Menu
▾
▴
phpwiki-talk
|
From: John C. <joh...@ua...> - 2004-03-01 15:03:54
|
--- Reini Urban <ru...@x-...> wrote:
> John Cole schrieb:
>
> > Reini,
> > Here is the patch and the lines needed for AD in
> the
> > index.php. Both are zipped so hopefully they will
> be
> > readable.
> >
> > Note: you will need to rename the extension to
> zip,
> > as SF is blocking all zip files.
>
>
> Can you live with the most recent WikiUserNew
> constants?
>
> I don't think that you need the 2nd port argument to
> ldap_connect
> "ldap://server:port" should be enough, can you
> verify?
>
Reini,
You are correct, the ldap port does not need to be specified. I cleaned
up some of the code so it doesn't throw php warnings about undefined
constants:
$LDAP_SET_OPTION = array(LDAP_OPT_PROTOCOL_VERSION => 3,
LDAP_OPT_REFERRALS, 0);
if (!defined('LDAP_AUTH_USER')) define('LDAP_AUTH_USER', "CN=a ldap
user,CN=Users,DC=company,DC=com");
if (!defined('LDAP_AUTH_PASSWORD')) define('LDAP_AUTH_PASSWORD', 'your
password');
if (!defined('LDAP_SEARCH_FIELD')) define('LDAP_SEARCH_FIELD',
'sAMAccountName'); // might be different from uid,
I have a fresh copy from CVS this morning and things seem to look very good.
Here is a small list of things I have noticed so far:
* Line 121 of themes\default\templates\editpage.tmpl causes PHP 4.3.4 on
windows to core apache when you attempt to edit a page. Removing this line
fixes this.
* RichTable plugin is not working correctly (it does not parse plugins or
wiki words) and it throws a dozen warnings at the bottom of the page like:
C:\Program Files\Apache
Group\Apache2\htdocs\phpwiki\lib\plugin\RichTable.php (In template 'browse')
(In template 'body') (In template 'html'):139: Notice[8]: Undefined offset:
1
I really like the themes your freinds had. It would be great if the
artistic folk could increase the number of default themes included with
phpWiki. The project really does look like its reaching critical mass.
Great work.
John Cole
-------------------------------------
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail.
|
|
From: John C. <joh...@ua...> - 2004-03-01 17:39:40
|
Reini, I updated to the latest editpage.tmpl and tried to look at OldTextFormattingRules, but I can't load that page, apache cores (it cores with line 121 removed in editpage.tmpl removed too). Since there were a lot of post related to this problem, I assume that it is common to php 4.3/win32 users. I don't know if it happens with IIS or Apache 1.3 or if it is only with Apache 2 (I'm running Apache 2.0.48) Have you been able to duplicate this issue or does your development enviroment work as expected? I undertsand about setting priorities and RichTable. I was looking for a little more formatting control on our HomePage while allowing everyone the ability to edit it, and RichTable looked perfect :-) Thanks, John Cole -----Original Message----- From: Reini Urban [mailto:ru...@x-...] Sent: Monday, March 01, 2004 10:41 AM To: John Cole; php...@li... Subject: Re: [Phpwiki-talk] LDAP Authentication... John Cole schrieb: > --- Reini Urban <ru...@x-...> wrote: > I have a fresh copy from CVS this morning and things seem to look very good. > Here is a small list of things I have noticed so far: > > * Line 121 of themes\default\templates\editpage.tmpl causes PHP 4.3.4 on > windows to core apache when you attempt to edit a page. Removing this line > fixes this. yep. thanks. the fix is to check the content of your OldTextFormattingRules page. But really IncludePage has to be foolproof. same with UnfoldSubpages. I'm just looking into that. CreateToc is similar to IncludePage, so that will ready soon too. > * RichTable plugin is not working correctly (it does not parse plugins or > wiki words) and it throws a dozen warnings at the bottom of the page like: > > C:\Program Files\Apache > Group\Apache2\htdocs\phpwiki\lib\plugin\RichTable.php (In template 'browse') > (In template 'body') (In template 'html'):139: Notice[8]: Undefined offset: > 1 This is not priority for me now. It's a hack anway. ------------------------------------- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. |
