Menu
▾
▴
phpesp-general
|
From: Mihails A. <_m...@in...> - 2008-03-28 12:05:48
|
Hi! Has someone configured phpESP authentication to work with Active Directory? I've tried that, but there is a problem, that Active Directory doesn't allow anonymous browsing, so I can't even perform a successful bind. Ar cieņu, Mihails |
|
From: Franky V. L. <lie...@te...> - 2008-03-28 13:27:01
|
For the moment, this is indeed an issue. I'll fix this and add this
possibility in the next version.
For now: go to admin/include/lib/espauth-ldap.inc, search for the line that
mentions "ldap_connect" and add the following lines:
if ($ds) {
$ldapbind=ldap_bind($ds, "YOUR DN","YOUR PASS");
if (!$ldapbin) {
return false;
}
}
Franky
On 3/28/08, Mihails Agafonovs <_m...@in...> wrote:
>
> Hi!
> Has someone configured phpESP authentication to work with Active
> Directory? I've tried that, but there is a problem, that Active Directory
> doesn't allow anonymous browsing, so I can't even perform a successful bind.
> Ar cieņu, Mihails
>
> -------------------------------------------------------------------------
> Check out the new SourceForge.net Marketplace.
> It's the best place to buy or sell services for
> just about anything Open Source.
>
> http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
> _______________________________________________
> phpESP-general mailing list
> php...@li...
> https://lists.sourceforge.net/lists/listinfo/phpesp-general
>
> |
|
From: Matthew G. <mat...@gm...> - 2008-03-28 13:53:04
|
If your users are all in a single OU in AD you shouldn't have a problem. A bind is performed when users login. On Fri, 2008-03-28 at 14:05 +0200, Mihails Agafonovs wrote: > Hi! > Has someone configured phpESP authentication to work with Active > Directory? I've tried that, but there is a problem, that Active > Directory doesn't allow anonymous browsing, so I can't even perform a > successful bind. > Ar cieņu, Mihails > ------------------------------------------------------------------------- > Check out the new SourceForge.net Marketplace. > It's the best place to buy or sell services for > just about anything Open Source. > http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace > _______________________________________________ phpESP-general mailing list php...@li... https://lists.sourceforge.net/lists/listinfo/phpesp-general |
|
From: Matthew G. <mat...@gm...> - 2008-03-28 13:53:18
|
Do we browse before we bind in the ldap auth code?
On Fri, 2008-03-28 at 14:27 +0100, Franky Van Liedekerke wrote:
> For the moment, this is indeed an issue. I'll fix this and add this
> possibility in the next version.
> For now: go to admin/include/lib/espauth-ldap.inc, search for the line
> that mentions "ldap_connect" and add the following lines:
>
> if ($ds) {
> $ldapbind=ldap_bind($ds, "YOUR DN","YOUR PASS");
> if (!$ldapbin) {
> return false;
> }
> }
>
> Franky
>
>
> On 3/28/08, Mihails Agafonovs <_m...@in...> wrote:
> Hi!
> Has someone configured phpESP authentication to work with
> Active Directory? I've tried that, but there is a problem,
> that Active Directory doesn't allow anonymous browsing, so I
> can't even perform a successful bind.
> Ar cieņu, Mihails
>
> -------------------------------------------------------------------------
> Check out the new SourceForge.net Marketplace.
> It's the best place to buy or sell services for
> just about anything Open Source.
> http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
> _______________________________________________
> phpESP-general mailing list
> php...@li...
> https://lists.sourceforge.net/lists/listinfo/phpesp-general
>
>
> -------------------------------------------------------------------------
> Check out the new SourceForge.net Marketplace.
> It's the best place to buy or sell services for
> just about anything Open Source.
