You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@vcl.apache.org by Mike Haudenschild <mi...@longsight.com> on 2014/02/19 20:25:46 UTC
LDAP without SSL
I'm attempting to bind VCL to an LDAP server that is NOT using SSL. Before
I started the configuration process and tried to troubleshoot, I thought I
would ask if this is even supported.
Thanks very much,
Mike
Re: LDAP without SSL
Posted by Josh Thompson <jo...@ncsu.edu>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mike,
It should be the full DN of the LDAP bind user.
Also, remember that when you are not using SSL, every user's password is
passed between the web server and the LDAP server in clear text. Make sure
the network between the web server and the ldap server is very secure or you
will be introducing all of those users to the chance of their credentials
being stolen.
Josh
On Wednesday, February 19, 2014 3:37:48 PM Mike Haudenschild wrote:
> Confirmed, and confirmed. A question on syntax: should "maserlogin" be the
> full DN for the LDAP bind user, or JUST the userid portion (with the rest
> to be appended by VCL)?
>
> Thanks,
> Mike
>
> On Wed, Feb 19, 2014 at 3:31 PM, David DeMizio <dd...@ncf.edu> wrote:
> > also make sure the require_once(".ht-inc/authmethods/ldapauth.php"); is
> > not commented at the bottom of the conf.php
> >
> > David DeMizio
> > *Academic Systems Coordinator*
> > Office of Information Technology
> > New College of Florida
> > Phone: 941-487-4222 | Fax: 941-487-4356
> > www.ncf.edu
> >
> > On Wed, Feb 19, 2014 at 3:21 PM, Mike Haudenschild
<mi...@longsight.com>wrote:
> >> David,
> >>
> >> Thanks. I am able to use the PHP LDAP test script (from another message
> >> in the VCL listserv archive) to bind, but after changing all instances of
> >> "ldaps" to "ldap" VCL reports "Unable to connect to authentication
> >> server."
> >>
> >> I ran the test script on the same system on which VCL's installed.
> >>
> >> Anything else you can think of?
> >>
> >> Thanks very much,
> >> Mike
> >>
> >> --
> >> *Mike Haudenschild*
> >>
> >> Longsight
> >>
> >> (740) 599-5005 x809
> >> mike@longsight.com
> >> www.longsight.com
> >>
> >> On Wed, Feb 19, 2014 at 2:37 PM, David DeMizio <dd...@ncf.edu> wrote:
> >>> Hello Mike,
> >>>
> >>> I believe it's possible but you will need to make some changes to the
> >>> code in the .htc-inc folders. I had it working before I changed over to
> >>> ldaps. first in authentication.php look for a line like $ds = ldap
> >>> _connect("ldaps://{$auth['server']}/"); and then there might be a few
> >>> others in authmethods/ldapauth.php. so just change ldaps:// to ldap://
> >>>
> >>> David DeMizio
> >>> *Academic Systems Coordinator*
> >>>
> >>> Office of Information Technology
> >>>
> >>> New College of Florida
> >>> Phone: 941-487-4222 | Fax: 941-487-4356
> >>> www.ncf.edu
> >>>
> >>> On Wed, Feb 19, 2014 at 2:25 PM, Mike Haudenschild
<mi...@longsight.com>wrote:
> >>>> I'm attempting to bind VCL to an LDAP server that is NOT using SSL.
> >>>>
> >>>> Before I started the configuration process and tried to troubleshoot,
> >>>> I
> >>>>
> >>>> thought I would ask if this is even supported.
> >>>>
> >>>> Thanks very much,
> >>>> Mike
- --
- -------------------------------
Josh Thompson
VCL Developer
North Carolina State University
my GPG/PGP key can be found at pgp.mit.edu
All electronic mail messages in connection with State business which
are sent to or received by this account are subject to the NC Public
Records Law and may be disclosed to third parties.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iEYEARECAAYFAlMFGLkACgkQV/LQcNdtPQO77ACdHIukfyXu0RhnKEn+buWr4yPi
UFYAn2WEEJV8KGxawOB/TTgYpZs1a48W
=XdnF
-----END PGP SIGNATURE-----
Re: LDAP without SSL
Posted by David DeMizio <dd...@ncf.edu>.
Glad you were able to get it working..
David DeMizio
*Academic Systems Coordinator*
Office of Information Technology
New College of Florida
Phone: 941-487-4222 | Fax: 941-487-4356
www.ncf.edu
On Wed, Feb 19, 2014 at 3:43 PM, Mike Haudenschild <mi...@longsight.com>wrote:
> Got it. The port is hard-coded in authentication.php on line 362. I
> changed "636" to "389" and everything worked.
>
> Thanks again for your help,
> Mike
>
>
>
> On Wed, Feb 19, 2014 at 3:37 PM, Mike Haudenschild <mi...@longsight.com>wrote:
>
>> Confirmed, and confirmed. A question on syntax: should "maserlogin" be
>> the full DN for the LDAP bind user, or JUST the userid portion (with the
>> rest to be appended by VCL)?
>>
>> Thanks,
>> Mike
>>
>> On Wed, Feb 19, 2014 at 3:31 PM, David DeMizio <dd...@ncf.edu> wrote:
>>
>>> also make sure the require_once(".ht-inc/authmethods/ldapauth.php"); is
>>> not commented at the bottom of the conf.php
>>>
>>> David DeMizio
>>> *Academic Systems Coordinator*
>>> Office of Information Technology
>>> New College of Florida
>>> Phone: 941-487-4222 | Fax: 941-487-4356
>>> www.ncf.edu
>>>
>>>
>>> On Wed, Feb 19, 2014 at 3:21 PM, Mike Haudenschild <mi...@longsight.com>wrote:
>>>
>>>> David,
>>>>
>>>> Thanks. I am able to use the PHP LDAP test script (from another
>>>> message in the VCL listserv archive) to bind, but after changing all
>>>> instances of "ldaps" to "ldap" VCL reports "Unable to connect to
>>>> authentication server." I ran the test script on the same system on which
>>>> VCL's installed.
>>>>
>>>> Anything else you can think of?
>>>>
>>>> Thanks very much,
>>>> Mike
>>>>
>>>> --
>>>> *Mike Haudenschild*
>>>> Longsight
>>>> (740) 599-5005 x809
>>>> mike@longsight.com
>>>> www.longsight.com
>>>>
>>>>
>>>> On Wed, Feb 19, 2014 at 2:37 PM, David DeMizio <dd...@ncf.edu>wrote:
>>>>
>>>>> Hello Mike,
>>>>>
>>>>> I believe it's possible but you will need to make some changes to the
>>>>> code in the .htc-inc folders. I had it working before I changed over
>>>>> to ldaps. first in authentication.php look for a line like $ds = ldap
>>>>> _connect("ldaps://{$auth['server']}/"); and then there might be a few
>>>>> others in authmethods/ldapauth.php. so just change ldaps:// to ldap://
>>>>>
>>>>> David DeMizio
>>>>> *Academic Systems Coordinator*
>>>>> Office of Information Technology
>>>>> New College of Florida
>>>>> Phone: 941-487-4222 | Fax: 941-487-4356
>>>>> www.ncf.edu
>>>>>
>>>>>
>>>>> On Wed, Feb 19, 2014 at 2:25 PM, Mike Haudenschild <mike@longsight.com
>>>>> > wrote:
>>>>>
>>>>>> I'm attempting to bind VCL to an LDAP server that is NOT using SSL.
>>>>>> Before I started the configuration process and tried to troubleshoot, I
>>>>>> thought I would ask if this is even supported.
>>>>>>
>>>>>> Thanks very much,
>>>>>> Mike
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
>
Re: LDAP without SSL
Posted by Mike Haudenschild <mi...@longsight.com>.
Got it. The port is hard-coded in authentication.php on line 362. I
changed "636" to "389" and everything worked.
Thanks again for your help,
Mike
On Wed, Feb 19, 2014 at 3:37 PM, Mike Haudenschild <mi...@longsight.com>wrote:
> Confirmed, and confirmed. A question on syntax: should "maserlogin" be
> the full DN for the LDAP bind user, or JUST the userid portion (with the
> rest to be appended by VCL)?
>
> Thanks,
> Mike
>
> On Wed, Feb 19, 2014 at 3:31 PM, David DeMizio <dd...@ncf.edu> wrote:
>
>> also make sure the require_once(".ht-inc/authmethods/ldapauth.php"); is
>> not commented at the bottom of the conf.php
>>
>> David DeMizio
>> *Academic Systems Coordinator*
>> Office of Information Technology
>> New College of Florida
>> Phone: 941-487-4222 | Fax: 941-487-4356
>> www.ncf.edu
>>
>>
>> On Wed, Feb 19, 2014 at 3:21 PM, Mike Haudenschild <mi...@longsight.com>wrote:
>>
>>> David,
>>>
>>> Thanks. I am able to use the PHP LDAP test script (from another message
>>> in the VCL listserv archive) to bind, but after changing all instances of
>>> "ldaps" to "ldap" VCL reports "Unable to connect to authentication server."
>>> I ran the test script on the same system on which VCL's installed.
>>>
>>> Anything else you can think of?
>>>
>>> Thanks very much,
>>> Mike
>>>
>>> --
>>> *Mike Haudenschild*
>>> Longsight
>>> (740) 599-5005 x809
>>> mike@longsight.com
>>> www.longsight.com
>>>
>>>
>>> On Wed, Feb 19, 2014 at 2:37 PM, David DeMizio <dd...@ncf.edu> wrote:
>>>
>>>> Hello Mike,
>>>>
>>>> I believe it's possible but you will need to make some changes to the
>>>> code in the .htc-inc folders. I had it working before I changed over
>>>> to ldaps. first in authentication.php look for a line like $ds = ldap
>>>> _connect("ldaps://{$auth['server']}/"); and then there might be a few
>>>> others in authmethods/ldapauth.php. so just change ldaps:// to ldap://
>>>>
>>>> David DeMizio
>>>> *Academic Systems Coordinator*
>>>> Office of Information Technology
>>>> New College of Florida
>>>> Phone: 941-487-4222 | Fax: 941-487-4356
>>>> www.ncf.edu
>>>>
>>>>
>>>> On Wed, Feb 19, 2014 at 2:25 PM, Mike Haudenschild <mi...@longsight.com>wrote:
>>>>
>>>>> I'm attempting to bind VCL to an LDAP server that is NOT using SSL.
>>>>> Before I started the configuration process and tried to troubleshoot, I
>>>>> thought I would ask if this is even supported.
>>>>>
>>>>> Thanks very much,
>>>>> Mike
>>>>>
>>>>
>>>>
>>>
>>
>
Re: LDAP without SSL
Posted by Mike Haudenschild <mi...@longsight.com>.
Confirmed, and confirmed. A question on syntax: should "maserlogin" be the
full DN for the LDAP bind user, or JUST the userid portion (with the rest
to be appended by VCL)?
Thanks,
Mike
On Wed, Feb 19, 2014 at 3:31 PM, David DeMizio <dd...@ncf.edu> wrote:
> also make sure the require_once(".ht-inc/authmethods/ldapauth.php"); is
> not commented at the bottom of the conf.php
>
> David DeMizio
> *Academic Systems Coordinator*
> Office of Information Technology
> New College of Florida
> Phone: 941-487-4222 | Fax: 941-487-4356
> www.ncf.edu
>
>
> On Wed, Feb 19, 2014 at 3:21 PM, Mike Haudenschild <mi...@longsight.com>wrote:
>
>> David,
>>
>> Thanks. I am able to use the PHP LDAP test script (from another message
>> in the VCL listserv archive) to bind, but after changing all instances of
>> "ldaps" to "ldap" VCL reports "Unable to connect to authentication server."
>> I ran the test script on the same system on which VCL's installed.
>>
>> Anything else you can think of?
>>
>> Thanks very much,
>> Mike
>>
>> --
>> *Mike Haudenschild*
>> Longsight
>> (740) 599-5005 x809
>> mike@longsight.com
>> www.longsight.com
>>
>>
>> On Wed, Feb 19, 2014 at 2:37 PM, David DeMizio <dd...@ncf.edu> wrote:
>>
>>> Hello Mike,
>>>
>>> I believe it's possible but you will need to make some changes to the
>>> code in the .htc-inc folders. I had it working before I changed over to
>>> ldaps. first in authentication.php look for a line like $ds = ldap
>>> _connect("ldaps://{$auth['server']}/"); and then there might be a few
>>> others in authmethods/ldapauth.php. so just change ldaps:// to ldap://
>>>
>>> David DeMizio
>>> *Academic Systems Coordinator*
>>> Office of Information Technology
>>> New College of Florida
>>> Phone: 941-487-4222 | Fax: 941-487-4356
>>> www.ncf.edu
>>>
>>>
>>> On Wed, Feb 19, 2014 at 2:25 PM, Mike Haudenschild <mi...@longsight.com>wrote:
>>>
>>>> I'm attempting to bind VCL to an LDAP server that is NOT using SSL.
>>>> Before I started the configuration process and tried to troubleshoot, I
>>>> thought I would ask if this is even supported.
>>>>
>>>> Thanks very much,
>>>> Mike
>>>>
>>>
>>>
>>
>
Re: LDAP without SSL
Posted by David DeMizio <dd...@ncf.edu>.
also make sure the require_once(".ht-inc/authmethods/ldapauth.php"); is not
commented at the bottom of the conf.php
David DeMizio
*Academic Systems Coordinator*
Office of Information Technology
New College of Florida
Phone: 941-487-4222 | Fax: 941-487-4356
www.ncf.edu
On Wed, Feb 19, 2014 at 3:21 PM, Mike Haudenschild <mi...@longsight.com>wrote:
> David,
>
> Thanks. I am able to use the PHP LDAP test script (from another message
> in the VCL listserv archive) to bind, but after changing all instances of
> "ldaps" to "ldap" VCL reports "Unable to connect to authentication server."
> I ran the test script on the same system on which VCL's installed.
>
> Anything else you can think of?
>
> Thanks very much,
> Mike
>
> --
> *Mike Haudenschild*
> Longsight
> (740) 599-5005 x809
> mike@longsight.com
> www.longsight.com
>
>
> On Wed, Feb 19, 2014 at 2:37 PM, David DeMizio <dd...@ncf.edu> wrote:
>
>> Hello Mike,
>>
>> I believe it's possible but you will need to make some changes to the
>> code in the .htc-inc folders. I had it working before I changed over to
>> ldaps. first in authentication.php look for a line like $ds = ldap
>> _connect("ldaps://{$auth['server']}/"); and then there might be a few
>> others in authmethods/ldapauth.php. so just change ldaps:// to ldap://
>>
>> David DeMizio
>> *Academic Systems Coordinator*
>> Office of Information Technology
>> New College of Florida
>> Phone: 941-487-4222 | Fax: 941-487-4356
>> www.ncf.edu
>>
>>
>> On Wed, Feb 19, 2014 at 2:25 PM, Mike Haudenschild <mi...@longsight.com>wrote:
>>
>>> I'm attempting to bind VCL to an LDAP server that is NOT using SSL.
>>> Before I started the configuration process and tried to troubleshoot, I
>>> thought I would ask if this is even supported.
>>>
>>> Thanks very much,
>>> Mike
>>>
>>
>>
>
Re: LDAP without SSL
Posted by David DeMizio <dd...@ncf.edu>.
I had the same issue, look in your conf.php and make sure all the settings
are correct , especially server, binddn, userid and the unityid.
David DeMizio
*Academic Systems Coordinator*
Office of Information Technology
New College of Florida
Phone: 941-487-4222 | Fax: 941-487-4356
www.ncf.edu
On Wed, Feb 19, 2014 at 3:21 PM, Mike Haudenschild <mi...@longsight.com>wrote:
> David,
>
> Thanks. I am able to use the PHP LDAP test script (from another message
> in the VCL listserv archive) to bind, but after changing all instances of
> "ldaps" to "ldap" VCL reports "Unable to connect to authentication server."
> I ran the test script on the same system on which VCL's installed.
>
> Anything else you can think of?
