Re: [openupload-devel] LDAP Password\Group Issues
Status: Beta
Brought to you by:
tsdogs
Menu
▾
▴
Re: [openupload-devel] LDAP Password\Group Issues
|
From: Alessandro B. <ts...@br...> - 2009-08-18 15:59:45
|
Hi, I defenatly need to write some documentation on this one :) Weir, Jason ha scritto: > I've got OpenUpload installed on a Debian machine authenticating to > Win2K3 AD via LDAP - I'm seeing a couple issues. > > 1. Does OpenUpload cache the passwords - after I did a password change > I could no longer log in unless I used the old password. No, it only authenticates the user against AD at the login and then checks for the user information with the user specified in the configuration (the user remains authenticated until the logout or session expires) OpenUpload uses the standard ldap functions to authenticate, so probably it must be something with AD or Linux caching... I suppose you change the password with AD :) > 2. Seems to be an issue with long\complicated passwords, my password > contains spaces and special characters and always fails at login, if I > change it to "simple" I log in just fine. Any ideas? Hmm, no idea. It shouldn't as far as Open Upload gets the password, it tries to authenticate against AD, and if it succeeds it looks up user info and groups using the lookup user configured in the config.inc.php Maybe the password needs to be escaped in the code before authenticating. I'll check if this is OpenUpload fault or something else. > 3. The read-me was unclear how I setup user and admin groups in AD.. > I've got 2 groups "OpenUpload Admins" and "OpenUpload Users" created and > populated in AD - how do I configure OpenUpload to reference those > groups? > Here is the best way to setup Open Upload with LDAP/AD. 1. Run the setup and change 'admins' and 'registered' group names to the ones corresponding to the ones of your AD. (Using the default authentication with users in the database). This will populate the ACL with the correct group names in the database. i.e. admins => "OpenUpload Admins" and registered => "OpenUpload Users" 2. Once the setup is as you wish, change the config.inc.php (lookup the config.inc.php.example) and copy over the AD part, adapting the configuration. (which I suppose you already did) 3. Change the authentication module change the authentication method in the config.inc.php to ldap 4. Probably you would need to change the 'cn' to 'samaccountname' with active directory in user and group fields. 5. Login with an administrator, and then login with a User, to verify that eveything is working Alessandro |
