Menu
▾
▴
phpesp-general
|
From: Mihails A. <_m...@in...> - 2008-05-26 08:16:10
|
Also, is there any other prerequisites to enable LDAP for designers, other than changing configuration file (auth_type = ldap_des)? For now, I'm getting an error, trying both ldap_des and ldap_both: errorMessage: Referral:nldap://ForestDnsZones.mydomain.com/DC=ForestDnsZones,DC=mydomain,DC=comnldap://DomainDnsZones.mydomain.com/DC=DomainDnsZones,DC=GDNEurope,DC=comnldap://mydomain.com/CN=Configuration,DC=mydomain,DC=com The configuration is the same as for ldap_resp, which is working correctly. Ar cieņu, Mihails |
|
From: Mihails A. <_m...@in...> - 2008-05-29 06:47:37
|
Hi! I've figured out where the problem is. Function @ldap_count_entries() in function manage_auth() returns value that's not equal to 1. I don't know why it returns 1 for respondents and 1 for designers. Please, need help!!! Ar cieņu, Mihails |
|
From: Mihails A. <_m...@in...> - 2008-05-29 07:23:29
|
For now, I've specified more specific base dn (ou=AAA,dc=domain,dc=com instead of dc=domain,dc=com) for designers and it worked! Of course, this is not the best solution, because now designers are limited to specific ou in AD tree. For example, our AD tree is divided in countries, so for now only designers from one country are able to log in. Does local designers can authenticate while ldap authentication enabled? Because it doesn't work in my case. Ar cieņu, Mihails |
|
From: Matthew G. <mat...@gm...> - 2008-05-26 11:42:39
|
I believe you need to specify an LDAP attribute that signifies designer accounts. If you would like all LDAP users to be designers then picking an attribute like UID which all users should have, would accomplish it. On Mon, 2008-05-26 at 11:15 +0300, Mihails Agafonovs wrote: > Also, is there any other prerequisites to enable LDAP for designers, > other than changing configuration file (auth_type = ldap_des)? > > For now, I'm getting an error, trying both ldap_des and ldap_both: > > errorMessage: Referral: > \nldap://ForestDnsZones.mydomain.com/DC=ForestDnsZones,DC=mydomain,DC=com\nldap://DomainDnsZones.mydomain.com/DC=DomainDnsZones,DC=GDNEurope,DC=com\nldap://mydomain.com/CN=Configuration,DC=mydomain,DC=com > > The configuration is the same as for ldap_resp, which is working > correctly. > > Ar cieņu, Mihails > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ phpESP-general mailing list php...@li... https://lists.sourceforge.net/lists/listinfo/phpesp-general -- Matthew Gregg <mat...@gm...> |
|
From: Franky V. L. <lie...@te...> - 2008-05-26 18:05:56
|
On Mon, 26 May 2008 07:42:44 -0400 Matthew Gregg <mat...@gm...> wrote: > I believe you need to specify an LDAP attribute that signifies > designer accounts. If you would like all LDAP users to be designers > then picking an attribute like UID which all users should have, would > accomplish it. > > > On Mon, 2008-05-26 at 11:15 +0300, Mihails Agafonovs wrote: > > Also, is there any other prerequisites to enable LDAP for designers, > > other than changing configuration file (auth_type = ldap_des)? > > > > For now, I'm getting an error, trying both ldap_des and ldap_both: > > > > errorMessage: Referral: > > \nldap://ForestDnsZones.mydomain.com/DC=ForestDnsZones,DC=mydomain,DC=com\nldap://DomainDnsZones.mydomain.com/DC=DomainDnsZones,DC=GDNEurope,DC=com\nldap://mydomain.com/CN=Configuration,DC=mydomain,DC=com > > > > The configuration is the same as for ldap_resp, which is working > > correctly. > > > > Ar cieņu, Mihails > > ------------------------------------------------------------------------- > > This SF.net email is sponsored by: Microsoft > > Defy all challenges. Microsoft(R) Visual Studio 2008. > > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > > _______________________________________________ phpESP-general > > mailing list php...@li... > > https://lists.sourceforge.net/lists/listinfo/phpesp-general |
|
From: Franky V. L. <lie...@te...> - 2008-05-26 18:07:32
|
I think the ini file contains enough info to get you started :)
See here the relevant parts:
// Choose authentication type: { 'default', 'ldap_both', 'ldap_resp',
'ldap_des' }
// ldap_resp: respondents in LDAP, ldap_des: designers in LDAP
// ldap_both: both respondents and designers in LDAP
// default: mysql
$ESPCONFIG['auth_type'] = 'default';
// LDAP connection information
// (Set these values if you choose 'ldap' as the authentication type.)
