Menu
▾
▴
Re: [phpesp-general] LDAP designers
|
From: <st...@en...> - 2008-05-27 18:14:00
|
Is there no concept of 'groups' when using ldap for authentication? I
use phpESP at a college and we have various departments who share
responsibility for editing and deploying and copying surveys. We've
used the the 'groups' functionality to allow this in the past. I would
very much like to move to the newest phpESP and use ldap for
authentication but this seems to be a stumbling block. I don't want to
completely break group ownership and orphan all our existing surveys.
I also like the measure of granularity 'group editors' provides for
sharing admin responsibilties.
Seems like you have to give up a lot to go with LDAP or am I missing
something?
Mark
On May 26, 2008, at 11:07 AM, Franky Van Liedekerke wrote:
> I think the ini file contains enough info to get you started :)
> See here the relevant parts:
>
> // Choose authentication type: { 'default', 'ldap_both', 'ldap_resp',
> 'ldap_des' }
> // ldap_resp: respondents in LDAP, ldap_des: designers in LDAP
> // ldap_both: both respondents and designers in LDAP
> // default: mysql
> $ESPCONFIG['auth_type'] = 'default';
>
> // LDAP connection information
> // (Set these values if you choose 'ldap' as the authentication type.)
> // if a user is not found in ldap, the DB is still searched as well
> // designer info is copied in the DB
> $ESPCONFIG['ldap_server'] = 'ldap://ldap.example.com';
> $ESPCONFIG['ldap_port'] = '389';
>
> // if wanted/needed, enter the settings to do an authenticated ldap
> bind
> // in order to search the ldap tree
> $ESPCONFIG['ldap_bind_dn'] = '';
> $ESPCONFIG['ldap_bind_password'] = '';
>
> //the base dn you want to search
> $ESPCONFIG['ldap_dn'] = 'dc=example, dc=com';
>
> // the ldap filter used, this is completed with the uid the user
> enters
> $ESPCONFIG['ldap_filter'] = 'uid=';
>
> // the LDAP attribute that is compared with the "group" when
> completing
> private // surveys
> $ESPCONFIG['ldap_realm_attr'] = 'objectClass';
>
> // the LDAP attribute/value needed to designate a LDAP user as a
> designer $ESPCONFIG['ldap_designer_filter'] = 'UserCategory=engineer';
>
> // the LDAP attribute needed to designate a LDAP user as a superuser
> // we show the example of "uid=test"
> $ESPCONFIG['ldap_superuser_attr'] = 'uid';
>
> // the LDAP value needed to designate a LDAP user as a superuser
> $ESPCONFIG['ldap_superuser_value'] = 'test';
>
> // most newer LDAP servers need protocol 3 to be able to bind
> successfully
> // if this doesn't work for you, turn it of
> $ESPCONFIG['ldap_force_proto_3'] = true;
>
>
> Franky
>
> On Mon, 26 May 2008 07:42:44 -0400
> Matthew Gregg <mat...@gm...> wrote:
>
>> I believe you need to specify an LDAP attribute that signifies
>> designer accounts. If you would like all LDAP users to be designers
>> then picking an attribute like UID which all users should have, would
>> accomplish it.
>>
>>
>> On Mon, 2008-05-26 at 11:15 +0300, Mihails Agafonovs wrote:
>>> Also, is there any other prerequisites to enable LDAP for designers,
>>> other than changing configuration file (auth_type = ldap_des)?
>>>
>>> For now, I'm getting an error, trying both ldap_des and ldap_both:
>>>
>>> errorMessage: Referral:
>>> \nldap://ForestDnsZones.mydomain.com/
>>> DC=ForestDnsZones,DC=mydomain,DC=com\nldap://
>>> DomainDnsZones.mydomain.com/DC=DomainDnsZones,DC=GDNEurope,DC=com
>>> \nldap://mydomain.com/CN=Configuration,DC=mydomain,DC=com
>>>
>>> The configuration is the same as for ldap_resp, which is working
>>> correctly.
>>>
>>> Ar cieņu, Mihails
>>> -------------------------------------------------------------------------
>>> This SF.net email is sponsored by: Microsoft
>>> Defy all challenges. Microsoft(R) Visual Studio 2008.
>>> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
>>> _______________________________________________ phpESP-general
>>> mailing list php...@li...
>>> https://lists.sourceforge.net/lists/listinfo/phpesp-general
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> phpESP-general mailing list
> php...@li...
> https://lists.sourceforge.net/lists/listinfo/phpesp-general
|