>
> Thanks very much,
> Mike
>
> --
> *Mike Haudenschild*
> Longsight
> (740) 599-5005 x809
> mike@longsight.com
> www.longsight.com
>
>
> On Wed, Feb 19, 2014 at 2:37 PM, David DeMizio <dd...@ncf.edu> wrote:
>
>> Hello Mike,
>>
>> I believe it's possible but you will need to make some changes to the
>> code in the .htc-inc folders. I had it working before I changed over to
>> ldaps. first in authentication.php look for a line like $ds = ldap
>> _connect("ldaps://{$auth['server']}/"); and then there might be a few
>> others in authmethods/ldapauth.php. so just change ldaps:// to ldap://
>>
>> David DeMizio
>> *Academic Systems Coordinator*
>> Office of Information Technology
>> New College of Florida
>> Phone: 941-487-4222 | Fax: 941-487-4356
>> www.ncf.edu
>>
>>
>> On Wed, Feb 19, 2014 at 2:25 PM, Mike Haudenschild <mi...@longsight.com>wrote:
>>
>>> I'm attempting to bind VCL to an LDAP server that is NOT using SSL.
>>> Before I started the configuration process and tried to troubleshoot, I
>>> thought I would ask if this is even supported.
>>>
>>> Thanks very much,
>>> Mike
>>>
>>
>>
>
Re: LDAP without SSL
Posted by Mike Haudenschild <mi...@longsight.com>.
David,
Thanks. I am able to use the PHP LDAP test script (from another message in
the VCL listserv archive) to bind, but after changing all instances of
"ldaps" to "ldap" VCL reports "Unable to connect to authentication server."
I ran the test script on the same system on which VCL's installed.
Anything else you can think of?
Thanks very much,
Mike
--
*Mike Haudenschild*
Longsight
(740) 599-5005 x809
mike@longsight.com
www.longsight.com
On Wed, Feb 19, 2014 at 2:37 PM, David DeMizio <dd...@ncf.edu> wrote:
> Hello Mike,
>
> I believe it's possible but you will need to make some changes to the code
> in the .htc-inc folders. I had it working before I changed over to ldaps.
> first in authentication.php look for a line like $ds = ldap_connect("ldaps
> ://{$auth['server']}/"); and then there might be a few others in
> authmethods/ldapauth.php. so just change ldaps:// to ldap://
>
> David DeMizio
> *Academic Systems Coordinator*
> Office of Information Technology
> New College of Florida
> Phone: 941-487-4222 | Fax: 941-487-4356
> www.ncf.edu
>
>
> On Wed, Feb 19, 2014 at 2:25 PM, Mike Haudenschild <mi...@longsight.com>wrote:
>
>> I'm attempting to bind VCL to an LDAP server that is NOT using SSL.
>> Before I started the configuration process and tried to troubleshoot, I
>> thought I would ask if this is even supported.
>>
>> Thanks very much,
>> Mike
>>
>
>
Re: LDAP without SSL
Posted by António Aragão <aa...@di.uminho.pt>.
I add new attribute to fix this issue. Now it works. :-)
2014-03-10 16:47 GMT+00:00 Josh Thompson <jo...@ncsu.edu>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> António,
>
> If you cannot see user group memberships in LDAP when looking up a user,
> you'll need to fix that in LDAP to be able to use the user group mirroring
> feature in VCL. If it can't see what groups the user is in, it can't mirror
> that information into VCL.
>
> Josh
>
> On Monday, March 10, 2014 10:37:56 AM António Aragão wrote:
>> The problem is that I can't any groups. I was trying to show that the
>> user was in the group. When I try to search I get a lot of information
>> but not the groups (user belongs). :-(
>>
>> debugging set
>> protocol 3 set
>> Bind was successful
>> search time: 0.0024378299713135
>> results time: 0.004133939743042
>>
>> Array
>> (
>> [count] => 1
>> [0] => Array
>> (
>> [objectclass] => Array
>> (
>> [count] => 7
>> [0] => top
>> [1] => person
>> [2] => inetOrgPerson
>> [3] => posixAccount
>> [4] => aluno
>> [5] => shadowAccount
>> [6] => sambaSamAccount
>> )
>>
>> [0] => objectclass
>> [uid] => Array
>> (
>> [count] => 1
>> [0] => a12596
>> )
>>
>> [1] => uid
>> [uidnumber] => Array
>> (
>> [count] => 1
>> [0] => 10661
>> )
>>
>> [2] => uidnumber
>> [gidnumber] => Array
>> (
>> [count] => 1
>> [0] => 505
>> )
>>
>> [3] => gidnumber
>> [homedirectory] => Array
>> (
>> [count] => 1
>> [0] => /home/lei/a12596
>> )
>>
>> [4] => homedirectory
>> [loginshell] => Array
>> (
>> [count] => 1
>> [0] => /bin/bash
>> )
>>
>> [5] => loginshell
>> [sambalogontime] => Array
>> (
>> [count] => 1
>> [0] => 0
>> )
>>
>> [6] => sambalogontime
>> [sambaacctflags] => Array
>> (
>> [count] => 1
>> [0] => [UX
>> )
>>
>> [7] => sambaacctflags
>> [sambakickofftime] => Array
>> (
>> [count] => 1
>> [0] => 2147483647
>> )
>>
>> [8] => sambakickofftime
>> [sambapwdlastset] => Array
>> (
>> [count] => 1
>> [0] => 1010179230
>> )
>>
>> [9] => sambapwdlastset
>> [sambasid] => Array
>> (
>> [count] => 1
>> [0] => S-1-5-21-2447931902-1787058256-3961074038-513
>> )
>>
>> [10] => sambasid
>> [sambapwdcanchange] => Array
>> (
>> [count] => 1
>> [0] => 0
>> )
>>
>> [11] => sambapwdcanchange
>> [sambapwdmustchange] => Array
>> (
>> [count] => 1
>> [0] => 2147483647
>> )
>>
>> [12] => sambapwdmustchange
>> [sambaprimarygroupsid] => Array
>> (
>> [count] => 1
>> [0] => S-1-5-21-2447931902-1787058256-3961074038-1201
>> )
>>
>> [13] => sambaprimarygroupsid
>> [uminhoestadoperfil] => Array
>> (
>> [count] => 1
>> [0] => -1
>> )
>>
>> [14] => uminhoestadoperfil
>> [mail] => Array
>> (
>> [count] => 1
>> [0] => aaragao@di.uminho.pt
>> )
>>
>> [15] => mail
>> [uminhonumeromecanografico] => Array
>> (
>> [count] => 1
>> [0] => 12596
>> )
>>
>> [16] => uminhonumeromecanografico
>> [uminhoanocurricular] => Array
>> (
>> [count] => 1
>> [0] => 1
>> )
>>
>> [17] => uminhoanocurricular
>> [uminhocurso] => Array
>> (
>> [count] => 1
>> [0] => Licenciatura em Engenharia Informática
>> )
>>
>> [18] => uminhocurso
>> [uminhociclo] => Array
>> (
>> [count] => 1
>> [0] => 1
>> )
>>
>> [19] => uminhociclo
>> [uminhoestatutoaluno] => Array
>> (
>> [count] => 1
>> [0] => ordinário
>> )
>>
>> [20] => uminhoestatutoaluno
>> [structuralobjectclass] => Array
>> (
>> [count] => 1
>> [0] => inetOrgPerson
>> )
>>
>> [21] => structuralobjectclass
>> [entryuuid] => Array
>> (
>> [count] => 1
>> [0] => 9bc6025a-2a6c-102d-9e6b-551c94d4c913
>> )
>>
>> [22] => entryuuid
>> [creatorsname] => Array
>> (
>> [count] => 1
>> [0] => cn=RWadmin,dc=di,dc=uminho,dc=pt
>> )
>>
>> [23] => creatorsname
>> [createtimestamp] => Array
>> (
>> [count] => 1
>> [0] => 20081009163938Z
>> )
>>
>> [24] => createtimestamp
>> [uminhocodigocontrole] => Array
>> (
>> [count] => 1
>> [0] => --
>> )
>>
>> [25] => uminhocodigocontrole
>> [cn] => Array
>> (
>> [count] => 1
>> [0] => António Pedro Aragão
>> )
>>
>> [26] => cn
>> [displayname] => Array
>> (
>> [count] => 1
>> [0] => António Pedro Aragão
>> )
>>
>> [27] => displayname
>> [sn] => Array
>> (
>> [count] => 1
>> [0] => António Pedro Aragão
>> )
>>
>> [28] => sn
>> [userpassword] => Array
>> (
>> [count] => 1
>> [0] => {SSHA}ButOP2UNCaVufnwm3tWF9OeTcLmL2gSf
>> )
>>
>> [29] => userpassword
>> [sambalmpassword] => Array
>> (
>> [count] => 1
>> [0] => DB8BB37F7910A3B7AAD3B435B51404EE
>> )
>>
>> [30] => sambalmpassword
>> [sambantpassword] => Array
>> (
>> [count] => 1
>> [0] => A42DADD78E4B2D7FF4CA69CD8339613B
>> )
>>
>> [31] => sambantpassword
>> [entrycsn] => Array
>> (
>> [count] => 1
>> [0] => 20081009164642Z#000000#00#000000
>> )
>>
>> [32] => entrycsn
>> [modifiersname] => Array
>> (
>> [count] => 1
>> [0] => uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
>> )
>>
>> [33] => modifiersname
>> [modifytimestamp] => Array
>> (
>> [count] => 1
>> [0] => 20081009164642Z
>> )
>>
>> [34] => modifytimestamp
>> [entrydn] => Array
>> (
>> [count] => 1
>> [0] => uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
>> )
>>
>> [35] => entrydn
>> [subschemasubentry] => Array
>> (
>> [count] => 1
>> [0] => cn=Subschema
>> )
>>
>> [36] => subschemasubentry
>> [hassubordinates] => Array
>> (
>> [count] => 1
>> [0] => FALSE
>> )
>>
>> [37] => hassubordinates
>> [count] => 38
>> [dn] => uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
>> )
>>
>> )
>>
>> 2014-03-07 19:09 GMT+00:00 Josh Thompson <jo...@ncsu.edu>:
>> > -----BEGIN PGP SIGNED MESSAGE-----
>> > Hash: SHA1
>> >
>> > António,
>> >
>> > I may be misunderstanding, but it looks like you are trying to look up the
>> > *group* in LDAP to see which users are members. VCL looks up the *user*
>> > to
>> > see which groups the user is a member of. That way, it only needs to do
>> > one lookup in LDAP to determine which groups a user is a member of. Make
>> > sure you are using the generic.php script to look up the user and then
>> > looking for the list of groups for that user. Did you try using
>> >
>> > $results = array("*", "+");
>> >
>> > for the results?
>> >
>> > Josh
>> >
>> > On Friday, March 07, 2014 6:12:56 PM António Aragão wrote:
>> >> Josh,
>> >>
>> >> I try this:
>> >> [root@ldap1 private]# ldapsearch -x -h localhost -a find -v -b
>> >> dc=di,dc=uminho,dc=pt -w XXXXXX -D cn=XXXXXX,dc=di,dc=uminho,dc=pt -z
>> >> 0 cn=alunos
>> >> ldap_initialize( ldap://localhost )
>> >> filter: cn=alunos
>> >> requesting: All userApplication attributes
>> >> # extended LDIF
>> >> #
>> >> # LDAPv3
>> >> # base <dc=di,dc=uminho,dc=pt> with scope subtree
>> >> # filter: cn=alunos
>> >> # requesting: ALL
>> >> #
>> >>
>> >> # alunos, Groups, di.uminho.pt
>> >> dn: cn=alunos,ou=Groups,dc=di,dc=uminho,dc=pt
>> >> cn: alunos
>> >> gidNumber: 505
>> >> objectClass: posixGroup
>> >> objectClass: top
>> >> memberUid: a12596
>> >>
>> >>
>> >> # search result
>> >> search: 2
>> >> result: 0 Success
>> >>
>> >> # numResponses: 2
>> >> # numEntries: 1
>> >>
>> >> I get this output, there is any problem with posixGroup ? I use
>> >> generic.php with memberUid it outputs:
>> >>
>> >> debugging set
>> >> protocol 3 set
>> >> Bind was successful
>> >> search time: 0.002673864364624
>> >> results time: 0.0031049251556396
>> >>
>> >> Array
>> >> (
>> >>
>> >> [count] => 1
>> >> [0] => Array
>> >>
>> >> (
>> >>
>> >> [count] => 0
>> >> [dn] => uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
>> >>
>> >> )
>> >>
>> >> )
>> >>
>> >> I have used:
>> >>
>> >> $toplevel = 'dc=di,dc=uminho,dc=pt'; # base DN to use
>> >> $search = 'uid=a12596'; # what to search for, examples:
>> >> uid=someuserid, cn=someuserid, samaccountname=someuserid; follows
>> >> normal LDAP query rules
>> >> #$results = array("*","+");
>> >> $results = array("memberUid");
>> >> #$results = array("dn");
>> >> #$results = array('dn', 'givenname', 'sn', 'mail');
>> >>
>> >> It is not able to find which uid=a12596 group belongs. Does anyone
>> >> have this problem ?
>> >>
>> >> Thanks.
>> >>
>> >> 2014-03-07 13:59 GMT+00:00 Josh Thompson <jo...@ncsu.edu>:
>> >> > -----BEGIN PGP SIGNED MESSAGE-----
>> >> > Hash: SHA1
>> >> >
>> >> > António,
>> >> >
>> >> > This line
>> >> >
>> >> > $results = array("dn");
>> >> >
>> >> > is only going to give you the DN of the user that you looked up. Try
>> >> > using
>> >> >
>> >> > $results = array("*", "+");
>> >> >
>> >> > That should give you everything you can see about the user. Somewhere
>> >> > in
>> >> > there, you should see an attribute that lists the groups of which the
>> >> > user
>> >> > is a member. For example, when Active Directory is the LDAP system,
>> >> > the
>> >> > attribute is usually "memberof". So, if that was the case for you, you
>> >> > would then change it to
>> >> >
>> >> > $results = array("memberof");
>> >> >
>> >> > But, I think you'll find something other than "memberof" is the
>> >> > attribute
>> >> > you need.
>> >> >
>> >> > Josh
>> >> >
>> >> > On Friday, March 07, 2014 9:25:59 AM António Aragão wrote:
>> >> >> I put this:
>> >> >>
>> >> >> $toplevel = 'dc=di,dc=uminho,dc=pt'; # base DN to use
>> >> >> $search = 'uid=a12596'; # what to search for, examples:
>> >> >> uid=someuserid, cn=someuserid, samaccountname=someuserid; follows
>> >> >> normal LDAP query rules
>> >> >> #$results = array("*","+");
>> >> >> $results = array("dn");
>> >> >> #$results = array('dn', 'givenname', 'sn', 'mail');
>> >> >>
>> >> >> 2014-03-06 20:13 GMT+00:00 Josh Thompson <jo...@ncsu.edu>:
>> >> >> > -----BEGIN PGP SIGNED MESSAGE-----
>> >> >> > Hash: SHA1
>> >> >> >
>> >> >> > António,
>> >> >> >
>> >> >> > What did you set $toplevel, $search, and $results to in the debug
>> >> >> > script?
>> >> >> >
>> >> >> > Josh
>> >> >> >
>> >> >> > On Thursday, March 06, 2014 6:43:32 PM António Aragão wrote:
>> >> >> >> I try it and:
>> >> >> >>
>> >> >> >> debugging set
>> >> >> >> protocol 3 set
>> >> >> >> Bind was successful
>> >> >> >> search time: 0.0014631748199463
>> >> >> >> results time: 0.0016670227050781
>> >> >> >>
>> >> >> >> Array
>> >> >> >> (
>> >> >> >>
>> >> >> >> [count] => 1
>> >> >> >> [0] => Array
>> >> >> >>
>> >> >> >> (
>> >> >> >>
>> >> >> >> [count] => 0
>> >> >> >> [dn] => uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
>> >> >> >>
>> >> >> >> )
>> >> >> >>
>> >> >> >> )
>> >> >> >>
>> >> >> >> It doesn't show the group. Can anyone sends me ldap group
>> >> >> >> description
>> >> >> >> that works ?
>> >> >> >>
>> >> >> >> Thanks.
>> >> >> >>
>> >> >> >> 2014-03-05 15:34 GMT+00:00 António Aragão <aa...@di.uminho.pt>:
>> >> >> >> > The account I use it's admin (read only) account but I will try
>> >> >> >> > the
>> >> >> >> > debug script soon as I can.
>> >> >> >> >
>> >> >> >> > Thanks.
