LDAP user authentication?
You may remember me as the guy who's setting up YACS for his university. So far, it's awesome, and we're impressed with all the functionality.
So now we would like to use our university's LDAP system to authenticate users. The page entitled Why should you suggest your boss switch to YACS? talks about YACS's LDAP support.
However, I couldn't find any documentation on it. I might be going blind or crazy, heh.
Can anyone point me in the right direction?
Thanks!
| GnapZ from Caribbean 2970 posts |
Hello, I'm sorry, i don't know very well about LDAP login. This function is not ready but maybe Bernard can tell you what to do for this. |
| TheAlchemist 19 posts |
GnapZ: Thanks for the quick reply! I can help write the code if necessary. My PHP skills are pretty new, but with guidance I could do anything. Thanks! |
| GnapZ from Caribbean 2970 posts |
TheAlchemist : Fine, so take a look at the file users/login.php to adapt a LDAP authentification. Thanks. |
Bernard from nearby-an-airport Associate, 6805 posts |
YACS version 7.3 adds LDAP authentication. The code is ready, yet not tested against a real server. Would you like to check it please? |
| TheAlchemist 19 posts |
Bernard: Hi there again! Glad to hear LDAP authentication made it! I'll give a test within the next few days and see whether it works with my university's LDAP server and I'll post back. =) Thanks! |
| TheAlchemist 19 posts |
TheAlchemist: Success! The YACS installation for my university now successfully authenticates against the university's LDAP server. Thanks, Bernard! Next step: SSO? |
| Bernard from nearby-an-airport Associate, 6805 posts |
TheAlchemist: Thank you for the positive feed-back. Would you mind to document what you've done in a simple web page, maybe in the section for Guide d'installation et de mise à jour please? Of course we will move to SSO! After your homework, do not hesitate to suggest adequate technical standard for this, by creating another web page at the special space: Post your requirements here See you... |
Vincent from on-a-few-hops-from-you 20 posts |
Hi All, I am (also) trying to set up LDAP authentication with YACS, sofar no luck. My LDAP server allows for anonymous bind and when i read yacs/users/authenticators/ldap.php i think it suggests that leaving uname and passwd parameters out results in anonymous bind. in http://test.azu.nl/yacs/users/configure.php I write in the Authentication management -> Screening -> Use the authenticator : ldap test.azu.nl "dc=ribs,dc=azu,dc=nl" This results in "Impossible to bind to LDAP server test.azu.nl." when i try to log in with a valid name. A simple php script does the anonymous without trouble and returns what the LDAP contents. Can someone point out what goes wrong plz? |
| Alf83 24 posts |
Vincent : Maybe is it a LDAP V2 protocol issue ? In this case, try adding the following code between at line Nr 120 (after ldap_connect() & before ldap_bind())in the file called users/authenticators/ldap.php: |
| Vincent from on-a-few-hops-from-you 20 posts |
Alf83: Thanks Alf, you got me going into the right direction. It stopped complaining about can't bind. However, when i start 'slapd -d 256' to see what acutally hits the ldap server, it seems that:
I expected from the code that the cn was searched for and returned, but this is not the case. I'll dig some more ... |
| Alf83 24 posts |
Vincent: The latest patch may help you :  You can now authenticate the user by binding to the LDAP server under a deduced login name (instead of doing a search in the LDAP tree) LDAP v3 is now the default A bug has been solved which allowed any user to enter the site if anonymous binding was activated. Isn't it related to your second point ?
|
| Vincent from on-a-few-hops-from-you 20 posts |
Alf83: Sorry to leave the discussion go cold - for several reasons i was not able to handle the server anymore, nor to finish this post. I hope to be back on track with this server in a month or so. |
Rate this page
Posted by TheAlchemist on Jul. 28 2006, commented by Vincent on Aug. 30, (popular)