|
From: John C. <joh...@ua...> - 2004-03-08 15:35:45
|
Norberto, I think that is where I was able to get my 1.3.4 wiki working with LDAP :-) If you go back in the thread far enough, I hope I said that. I did have to change the search field for our setup, and I wonder if everyones AD setup is going to be different. I'd recomend to anyone trying to configure their wiki for LDAP to dump an LDIF file before you start trying to figure out what your DN and search fields are. Other than that, I've just been trying to keep AD working with the top of the tree, which got dicy for a while. I run two wiki's pointed at the same database, and when I feel the top of the tree is stable enough, I move it from my working version to the main version. I try and sync my development copy once a week to catch up to Reini. John Cole -----Original Message----- From: php...@li... [mailto:php...@li...]On Behalf Of Norberto Meijome Sent: Monday, March 08, 2004 1:14 AM To: php...@li... Subject: Re: [Phpwiki-talk] LDAP Authentication... Importance: Low John, Reini, FWIW, I submitted a patch against 1.3.4 that enabled this functionality -- http://sourceforge.net/tracker/index.php?func=detail&aid=738150&group_id=612 1&atid=306121 Some of the code and comments provided in this thread above looks quite similar (same?) to the one provided in my patch. I guess I used the wrong system to post that patch :-) I've had 1.3.4 running with this changes doing authentication against my W2K Active Directory since I've submitted the patch. I only have to spend some time figuring out how to enable LDAP queries over TLS against this AD (not sure how to enable it @ W2K end, no problems from PHP). The reason of using a specific define for LDAP_PORT was in case a user had an LDAP server running on another port without changing the lib/ files. Keep on the great work -- looking forward 1.3.8 + 1.4 :-) Best regards, -- Norberto Meijome | numard at meijome dot net "Everything is interesting if you go into it deeply enough." - Richard Feynman Reini Urban wrote: > John, > could you please zip your diff and attach it. > email mangles it unreadable. > > A few things: > LDAP_PORT is not needed. > Just set > LDAP_HOST = "ldaps://server:636" > or > LDAP_HOST = "ldap://server:389" > Could you please try that out with your php_ldap.dll > > Thanks for the non-anonymous bind sample and for finding the stupid > password error. > > John Cole schrieb: > >> Ok, I got it working. There are a few issues here. First if you use >> strict USER_AUTH_POLICY with only >> LDAP defined, you will get an error >> >> Fatal error: Call to a member function on a non-object >> in C:\Program Files\Apache >> Group\Apache2\htdocs\phpwiki\lib\WikiUserNew.php on >> line 855 >> >> inside the checkPass function. >> >> using USER_AUTH_POLICY stacked works however. >> >> After, that is, >> the line >> >> if ($r = @ldap_bind($ldap, >> $dn, $passwd)) { >> >> is changed to >> >> if ($r = @ldap_bind($ldap, >> $dn, $submitted_password)) { >> >> >> Here is the patch to make LDAP actually work and work >> with Active Directory. I do not know if the AD stuff >> interfers with OpenLDAP or not. >> >> ----------------------------------------------- >> Index: lib/WikiUserNew.php >> =================================================================== >> RCS file: >> /cvsroot/phpwiki/phpwiki/lib/WikiUserNew.php,v >> retrieving revision 1.20 >> diff -u -r1.20 WikiUserNew.php >> --- lib/WikiUserNew.php 26 Feb 2004 01:29:11 -0000 >> 1.20 >> +++ lib/WikiUserNew.php 26 Feb 2004 21:38:13 -0000 >> @@ -459,6 +459,7 @@ >> return false; // Nothing to do? >> >> $authlevel = $this->checkPass($passwd); >> + if (!