>> >> >> >> >
>> >> >> >> > 2014-03-03 20:19 GMT+00:00 Josh Thompson
> <jo...@ncsu.edu>:
>> >> >> >> >> -----BEGIN PGP SIGNED MESSAGE-----
>> >> >> >> >> Hash: SHA1
>> >> >> >> >>
>> >> >> >> >> António,
>> >> >> >> >>
>> >> >> >> >> I'm not sure why it is not seeing the group membership. You may
>> >> >> >> >> want
>> >> >> >> >> to
>> >> >> >> >> check that the account you are using to log in to LDAP has
>> >> >> >> >> access
>> >> >> >> >> to
>> >> >> >> >> see
>> >> >> >> >> the group memberships.
>> >> >> >> >>
>> >> >> >> >> Also, I updated http://vcl.apache.org/docs/ldapauth.html to have
>> >> >> >> >> a
>> >> >> >> >> brief
>> >> >> >> >> paragraph at the bottom about how to debug connections. There
>> >> >> >> >> is a
>> >> >> >> >> link
>> >> >> >> >> to a debug script I often use to get things sorted out. You may
>> >> >> >> >> find
>> >> >> >> >> that script helpful.
>> >> >> >> >>
>> >> >> >> >> Josh
>> >> >> >> >>
>> >> >> >> >> On Monday, March 03, 2014 4:48:08 PM António Aragão wrote:
>> >> >> >> >>> Hi Josh,
>> >> >> >> >>>
>> >> >> >> >>> the binddn is: dc=di,dc=uminho,dc=pt
>> >> >> >> >>>
>> >> >> >> >>> the attribute is: memberUid
>> >> >> >> >>>
>> >> >> >> >>> Thanks.
>> >> >> >> >>>
>> >> >> >> >>> 2014-03-03 15:42 GMT+00:00 Josh Thompson
> <jo...@ncsu.edu>:
>> >> >> >> >>> > -----BEGIN PGP SIGNED MESSAGE-----
>> >> >> >> >>> > Hash: SHA1
>> >> >> >> >>> >
>> >> >> >> >>> > António,
>> >> >> >> >>> >
>> >> >> >> >>> > Sorry for the late response.
>> >> >> >> >>> >
>> >> >> >> >>> > What do you have set for binddn for your LDAP server? Also,
>> >> >> >> >>> > what
>> >> >> >> >>> > attribute
>> >> >> >> >>> > are you searching on in LDAP?
>> >> >> >> >>> >
>> >> >> >> >>> > Josh
>> >> >> >> >>> >
>> >> >> >> >>> > On Thursday, February 27, 2014 11:01:49 AM António Aragão
> wrote:
>> >> >> >> >>> >> I get this:
>> >> >> >> >>> >>
>> >> >> >> >>> >> Array
>> >> >> >> >>> >> (
>> >> >> >> >>> >>
>> >> >> >> >>> >> [count] => 1
>> >> >> >> >>> >> [0] => Array
>> >> >> >> >>> >>
>> >> >> >> >>> >> (
>> >> >> >> >>> >>
>> >> >> >> >>> >> [count] => 0
>> >> >> >> >>> >> [dn] =>
>> >> >> >> >>> >> uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
>> >> >> >> >>> >>
>> >> >> >> >>> >> )
>> >> >> >> >>> >>
>> >> >> >> >>> >> )
>> >> >> >> >>> >>
>> >> >> >> >>> >> But in LDAP server:
>> >> >> >> >>> >>
>> >> >> >> >>> >> dn: cn=alunos,ou=Groups,dc=di,dc=uminho,dc=pt
>> >> >> >> >>> >> cn: alunos
>> >> >> >> >>> >> gidNumber: 505
>> >> >> >> >>> >> objectClass: posixGroup
>> >> >> >> >>> >> objectClass: top
>> >> >> >> >>> >> structuralObjectClass: posixGroup
>> >> >> >> >>> >> entryUUID: a4050df8-298b-102d-9292-83a608533f73
>> >> >> >> >>> >> creatorsName: cn=admin,dc=di,dc=uminho,dc=pt
>> >> >> >> >>> >> createTimestamp: 20081008134915Z
>> >> >> >> >>> >> memberUid: uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
>> >> >> >> >>> >> memberUid: a12596
>> >> >> >> >>> >> memberUid: uid=a12596
>> >> >> >> >>> >> entryCSN: 20140227104950Z#000000#00#000000
>> >> >> >> >>> >> modifiersName: cn=admin,dc=di,dc=uminho,dc=pt
>> >> >> >> >>> >> modifyTimestamp: 20140227104950Z
>> >> >> >> >>> >>
>> >> >> >> >>> >> It appears that cannot find the group.
>> >> >> >> >>> >>
>> >> >> >> >>> >> Any clues ?
>> >> >> >> >>> >>
>> >> >> >> >>> >> Em 20-02-2014 13:49, David DeMizio escreveu:
>> >> >> >> >>> >> > Have a look at this post, I think it's what you are
>> >> >> >> >>> >> > referring
>> >> >> >> >>> >> > to
>> >> >> >> >>> >> >
>> >> >> >> >>> >> > http://vcl.markmail.org/search/?q=ldap+groups#query:ldap%2
>> >> >> >> >>> >> > 0gr
>> >> >> >> >>> >> > oup
>> >> >> >> >>> >> > s+p
>> >> >> >> >>> >> > age:
>> >> >> >> >>> >> > 2+m
>> >> >> >> >>> >> > id:y5s64fhipakutbkp+state:results
>> >> >> >> >>> >> >
>> >> >> >> >>> >> > David DeMizio
>> >> >> >> >>> >> > /Academic Systems Coordinator/
>> >> >> >> >>> >> > Office of Information Technology
>> >> >> >> >>> >> > New College of Florida
>> >> >> >> >>> >> > Phone: 941-487-4222 | Fax: 941-487-4356
>> >> >> >> >>> >> > www.ncf.edu <http://www.ncf.edu/>
>> >> >> >> >>> >> >
>> >> >> >> >>> >> >
>> >> >> >> >>> >> > On Thu, Feb 20, 2014 at 4:38 AM, António Aragão
>> >> >> >> >>> >> > <aaragao@di.uminho.pt
>> >> >> >> >>> >> >
>> >> >> >> >>> >> > <ma...@di.uminho.pt>> wrote:
>> >> >> >> >>> >> > Hello,
>> >> >> >> >>> >> >
>> >> >> >> >>> >> > i tested this changes and works. I was only unable to
>> >> >> >> >>> >> > populate
>> >> >> >> >>> >> > a
>> >> >> >> >>> >> > group with LDAP users, does anyone have this problem ?
>> >> >> >> >>> >> >
>> >> >> >> >>> >> > Em 19-02-2014 19:37, David DeMizio escreveu:
>> >> >> >> >>> >> >> Hello Mike,
>> >> >> >> >>> >> >>
>> >> >> >> >>> >> >> I believe it's possible but you will need to make
>> >> >> >> >>> >> >> some
>> >> >> >> >>> >> >> changes
>> >> >> >> >>> >> >> to
>> >> >> >> >>> >> >> the code in the .htc-inc folders. I had it working
>> >> >> >> >>> >> >> before I
>> >> >> >> >>> >> >> changed over to ldaps. first in authentication.php
>> >> >> >> >>> >> >> look
>> >> >> >> >>> >> >> for
>> >> >> >> >>> >> >> a
>> >> >> >> >>> >> >> line like $ds =
>> >> >> >> >>> >> >> ldap_connect("ldaps://{$auth['server']}/");
>> >> >> >> >>> >> >> and
>> >> >> >> >>> >> >> then there might be a few others in
>> >> >> >> >>> >> >> authmethods/ldapauth.php.
>> >> >> >> >>> >> >> so
>> >> >> >> >>> >> >> just change ldaps:// to ldap://
>> >> >> >> >>> >> >>
>> >> >> >> >>> >> >> David DeMizio
>> >> >> >> >>> >> >> /Academic Systems Coordinator/
>> >> >> >> >>> >> >> Office of Information Technology
>> >> >> >> >>> >> >> New College of Florida
>> >> >> >> >>> >> >> Phone: 941-487-4222 | Fax: 941-487-4356
>> >> >> >> >>> >> >> www.ncf.edu <http://www.ncf.edu/>
>> >> >> >> >>> >> >>
>> >> >> >> >>> >> >>
>> >> >> >> >>> >> >> On Wed, Feb 19, 2014 at 2:25 PM, Mike Haudenschild
>> >> >> >> >>> >> >>
>> >> >> >> >>> >> >> <mike@longsight.com <ma...@longsight.com>>
> wrote:
>> >> >> >> >>> >> >> I'm attempting to bind VCL to an LDAP server that
>> >> >> >> >>> >> >> is
>> >> >> >> >>> >> >> NOT
>> >> >> >> >>> >> >> using SSL. Before I started the configuration
>> >> >> >> >>> >> >> process
>> >> >> >> >>> >> >> and
>> >> >> >> >>> >> >> tried to troubleshoot, I thought I would ask if
>> >> >> >> >>> >> >> this
>> >> >> >> >>> >> >> is
>> >> >> >> >>> >> >> even
>> >> >> >> >>> >> >> supported.
>> >> >> >> >>> >> >>
>> >> >> >> >>> >> >> Thanks very much,
>> >> >> >> >>> >> >> Mike
>> >> >> >> >>> >>
>> >> >> >> >>> >> --
>> >> >> >> >>> >
>> >> >> >> >>> > - --
>> >> >> >> >>> > - -------------------------------
>> >> >> >> >>> > Josh Thompson
>> >> >> >> >>> > VCL Developer
>> >> >> >> >>> > North Carolina State University
>> >> >> >> >>> >
>> >> >> >> >>> > my GPG/PGP key can be found at pgp.mit.edu
>> >> >> >> >>> >
>> >> >> >> >>> > All electronic mail messages in connection with State
>> >> >> >> >>> > business
>> >> >> >> >>> > which
>> >> >> >> >>> > are sent to or received by this account are subject to the NC
>> >> >> >> >>> > Public
>> >> >> >> >>> > Records Law and may be disclosed to third parties.
>> >> >> >> >>> > -----BEGIN PGP SIGNATURE-----
>> >> >> >> >>> > Version: GnuPG v2.0.22 (GNU/Linux)
>> >> >> >> >>> >
>> >> >> >> >>> > iEYEARECAAYFAlMUowEACgkQV/LQcNdtPQOpKACeK648IGA+FGCJXQsoVWbhK
>> >> >> >> >>> > 5ZT
>> >> >> >> >>> > 04AAn0PXU/9HINkZLNAJ4tcwFBfeFddQ
>> >> >> >> >>> > =MKhx
>> >> >> >> >>> > -----END PGP SIGNATURE-----
>> >> >> >> >>
>> >> >> >> >> - --
>> >> >> >> >> - -------------------------------
>> >> >> >> >> Josh Thompson
>> >> >> >> >> VCL Developer
>> >> >> >> >> North Carolina State University
>> >> >> >> >>
>> >> >> >> >> my GPG/PGP key can be found at pgp.mit.edu
>> >> >> >> >>
>> >> >> >> >> All electronic mail messages in connection with State business
>> >> >> >> >> which
>> >> >> >> >> are sent to or received by this account are subject to the NC
>> >> >> >> >> Public
>> >> >> >> >> Records Law and may be disclosed to third parties.
>> >> >> >> >> -----BEGIN PGP SIGNATURE-----
>> >> >> >> >> Version: GnuPG v2.0.22 (GNU/Linux)
>> >> >> >> >>
>> >> >> >> >> iEYEARECAAYFAlMU4+YACgkQV/LQcNdtPQNogwCfcd+0cZYlbwNNKIW4GHpEwn5O
>> >> >> >> >> 7FMAn1ZA7u1DlMW++CA7rytjXRqCJ0Bp
>> >> >> >> >> =SxbG
>> >> >> >> >> -----END PGP SIGNATURE-----
>> >> >> >> >
>> >> >> >> > --
>> >> >> >> > --
>> >> >> >> > http://www.di.uminho.pt/~apa/email/cartao_virtual_email_aaragao.p
>> >> >> >> > ng
>> >> >> >
>> >> >> > - --
>> >> >> > - -------------------------------
>> >> >> > Josh Thompson
>> >> >> > VCL Developer
>> >> >> > North Carolina State University
>> >> >> >
>> >> >> > my GPG/PGP key can be found at pgp.mit.edu
>> >> >> >
>> >> >> > All electronic mail messages in connection with State business which
>> >> >> > are sent to or received by this account are subject to the NC Public
>> >> >> > Records Law and may be disclosed to third parties.
>> >> >> > -----BEGIN PGP SIGNATURE-----
>> >> >> > Version: GnuPG v2.0.22 (GNU/Linux)
>> >> >> >
>> >> >> > iEYEARECAAYFAlMY1uYACgkQV/LQcNdtPQNzVwCfQRxlbDf0ub/a16B4ct8YHqtS
>> >> >> > Y/4An0z6tX0sgHIojFZKH32c6egygmuG
>> >> >> > =8747
>> >> >> > -----END PGP SIGNATURE-----
>> >> >
>> >> > - --
>> >> > - -------------------------------
>> >> > Josh Thompson
>> >> > VCL Developer
>> >> > North Carolina State University
>> >> >
>> >> > my GPG/PGP key can be found at pgp.mit.edu
>> >> >
>> >> > All electronic mail messages in connection with State business which
>> >> > are sent to or received by this account are subject to the NC Public
>> >> > Records Law and may be disclosed to third parties.
>> >> > -----BEGIN PGP SIGNATURE-----
>> >> > Version: GnuPG v2.0.22 (GNU/Linux)
>> >> >
>> >> > iEYEARECAAYFAlMZ0NYACgkQV/LQcNdtPQOS2QCfap8wtiFFHeAASQjggcf1C1pr
>> >> > aZ4An1wUnqTJuQzyJ1Acu4xXKY5E0+W1
>> >> > =w1Im
>> >> > -----END PGP SIGNATURE-----
>> >
>> > - --
>> > - -------------------------------
>> > Josh Thompson
>> > VCL Developer
>> > North Carolina State University
>> >
>> > my GPG/PGP key can be found at pgp.mit.edu
>> >
>> > All electronic mail messages in connection with State business which
>> > are sent to or received by this account are subject to the NC Public
>> > Records Law and may be disclosed to third parties.
>> > -----BEGIN PGP SIGNATURE-----
>> > Version: GnuPG v2.0.22 (GNU/Linux)
>> >
>> > iEYEARECAAYFAlMaGW4ACgkQV/LQcNdtPQMYRACfew0x3SrDix0Wzqamcbb+EIll
>> > HEwAn3dSJUadmgNqqEf0MySVw5xHOsCF
>> > =Ij+S
>> > -----END PGP SIGNATURE-----
> - --
> - -------------------------------
> Josh Thompson
> VCL Developer
> North Carolina State University
>
> my GPG/PGP key can be found at pgp.mit.edu
>
> All electronic mail messages in connection with State business which
> are sent to or received by this account are subject to the NC Public
> Records Law and may be disclosed to third parties.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (GNU/Linux)
>
> iEYEARECAAYFAlMd7L0ACgkQV/LQcNdtPQPfwQCfV/OKeGrc2kmiQXQUG5zYGNvI
> iPYAn1nCwy86rCrrnrx2sHfa6vD0CmRr
> =LTQ+
> -----END PGP SIGNATURE-----
>
--
http://www.di.uminho.pt/~apa/email/cartao_virtual_email_aaragao.png
Re: LDAP without SSL
Posted by Josh Thompson <jo...@ncsu.edu>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
António,
If you cannot see user group memberships in LDAP when looking up a user,
you'll need to fix that in LDAP to be able to use the user group mirroring
feature in VCL. If it can't see what groups the user is in, it can't mirror
that information into VCL.