> http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
> _______________________________________________ phpESP-general mailing list php...@li... https://lists.sourceforge.net/lists/listinfo/phpesp-general
|
|
From: Franky V. L. <lie...@te...> - 2008-03-28 14:40:22
|
Yes, to know the DN of the user, you need to search ldap first (because the
user enters his username, not his DN)
Franky
On 3/28/08, Matthew Gregg <mat...@gm...> wrote:
>
> Do we browse before we bind in the ldap auth code?
>
> On Fri, 2008-03-28 at 14:27 +0100, Franky Van Liedekerke wrote:
> > For the moment, this is indeed an issue. I'll fix this and add this
> > possibility in the next version.
> > For now: go to admin/include/lib/espauth-ldap.inc, search for the line
> > that mentions "ldap_connect" and add the following lines:
> >
> > if ($ds) {
> > $ldapbind=ldap_bind($ds, "YOUR DN","YOUR PASS");
> > if (!$ldapbin) {
> > return false;
> > }
> > }
> >
> > Franky
> >
> >
> > On 3/28/08, Mihails Agafonovs <_m...@in...> wrote:
> > Hi!
> > Has someone configured phpESP authentication to work with
> > Active Directory? I've tried that, but there is a problem,
> > that Active Directory doesn't allow anonymous browsing, so I
> > can't even perform a successful bind.
> > Ar cieņu, Mihails
> >
> >
> -------------------------------------------------------------------------
> > Check out the new SourceForge.net Marketplace.
> > It's the best place to buy or sell services for
> > just about anything Open Source.
> >
> http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
> > _______________________________________________
> > phpESP-general mailing list
> > php...@li...
> > https://lists.sourceforge.net/lists/listinfo/phpesp-general
> >
> >
> >
> -------------------------------------------------------------------------
> > Check out the new SourceForge.net Marketplace.
> > It's the best place to buy or sell services for
> > just about anything Open Source.
> >
> http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
> > _______________________________________________ phpESP-general mailing
> list php...@li...
> https://lists.sourceforge.net/lists/listinfo/phpesp-general
>
>
> -------------------------------------------------------------------------
> Check out the new SourceForge.net Marketplace.
> It's the best place to buy or sell services for
> just about anything Open Source.
>
> http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
> _______________________________________________
> phpESP-general mailing list
> php...@li...
> https://lists.sourceforge.net/lists/listinfo/phpesp-general
> |
|
From: Matthew G. <mat...@gm...> - 2008-03-28 14:55:23
|
Looking at the code yeah we search then bind, which is valid. I wonder
if we should have a default distinguished name(DN) in the config and if
that is set, skip the search and bind directly as that DN substituting
the filter attribute and the username used?
On Fri, 2008-03-28 at 15:40 +0100, Franky Van Liedekerke wrote:
> Yes, to know the DN of the user, you need to search ldap first
> (because the user enters his username, not his DN)
>
> Franky
>
>
> On 3/28/08, Matthew Gregg <mat...@gm...> wrote:
> Do we browse before we bind in the ldap auth code?
>
> On Fri, 2008-03-28 at 14:27 +0100, Franky Van Liedekerke
> wrote:
> > For the moment, this is indeed an issue. I'll fix this and
> add this
> > possibility in the next version.
> > For now: go to admin/include/lib/espauth-ldap.inc, search
> for the line
> > that mentions "ldap_connect" and add the following lines:
> >
> > if ($ds) {
> > $ldapbind=ldap_bind($ds, "YOUR DN","YOUR PASS");
> > if (!$ldapbin) {
> > return false;
> > }
> > }
> >
> > Franky
> >
> >
> > On 3/28/08, Mihails Agafonovs <_m...@in...> wrote:
> > Hi!
> > Has someone configured phpESP authentication to work
> with
> > Active Directory? I've tried that, but there is a
> problem,
> > that Active Directory doesn't allow anonymous
> browsing, so I
> > can't even perform a successful bind.
> > Ar cieņu, Mihails
> >
> >
> -------------------------------------------------------------------------
> > Check out the new SourceForge.net Marketplace.