$authlevel) >> return _("Invalid password or userid."); >> elseif ($authlevel < $require_level) >> @@ -1370,25 +1371,38 @@ >> function checkPass($submitted_password) { >> $this->_authmethod = 'LDAP'; >> $userid = $this->_userid; >> - if ($ldap = ldap_connect(LDAP_AUTH_HOST)) { >> // must be a valid LDAP server! >> - $r = @ldap_bind($ldap); // this is an >> anonymous bind >> - // Need to set the right root search >> information. see ../index.php >> - $sr = ldap_search($ldap, LDAP_BASE_DN, >> "uid=$userid"); >> - $info = ldap_get_entries($ldap, $sr); // >> there may be more hits with this userid. try every >> - for ($i = 0; $i < $info["count"]; $i++) { >> - $dn = $info[$i]["dn"]; >> - // The password is still plain text. >> - if ($r = @ldap_bind($ldap, $dn, >> $passwd)) { >> - // ldap_bind will return TRUE if >> everything matches >> - ldap_close($ldap); >> - $this->_level = WIKIAUTH_USER; >> - return $this->_level; >> + >> + if ($ldap = ldap_connect(LDAP_AUTH_HOST, >> LDAP_PORT)) { // must be a valid LDAP server! >> + ldap_set_option($ldap, >> LDAP_OPT_PROTOCOL_VERSION, 3); >> + ldap_set_option($ldap, >> LDAP_OPT_REFERRALS, 0); >> + + // anonymous binds do not work with >> active directory >> + if ($r = @ldap_bind($ldap, >> LDAP_AUTH_USER, LDAP_AUTH_PASSWORD)) { >> + // AD search field is different that >> uid >> + $st_search = >> LDAP_SEARCH_FIELD."=$userid"; >> + >> + // Need to set the right root search >> information. see ../index.php >> + if ($sr = ldap_search($ldap, >> LDAP_BASE_DN, "$st_search")) { + $info = >> ldap_get_entries($ldap, >> $sr); >> + >> + for ($i = 0; $i < $info["count"]; >> $i++) { >> + $dn = $info[$i]["dn"]; >> + // The password is still >> plain text. >> + if ($r = @ldap_bind($ldap, >> $dn, $submitted_password)) { >> + // ldap_bind will return >> TRUE if everything matches >> + ldap_close($ldap); >> + $this->_level = >> WIKIAUTH_USER; >> + return $this->_level; >> + } >> + } >> + } else { >> + trigger_error("LDAP Search Failed >> " . LDAP_AUTH_HOST, E_USER_WARNING); >> } >> + } else { >> + trigger_error("LDAP Search Failed " . >> LDAP_AUTH_HOST, E_USER_WARNING); >> } >> } else { >> - trigger_error(fmt("Unable to connect to >> LDAP server %s", LDAP_AUTH_HOST), - >> E_USER_WARNING); >> - //return false; >> + trigger_error(_("Unable to connect to >> LDAP server "). LDAP_AUTH_HOST, E_USER_WARNING); >> } >> >> if (USER_AUTH_POLICY === 'strict') { >> @@ -1406,13 +1420,28 @@ >> >> function userExists() { >> $userid = $this->_userid; >> - if ($ldap = ldap_connect(LDAP_AUTH_HOST)) { >> // must be a valid LDAP server! >> - $r = @ldap_bind($ldap); // this is an >> anonymous bind >> - $sr = ldap_search($ldap, LDAP_BASE_DN, >> "uid=$userid"); >> - $info = ldap_get_entries($ldap, $sr); >> - if ($info["count"] > 0) { >> - ldap_close($ldap); >> - return true; >> + >> + if ($ldap = ldap_connect(LDAP_AUTH_HOST, >> LDAP_PORT)) { // must be a valid LDAP server! >> + ldap_set_option($ldap, >> LDAP_OPT_PROTOCOL_VERSION, 3); >> + ldap_set_option($ldap, >> LDAP_OPT_REFERRALS, 0); >> + + // anonymous binds do not work with >> active directory >> + if ($r = @ldap_bind($ldap, >> LDAP_AUTH_USER, LDAP_AUTH_PASSWORD)) { >> + // AD search field is different that >> uid >> + $st_search = >> LDAP_SEARCH_FIELD."=$userid"; >> + >> + // Need to set the right root search >> information. see ../index.php >> + if ($sr = ldap_search($ldap, >> LDAP_BASE_DN, "$st_search")) { + $info = >> ldap_get_entries($ldap, >> $sr); >> + if ($info["count"] > 0) { >> + ldap_close($ldap); >> + return true; >> + } >> + } else { >> + trigger_error("LDAP Search Failed >> " . LDAP_AUTH_HOST, E_USER_WARNING); >> + } >> + } else { >> + trigger_error("LDAP Search Failed " . >> LDAP_AUTH_HOST, E_USER_WARNING); >> } >> } else { >> trigger_error(_("Unable to connect to >> LDAP server "). LDAP_AUTH_HOST, E_USER_WARNING); >> @@ -1955,7 +1984,6 @@ >> return $this->_prefs; >> } >> } >> - >> >> // $Log: WikiUserNew.php,v $ >> // Revision 1.20 2004/02/26 01:29:11 rurban >> ------------------------------------------------------ >> >> You will need the following added to index.php >> >> //LDAP's Server