Josh
On Monday, March 10, 2014 10:37:56 AM António Aragão wrote:
> The problem is that I can't any groups. I was trying to show that the
> user was in the group. When I try to search I get a lot of information
> but not the groups (user belongs). :-(
>
> debugging set
> protocol 3 set
> Bind was successful
> search time: 0.0024378299713135
> results time: 0.004133939743042
>
> Array
> (
> [count] => 1
> [0] => Array
> (
> [objectclass] => Array
> (
> [count] => 7
> [0] => top
> [1] => person
> [2] => inetOrgPerson
> [3] => posixAccount
> [4] => aluno
> [5] => shadowAccount
> [6] => sambaSamAccount
> )
>
> [0] => objectclass
> [uid] => Array
> (
> [count] => 1
> [0] => a12596
> )
>
> [1] => uid
> [uidnumber] => Array
> (
> [count] => 1
> [0] => 10661
> )
>
> [2] => uidnumber
> [gidnumber] => Array
> (
> [count] => 1
> [0] => 505
> )
>
> [3] => gidnumber
> [homedirectory] => Array
> (
> [count] => 1
> [0] => /home/lei/a12596
> )
>
> [4] => homedirectory
> [loginshell] => Array
> (
> [count] => 1
> [0] => /bin/bash
> )
>
> [5] => loginshell
> [sambalogontime] => Array
> (
> [count] => 1
> [0] => 0
> )
>
> [6] => sambalogontime
> [sambaacctflags] => Array
> (
> [count] => 1
> [0] => [UX
> )
>
> [7] => sambaacctflags
> [sambakickofftime] => Array
> (
> [count] => 1
> [0] => 2147483647
> )
>
> [8] => sambakickofftime
> [sambapwdlastset] => Array
> (
> [count] => 1
> [0] => 1010179230
> )
>
> [9] => sambapwdlastset
> [sambasid] => Array
> (
> [count] => 1
> [0] => S-1-5-21-2447931902-1787058256-3961074038-513
> )
>
> [10] => sambasid
> [sambapwdcanchange] => Array
> (
> [count] => 1
> [0] => 0
> )
>
> [11] => sambapwdcanchange
> [sambapwdmustchange] => Array
> (
> [count] => 1
> [0] => 2147483647
> )
>
> [12] => sambapwdmustchange
> [sambaprimarygroupsid] => Array
> (
> [count] => 1
> [0] => S-1-5-21-2447931902-1787058256-3961074038-1201
> )
>
> [13] => sambaprimarygroupsid
> [uminhoestadoperfil] => Array
> (
> [count] => 1
> [0] => -1
> )
>
> [14] => uminhoestadoperfil
> [mail] => Array
> (
> [count] => 1
> [0] => aaragao@di.uminho.pt
> )
>
> [15] => mail
> [uminhonumeromecanografico] => Array
> (
> [count] => 1
> [0] => 12596
> )
>
> [16] => uminhonumeromecanografico
> [uminhoanocurricular] => Array
> (
> [count] => 1
> [0] => 1
> )
>
> [17] => uminhoanocurricular
> [uminhocurso] => Array
> (
> [count] => 1
> [0] => Licenciatura em Engenharia Informática
> )
>
> [18] => uminhocurso
> [uminhociclo] => Array
> (
> [count] => 1
> [0] => 1
> )
>
> [19] => uminhociclo
> [uminhoestatutoaluno] => Array
> (
> [count] => 1
> [0] => ordinário
> )
>
> [20] => uminhoestatutoaluno
> [structuralobjectclass] => Array
> (
> [count] => 1
> [0] => inetOrgPerson
> )
>
> [21] => structuralobjectclass
> [entryuuid] => Array
> (
> [count] => 1
> [0] => 9bc6025a-2a6c-102d-9e6b-551c94d4c913
> )
>
> [22] => entryuuid
> [creatorsname] => Array
> (
> [count] => 1
> [0] => cn=RWadmin,dc=di,dc=uminho,dc=pt
> )
>
> [23] => creatorsname
> [createtimestamp] => Array
> (
> [count] => 1
> [0] => 20081009163938Z
> )
>
> [24] => createtimestamp
> [uminhocodigocontrole] => Array
> (
> [count] => 1
> [0] => --
> )
>
> [25] => uminhocodigocontrole
> [cn] => Array
> (
> [count] => 1
> [0] => António Pedro Aragão
> )
>
> [26] => cn
> [displayname] => Array
> (
> [count] => 1
> [0] => António Pedro Aragão
> )
>
> [27] => displayname
> [sn] => Array
> (
> [count] => 1
> [0] => António Pedro Aragão
> )
>
> [28] => sn
> [userpassword] => Array
> (
> [count] => 1
> [0] => {SSHA}ButOP2UNCaVufnwm3tWF9OeTcLmL2gSf
> )
>
> [29] => userpassword
> [sambalmpassword] => Array
> (
> [count] => 1
> [0] => DB8BB37F7910A3B7AAD3B435B51404EE
> )
>
> [30] => sambalmpassword
> [sambantpassword] => Array
> (
> [count] => 1
> [0] => A42DADD78E4B2D7FF4CA69CD8339613B
> )
>
> [31] => sambantpassword
> [entrycsn] => Array
> (
> [count] => 1
> [0] => 20081009164642Z#000000#00#000000
> )
>
> [32] => entrycsn
> [modifiersname] => Array
> (
> [count] => 1
> [0] => uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
> )
>
> [33] => modifiersname
> [modifytimestamp] => Array
> (
> [count] => 1
> [0] => 20081009164642Z
> )
>
> [34] => modifytimestamp
> [entrydn] => Array
> (
> [count] => 1
> [0] => uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
> )
>
> [35] => entrydn
> [subschemasubentry] => Array
> (
> [count] => 1
> [0] => cn=Subschema
> )
>
> [36] => subschemasubentry
> [hassubordinates] => Array
> (
> [count] => 1
> [0] => FALSE
> )
>
> [37] => hassubordinates
> [count] => 38
> [dn] => uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
> )
>
> )
>
> 2014-03-07 19:09 GMT+00:00 Josh Thompson <jo...@ncsu.edu>:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > António,
> >
> > I may be misunderstanding, but it looks like you are trying to look up the
> > *group* in LDAP to see which users are members. VCL looks up the *user*
> > to
> > see which groups the user is a member of. That way, it only needs to do
> > one lookup in LDAP to determine which groups a user is a member of. Make
> > sure you are using the generic.php script to look up the user and then
> > looking for the list of groups for that user. Did you try using
> >
> > $results = array("*", "+");
> >
> > for the results?
> >
> > Josh
> >
> > On Friday, March 07, 2014 6:12:56 PM António Aragão wrote:
> >> Josh,
> >>
> >> I try this:
> >> [root@ldap1 private]# ldapsearch -x -h localhost -a find -v -b
> >> dc=di,dc=uminho,dc=pt -w XXXXXX -D cn=XXXXXX,dc=di,dc=uminho,dc=pt -z
> >> 0 cn=alunos
> >> ldap_initialize( ldap://localhost )
> >> filter: cn=alunos
> >> requesting: All userApplication attributes
> >> # extended LDIF
> >> #
> >> # LDAPv3
> >> # base <dc=di,dc=uminho,dc=pt> with scope subtree
> >> # filter: cn=alunos
> >> # requesting: ALL
> >> #
> >>
> >> # alunos, Groups, di.uminho.pt
> >> dn: cn=alunos,ou=Groups,dc=di,dc=uminho,dc=pt
> >> cn: alunos
> >> gidNumber: 505
> >> objectClass: posixGroup
> >> objectClass: top
> >> memberUid: a12596
> >>
> >>
> >> # search result
> >> search: 2
> >> result: 0 Success
> >>
> >> # numResponses: 2
> >> # numEntries: 1
> >>
> >> I get this output, there is any problem with posixGroup ? I use
> >> generic.php with memberUid it outputs:
> >>
> >> debugging set
> >> protocol 3 set
> >> Bind was successful
> >> search time: 0.002673864364624
> >> results time: 0.0031049251556396
> >>
> >> Array
> >> (
> >>
> >> [count] => 1
> >> [0] => Array
> >>
> >> (
> >>
> >> [count] => 0
> >> [dn] => uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
> >>
> >> )
> >>
> >> )
> >>
> >> I have used:
> >>
> >> $toplevel = 'dc=di,dc=uminho,dc=pt'; # base DN to use
> >> $search = 'uid=a12596'; # what to search for, examples:
> >> uid=someuserid, cn=someuserid, samaccountname=someuserid; follows
> >> normal LDAP query rules
> >> #$results = array("*","+");
> >> $results = array("memberUid");
> >> #$results = array("dn");
> >> #$results = array('dn', 'givenname', 'sn', 'mail');
> >>
> >> It is not able to find which uid=a12596 group belongs. Does anyone
> >> have this problem ?
> >>
> >> Thanks.
> >>
> >> 2014-03-07 13:59 GMT+00:00 Josh Thompson <jo...@ncsu.edu>:
> >> > -----BEGIN PGP SIGNED MESSAGE-----
> >> > Hash: SHA1
> >> >
> >> > António,
> >> >
> >> > This line
> >> >
> >> > $results = array("dn");
> >> >
> >> > is only going to give you the DN of the user that you looked up. Try
> >> > using
> >> >
> >> > $results = array("*", "+");
> >> >
> >> > That should give you everything you can see about the user. Somewhere
> >> > in
> >> > there, you should see an attribute that lists the groups of which the
> >> > user
> >> > is a member. For example, when Active Directory is the LDAP system,
> >> > the
> >> > attribute is usually "memberof". So, if that was the case for you, you
> >> > would then change it to
> >> >
> >> > $results = array("memberof");
> >> >
> >> > But, I think you'll find something other than "memberof" is the
> >> > attribute
> >> > you need.
> >> >
> >> > Josh
> >> >
> >> > On Friday, March 07, 2014 9:25:59 AM António Aragão wrote:
> >> >> I put this:
> >> >>
> >> >> $toplevel = 'dc=di,dc=uminho,dc=pt'; # base DN to use
> >> >> $search = 'uid=a12596'; # what to search for, examples:
> >> >> uid=someuserid, cn=someuserid, samaccountname=someuserid; follows
> >> >> normal LDAP query rules
> >> >> #$results = array("*","+");
> >> >> $results = array("dn");
> >> >> #$results = array('dn', 'givenname', 'sn', 'mail');
> >> >>
> >> >> 2014-03-06 20:13 GMT+00:00 Josh Thompson <jo...@ncsu.edu>:
> >> >> > -----BEGIN PGP SIGNED MESSAGE-----
> >> >> > Hash: SHA1
> >> >> >
> >> >> > António,
> >> >> >
> >> >> > What did you set $toplevel, $search, and $results to in the debug
> >> >> > script?
> >> >> >
> >> >> > Josh
> >> >> >
> >> >> > On Thursday, March 06, 2014 6:43:32 PM António Aragão wrote:
> >> >> >> I try it and:
> >> >> >>
> >> >> >> debugging set
> >> >> >> protocol 3 set
> >> >> >> Bind was successful
> >> >> >> search time: 0.0014631748199463
> >> >> >> results time: 0.0016670227050781
> >> >> >>
> >> >> >> Array
> >> >> >> (
> >> >> >>
> >> >> >> [count] => 1
> >> >> >> [0] => Array
> >> >> >>
> >> >> >> (
> >> >> >>
> >> >> >> [count] => 0
> >> >> >> [dn] => uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
> >> >> >>
> >> >> >> )
> >> >> >>
> >> >> >> )
> >> >> >>
> >> >> >> It doesn't show the group. Can anyone sends me ldap group
> >> >> >> description
> >> >> >> that works ?
> >> >> >>
> >> >> >> Thanks.
> >> >> >>
> >> >> >> 2014-03-05 15:34 GMT+00:00 António Aragão <aa...@di.uminho.pt>:
> >> >> >> > The account I use it's admin (read only) account but I will try
> >> >> >> > the
> >> >> >> > debug script soon as I can.
> >> >> >> >
> >> >> >> > Thanks.
> >> >> >> >
> >> >> >> > 2014-03-03 20:19 GMT+00:00 Josh Thompson
<jo...@ncsu.edu>:
> >> >> >> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> >> >> >> Hash: SHA1
> >> >> >> >>
> >> >> >> >> António,
> >> >> >> >>
> >> >> >> >> I'm not sure why it is not seeing the group membership. You may
> >> >> >> >> want
> >> >> >> >> to
> >> >> >> >> check that the account you are using to log in to LDAP has
> >> >> >> >> access
> >> >> >> >> to
> >> >> >> >> see
> >> >> >> >> the group memberships.
> >> >> >> >>
> >> >> >> >> Also, I updated http://vcl.apache.org/docs/ldapauth.html to have
> >> >> >> >> a
> >> >> >> >> brief
> >> >> >> >> paragraph at the bottom about how to debug connections. There
> >> >> >> >> is a
> >> >> >> >> link
> >> >> >> >> to a debug script I often use to get things sorted out. You may
> >> >> >> >> find
> >> >> >> >> that script helpful.
> >> >> >> >>
> >> >> >> >> Josh
> >> >> >> >>
> >> >> >> >> On Monday, March 03, 2014 4:48:08 PM António Aragão wrote:
> >> >> >> >>> Hi Josh,
> >> >> >> >>>
> >> >> >> >>> the binddn is: dc=di,dc=uminho,dc=pt
> >> >> >> >>>
> >> >> >> >>> the attribute is: memberUid
> >> >> >> >>>
> >> >> >> >>> Thanks.
> >> >> >> >>>
> >> >> >> >>> 2014-03-03 15:42 GMT+00:00 Josh Thompson
<jo...@ncsu.edu>:
> >> >> >> >>> > -----BEGIN PGP SIGNED MESSAGE-----
> >> >> >> >>> > Hash: SHA1
> >> >> >> >>> >
> >> >> >> >>> > António,
> >> >> >> >>> >
> >> >> >> >>> > Sorry for the late response.
> >> >> >> >>> >
> >> >> >> >>> > What do you have set for binddn for your LDAP server? Also,
> >> >> >> >>> > what
> >> >> >> >>> > attribute
> >> >> >> >>> > are you searching on in LDAP?
> >> >> >> >>> >
> >> >> >> >>> > Josh
> >> >> >> >>> >
> >> >> >> >>> > On Thursday, February 27, 2014 11:01:49 AM António Aragão
wrote:
> >> >> >> >>> >> I get this:
> >> >> >> >>> >>
> >> >> >> >>> >> Array
> >> >> >> >>> >> (
> >> >> >> >>> >>
> >> >> >> >>> >> [count] => 1
> >> >> >> >>> >> [0] => Array
> >> >> >> >>> >>
> >> >> >> >>> >> (
> >> >> >> >>> >>
> >> >> >> >>> >> [count] => 0
> >> >> >> >>> >> [dn] =>
> >> >> >> >>> >> uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
> >> >> >> >>> >>
> >> >> >> >>> >> )
> >> >> >> >>> >>
> >> >> >> >>> >> )
> >> >> >> >>> >>
> >> >> >> >>> >> But in LDAP server:
> >> >> >> >>> >>
> >> >> >> >>> >> dn: cn=alunos,ou=Groups,dc=di,dc=uminho,dc=pt
> >> >> >> >>> >> cn: alunos
> >> >> >> >>> >> gidNumber: 505
> >> >> >> >>> >> objectClass: posixGroup
> >> >> >> >>> >> objectClass: top
> >> >> >> >>> >> structuralObjectClass: posixGroup
> >> >> >> >>> >> entryUUID: a4050df8-298b-102d-9292-83a608533f73
> >> >> >> >>> >> creatorsName: cn=admin,dc=di,dc=uminho,dc=pt
> >> >> >> >>> >> createTimestamp: 20081008134915Z
> >> >> >> >>> >> memberUid: uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
> >> >> >> >>> >> memberUid: a12596
> >> >> >> >>> >> memberUid: uid=a12596
> >> >> >> >>> >> entryCSN: 20140227104950Z#000000#00#000000
> >> >> >> >>> >> modifiersName: cn=admin,dc=di,dc=uminho,dc=pt
> >> >> >> >>> >> modifyTimestamp: 20140227104950Z
> >> >> >> >>> >>
> >> >> >> >>> >> It appears that cannot find the group.
> >> >> >> >>> >>
> >> >> >> >>> >> Any clues ?