> > It's the best place to buy or sell services for
> > just about anything Open Source.
> >
> http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
> > _______________________________________________
> > phpESP-general mailing list
> > php...@li...
> >
> https://lists.sourceforge.net/lists/listinfo/phpesp-general
> >
> >
> >
> -------------------------------------------------------------------------
> > Check out the new SourceForge.net Marketplace.
> > It's the best place to buy or sell services for
> > just about anything Open Source.
> >
> http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
> > _______________________________________________
> phpESP-general mailing list
> php...@li...
> https://lists.sourceforge.net/lists/listinfo/phpesp-general
>
>
> -------------------------------------------------------------------------
> Check out the new SourceForge.net Marketplace.
> It's the best place to buy or sell services for
> just about anything Open Source.
> http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
> _______________________________________________
> phpESP-general mailing list
> php...@li...
> https://lists.sourceforge.net/lists/listinfo/phpesp-general
>
> -------------------------------------------------------------------------
> Check out the new SourceForge.net Marketplace.
> It's the best place to buy or sell services for
> just about anything Open Source.
> http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
> _______________________________________________ phpESP-general mailing list php...@li... https://lists.sourceforge.net/lists/listinfo/phpesp-general
|
|
From: Franky V. L. <lie...@te...> - 2008-03-28 16:25:06
|
I will add a config option that lets you define a search user and password,
so those can then be used to bind to do the user DN-search.
Many LDAP configs have DN's for users where the username is not even
mentioned, eg for me this could be:
DN=cn=franky van liedekerke,o=edynamics,c=be
while my username is totally different than "franky van liedekerke" :-)
So you can't asume the DN just by having part of it in a config, you need to
search for it.
Franky
On 3/28/08, Matthew Gregg <mat...@gm...> wrote:
>
> Looking at the code yeah we search then bind, which is valid. I wonder
> if we should have a default distinguished name(DN) in the config and if
> that is set, skip the search and bind directly as that DN substituting
> the filter attribute and the username used?
>
>
> On Fri, 2008-03-28 at 15:40 +0100, Franky Van Liedekerke wrote:
> > Yes, to know the DN of the user, you need to search ldap first
> > (because the user enters his username, not his DN)
> >
> > Franky
> >
> >
> > On 3/28/08, Matthew Gregg <mat...@gm...> wrote:
> > Do we browse before we bind in the ldap auth code?
> >
> > On Fri, 2008-03-28 at 14:27 +0100, Franky Van Liedekerke
> > wrote:
> > > For the moment, this is indeed an issue. I'll fix this and
> > add this
> > > possibility in the next version.
> > > For now: go to admin/include/lib/espauth-ldap.inc, search
> > for the line
> > > that mentions "ldap_connect" and add the following lines:
> > >
> > > if ($ds) {
> > > $ldapbind=ldap_bind($ds, "YOUR DN","YOUR PASS");
> > > if (!$ldapbin) {
> > > return false;
> > > }
> > > }
> > >
> > > Franky
> > >
> > >
> > > On 3/28/08, Mihails Agafonovs <_m...@in...> wrote:
> > > Hi!
> > > Has someone configured phpESP authentication to work
> > with
> > > Active Directory? I've tried that, but there is a
> > problem,
> > > that Active Directory doesn't allow anonymous
> > browsing, so I
> > > can't even perform a successful bind.
> > > Ar cieņu, Mihails
> > >
> > >
> >
> -------------------------------------------------------------------------
> > > Check out the new SourceForge.net Marketplace.
> > > It's the best place to buy or sell services for
> > > just about anything Open Source.
> > >
> >
> http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
> > > _______________________________________________
> > > phpESP-general mailing list
> > > php...@li...
> > >
> > https://lists.sourceforge.net/lists/listinfo/phpesp-general
> > >
> > >
> > >
> >
> -------------------------------------------------------------------------
> > > Check out the new SourceForge.net Marketplace.