Port. If using SSL, aka ldaps://, port >> should be 636 if (!defined('LDAP_PORT')) define('LDAP_PORT', "389"); >> >> //our AD's LDAP is locked down, no anonymous >> connections are //allowed. A real username / password must be given in >> order to perform //a search. if (!defined('LDAP_AUTH_USER')) >> define('LDAP_AUTH_USER', "CN=ldap >> user,CN=Users,DC=company,DC=com"); >> if (!defined('LDAP_AUTH_PASSWORD')) >> define('LDAP_AUTH_PASSWORD', "ldappassword"); >> >> >> //Defines which field of AD's LDAP to search for. >> needs to match the //username entered by the user in the webpage. >> //samaccountname = //Pre-Win2k username if >> (!defined('LDAP_SEARCH_FIELD')) >> define('LDAP_SEARCH_FIELD', "sAMAccountName"); >> >> Thanks, >> >> John Cole >> >> >> >> ------------------------------------------------------- >> SF.Net is sponsored by: Speed Start Your Linux Apps Now. >> Build and deploy apps & Web services for Linux with >> a free DVD software kit from IBM. Click Now! >> http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click >> _______________________________________________ >> Phpwiki-talk mailing list >> Php...@li... >> https://lists.sourceforge.net/lists/listinfo/phpwiki-talk >> > > ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Phpwiki-talk mailing list Php...@li... https://lists.sourceforge.net/lists/listinfo/phpwiki-talk ------------------------------------- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. |
|
From: Reini U. <ru...@x-...> - 2004-03-01 16:45:33
|
John Cole schrieb: > --- Reini Urban <ru...@x-...> wrote: > I have a fresh copy from CVS this morning and things seem to look very good. > Here is a small list of things I have noticed so far: > > * Line 121 of themes\default\templates\editpage.tmpl causes PHP 4.3.4 on > windows to core apache when you attempt to edit a page. Removing this line > fixes this. yep. thanks. the fix is to check the content of your OldTextFormattingRules page. But really IncludePage has to be foolproof. same with UnfoldSubpages. I'm just looking into that. CreateToc is similar to IncludePage, so that will ready soon too. > * RichTable plugin is not working correctly (it does not parse plugins or > wiki words) and it throws a dozen warnings at the bottom of the page like: > > C:\Program Files\Apache > Group\Apache2\htdocs\phpwiki\lib\plugin\RichTable.php (In template 'browse') > (In template 'body') (In template 'html'):139: Notice[8]: Undefined offset: > 1 This is not priority for me now. It's a hack anway. > I really like the themes your freinds had. It would be great if the > artistic folk could increase the number of default themes included with > phpWiki. The project really does look like its reaching critical mass. > Great work. I added now "smaller", my default AcadWiki theme, which adds the SignIn button at the bottom (as some years ago), because lots of my users complained that they cannot change any page, and didn't know how to login. For not signedin users there's only a "Info" bottom at the bottom, behind the Info botton is the whole range of actionbar buttons: edit, diff, history, ... At the top of the PageInfo page I also have a statement to login, when someone wants to change something. And the navbar at the top has only short names (News, Search:) and links instead of buttons. It just looks cleaner this way. it's not yet 10pt as the others CMS have, but less than before. The nuke theme is some major grafical work, esp. for the consistent look of WikiForum, WhoIsOnline and WikiBlog, which I cannot finish now. Also the sidebars. I wanted to do a standard 3 columns layout. I have to get rid of the remaining auth problems on the sf.net server. On my servers it works ok. I fixed the demo virtual hosts again (adodb,dba,de,en,fr,...) but gettext localization is broken again. Even with the patch suggestion on the sf.net site. -- Reini Urban http://xarch.tu-graz.ac.at/home/rurban/ |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X