> >> >> >> >>> >>
> >> >> >> >>> >> Em 20-02-2014 13:49, David DeMizio escreveu:
> >> >> >> >>> >> > Have a look at this post, I think it's what you are
> >> >> >> >>> >> > referring
> >> >> >> >>> >> > to
> >> >> >> >>> >> >
> >> >> >> >>> >> > http://vcl.markmail.org/search/?q=ldap+groups#query:ldap%2
> >> >> >> >>> >> > 0gr
> >> >> >> >>> >> > oup
> >> >> >> >>> >> > s+p
> >> >> >> >>> >> > age:
> >> >> >> >>> >> > 2+m
> >> >> >> >>> >> > id:y5s64fhipakutbkp+state:results
> >> >> >> >>> >> >
> >> >> >> >>> >> > David DeMizio
> >> >> >> >>> >> > /Academic Systems Coordinator/
> >> >> >> >>> >> > Office of Information Technology
> >> >> >> >>> >> > New College of Florida
> >> >> >> >>> >> > Phone: 941-487-4222 | Fax: 941-487-4356
> >> >> >> >>> >> > www.ncf.edu <http://www.ncf.edu/>
> >> >> >> >>> >> >
> >> >> >> >>> >> >
> >> >> >> >>> >> > On Thu, Feb 20, 2014 at 4:38 AM, António Aragão
> >> >> >> >>> >> > <aaragao@di.uminho.pt
> >> >> >> >>> >> >
> >> >> >> >>> >> > <ma...@di.uminho.pt>> wrote:
> >> >> >> >>> >> > Hello,
> >> >> >> >>> >> >
> >> >> >> >>> >> > i tested this changes and works. I was only unable to
> >> >> >> >>> >> > populate
> >> >> >> >>> >> > a
> >> >> >> >>> >> > group with LDAP users, does anyone have this problem ?
> >> >> >> >>> >> >
> >> >> >> >>> >> > Em 19-02-2014 19:37, David DeMizio escreveu:
> >> >> >> >>> >> >> Hello Mike,
> >> >> >> >>> >> >>
> >> >> >> >>> >> >> I believe it's possible but you will need to make
> >> >> >> >>> >> >> some
> >> >> >> >>> >> >> changes
> >> >> >> >>> >> >> to
> >> >> >> >>> >> >> the code in the .htc-inc folders. I had it working
> >> >> >> >>> >> >> before I
> >> >> >> >>> >> >> changed over to ldaps. first in authentication.php
> >> >> >> >>> >> >> look
> >> >> >> >>> >> >> for
> >> >> >> >>> >> >> a
> >> >> >> >>> >> >> line like $ds =
> >> >> >> >>> >> >> ldap_connect("ldaps://{$auth['server']}/");
> >> >> >> >>> >> >> and
> >> >> >> >>> >> >> then there might be a few others in
> >> >> >> >>> >> >> authmethods/ldapauth.php.
> >> >> >> >>> >> >> so
> >> >> >> >>> >> >> just change ldaps:// to ldap://
> >> >> >> >>> >> >>
> >> >> >> >>> >> >> David DeMizio
> >> >> >> >>> >> >> /Academic Systems Coordinator/
> >> >> >> >>> >> >> Office of Information Technology
> >> >> >> >>> >> >> New College of Florida
> >> >> >> >>> >> >> Phone: 941-487-4222 | Fax: 941-487-4356
> >> >> >> >>> >> >> www.ncf.edu <http://www.ncf.edu/>
> >> >> >> >>> >> >>
> >> >> >> >>> >> >>
> >> >> >> >>> >> >> On Wed, Feb 19, 2014 at 2:25 PM, Mike Haudenschild
> >> >> >> >>> >> >>
> >> >> >> >>> >> >> <mike@longsight.com <ma...@longsight.com>>
wrote:
> >> >> >> >>> >> >> I'm attempting to bind VCL to an LDAP server that
> >> >> >> >>> >> >> is
> >> >> >> >>> >> >> NOT
> >> >> >> >>> >> >> using SSL. Before I started the configuration
> >> >> >> >>> >> >> process
> >> >> >> >>> >> >> and
> >> >> >> >>> >> >> tried to troubleshoot, I thought I would ask if
> >> >> >> >>> >> >> this
> >> >> >> >>> >> >> is
> >> >> >> >>> >> >> even
> >> >> >> >>> >> >> supported.
> >> >> >> >>> >> >>
> >> >> >> >>> >> >> Thanks very much,
> >> >> >> >>> >> >> Mike
> >> >> >> >>> >>
> >> >> >> >>> >> --
> >> >> >> >>> >
> >> >> >> >>> > - --
> >> >> >> >>> > - -------------------------------
> >> >> >> >>> > Josh Thompson
> >> >> >> >>> > VCL Developer
> >> >> >> >>> > North Carolina State University
> >> >> >> >>> >
> >> >> >> >>> > my GPG/PGP key can be found at pgp.mit.edu
> >> >> >> >>> >
> >> >> >> >>> > All electronic mail messages in connection with State
> >> >> >> >>> > business
> >> >> >> >>> > which
> >> >> >> >>> > are sent to or received by this account are subject to the NC
> >> >> >> >>> > Public
> >> >> >> >>> > Records Law and may be disclosed to third parties.
> >> >> >> >>> > -----BEGIN PGP SIGNATURE-----
> >> >> >> >>> > Version: GnuPG v2.0.22 (GNU/Linux)
> >> >> >> >>> >
> >> >> >> >>> > iEYEARECAAYFAlMUowEACgkQV/LQcNdtPQOpKACeK648IGA+FGCJXQsoVWbhK
> >> >> >> >>> > 5ZT
> >> >> >> >>> > 04AAn0PXU/9HINkZLNAJ4tcwFBfeFddQ
> >> >> >> >>> > =MKhx
> >> >> >> >>> > -----END PGP SIGNATURE-----
> >> >> >> >>
> >> >> >> >> - --
> >> >> >> >> - -------------------------------
> >> >> >> >> Josh Thompson
> >> >> >> >> VCL Developer
> >> >> >> >> North Carolina State University
> >> >> >> >>
> >> >> >> >> my GPG/PGP key can be found at pgp.mit.edu
> >> >> >> >>
> >> >> >> >> All electronic mail messages in connection with State business
> >> >> >> >> which
> >> >> >> >> are sent to or received by this account are subject to the NC
> >> >> >> >> Public
> >> >> >> >> Records Law and may be disclosed to third parties.
> >> >> >> >> -----BEGIN PGP SIGNATURE-----
> >> >> >> >> Version: GnuPG v2.0.22 (GNU/Linux)
> >> >> >> >>
> >> >> >> >> iEYEARECAAYFAlMU4+YACgkQV/LQcNdtPQNogwCfcd+0cZYlbwNNKIW4GHpEwn5O
> >> >> >> >> 7FMAn1ZA7u1DlMW++CA7rytjXRqCJ0Bp
> >> >> >> >> =SxbG
> >> >> >> >> -----END PGP SIGNATURE-----
> >> >> >> >
> >> >> >> > --
> >> >> >> > --
> >> >> >> > http://www.di.uminho.pt/~apa/email/cartao_virtual_email_aaragao.p
> >> >> >> > ng
> >> >> >
> >> >> > - --
> >> >> > - -------------------------------
> >> >> > Josh Thompson
> >> >> > VCL Developer
> >> >> > North Carolina State University
> >> >> >
> >> >> > my GPG/PGP key can be found at pgp.mit.edu
> >> >> >
> >> >> > All electronic mail messages in connection with State business which
> >> >> > are sent to or received by this account are subject to the NC Public
> >> >> > Records Law and may be disclosed to third parties.
> >> >> > -----BEGIN PGP SIGNATURE-----
> >> >> > Version: GnuPG v2.0.22 (GNU/Linux)
> >> >> >
> >> >> > iEYEARECAAYFAlMY1uYACgkQV/LQcNdtPQNzVwCfQRxlbDf0ub/a16B4ct8YHqtS
> >> >> > Y/4An0z6tX0sgHIojFZKH32c6egygmuG
> >> >> > =8747
> >> >> > -----END PGP SIGNATURE-----
> >> >
> >> > - --
> >> > - -------------------------------
> >> > Josh Thompson
> >> > VCL Developer
> >> > North Carolina State University
> >> >
> >> > my GPG/PGP key can be found at pgp.mit.edu
> >> >
> >> > All electronic mail messages in connection with State business which
> >> > are sent to or received by this account are subject to the NC Public
> >> > Records Law and may be disclosed to third parties.
> >> > -----BEGIN PGP SIGNATURE-----
> >> > Version: GnuPG v2.0.22 (GNU/Linux)
> >> >
> >> > iEYEARECAAYFAlMZ0NYACgkQV/LQcNdtPQOS2QCfap8wtiFFHeAASQjggcf1C1pr
> >> > aZ4An1wUnqTJuQzyJ1Acu4xXKY5E0+W1
> >> > =w1Im
> >> > -----END PGP SIGNATURE-----
> >
> > - --
> > - -------------------------------
> > Josh Thompson
> > VCL Developer
> > North Carolina State University
> >
> > my GPG/PGP key can be found at pgp.mit.edu
> >
> > All electronic mail messages in connection with State business which
> > are sent to or received by this account are subject to the NC Public
> > Records Law and may be disclosed to third parties.
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v2.0.22 (GNU/Linux)
> >
> > iEYEARECAAYFAlMaGW4ACgkQV/LQcNdtPQMYRACfew0x3SrDix0Wzqamcbb+EIll
> > HEwAn3dSJUadmgNqqEf0MySVw5xHOsCF
> > =Ij+S
> > -----END PGP SIGNATURE-----
- --
- -------------------------------
Josh Thompson
VCL Developer
North Carolina State University
my GPG/PGP key can be found at pgp.mit.edu
All electronic mail messages in connection with State business which
are sent to or received by this account are subject to the NC Public
Records Law and may be disclosed to third parties.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iEYEARECAAYFAlMd7L0ACgkQV/LQcNdtPQPfwQCfV/OKeGrc2kmiQXQUG5zYGNvI
iPYAn1nCwy86rCrrnrx2sHfa6vD0CmRr
=LTQ+
-----END PGP SIGNATURE-----
Re: LDAP without SSL
Posted by António Aragão <aa...@di.uminho.pt>.
The problem is that I can't any groups. I was trying to show that the
user was in the group. When I try to search I get a lot of information
but not the groups (user belongs). :-(
debugging set
protocol 3 set
Bind was successful
search time: 0.0024378299713135
results time: 0.004133939743042
Array
(
[count] => 1
[0] => Array
(
[objectclass] => Array
(
[count] => 7
[0] => top
[1] => person
[2] => inetOrgPerson
[3] => posixAccount
[4] => aluno
[5] => shadowAccount
[6] => sambaSamAccount
)
[0] => objectclass
[uid] => Array
(
[count] => 1
[0] => a12596
)
[1] => uid
[uidnumber] => Array
(
[count] => 1
[0] => 10661
)
[2] => uidnumber
[gidnumber] => Array
(
[count] => 1
[0] => 505
)
[3] => gidnumber
[homedirectory] => Array
(
[count] => 1
[0] => /home/lei/a12596
)
[4] => homedirectory
[loginshell] => Array
(
[count] => 1
[0] => /bin/bash
)
[5] => loginshell
[sambalogontime] => Array
(
[count] => 1
[0] => 0
)
[6] => sambalogontime
[sambaacctflags] => Array
(
[count] => 1
[0] => [UX
)
[7] => sambaacctflags
[sambakickofftime] => Array
(
[count] => 1
[0] => 2147483647
)
[8] => sambakickofftime
[sambapwdlastset] => Array
(
[count] => 1
[0] => 1010179230
)
[9] => sambapwdlastset
[sambasid] => Array
(
[count] => 1
[0] => S-1-5-21-2447931902-1787058256-3961074038-513
)
[10] => sambasid
[sambapwdcanchange] => Array
(
[count] => 1
[0] => 0
)
[11] => sambapwdcanchange
[sambapwdmustchange] => Array
(
[count] => 1
[0] => 2147483647
)
[12] => sambapwdmustchange
[sambaprimarygroupsid] => Array
(
[count] => 1
[0] => S-1-5-21-2447931902-1787058256-3961074038-1201
)
[13] => sambaprimarygroupsid
[uminhoestadoperfil] => Array
(
[count] => 1
[0] => -1
)
[14] => uminhoestadoperfil
[mail] => Array
(
[count] => 1
[0] => aaragao@di.uminho.pt
)
[15] => mail
[uminhonumeromecanografico] => Array
(
[count] => 1
[0] => 12596
)
[16] => uminhonumeromecanografico
[uminhoanocurricular] => Array
(
[count] => 1
[0] => 1
)
[17] => uminhoanocurricular
[uminhocurso] => Array
(
[count] => 1
[0] => Licenciatura em Engenharia Informática
)
[18] => uminhocurso
[uminhociclo] => Array
(
[count] => 1
[0] => 1
)
[19] => uminhociclo
[uminhoestatutoaluno] => Array
(
[count] => 1
[0] => ordinário
)
[20] => uminhoestatutoaluno
[structuralobjectclass] => Array
(
[count] => 1
[0] => inetOrgPerson
)
[21] => structuralobjectclass
[entryuuid] => Array
(
[count] => 1
[0] => 9bc6025a-2a6c-102d-9e6b-551c94d4c913
)
[22] => entryuuid
[creatorsname] => Array
(
[count] => 1
[0] => cn=RWadmin,dc=di,dc=uminho,dc=pt
)
[23] => creatorsname
[createtimestamp] => Array
(
[count] => 1
[0] => 20081009163938Z
)
[24] => createtimestamp
[uminhocodigocontrole] => Array
(
[count] => 1
[0] => --
)
[25] => uminhocodigocontrole
[cn] => Array
(
[count] => 1
[0] => António Pedro Aragão
)
[26] => cn
[displayname] => Array
(
[count] => 1
[0] => António Pedro Aragão
)
[27] => displayname
[sn] => Array
(
[count] => 1
[0] => António Pedro Aragão
)
[28] => sn
[userpassword] => Array
(
[count] => 1
[0] => {SSHA}ButOP2UNCaVufnwm3tWF9OeTcLmL2gSf
)
[29] => userpassword
[sambalmpassword] => Array
(
[count] => 1
[0] => DB8BB37F7910A3B7AAD3B435B51404EE
)
[30] => sambalmpassword
[sambantpassword] => Array
(
[count] => 1
[0] => A42DADD78E4B2D7FF4CA69CD8339613B
)
[31] => sambantpassword
[entrycsn] => Array
(
[count] => 1
[0] => 20081009164642Z#000000#00#000000
)
[32] => entrycsn
[modifiersname] => Array
(
[count] => 1
[0] => uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
)
[33] => modifiersname
[modifytimestamp] => Array
(
[count] => 1
[0] => 20081009164642Z
)
[34] => modifytimestamp
[entrydn] => Array
(
[count] => 1
[0] => uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
)
[35] => entrydn
[subschemasubentry] => Array
(
[count] => 1
[0] => cn=Subschema
)
[36] => subschemasubentry
[hassubordinates] => Array
(
[count] => 1
[0] => FALSE
)
[37] => hassubordinates
[count] => 38
[dn] => uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
)
)
2014-03-07 19:09 GMT+00:00 Josh Thompson <jo...@ncsu.edu>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> António,
>
> I may be misunderstanding, but it looks like you are trying to look up the
> *group* in LDAP to see which users are members. VCL looks up the *user* to
> see which groups the user is a member of. That way, it only needs to do one
> lookup in LDAP to determine which groups a user is a member of. Make sure you
> are using the generic.php script to look up the user and then looking for the
> list of groups for that user. Did you try using
>
> $results = array("*", "+");
>
> for the results?
>
> Josh
>
> On Friday, March 07, 2014 6:12:56 PM António Aragão wrote:
>> Josh,
>>
>> I try this:
>> [root@ldap1 private]# ldapsearch -x -h localhost -a find -v -b
>> dc=di,dc=uminho,dc=pt -w XXXXXX -D cn=XXXXXX,dc=di,dc=uminho,dc=pt -z
>> 0 cn=alunos
>> ldap_initialize( ldap://localhost )
>> filter: cn=alunos
>> requesting: All userApplication attributes
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <dc=di,dc=uminho,dc=pt> with scope subtree
>> # filter: cn=alunos
>> # requesting: ALL
>> #
>>
>> # alunos, Groups, di.uminho.pt
>> dn: cn=alunos,ou=Groups,dc=di,dc=uminho,dc=pt
>> cn: alunos
>> gidNumber: 505
>> objectClass: posixGroup
>> objectClass: top
>> memberUid: a12596
>>
>>
>> # search result
>> search: 2
>> result: 0 Success
>>
>> # numResponses: 2
>> # numEntries: 1
>>
>> I get this output, there is any problem with posixGroup ? I use
>> generic.php with memberUid it outputs:
>>
>> debugging set
>> protocol 3 set
>> Bind was successful
>> search time: 0.002673864364624
>> results time: 0.0031049251556396
>>
>> Array
>> (
>> [count] => 1
>> [0] => Array
>> (
>> [count] => 0
>> [dn] => uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
>> )
>>
>> )
>>
>> I have used:
>>
>> $toplevel = 'dc=di,dc=uminho,dc=pt'; # base DN to use
>> $search = 'uid=a12596'; # what to search for, examples:
>> uid=someuserid, cn=someuserid, samaccountname=someuserid; follows
>> normal LDAP query rules
>> #$results = array("*","+");
>> $results = array("memberUid");
>> #$results = array("dn");
>> #$results = array('dn', 'givenname', 'sn', 'mail');
>>
>> It is not able to find which uid=a12596 group belongs. Does anyone
>> have this problem ?