> > > It's the best place to buy or sell services for
> > > just about anything Open Source.
> > >
> >
> http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
> > > _______________________________________________
> > phpESP-general mailing list
> > php...@li...
> > https://lists.sourceforge.net/lists/listinfo/phpesp-general
> >
> >
> >
> -------------------------------------------------------------------------
> > Check out the new SourceForge.net Marketplace.
> > It's the best place to buy or sell services for
> > just about anything Open Source.
> >
> http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
> > _______________________________________________
> > phpESP-general mailing list
> > php...@li...
> > https://lists.sourceforge.net/lists/listinfo/phpesp-general
> >
> >
> -------------------------------------------------------------------------
> > Check out the new SourceForge.net Marketplace.
> > It's the best place to buy or sell services for
> > just about anything Open Source.
> >
> http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
> > _______________________________________________ phpESP-general mailing
> list php...@li...
> https://lists.sourceforge.net/lists/listinfo/phpesp-general
>
>
> -------------------------------------------------------------------------
> Check out the new SourceForge.net Marketplace.
> It's the best place to buy or sell services for
> just about anything Open Source.
>
> http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
> _______________________________________________
> phpESP-general mailing list
> php...@li...
> https://lists.sourceforge.net/lists/listinfo/phpesp-general
> |
|
From: Franky V. L. <lie...@te...> - 2008-03-29 09:46:24
|
Hi,
the code has been added, see options ldap_bind_dn and
ldap_bind_password in admin/phpESP.ini.php
Franky
On Fri, 28 Mar 2008 17:25:09 +0100
"Franky Van Liedekerke" <lie...@te...> wrote:
> I will add a config option that lets you define a search user and
> password, so those can then be used to bind to do the user DN-search.
> Many LDAP configs have DN's for users where the username is not even
> mentioned, eg for me this could be:
> DN=cn=franky van liedekerke,o=edynamics,c=be
> while my username is totally different than "franky van
> liedekerke" :-) So you can't asume the DN just by having part of it
> in a config, you need to search for it.
>
> Franky
>
> On 3/28/08, Matthew Gregg <mat...@gm...> wrote:
> >
> > Looking at the code yeah we search then bind, which is valid. I
> > wonder if we should have a default distinguished name(DN) in the
> > config and if that is set, skip the search and bind directly as
> > that DN substituting the filter attribute and the username used?
> >
> >
> > On Fri, 2008-03-28 at 15:40 +0100, Franky Van Liedekerke wrote:
> > > Yes, to know the DN of the user, you need to search ldap first
> > > (because the user enters his username, not his DN)
> > >
> > > Franky
> > >
> > >
> > > On 3/28/08, Matthew Gregg <mat...@gm...> wrote:
> > > Do we browse before we bind in the ldap auth code?
> > >
> > > On Fri, 2008-03-28 at 14:27 +0100, Franky Van Liedekerke
> > > wrote:
> > > > For the moment, this is indeed an issue. I'll fix this
> > > > and
> > > add this
> > > > possibility in the next version.
> > > > For now: go to admin/include/lib/espauth-ldap.inc,
> > > > search
> > > for the line
> > > > that mentions "ldap_connect" and add the following
> > > > lines:
> > > >
> > > > if ($ds) {
> > > > $ldapbind=ldap_bind($ds, "YOUR DN","YOUR PASS");
> > > > if (!$ldapbin) {
> > > > return false;
> > > > }
> > > > }
> > > >
> > > > Franky
> > > >
> > > >
> > > > On 3/28/08, Mihails Agafonovs <_m...@in...> wrote:
> > > > Hi!
> > > > Has someone configured phpESP authentication to
> > > > work
> > > with
> > > > Active Directory? I've tried that, but there is
> > > > a
> > > problem,
> > > > that Active Directory doesn't allow anonymous
> > > browsing, so I
> > > > can't even perform a successful bind.
> > > > Ar cieņu, Mihails
> > > >
> > > >
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X