// if a user is not found in ldap, the DB is still searched as well
// designer info is copied in the DB
$ESPCONFIG['ldap_server'] = 'ldap://ldap.example.com';
$ESPCONFIG['ldap_port'] = '389';
// if wanted/needed, enter the settings to do an authenticated ldap bind
// in order to search the ldap tree
$ESPCONFIG['ldap_bind_dn'] = '';
$ESPCONFIG['ldap_bind_password'] = '';
//the base dn you want to search
$ESPCONFIG['ldap_dn'] = 'dc=example, dc=com';
// the ldap filter used, this is completed with the uid the user enters
$ESPCONFIG['ldap_filter'] = 'uid=';
// the LDAP attribute that is compared with the "group" when completing
private // surveys
$ESPCONFIG['ldap_realm_attr'] = 'objectClass';
// the LDAP attribute/value needed to designate a LDAP user as a
designer $ESPCONFIG['ldap_designer_filter'] = 'UserCategory=engineer';
// the LDAP attribute needed to designate a LDAP user as a superuser
// we show the example of "uid=test"
$ESPCONFIG['ldap_superuser_attr'] = 'uid';
// the LDAP value needed to designate a LDAP user as a superuser
$ESPCONFIG['ldap_superuser_value'] = 'test';
// most newer LDAP servers need protocol 3 to be able to bind
successfully
// if this doesn't work for you, turn it of
$ESPCONFIG['ldap_force_proto_3'] = true;
Franky
On Mon, 26 May 2008 07:42:44 -0400
Matthew Gregg <mat...@gm...> wrote:
> I believe you need to specify an LDAP attribute that signifies
> designer accounts. If you would like all LDAP users to be designers
> then picking an attribute like UID which all users should have, would
> accomplish it.
>
>
> On Mon, 2008-05-26 at 11:15 +0300, Mihails Agafonovs wrote:
> > Also, is there any other prerequisites to enable LDAP for designers,
> > other than changing configuration file (auth_type = ldap_des)?
> >
> > For now, I'm getting an error, trying both ldap_des and ldap_both:
> >
> > errorMessage: Referral:
> > \nldap://ForestDnsZones.mydomain.com/DC=ForestDnsZones,DC=mydomain,DC=com\nldap://DomainDnsZones.mydomain.com/DC=DomainDnsZones,DC=GDNEurope,DC=com\nldap://mydomain.com/CN=Configuration,DC=mydomain,DC=com
> >
> > The configuration is the same as for ldap_resp, which is working
> > correctly.
> >
> > Ar cieņu, Mihails
> > -------------------------------------------------------------------------
> > This SF.net email is sponsored by: Microsoft
> > Defy all challenges. Microsoft(R) Visual Studio 2008.
> > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> > _______________________________________________ phpESP-general
> > mailing list php...@li...
> > https://lists.sourceforge.net/lists/listinfo/phpesp-general
|
|
From: <st...@en...> - 2008-05-27 18:14:00
|
Is there no concept of 'groups' when using ldap for authentication? I
use phpESP at a college and we have various departments who share
responsibility for editing and deploying and copying surveys. We've
used the the 'groups' functionality to allow this in the past. I would
very much like to move to the newest phpESP and use ldap for
authentication but this seems to be a stumbling block. I don't want to
completely break group ownership and orphan all our existing surveys.
I also like the measure of granularity 'group editors' provides for
sharing admin responsibilties.
Seems like you have to give up a lot to go with LDAP or am I missing
something?
Mark
On May 26, 2008, at 11:07 AM, Franky Van Liedekerke wrote:
> I think the ini file contains enough info to get you started :)
> See here the relevant parts:
>
> // Choose authentication type: { 'default', 'ldap_both', 'ldap_resp',
> 'ldap_des' }
> // ldap_resp: respondents in LDAP, ldap_des: designers in LDAP
> // ldap_both: both respondents and designers in LDAP
> // default: mysql
> $ESPCONFIG['auth_type'] = 'default';
>
> // LDAP connection information
> // (Set these values if you choose 'ldap' as the authentication type.)