>>
>> Thanks.
>>
>> 2014-03-07 13:59 GMT+00:00 Josh Thompson <jo...@ncsu.edu>:
>> > -----BEGIN PGP SIGNED MESSAGE-----
>> > Hash: SHA1
>> >
>> > António,
>> >
>> > This line
>> >
>> > $results = array("dn");
>> >
>> > is only going to give you the DN of the user that you looked up. Try
>> > using
>> >
>> > $results = array("*", "+");
>> >
>> > That should give you everything you can see about the user. Somewhere in
>> > there, you should see an attribute that lists the groups of which the user
>> > is a member. For example, when Active Directory is the LDAP system, the
>> > attribute is usually "memberof". So, if that was the case for you, you
>> > would then change it to
>> >
>> > $results = array("memberof");
>> >
>> > But, I think you'll find something other than "memberof" is the attribute
>> > you need.
>> >
>> > Josh
>> >
>> > On Friday, March 07, 2014 9:25:59 AM António Aragão wrote:
>> >> I put this:
>> >>
>> >> $toplevel = 'dc=di,dc=uminho,dc=pt'; # base DN to use
>> >> $search = 'uid=a12596'; # what to search for, examples:
>> >> uid=someuserid, cn=someuserid, samaccountname=someuserid; follows
>> >> normal LDAP query rules
>> >> #$results = array("*","+");
>> >> $results = array("dn");
>> >> #$results = array('dn', 'givenname', 'sn', 'mail');
>> >>
>> >> 2014-03-06 20:13 GMT+00:00 Josh Thompson <jo...@ncsu.edu>:
>> >> > -----BEGIN PGP SIGNED MESSAGE-----
>> >> > Hash: SHA1
>> >> >
>> >> > António,
>> >> >
>> >> > What did you set $toplevel, $search, and $results to in the debug
>> >> > script?
>> >> >
>> >> > Josh
>> >> >
>> >> > On Thursday, March 06, 2014 6:43:32 PM António Aragão wrote:
>> >> >> I try it and:
>> >> >>
>> >> >> debugging set
>> >> >> protocol 3 set
>> >> >> Bind was successful
>> >> >> search time: 0.0014631748199463
>> >> >> results time: 0.0016670227050781
>> >> >>
>> >> >> Array
>> >> >> (
>> >> >>
>> >> >> [count] => 1
>> >> >> [0] => Array
>> >> >>
>> >> >> (
>> >> >>
>> >> >> [count] => 0
>> >> >> [dn] => uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
>> >> >>
>> >> >> )
>> >> >>
>> >> >> )
>> >> >>
>> >> >> It doesn't show the group. Can anyone sends me ldap group description
>> >> >> that works ?
>> >> >>
>> >> >> Thanks.
>> >> >>
>> >> >> 2014-03-05 15:34 GMT+00:00 António Aragão <aa...@di.uminho.pt>:
>> >> >> > The account I use it's admin (read only) account but I will try the
>> >> >> > debug script soon as I can.
>> >> >> >
>> >> >> > Thanks.
>> >> >> >
>> >> >> > 2014-03-03 20:19 GMT+00:00 Josh Thompson <jo...@ncsu.edu>:
>> >> >> >> -----BEGIN PGP SIGNED MESSAGE-----
>> >> >> >> Hash: SHA1
>> >> >> >>
>> >> >> >> António,
>> >> >> >>
>> >> >> >> I'm not sure why it is not seeing the group membership. You may
>> >> >> >> want
>> >> >> >> to
>> >> >> >> check that the account you are using to log in to LDAP has access
>> >> >> >> to
>> >> >> >> see
>> >> >> >> the group memberships.
>> >> >> >>
>> >> >> >> Also, I updated http://vcl.apache.org/docs/ldapauth.html to have a
>> >> >> >> brief
>> >> >> >> paragraph at the bottom about how to debug connections. There is a
>> >> >> >> link
>> >> >> >> to a debug script I often use to get things sorted out. You may
>> >> >> >> find
>> >> >> >> that script helpful.
>> >> >> >>
>> >> >> >> Josh
>> >> >> >>
>> >> >> >> On Monday, March 03, 2014 4:48:08 PM António Aragão wrote:
>> >> >> >>> Hi Josh,
>> >> >> >>>
>> >> >> >>> the binddn is: dc=di,dc=uminho,dc=pt
>> >> >> >>>
>> >> >> >>> the attribute is: memberUid
>> >> >> >>>
>> >> >> >>> Thanks.
>> >> >> >>>
>> >> >> >>> 2014-03-03 15:42 GMT+00:00 Josh Thompson <jo...@ncsu.edu>:
>> >> >> >>> > -----BEGIN PGP SIGNED MESSAGE-----
>> >> >> >>> > Hash: SHA1
>> >> >> >>> >
>> >> >> >>> > António,
>> >> >> >>> >
>> >> >> >>> > Sorry for the late response.
>> >> >> >>> >
>> >> >> >>> > What do you have set for binddn for your LDAP server? Also,
>> >> >> >>> > what
>> >> >> >>> > attribute
>> >> >> >>> > are you searching on in LDAP?
>> >> >> >>> >
>> >> >> >>> > Josh
>> >> >> >>> >
>> >> >> >>> > On Thursday, February 27, 2014 11:01:49 AM António Aragão wrote:
>> >> >> >>> >> I get this:
>> >> >> >>> >>
>> >> >> >>> >> Array
>> >> >> >>> >> (
>> >> >> >>> >>
>> >> >> >>> >> [count] => 1
>> >> >> >>> >> [0] => Array
>> >> >> >>> >>
>> >> >> >>> >> (
>> >> >> >>> >>
>> >> >> >>> >> [count] => 0
>> >> >> >>> >> [dn] => uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
>> >> >> >>> >>
>> >> >> >>> >> )
>> >> >> >>> >>
>> >> >> >>> >> )
>> >> >> >>> >>
>> >> >> >>> >> But in LDAP server:
>> >> >> >>> >>
>> >> >> >>> >> dn: cn=alunos,ou=Groups,dc=di,dc=uminho,dc=pt
>> >> >> >>> >> cn: alunos
>> >> >> >>> >> gidNumber: 505
>> >> >> >>> >> objectClass: posixGroup
>> >> >> >>> >> objectClass: top
>> >> >> >>> >> structuralObjectClass: posixGroup
>> >> >> >>> >> entryUUID: a4050df8-298b-102d-9292-83a608533f73
>> >> >> >>> >> creatorsName: cn=admin,dc=di,dc=uminho,dc=pt
>> >> >> >>> >> createTimestamp: 20081008134915Z
>> >> >> >>> >> memberUid: uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
>> >> >> >>> >> memberUid: a12596
>> >> >> >>> >> memberUid: uid=a12596
>> >> >> >>> >> entryCSN: 20140227104950Z#000000#00#000000
>> >> >> >>> >> modifiersName: cn=admin,dc=di,dc=uminho,dc=pt
>> >> >> >>> >> modifyTimestamp: 20140227104950Z
>> >> >> >>> >>
>> >> >> >>> >> It appears that cannot find the group.
>> >> >> >>> >>
>> >> >> >>> >> Any clues ?
>> >> >> >>> >>
>> >> >> >>> >> Em 20-02-2014 13:49, David DeMizio escreveu:
>> >> >> >>> >> > Have a look at this post, I think it's what you are referring
>> >> >> >>> >> > to
>> >> >> >>> >> >
>> >> >> >>> >> > http://vcl.markmail.org/search/?q=ldap+groups#query:ldap%20gr
>> >> >> >>> >> > oup
>> >> >> >>> >> > s+p
>> >> >> >>> >> > age:
>> >> >> >>> >> > 2+m
>> >> >> >>> >> > id:y5s64fhipakutbkp+state:results
>> >> >> >>> >> >
>> >> >> >>> >> > David DeMizio
>> >> >> >>> >> > /Academic Systems Coordinator/
>> >> >> >>> >> > Office of Information Technology
>> >> >> >>> >> > New College of Florida
>> >> >> >>> >> > Phone: 941-487-4222 | Fax: 941-487-4356
>> >> >> >>> >> > www.ncf.edu <http://www.ncf.edu/>
>> >> >> >>> >> >
>> >> >> >>> >> >
>> >> >> >>> >> > On Thu, Feb 20, 2014 at 4:38 AM, António Aragão
>> >> >> >>> >> > <aaragao@di.uminho.pt
>> >> >> >>> >> >
>> >> >> >>> >> > <ma...@di.uminho.pt>> wrote:
>> >> >> >>> >> > Hello,
>> >> >> >>> >> >
>> >> >> >>> >> > i tested this changes and works. I was only unable to
>> >> >> >>> >> > populate
>> >> >> >>> >> > a
>> >> >> >>> >> > group with LDAP users, does anyone have this problem ?
>> >> >> >>> >> >
>> >> >> >>> >> > Em 19-02-2014 19:37, David DeMizio escreveu:
>> >> >> >>> >> >> Hello Mike,
>> >> >> >>> >> >>
>> >> >> >>> >> >> I believe it's possible but you will need to make some
>> >> >> >>> >> >> changes
>> >> >> >>> >> >> to
>> >> >> >>> >> >> the code in the .htc-inc folders. I had it working
>> >> >> >>> >> >> before I
>> >> >> >>> >> >> changed over to ldaps. first in authentication.php look
>> >> >> >>> >> >> for
>> >> >> >>> >> >> a
>> >> >> >>> >> >> line like $ds =
>> >> >> >>> >> >> ldap_connect("ldaps://{$auth['server']}/");
>> >> >> >>> >> >> and
>> >> >> >>> >> >> then there might be a few others in
>> >> >> >>> >> >> authmethods/ldapauth.php.
>> >> >> >>> >> >> so
>> >> >> >>> >> >> just change ldaps:// to ldap://
>> >> >> >>> >> >>
>> >> >> >>> >> >> David DeMizio
>> >> >> >>> >> >> /Academic Systems Coordinator/
>> >> >> >>> >> >> Office of Information Technology
>> >> >> >>> >> >> New College of Florida
>> >> >> >>> >> >> Phone: 941-487-4222 | Fax: 941-487-4356
>> >> >> >>> >> >> www.ncf.edu <http://www.ncf.edu/>
>> >> >> >>> >> >>
>> >> >> >>> >> >>
>> >> >> >>> >> >> On Wed, Feb 19, 2014 at 2:25 PM, Mike Haudenschild
>> >> >> >>> >> >>
>> >> >> >>> >> >> <mike@longsight.com <ma...@longsight.com>> wrote:
>> >> >> >>> >> >> I'm attempting to bind VCL to an LDAP server that is
>> >> >> >>> >> >> NOT
>> >> >> >>> >> >> using SSL. Before I started the configuration
>> >> >> >>> >> >> process
>> >> >> >>> >> >> and
>> >> >> >>> >> >> tried to troubleshoot, I thought I would ask if this
>> >> >> >>> >> >> is
>> >> >> >>> >> >> even
>> >> >> >>> >> >> supported.
>> >> >> >>> >> >>
>> >> >> >>> >> >> Thanks very much,
>> >> >> >>> >> >> Mike
>> >> >> >>> >>
>> >> >> >>> >> --
>> >> >> >>> >
>> >> >> >>> > - --
>> >> >> >>> > - -------------------------------
>> >> >> >>> > Josh Thompson
>> >> >> >>> > VCL Developer
>> >> >> >>> > North Carolina State University
>> >> >> >>> >
>> >> >> >>> > my GPG/PGP key can be found at pgp.mit.edu
>> >> >> >>> >
>> >> >> >>> > All electronic mail messages in connection with State business
>> >> >> >>> > which
>> >> >> >>> > are sent to or received by this account are subject to the NC
>> >> >> >>> > Public
>> >> >> >>> > Records Law and may be disclosed to third parties.
>> >> >> >>> > -----BEGIN PGP SIGNATURE-----
>> >> >> >>> > Version: GnuPG v2.0.22 (GNU/Linux)
>> >> >> >>> >
>> >> >> >>> > iEYEARECAAYFAlMUowEACgkQV/LQcNdtPQOpKACeK648IGA+FGCJXQsoVWbhK5ZT
>> >> >> >>> > 04AAn0PXU/9HINkZLNAJ4tcwFBfeFddQ
>> >> >> >>> > =MKhx
>> >> >> >>> > -----END PGP SIGNATURE-----
>> >> >> >>
>> >> >> >> - --
>> >> >> >> - -------------------------------
>> >> >> >> Josh Thompson
>> >> >> >> VCL Developer
>> >> >> >> North Carolina State University
>> >> >> >>
>> >> >> >> my GPG/PGP key can be found at pgp.mit.edu
>> >> >> >>
>> >> >> >> All electronic mail messages in connection with State business
>> >> >> >> which
>> >> >> >> are sent to or received by this account are subject to the NC
>> >> >> >> Public
>> >> >> >> Records Law and may be disclosed to third parties.
>> >> >> >> -----BEGIN PGP SIGNATURE-----
>> >> >> >> Version: GnuPG v2.0.22 (GNU/Linux)
>> >> >> >>
>> >> >> >> iEYEARECAAYFAlMU4+YACgkQV/LQcNdtPQNogwCfcd+0cZYlbwNNKIW4GHpEwn5O
>> >> >> >> 7FMAn1ZA7u1DlMW++CA7rytjXRqCJ0Bp
>> >> >> >> =SxbG
>> >> >> >> -----END PGP SIGNATURE-----
>> >> >> >
>> >> >> > --
>> >> >> > --
>> >> >> > http://www.di.uminho.pt/~apa/email/cartao_virtual_email_aaragao.png
>> >> >
>> >> > - --
>> >> > - -------------------------------
>> >> > Josh Thompson
>> >> > VCL Developer
>> >> > North Carolina State University
>> >> >
>> >> > my GPG/PGP key can be found at pgp.mit.edu
>> >> >
>> >> > All electronic mail messages in connection with State business which
>> >> > are sent to or received by this account are subject to the NC Public
>> >> > Records Law and may be disclosed to third parties.
>> >> > -----BEGIN PGP SIGNATURE-----
>> >> > Version: GnuPG v2.0.22 (GNU/Linux)
>> >> >
>> >> > iEYEARECAAYFAlMY1uYACgkQV/LQcNdtPQNzVwCfQRxlbDf0ub/a16B4ct8YHqtS
>> >> > Y/4An0z6tX0sgHIojFZKH32c6egygmuG
>> >> > =8747
>> >> > -----END PGP SIGNATURE-----
>> >
>> > - --
>> > - -------------------------------
>> > Josh Thompson
>> > VCL Developer
>> > North Carolina State University
>> >
>> > my GPG/PGP key can be found at pgp.mit.edu
>> >
>> > All electronic mail messages in connection with State business which
>> > are sent to or received by this account are subject to the NC Public
>> > Records Law and may be disclosed to third parties.
