at start (KB)	Memory used (KB)
Script start	0.0000	0.0050	588.1328	151.2109
Module start 'layout'	0.0050	0.0023	739.3438	36.6641
Module start 'content'	0.0073	0.0057	776.0078	94.1406
Module end 'content'	0.0130	0.0018	870.1484	33.9922
Script end	0.0148		904.1406

Time accumulators:

Accumulator	Duration (sec)	Duration (%)	Count	Average (sec)
Ini load
Load cache	0.0024	16.0388	14	0.0002
Check MTime	0.0010	6.9566	14	0.0001
Mysql Total
Database connection	0.0007	4.8921	1	0.0007
Mysqli_queries	0.0022	15.1150	3	0.0007
Looping result	0.0000	0.0803	1	0.0000
Template Total	0.0012	8.3	1	0.0012
Template load	0.0010	6.4071	1	0.0010
Template processing	0.0003	1.8733	1	0.0003
Override
Cache load	0.0006	4.3732	1	0.0006
General
dbfile	0.0011	7.0819	8	0.0001
String conversion	0.0000	0.0482	4	0.0000
Note: percentages do not add up to 100% because some accumulators overlap

Templates used to render the page:

Usage	Requested template	Template	Template loaded	Edit	Override
1	print_pagelayout.tpl	<No override>	extension/community/design/community/templates/print_pagelayout.tpl
Number of times templates used: 1 Number of unique templates used: 1

Time used to render debug report: 0.0001 secs