Hi,
I'm trying to configure authentication using LDAP server.
As soon as I put following option in data/config.php: $serviceoverrides['User'] = 'SemanticScuttle_Service_AuthUser'
I receive following error: XML Parsing Error: syntax error Location: http://host/bookmarks/login Line Number 2, Column 1: Deprecated: Assigning the return value of new by reference is deprecated in /usr/share/php/Auth.php on line 469 ^
When authentication debugging is turned on, error message goes as follow: Deprecated: Assigning the return value of new by reference is deprecated in /usr/share/php/Auth.php on line 469 Warning: require_once(Log.php): failed to open stream: No such file or directory in /var/www-sites/SemanticScuttle/src/SemanticScuttle/Service/AuthUser.php on line 107 Fatal error: require_once(): Failed opening required 'Log.php' (include_path='.:/usr/share/php:/usr/share/pear:/var/www-sites/SemanticScuttle/src/SemanticScuttle/../') in /var/www-sites/SemanticScuttle/src/SemanticScuttle/Service/AuthUser.php on line 107
Any help will be appreciated,
Piotr
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The problem is solved. I changed Auth.php, line 469 from: $obj =& new $storage_class($options);
to: $obj = new $storage_class($options);
and now LDAP authorization works.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Yes, you are right. I noticed the same thing - problem exists when $debugMode is set to true. Now I set $debugMode to false, restored original library files and everything works OK.
Thank you for your help!
BTW - documentation for external authentication should be changed. Following config options make no sense in my opinion: 'binddn' => 'readuser', 'bindpw' => 'readuser', 'userattr' => 'sAMAccountName',
At least two first options are not necessary. Last one could be used for other functionality - for mapping particular properties from LDAP directory to user properties in SemanticScuttle DB (e.g. CN can be used as user name, MAIL as user email address). Of course in different LDAP directories those properties can be named in different way, so such mapping should be configurable.
Regards,
Piotr
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Following config options make no sense in my opinion:
'binddn' => 'readuser',
'bindpw' => 'readuser',
'userattr' => 'sAMAccountName',
binddn and bindpw are needed when your LDAP server does not allow anonymous access. userattr is needed because it's the LDAP property that the user name gets matched against.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I don't get it. If binddn and bindpw is provided in configuration, how authentication is done? I was assuming that user should provide its credentials (i.e. username and password) to verify them against LDAP. And userattr is just used to point which LDAP property should be retrieved.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I don't get it. If binddn and bindpw is provided in configuration, how authentication is done? I was assuming that user should provide its credentials (i.e. username and password) to verify them against LDAP.
There are two models of LDAP authentication:
use user-given name and password to log into the LDAP server. You're limited to the DN of the LDAP user object here.
use pre-configured username and password to log into the LDAP server, then use this connection to find an object whose username and password match the user-supplied ones. This makes it possible to use e.g. the email address as user name, instead of needing to provide a full DN as user name.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi,
I'm trying to configure authentication using LDAP server.
As soon as I put following option in data/config.php:
$serviceoverrides['User'] = 'SemanticScuttle_Service_AuthUser'
I receive following error:
XML Parsing Error: syntax error
Location: http://host/bookmarks/login
Line Number 2, Column 1:
Deprecated: Assigning the return value of new by reference is deprecated in /usr/share/php/Auth.php on line 469
^
When authentication debugging is turned on, error message goes as follow:
Deprecated: Assigning the return value of new by reference is deprecated in /usr/share/php/Auth.php on line 469 Warning: require_once(Log.php): failed to open stream: No such file or directory in /var/www-sites/SemanticScuttle/src/SemanticScuttle/Service/AuthUser.php on line 107 Fatal error: require_once(): Failed opening required 'Log.php' (include_path='.:/usr/share/php:/usr/share/pear:/var/www-sites/SemanticScuttle/src/SemanticScuttle/../') in /var/www-sites/SemanticScuttle/src/SemanticScuttle/Service/AuthUser.php on line 107
Any help will be appreciated,
Piotr
In your config file, add the following line:
error_reporting(error_reporting() & ~E_DEPRECATED);
Unfortunately still the same.
The problem is solved. I changed
Auth.php
, line 469 from:$obj =& new $storage_class($options);
to:
$obj = new $storage_class($options);
and now LDAP authorization works.
I think I know now what happened. You have debug mode enabled, and this overrides the error_reporting() setting in your configuration file.
Either disable debugging, or modify src/SemanticScuttle/header.php:
Modifying libraries is not the best solution, since an update of the library will reset your changes.
Last edit: Christian Weiske 2013-04-07
Yes, you are right. I noticed the same thing - problem exists when
$debugMode
is set totrue
. Now I set$debugMode
tofalse
, restored original library files and everything works OK.Thank you for your help!
BTW - documentation for external authentication should be changed. Following config options make no sense in my opinion:
'binddn' => 'readuser',
'bindpw' => 'readuser',
'userattr' => 'sAMAccountName',
At least two first options are not necessary. Last one could be used for other functionality - for mapping particular properties from LDAP directory to user properties in SemanticScuttle DB (e.g. CN can be used as user name, MAIL as user email address). Of course in different LDAP directories those properties can be named in different way, so such mapping should be configurable.
Regards,
Piotr
Feature request created:
https://sourceforge.net/p/semanticscuttle/feature-requests/99/
binddn and bindpw are needed when your LDAP server does not allow anonymous access. userattr is needed because it's the LDAP property that the user name gets matched against.
I don't get it. If binddn and bindpw is provided in configuration, how authentication is done? I was assuming that user should provide its credentials (i.e. username and password) to verify them against LDAP. And
userattr
is just used to point which LDAP property should be retrieved.There are two models of LDAP authentication:
OK, so when DN is same for all users, option number 1 is OK to be used.
When DN includes some specific user information, only option number 2 can be used.