>> > -----BEGIN PGP SIGNATURE-----
>> > Version: GnuPG v2.0.22 (GNU/Linux)
>> >
>> > iEYEARECAAYFAlMZ0NYACgkQV/LQcNdtPQOS2QCfap8wtiFFHeAASQjggcf1C1pr
>> > aZ4An1wUnqTJuQzyJ1Acu4xXKY5E0+W1
>> > =w1Im
>> > -----END PGP SIGNATURE-----
> - --
> - -------------------------------
> Josh Thompson
> VCL Developer
> North Carolina State University
>
> my GPG/PGP key can be found at pgp.mit.edu
>
> All electronic mail messages in connection with State business which
> are sent to or received by this account are subject to the NC Public
> Records Law and may be disclosed to third parties.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (GNU/Linux)
>
> iEYEARECAAYFAlMaGW4ACgkQV/LQcNdtPQMYRACfew0x3SrDix0Wzqamcbb+EIll
> HEwAn3dSJUadmgNqqEf0MySVw5xHOsCF
> =Ij+S
> -----END PGP SIGNATURE-----
>
--
http://www.di.uminho.pt/~apa/email/cartao_virtual_email_aaragao.png
Re: LDAP without SSL
Posted by Josh Thompson <jo...@ncsu.edu>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
António,
I may be misunderstanding, but it looks like you are trying to look up the
*group* in LDAP to see which users are members. VCL looks up the *user* to
see which groups the user is a member of. That way, it only needs to do one
lookup in LDAP to determine which groups a user is a member of. Make sure you
are using the generic.php script to look up the user and then looking for the
list of groups for that user. Did you try using
$results = array("*", "+");
for the results?
Josh
On Friday, March 07, 2014 6:12:56 PM António Aragão wrote:
> Josh,
>
> I try this:
> [root@ldap1 private]# ldapsearch -x -h localhost -a find -v -b
> dc=di,dc=uminho,dc=pt -w XXXXXX -D cn=XXXXXX,dc=di,dc=uminho,dc=pt -z
> 0 cn=alunos
> ldap_initialize( ldap://localhost )
> filter: cn=alunos
> requesting: All userApplication attributes
> # extended LDIF
> #
> # LDAPv3
> # base <dc=di,dc=uminho,dc=pt> with scope subtree
> # filter: cn=alunos
> # requesting: ALL
> #
>
> # alunos, Groups, di.uminho.pt
> dn: cn=alunos,ou=Groups,dc=di,dc=uminho,dc=pt
> cn: alunos
> gidNumber: 505
> objectClass: posixGroup
> objectClass: top
> memberUid: a12596
>
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
>
> I get this output, there is any problem with posixGroup ? I use
> generic.php with memberUid it outputs:
>
> debugging set
> protocol 3 set
> Bind was successful
> search time: 0.002673864364624
> results time: 0.0031049251556396
>
> Array
> (
> [count] => 1
> [0] => Array
> (
> [count] => 0
> [dn] => uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
> )
>
> )
>
> I have used:
>
> $toplevel = 'dc=di,dc=uminho,dc=pt'; # base DN to use
> $search = 'uid=a12596'; # what to search for, examples:
> uid=someuserid, cn=someuserid, samaccountname=someuserid; follows
> normal LDAP query rules
> #$results = array("*","+");
> $results = array("memberUid");
> #$results = array("dn");
> #$results = array('dn', 'givenname', 'sn', 'mail');
>
> It is not able to find which uid=a12596 group belongs. Does anyone
> have this problem ?
>
> Thanks.
>
> 2014-03-07 13:59 GMT+00:00 Josh Thompson <jo...@ncsu.edu>:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > António,
> >
> > This line
> >
> > $results = array("dn");
> >
> > is only going to give you the DN of the user that you looked up. Try
> > using
> >
> > $results = array("*", "+");
> >
> > That should give you everything you can see about the user. Somewhere in
> > there, you should see an attribute that lists the groups of which the user
> > is a member. For example, when Active Directory is the LDAP system, the
> > attribute is usually "memberof". So, if that was the case for you, you
> > would then change it to
> >
> > $results = array("memberof");
> >
> > But, I think you'll find something other than "memberof" is the attribute
> > you need.
> >
> > Josh
> >
> > On Friday, March 07, 2014 9:25:59 AM António Aragão wrote:
> >> I put this:
> >>
> >> $toplevel = 'dc=di,dc=uminho,dc=pt'; # base DN to use
> >> $search = 'uid=a12596'; # what to search for, examples:
> >> uid=someuserid, cn=someuserid, samaccountname=someuserid; follows
> >> normal LDAP query rules
> >> #$results = array("*","+");
> >> $results = array("dn");
> >> #$results = array('dn', 'givenname', 'sn', 'mail');
> >>
> >> 2014-03-06 20:13 GMT+00:00 Josh Thompson <jo...@ncsu.edu>:
> >> > -----BEGIN PGP SIGNED MESSAGE-----
> >> > Hash: SHA1
> >> >
> >> > António,
> >> >
> >> > What did you set $toplevel, $search, and $results to in the debug
> >> > script?
> >> >
> >> > Josh
> >> >
> >> > On Thursday, March 06, 2014 6:43:32 PM António Aragão wrote:
> >> >> I try it and:
> >> >>
> >> >> debugging set
> >> >> protocol 3 set
> >> >> Bind was successful
> >> >> search time: 0.0014631748199463
> >> >> results time: 0.0016670227050781
> >> >>
> >> >> Array
> >> >> (
> >> >>
> >> >> [count] => 1
> >> >> [0] => Array
> >> >>
> >> >> (
> >> >>
> >> >> [count] => 0
> >> >> [dn] => uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
> >> >>
> >> >> )
> >> >>
> >> >> )
> >> >>
> >> >> It doesn't show the group. Can anyone sends me ldap group description
> >> >> that works ?
> >> >>
> >> >> Thanks.
> >> >>
> >> >> 2014-03-05 15:34 GMT+00:00 António Aragão <aa...@di.uminho.pt>:
> >> >> > The account I use it's admin (read only) account but I will try the
> >> >> > debug script soon as I can.
> >> >> >
> >> >> > Thanks.
> >> >> >
> >> >> > 2014-03-03 20:19 GMT+00:00 Josh Thompson <jo...@ncsu.edu>:
> >> >> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> >> >> Hash: SHA1
> >> >> >>
> >> >> >> António,
> >> >> >>
> >> >> >> I'm not sure why it is not seeing the group membership. You may
> >> >> >> want
> >> >> >> to
> >> >> >> check that the account you are using to log in to LDAP has access
> >> >> >> to
> >> >> >> see
> >> >> >> the group memberships.
> >> >> >>
> >> >> >> Also, I updated http://vcl.apache.org/docs/ldapauth.html to have a
> >> >> >> brief
> >> >> >> paragraph at the bottom about how to debug connections. There is a
> >> >> >> link
> >> >> >> to a debug script I often use to get things sorted out. You may
> >> >> >> find
> >> >> >> that script helpful.
> >> >> >>
> >> >> >> Josh
> >> >> >>
> >> >> >> On Monday, March 03, 2014 4:48:08 PM António Aragão wrote:
> >> >> >>> Hi Josh,
> >> >> >>>
> >> >> >>> the binddn is: dc=di,dc=uminho,dc=pt
> >> >> >>>
> >> >> >>> the attribute is: memberUid
> >> >> >>>
> >> >> >>> Thanks.
> >> >> >>>
> >> >> >>> 2014-03-03 15:42 GMT+00:00 Josh Thompson <jo...@ncsu.edu>:
> >> >> >>> > -----BEGIN PGP SIGNED MESSAGE-----
> >> >> >>> > Hash: SHA1
> >> >> >>> >
> >> >> >>> > António,
> >> >> >>> >
> >> >> >>> > Sorry for the late response.
> >> >> >>> >
> >> >> >>> > What do you have set for binddn for your LDAP server? Also,
> >> >> >>> > what
> >> >> >>> > attribute
> >> >> >>> > are you searching on in LDAP?
> >> >> >>> >
> >> >> >>> > Josh
> >> >> >>> >
> >> >> >>> > On Thursday, February 27, 2014 11:01:49 AM António Aragão wrote:
> >> >> >>> >> I get this:
> >> >> >>> >>
> >> >> >>> >> Array
> >> >> >>> >> (
> >> >> >>> >>
> >> >> >>> >> [count] => 1
> >> >> >>> >> [0] => Array
> >> >> >>> >>
> >> >> >>> >> (
> >> >> >>> >>
> >> >> >>> >> [count] => 0
> >> >> >>> >> [dn] => uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
> >> >> >>> >>
> >> >> >>> >> )
> >> >> >>> >>
> >> >> >>> >> )
> >> >> >>> >>
> >> >> >>> >> But in LDAP server:
> >> >> >>> >>
> >> >> >>> >> dn: cn=alunos,ou=Groups,dc=di,dc=uminho,dc=pt
> >> >> >>> >> cn: alunos
> >> >> >>> >> gidNumber: 505
> >> >> >>> >> objectClass: posixGroup
> >> >> >>> >> objectClass: top
> >> >> >>> >> structuralObjectClass: posixGroup
> >> >> >>> >> entryUUID: a4050df8-298b-102d-9292-83a608533f73
> >> >> >>> >> creatorsName: cn=admin,dc=di,dc=uminho,dc=pt
> >> >> >>> >> createTimestamp: 20081008134915Z
> >> >> >>> >> memberUid: uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
> >> >> >>> >> memberUid: a12596
> >> >> >>> >> memberUid: uid=a12596
> >> >> >>> >> entryCSN: 20140227104950Z#000000#00#000000
> >> >> >>> >> modifiersName: cn=admin,dc=di,dc=uminho,dc=pt
> >> >> >>> >> modifyTimestamp: 20140227104950Z
> >> >> >>> >>
> >> >> >>> >> It appears that cannot find the group.
> >> >> >>> >>
> >> >> >>> >> Any clues ?
> >> >> >>> >>
> >> >> >>> >> Em 20-02-2014 13:49, David DeMizio escreveu:
> >> >> >>> >> > Have a look at this post, I think it's what you are referring
> >> >> >>> >> > to
> >> >> >>> >> >
> >> >> >>> >> > http://vcl.markmail.org/search/?q=ldap+groups#query:ldap%20gr
> >> >> >>> >> > oup
> >> >> >>> >> > s+p
> >> >> >>> >> > age:
> >> >> >>> >> > 2+m
> >> >> >>> >> > id:y5s64fhipakutbkp+state:results
> >> >> >>> >> >
> >> >> >>> >> > David DeMizio
> >> >> >>> >> > /Academic Systems Coordinator/
> >> >> >>> >> > Office of Information Technology
> >> >> >>> >> > New College of Florida
> >> >> >>> >> > Phone: 941-487-4222 | Fax: 941-487-4356
> >> >> >>> >> > www.ncf.edu <http://www.ncf.edu/>
> >> >> >>> >> >
> >> >> >>> >> >
> >> >> >>> >> > On Thu, Feb 20, 2014 at 4:38 AM, António Aragão
> >> >> >>> >> > <aaragao@di.uminho.pt
> >> >> >>> >> >
> >> >> >>> >> > <ma...@di.uminho.pt>> wrote:
> >> >> >>> >> > Hello,
> >> >> >>> >> >
> >> >> >>> >> > i tested this changes and works. I was only unable to
> >> >> >>> >> > populate
> >> >> >>> >> > a
> >> >> >>> >> > group with LDAP users, does anyone have this problem ?
> >> >> >>> >> >
> >> >> >>> >> > Em 19-02-2014 19:37, David DeMizio escreveu:
> >> >> >>> >> >> Hello Mike,
> >> >> >>> >> >>
> >> >> >>> >> >> I believe it's possible but you will need to make some
> >> >> >>> >> >> changes
> >> >> >>> >> >> to
> >> >> >>> >> >> the code in the .htc-inc folders. I had it working
> >> >> >>> >> >> before I
> >> >> >>> >> >> changed over to ldaps. first in authentication.php look
> >> >> >>> >> >> for
> >> >> >>> >> >> a
> >> >> >>> >> >> line like $ds =
> >> >> >>> >> >> ldap_connect("ldaps://{$auth['server']}/");
> >> >> >>> >> >> and
> >> >> >>> >> >> then there might be a few others in
> >> >> >>> >> >> authmethods/ldapauth.php.
> >> >> >>> >> >> so
> >> >> >>> >> >> just change ldaps:// to ldap://
> >> >> >>> >> >>
> >> >> >>> >> >> David DeMizio
> >> >> >>> >> >> /Academic Systems Coordinator/
> >> >> >>> >> >> Office of Information Technology
> >> >> >>> >> >> New College of Florida
> >> >> >>> >> >> Phone: 941-487-4222 | Fax: 941-487-4356
> >> >> >>> >> >> www.ncf.edu <http://www.ncf.edu/>
> >> >> >>> >> >>
> >> >> >>> >> >>
> >> >> >>> >> >> On Wed, Feb 19, 2014 at 2:25 PM, Mike Haudenschild
> >> >> >>> >> >>
> >> >> >>> >> >> <mike@longsight.com <ma...@longsight.com>> wrote:
> >> >> >>> >> >> I'm attempting to bind VCL to an LDAP server that is
> >> >> >>> >> >> NOT
> >> >> >>> >> >> using SSL. Before I started the configuration
> >> >> >>> >> >> process
> >> >> >>> >> >> and
> >> >> >>> >> >> tried to troubleshoot, I thought I would ask if this
> >> >> >>> >> >> is
> >> >> >>> >> >> even
> >> >> >>> >> >> supported.
> >> >> >>> >> >>
> >> >> >>> >> >> Thanks very much,
> >> >> >>> >> >> Mike
> >> >> >>> >>
> >> >> >>> >> --
> >> >> >>> >
> >> >> >>> > - --
> >> >> >>> > - -------------------------------
> >> >> >>> > Josh Thompson
> >> >> >>> > VCL Developer
> >> >> >>> > North Carolina State University
> >> >> >>> >
> >> >> >>> > my GPG/PGP key can be found at pgp.mit.edu
> >> >> >>> >
> >> >> >>> > All electronic mail messages in connection with State business
> >> >> >>> > which
> >> >> >>> > are sent to or received by this account are subject to the NC
> >> >> >>> > Public
> >> >> >>> > Records Law and may be disclosed to third parties.
> >> >> >>> > -----BEGIN PGP SIGNATURE-----
> >> >> >>> > Version: GnuPG v2.0.22 (GNU/Linux)
> >> >> >>> >
> >> >> >>> > iEYEARECAAYFAlMUowEACgkQV/LQcNdtPQOpKACeK648IGA+FGCJXQsoVWbhK5ZT
> >> >> >>> > 04AAn0PXU/9HINkZLNAJ4tcwFBfeFddQ
> >> >> >>> > =MKhx
> >> >> >>> > -----END PGP SIGNATURE-----
> >> >> >>
> >> >> >> - --
> >> >> >> - -------------------------------
> >> >> >> Josh Thompson
> >> >> >> VCL Developer
> >> >> >> North Carolina State University
> >> >> >>
> >> >> >> my GPG/PGP key can be found at pgp.mit.edu
> >> >> >>
> >> >> >> All electronic mail messages in connection with State business
> >> >> >> which
> >> >> >> are sent to or received by this account are subject to the NC
> >> >> >> Public
> >> >> >> Records Law and may be disclosed to third parties.
> >> >> >> -----BEGIN PGP SIGNATURE-----
> >> >> >> Version: GnuPG v2.0.22 (GNU/Linux)
> >> >> >>
> >> >> >> iEYEARECAAYFAlMU4+YACgkQV/LQcNdtPQNogwCfcd+0cZYlbwNNKIW4GHpEwn5O
> >> >> >> 7FMAn1ZA7u1DlMW++CA7rytjXRqCJ0Bp
> >> >> >> =SxbG
> >> >> >> -----END PGP SIGNATURE-----
> >> >> >
> >> >> > --
> >> >> > --
> >> >> > http://www.di.uminho.pt/~apa/email/cartao_virtual_email_aaragao.png
> >> >
> >> > - --
> >> > - -------------------------------
> >> > Josh Thompson
> >> > VCL Developer
> >> > North Carolina State University
> >> >
> >> > my GPG/PGP key can be found at pgp.mit.edu
> >> >
> >> > All electronic mail messages in connection with State business which
> >> > are sent to or received by this account are subject to the NC Public
> >> > Records Law and may be disclosed to third parties.
> >> > -----BEGIN PGP SIGNATURE-----
> >> > Version: GnuPG v2.0.22 (GNU/Linux)
> >> >
> >> > iEYEARECAAYFAlMY1uYACgkQV/LQcNdtPQNzVwCfQRxlbDf0ub/a16B4ct8YHqtS
> >> > Y/4An0z6tX0sgHIojFZKH32c6egygmuG
> >> > =8747
> >> > -----END PGP SIGNATURE-----
> >
> > - --
> > - -------------------------------
> > Josh Thompson
> > VCL Developer
> > North Carolina State University
> >
> > my GPG/PGP key can be found at pgp.mit.edu
> >
> > All electronic mail messages in connection with State business which
> > are sent to or received by this account are subject to the NC Public
> > Records Law and may be disclosed to third parties.