> // if a user is not found in ldap, the DB is still searched as well
> // designer info is copied in the DB
> $ESPCONFIG['ldap_server'] = 'ldap://ldap.example.com';
> $ESPCONFIG['ldap_port'] = '389';
>
> // if wanted/needed, enter the settings to do an authenticated ldap
> bind
> // in order to search the ldap tree
> $ESPCONFIG['ldap_bind_dn'] = '';
> $ESPCONFIG['ldap_bind_password'] = '';
>
> //the base dn you want to search
> $ESPCONFIG['ldap_dn'] = 'dc=example, dc=com';
>
> // the ldap filter used, this is completed with the uid the user
> enters
> $ESPCONFIG['ldap_filter'] = 'uid=';
>
> // the LDAP attribute that is compared with the "group" when
> completing
> private // surveys
> $ESPCONFIG['ldap_realm_attr'] = 'objectClass';
>
> // the LDAP attribute/value needed to designate a LDAP user as a
> designer $ESPCONFIG['ldap_designer_filter'] = 'UserCategory=engineer';
>
> // the LDAP attribute needed to designate a LDAP user as a superuser
> // we show the example of "uid=test"
> $ESPCONFIG['ldap_superuser_attr'] = 'uid';
>
> // the LDAP value needed to designate a LDAP user as a superuser
> $ESPCONFIG['ldap_superuser_value'] = 'test';
>
> // most newer LDAP servers need protocol 3 to be able to bind
> successfully
> // if this doesn't work for you, turn it of
> $ESPCONFIG['ldap_force_proto_3'] = true;
>
>
> Franky
>
> On Mon, 26 May 2008 07:42:44 -0400
> Matthew Gregg <mat...@gm...> wrote:
>
>> I believe you need to specify an LDAP attribute that signifies
>> designer accounts. If you would like all LDAP users to be designers
>> then picking an attribute like UID which all users should have, would
>> accomplish it.
>>
>>
>> On Mon, 2008-05-26 at 11:15 +0300, Mihails Agafonovs wrote:
>>> Also, is there any other prerequisites to enable LDAP for designers,
>>> other than changing configuration file (auth_type = ldap_des)?
>>>
>>> For now, I'm getting an error, trying both ldap_des and ldap_both:
>>>
>>> errorMessage: Referral:
>>> \nldap://ForestDnsZones.mydomain.com/
>>> DC=ForestDnsZones,DC=mydomain,DC=com\nldap://
>>> DomainDnsZones.mydomain.com/DC=DomainDnsZones,DC=GDNEurope,DC=com
>>> \nldap://mydomain.com/CN=Configuration,DC=mydomain,DC=com
>>>
>>> The configuration is the same as for ldap_resp, which is working
>>> correctly.
>>>
>>> Ar cieņu, Mihails
>>> -------------------------------------------------------------------------
>>> This SF.net email is sponsored by: Microsoft
>>> Defy all challenges. Microsoft(R) Visual Studio 2008.
>>> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
>>> _______________________________________________ phpESP-general
>>> mailing list php...@li...
>>> https://lists.sourceforge.net/lists/listinfo/phpesp-general
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> phpESP-general mailing list
> php...@li...
> https://lists.sourceforge.net/lists/listinfo/phpesp-general
|
|
From: Matthew G. <mat...@gm...> - 2008-05-27 19:27:39
|
Current phpESP can use a LDAP attribute to designate, designers accounts
and an LDAP attribute to designate legitimate respondents. Users can
still be assigned to a "group" that is created by phpESP and share
surveys. It is a somewhat manual process however, given the kludgey way
phpESP groups are implemented.
On Tue, 2008-05-27 at 11:12 -0700, st...@en... wrote:
> Is there no concept of 'groups' when using ldap for authentication? I
> use phpESP at a college and we have various departments who share
> responsibility for editing and deploying and copying surveys. We've
> used the the 'groups' functionality to allow this in the past. I would
> very much like to move to the newest phpESP and use ldap for
> authentication but this seems to be a stumbling block. I don't want to
> completely break group ownership and orphan all our existing surveys.
> I also like the measure of granularity 'group editors' provides for
> sharing admin responsibilties.
>
> Seems like you have to give up a lot to go with LDAP or am I missing
> something?
