Re: [phpesp-general] LDAP designers

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Current phpESP can use a LDAP attribute to designate, designers accounts
and an LDAP attribute to designate legitimate respondents.  Users can
still be assigned to a "group" that is created by phpESP and share
surveys. It is a somewhat manual process however, given the kludgey way
phpESP groups are implemented.

On Tue, 2008-05-27 at 11:12 -0700, st...@en... wrote:
> Is there no concept of 'groups' when using ldap for authentication? I  
> use phpESP at a college and we have various departments who share  
> responsibility for editing and deploying and copying surveys. We've  
> used the the 'groups' functionality to allow this in the past. I would  
> very much like to move to the newest phpESP and use ldap for  
> authentication but this seems to be a stumbling block. I don't want to  
> completely break group ownership and orphan all our existing surveys.  
> I also like the measure of granularity 'group editors' provides for  
> sharing admin responsibilties.
> 
> Seems like you have to give up a lot to go with LDAP or am I missing  
> something?
> 
> Mark
> 
> On May 26, 2008, at 11:07 AM, Franky Van Liedekerke wrote:
> 
> > I think the ini file contains enough info to get you started :)
> > See here the relevant parts:
> >
> > // Choose authentication type: { 'default', 'ldap_both', 'ldap_resp',
> > 'ldap_des' }
> > // ldap_resp: respondents in LDAP, ldap_des: designers in LDAP
> > // ldap_both: both respondents and designers in LDAP
> > // default: mysql
> > $ESPCONFIG['auth_type'] = 'default';
> >
> > // LDAP connection information
> > // (Set these values if you choose 'ldap' as the authentication type.)
> > // if a user is not found in ldap, the DB is still searched as well
> > // designer info is copied in the DB
> > $ESPCONFIG['ldap_server'] = 'ldap://ldap.example.com';
> > $ESPCONFIG['ldap_port'] = '389';
> >
> > // if wanted/needed, enter the settings to do an authenticated ldap  
> > bind
> > // in order to search the ldap tree
> > $ESPCONFIG['ldap_bind_dn'] = '';
> > $ESPCONFIG['ldap_bind_password'] = '';
> >
> > //the base dn you want to search
> > $ESPCONFIG['ldap_dn']     = 'dc=example, dc=com';
> >
> > // the ldap filter used, this is completed with the uid the user  
> > enters
> > $ESPCONFIG['ldap_filter'] = 'uid=';
> >
> > // the LDAP attribute that is compared with the "group" when  
> > completing
> > private // surveys
> > $ESPCONFIG['ldap_realm_attr'] = 'objectClass';
> >
> > // the LDAP attribute/value needed to designate a LDAP user as a
> > designer $ESPCONFIG['ldap_designer_filter'] = 'UserCategory=engineer';
> >
> > // the LDAP attribute needed to designate a LDAP user as a superuser
> > // we show the example of "uid=test"
> > $ESPCONFIG['ldap_superuser_attr'] = 'uid';
> >
> > // the LDAP value needed to designate a LDAP user as a superuser
> > $ESPCONFIG['ldap_superuser_value'] = 'test';
> >
> > // most newer LDAP servers need protocol 3 to be able to bind
> > successfully
> > // if this doesn't work for you, turn it of
> > $ESPCONFIG['ldap_force_proto_3'] = true;
> >
> >
> > Franky
> >
> > On Mon, 26 May 2008 07:42:44 -0400
> > Matthew Gregg <mat...@gm...> wrote:
> >
> >> I believe you need to specify an LDAP attribute that signifies
> >> designer accounts.  If you would like all LDAP users to be designers
> >> then picking an attribute like UID which all users should have, would
> >> accomplish it.
> >>
> >>
> >> On Mon, 2008-05-26 at 11:15 +0300, Mihails Agafonovs wrote:
> >>> Also, is there any other prerequisites to enable LDAP for designers,
> >>> other than changing configuration file (auth_type = ldap_des)?
> >>>
> >>> For now, I'm getting an error, trying both ldap_des and ldap_both:
> >>>
> >>> errorMessage: Referral:
> >>> \nldap://ForestDnsZones.mydomain.com/ 
> >>> DC=ForestDnsZones,DC=mydomain,DC=com\nldap:// 
> >>> DomainDnsZones.mydomain.com/DC=DomainDnsZones,DC=GDNEurope,DC=com 
> >>> \nldap://mydomain.com/CN=Configuration,DC=mydomain,DC=com
> >>>
> >>> The configuration is the same as for ldap_resp, which is working
> >>> correctly.
> >>>
> >>> Ar cieņu, Mihails
> >>> -------------------------------------------------------------------------
> >>> This SF.net email is sponsored by: Microsoft
> >>> Defy all challenges. Microsoft(R) Visual Studio 2008.
> >>> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> >>> _______________________________________________ phpESP-general
> >>> mailing list php...@li...
> >>> https://lists.sourceforge.net/lists/listinfo/phpesp-general
> >
> > -------------------------------------------------------------------------
> > This SF.net email is sponsored by: Microsoft
> > Defy all challenges. Microsoft(R) Visual Studio 2008.
> > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> > _______________________________________________
> > phpESP-general mailing list
> > php...@li...
> > https://lists.sourceforge.net/lists/listinfo/phpesp-general
> 
> 
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> phpESP-general mailing list
> php...@li...
> https://lists.sourceforge.net/lists/listinfo/phpesp-general