>
> Mark
>
> On May 26, 2008, at 11:07 AM, Franky Van Liedekerke wrote:
>
> > I think the ini file contains enough info to get you started :)
> > See here the relevant parts:
> >
> > // Choose authentication type: { 'default', 'ldap_both', 'ldap_resp',
> > 'ldap_des' }
> > // ldap_resp: respondents in LDAP, ldap_des: designers in LDAP
> > // ldap_both: both respondents and designers in LDAP
> > // default: mysql
> > $ESPCONFIG['auth_type'] = 'default';
> >
> > // LDAP connection information
> > // (Set these values if you choose 'ldap' as the authentication type.)
> > // if a user is not found in ldap, the DB is still searched as well
> > // designer info is copied in the DB
> > $ESPCONFIG['ldap_server'] = 'ldap://ldap.example.com';
> > $ESPCONFIG['ldap_port'] = '389';
> >
> > // if wanted/needed, enter the settings to do an authenticated ldap
> > bind
> > // in order to search the ldap tree
> > $ESPCONFIG['ldap_bind_dn'] = '';
> > $ESPCONFIG['ldap_bind_password'] = '';
> >
> > //the base dn you want to search
> > $ESPCONFIG['ldap_dn'] = 'dc=example, dc=com';
> >
> > // the ldap filter used, this is completed with the uid the user
> > enters
> > $ESPCONFIG['ldap_filter'] = 'uid=';
> >
> > // the LDAP attribute that is compared with the "group" when
> > completing
> > private // surveys
> > $ESPCONFIG['ldap_realm_attr'] = 'objectClass';
> >
> > // the LDAP attribute/value needed to designate a LDAP user as a
> > designer $ESPCONFIG['ldap_designer_filter'] = 'UserCategory=engineer';
> >
> > // the LDAP attribute needed to designate a LDAP user as a superuser
> > // we show the example of "uid=test"
> > $ESPCONFIG['ldap_superuser_attr'] = 'uid';
> >
> > // the LDAP value needed to designate a LDAP user as a superuser
> > $ESPCONFIG['ldap_superuser_value'] = 'test';
> >
> > // most newer LDAP servers need protocol 3 to be able to bind
> > successfully
> > // if this doesn't work for you, turn it of
> > $ESPCONFIG['ldap_force_proto_3'] = true;
> >
> >
> > Franky
> >
> > On Mon, 26 May 2008 07:42:44 -0400
> > Matthew Gregg <mat...@gm...> wrote:
> >
> >> I believe you need to specify an LDAP attribute that signifies
> >> designer accounts. If you would like all LDAP users to be designers
> >> then picking an attribute like UID which all users should have, would
> >> accomplish it.
> >>
> >>
> >> On Mon, 2008-05-26 at 11:15 +0300, Mihails Agafonovs wrote:
> >>> Also, is there any other prerequisites to enable LDAP for designers,
> >>> other than changing configuration file (auth_type = ldap_des)?
> >>>
> >>> For now, I'm getting an error, trying both ldap_des and ldap_both:
> >>>
> >>> errorMessage: Referral:
> >>> \nldap://ForestDnsZones.mydomain.com/
> >>> DC=ForestDnsZones,DC=mydomain,DC=com\nldap://
> >>> DomainDnsZones.mydomain.com/DC=DomainDnsZones,DC=GDNEurope,DC=com
> >>> \nldap://mydomain.com/CN=Configuration,DC=mydomain,DC=com
> >>>
> >>> The configuration is the same as for ldap_resp, which is working
> >>> correctly.
> >>>
> >>> Ar cieņu, Mihails
> >>> -------------------------------------------------------------------------
> >>> This SF.net email is sponsored by: Microsoft
> >>> Defy all challenges. Microsoft(R) Visual Studio 2008.
> >>> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> >>> _______________________________________________ phpESP-general
> >>> mailing list php...@li...
> >>> https://lists.sourceforge.net/lists/listinfo/phpesp-general
> >
> > -------------------------------------------------------------------------
> > This SF.net email is sponsored by: Microsoft
> > Defy all challenges. Microsoft(R) Visual Studio 2008.
> > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> > _______________________________________________
> > phpESP-general mailing list
> > php...@li...
> > https://lists.sourceforge.net/lists/listinfo/phpesp-general
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> phpESP-general mailing list
> php...@li...
> https://lists.sourceforge.net/lists/listinfo/phpesp-general
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X