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v2.0.22 (GNU/Linux)
> >
> > iEYEARECAAYFAlMZ0NYACgkQV/LQcNdtPQOS2QCfap8wtiFFHeAASQjggcf1C1pr
> > aZ4An1wUnqTJuQzyJ1Acu4xXKY5E0+W1
> > =w1Im
> > -----END PGP SIGNATURE-----
- --
- -------------------------------
Josh Thompson
VCL Developer
North Carolina State University
my GPG/PGP key can be found at pgp.mit.edu
All electronic mail messages in connection with State business which
are sent to or received by this account are subject to the NC Public
Records Law and may be disclosed to third parties.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iEYEARECAAYFAlMaGW4ACgkQV/LQcNdtPQMYRACfew0x3SrDix0Wzqamcbb+EIll
HEwAn3dSJUadmgNqqEf0MySVw5xHOsCF
=Ij+S
-----END PGP SIGNATURE-----
Re: LDAP without SSL
Posted by António Aragão <aa...@di.uminho.pt>.
Josh,
I try this:
[root@ldap1 private]# ldapsearch -x -h localhost -a find -v -b
dc=di,dc=uminho,dc=pt -w XXXXXX -D cn=XXXXXX,dc=di,dc=uminho,dc=pt -z
0 cn=alunos
ldap_initialize( ldap://localhost )
filter: cn=alunos
requesting: All userApplication attributes
# extended LDIF
#
# LDAPv3
# base <dc=di,dc=uminho,dc=pt> with scope subtree
# filter: cn=alunos
# requesting: ALL
#
# alunos, Groups, di.uminho.pt
dn: cn=alunos,ou=Groups,dc=di,dc=uminho,dc=pt
cn: alunos
gidNumber: 505
objectClass: posixGroup
objectClass: top
memberUid: a12596
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
I get this output, there is any problem with posixGroup ? I use
generic.php with memberUid it outputs:
debugging set
protocol 3 set
Bind was successful
search time: 0.002673864364624
results time: 0.0031049251556396
Array
(
[count] => 1
[0] => Array
(
[count] => 0
[dn] => uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
)
)
I have used:
$toplevel = 'dc=di,dc=uminho,dc=pt'; # base DN to use
$search = 'uid=a12596'; # what to search for, examples:
uid=someuserid, cn=someuserid, samaccountname=someuserid; follows
normal LDAP query rules
#$results = array("*","+");
$results = array("memberUid");
#$results = array("dn");
#$results = array('dn', 'givenname', 'sn', 'mail');
It is not able to find which uid=a12596 group belongs. Does anyone
have this problem ?
Thanks.
2014-03-07 13:59 GMT+00:00 Josh Thompson <jo...@ncsu.edu>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> António,
>
> This line
>
> $results = array("dn");
>
> is only going to give you the DN of the user that you looked up. Try using
>
> $results = array("*", "+");
>
> That should give you everything you can see about the user. Somewhere in
> there, you should see an attribute that lists the groups of which the user is
> a member. For example, when Active Directory is the LDAP system, the
> attribute is usually "memberof". So, if that was the case for you, you would
> then change it to
>
> $results = array("memberof");
>
> But, I think you'll find something other than "memberof" is the attribute you
> need.
>
> Josh
>
> On Friday, March 07, 2014 9:25:59 AM António Aragão wrote:
>> I put this:
>>
>> $toplevel = 'dc=di,dc=uminho,dc=pt'; # base DN to use
>> $search = 'uid=a12596'; # what to search for, examples:
>> uid=someuserid, cn=someuserid, samaccountname=someuserid; follows
>> normal LDAP query rules
>> #$results = array("*","+");
>> $results = array("dn");
>> #$results = array('dn', 'givenname', 'sn', 'mail');
>>
>> 2014-03-06 20:13 GMT+00:00 Josh Thompson <jo...@ncsu.edu>:
>> > -----BEGIN PGP SIGNED MESSAGE-----
>> > Hash: SHA1
>> >
>> > António,
>> >
>> > What did you set $toplevel, $search, and $results to in the debug script?
>> >
>> > Josh
>> >
>> > On Thursday, March 06, 2014 6:43:32 PM António Aragão wrote:
>> >> I try it and:
>> >>
>> >> debugging set
>> >> protocol 3 set
>> >> Bind was successful
>> >> search time: 0.0014631748199463
>> >> results time: 0.0016670227050781
>> >>
>> >> Array
>> >> (
>> >>
>> >> [count] => 1
>> >> [0] => Array
>> >>
>> >> (
>> >>
>> >> [count] => 0
>> >> [dn] => uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
>> >>
>> >> )
>> >>
>> >> )
>> >>
>> >> It doesn't show the group. Can anyone sends me ldap group description
>> >> that works ?
>> >>
>> >> Thanks.
>> >>
>> >> 2014-03-05 15:34 GMT+00:00 António Aragão <aa...@di.uminho.pt>:
>> >> > The account I use it's admin (read only) account but I will try the
>> >> > debug script soon as I can.
>> >> >
>> >> > Thanks.
>> >> >
>> >> > 2014-03-03 20:19 GMT+00:00 Josh Thompson <jo...@ncsu.edu>:
>> >> >> -----BEGIN PGP SIGNED MESSAGE-----
>> >> >> Hash: SHA1
>> >> >>
>> >> >> António,
>> >> >>
>> >> >> I'm not sure why it is not seeing the group membership. You may want
>> >> >> to
>> >> >> check that the account you are using to log in to LDAP has access to
>> >> >> see
>> >> >> the group memberships.
>> >> >>
>> >> >> Also, I updated http://vcl.apache.org/docs/ldapauth.html to have a
>> >> >> brief
>> >> >> paragraph at the bottom about how to debug connections. There is a
>> >> >> link
>> >> >> to a debug script I often use to get things sorted out. You may find
>> >> >> that script helpful.
>> >> >>
>> >> >> Josh
>> >> >>
>> >> >> On Monday, March 03, 2014 4:48:08 PM António Aragão wrote:
>> >> >>> Hi Josh,
>> >> >>>
>> >> >>> the binddn is: dc=di,dc=uminho,dc=pt
>> >> >>>
>> >> >>> the attribute is: memberUid
>> >> >>>
>> >> >>> Thanks.
>> >> >>>
>> >> >>> 2014-03-03 15:42 GMT+00:00 Josh Thompson <jo...@ncsu.edu>:
>> >> >>> > -----BEGIN PGP SIGNED MESSAGE-----
>> >> >>> > Hash: SHA1
>> >> >>> >
>> >> >>> > António,
>> >> >>> >
>> >> >>> > Sorry for the late response.
>> >> >>> >
>> >> >>> > What do you have set for binddn for your LDAP server? Also, what
>> >> >>> > attribute
>> >> >>> > are you searching on in LDAP?
>> >> >>> >
>> >> >>> > Josh
>> >> >>> >
>> >> >>> > On Thursday, February 27, 2014 11:01:49 AM António Aragão wrote:
>> >> >>> >> I get this:
>> >> >>> >>
>> >> >>> >> Array
>> >> >>> >> (
>> >> >>> >>
>> >> >>> >> [count] => 1
>> >> >>> >> [0] => Array
>> >> >>> >>
>> >> >>> >> (
>> >> >>> >>
>> >> >>> >> [count] => 0
>> >> >>> >> [dn] => uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
>> >> >>> >>
>> >> >>> >> )
>> >> >>> >>
>> >> >>> >> )
>> >> >>> >>
>> >> >>> >> But in LDAP server:
>> >> >>> >>
>> >> >>> >> dn: cn=alunos,ou=Groups,dc=di,dc=uminho,dc=pt
>> >> >>> >> cn: alunos
>> >> >>> >> gidNumber: 505
>> >> >>> >> objectClass: posixGroup
>> >> >>> >> objectClass: top
>> >> >>> >> structuralObjectClass: posixGroup
>> >> >>> >> entryUUID: a4050df8-298b-102d-9292-83a608533f73
>> >> >>> >> creatorsName: cn=admin,dc=di,dc=uminho,dc=pt
>> >> >>> >> createTimestamp: 20081008134915Z
>> >> >>> >> memberUid: uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
>> >> >>> >> memberUid: a12596
>> >> >>> >> memberUid: uid=a12596
>> >> >>> >> entryCSN: 20140227104950Z#000000#00#000000
>> >> >>> >> modifiersName: cn=admin,dc=di,dc=uminho,dc=pt
>> >> >>> >> modifyTimestamp: 20140227104950Z
>> >> >>> >>
>> >> >>> >> It appears that cannot find the group.
>> >> >>> >>
>> >> >>> >> Any clues ?
>> >> >>> >>
>> >> >>> >> Em 20-02-2014 13:49, David DeMizio escreveu:
>> >> >>> >> > Have a look at this post, I think it's what you are referring to
>> >> >>> >> >
>> >> >>> >> > http://vcl.markmail.org/search/?q=ldap+groups#query:ldap%20group
>> >> >>> >> > s+p
>> >> >>> >> > age:
>> >> >>> >> > 2+m
>> >> >>> >> > id:y5s64fhipakutbkp+state:results
>> >> >>> >> >
>> >> >>> >> > David DeMizio
>> >> >>> >> > /Academic Systems Coordinator/
>> >> >>> >> > Office of Information Technology
>> >> >>> >> > New College of Florida
>> >> >>> >> > Phone: 941-487-4222 | Fax: 941-487-4356
>> >> >>> >> > www.ncf.edu <http://www.ncf.edu/>
>> >> >>> >> >
>> >> >>> >> >
>> >> >>> >> > On Thu, Feb 20, 2014 at 4:38 AM, António Aragão
>> >> >>> >> > <aaragao@di.uminho.pt
>> >> >>> >> >
>> >> >>> >> > <ma...@di.uminho.pt>> wrote:
>> >> >>> >> > Hello,
>> >> >>> >> >
>> >> >>> >> > i tested this changes and works. I was only unable to
>> >> >>> >> > populate
>> >> >>> >> > a
>> >> >>> >> > group with LDAP users, does anyone have this problem ?
>> >> >>> >> >
>> >> >>> >> > Em 19-02-2014 19:37, David DeMizio escreveu:
>> >> >>> >> >> Hello Mike,
>> >> >>> >> >>
>> >> >>> >> >> I believe it's possible but you will need to make some
>> >> >>> >> >> changes
>> >> >>> >> >> to
>> >> >>> >> >> the code in the .htc-inc folders. I had it working before I
>> >> >>> >> >> changed over to ldaps. first in authentication.php look for
>> >> >>> >> >> a
>> >> >>> >> >> line like $ds = ldap_connect("ldaps://{$auth['server']}/");
>> >> >>> >> >> and
>> >> >>> >> >> then there might be a few others in
>> >> >>> >> >> authmethods/ldapauth.php.
>> >> >>> >> >> so
>> >> >>> >> >> just change ldaps:// to ldap://
>> >> >>> >> >>
>> >> >>> >> >> David DeMizio
>> >> >>> >> >> /Academic Systems Coordinator/
>> >> >>> >> >> Office of Information Technology
>> >> >>> >> >> New College of Florida
>> >> >>> >> >> Phone: 941-487-4222 | Fax: 941-487-4356
>> >> >>> >> >> www.ncf.edu <http://www.ncf.edu/>
>> >> >>> >> >>
>> >> >>> >> >>
>> >> >>> >> >> On Wed, Feb 19, 2014 at 2:25 PM, Mike Haudenschild
>> >> >>> >> >>
>> >> >>> >> >> <mike@longsight.com <ma...@longsight.com>> wrote:
>> >> >>> >> >> I'm attempting to bind VCL to an LDAP server that is
>> >> >>> >> >> NOT
>> >> >>> >> >> using SSL. Before I started the configuration process
>> >> >>> >> >> and
>> >> >>> >> >> tried to troubleshoot, I thought I would ask if this is
>> >> >>> >> >> even
>> >> >>> >> >> supported.
>> >> >>> >> >>
>> >> >>> >> >> Thanks very much,
>> >> >>> >> >> Mike
>> >> >>> >>
>> >> >>> >> --
>> >> >>> >
>> >> >>> > - --
>> >> >>> > - -------------------------------
>> >> >>> > Josh Thompson
>> >> >>> > VCL Developer
>> >> >>> > North Carolina State University
>> >> >>> >
>> >> >>> > my GPG/PGP key can be found at pgp.mit.edu
>> >> >>> >
>> >> >>> > All electronic mail messages in connection with State business
>> >> >>> > which
>> >> >>> > are sent to or received by this account are subject to the NC
>> >> >>> > Public
>> >> >>> > Records Law and may be disclosed to third parties.
>> >> >>> > -----BEGIN PGP SIGNATURE-----
>> >> >>> > Version: GnuPG v2.0.22 (GNU/Linux)
>> >> >>> >
>> >> >>> > iEYEARECAAYFAlMUowEACgkQV/LQcNdtPQOpKACeK648IGA+FGCJXQsoVWbhK5ZT
>> >> >>> > 04AAn0PXU/9HINkZLNAJ4tcwFBfeFddQ
>> >> >>> > =MKhx
>> >> >>> > -----END PGP SIGNATURE-----
>> >> >>
>> >> >> - --
>> >> >> - -------------------------------
>> >> >> Josh Thompson
>> >> >> VCL Developer
>> >> >> North Carolina State University
>> >> >>
>> >> >> my GPG/PGP key can be found at pgp.mit.edu
>> >> >>
>> >> >> All electronic mail messages in connection with State business which
>> >> >> are sent to or received by this account are subject to the NC Public
>> >> >> Records Law and may be disclosed to third parties.
>> >> >> -----BEGIN PGP SIGNATURE-----
>> >> >> Version: GnuPG v2.0.22 (GNU/Linux)
>> >> >>
>> >> >> iEYEARECAAYFAlMU4+YACgkQV/LQcNdtPQNogwCfcd+0cZYlbwNNKIW4GHpEwn5O
>> >> >> 7FMAn1ZA7u1DlMW++CA7rytjXRqCJ0Bp
>> >> >> =SxbG
>> >> >> -----END PGP SIGNATURE-----
>> >> >
>> >> > --
>> >> > --
>> >> > http://www.di.uminho.pt/~apa/email/cartao_virtual_email_aaragao.png
>> >
>> > - --
>> > - -------------------------------
>> > Josh Thompson
>> > VCL Developer
>> > North Carolina State University
>> >
>> > my GPG/PGP key can be found at pgp.mit.edu
>> >
>> > All electronic mail messages in connection with State business which
>> > are sent to or received by this account are subject to the NC Public
>> > Records Law and may be disclosed to third parties.
>> > -----BEGIN PGP SIGNATURE-----
>> > Version: GnuPG v2.0.22 (GNU/Linux)
>> >
>> > iEYEARECAAYFAlMY1uYACgkQV/LQcNdtPQNzVwCfQRxlbDf0ub/a16B4ct8YHqtS
>> > Y/4An0z6tX0sgHIojFZKH32c6egygmuG
>> > =8747
>> > -----END PGP SIGNATURE-----
> - --
> - -------------------------------
> Josh Thompson
> VCL Developer
> North Carolina State University
>
> my GPG/PGP key can be found at pgp.mit.edu
>
> All electronic mail messages in connection with State business which
> are sent to or received by this account are subject to the NC Public
> Records Law and may be disclosed to third parties.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (GNU/Linux)
>
> iEYEARECAAYFAlMZ0NYACgkQV/LQcNdtPQOS2QCfap8wtiFFHeAASQjggcf1C1pr
> aZ4An1wUnqTJuQzyJ1Acu4xXKY5E0+W1
> =w1Im
> -----END PGP SIGNATURE-----
>
--
http://www.di.uminho.pt/~apa/email/cartao_virtual_email_aaragao.png
Re: LDAP without SSL
Posted by Josh Thompson <jo...@ncsu.edu>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
António,
This line
$results = array("dn");
is only going to give you the DN of the user that you looked up. Try using
$results = array("*", "+");
That should give you everything you can see about the user. Somewhere in
there, you should see an attribute that lists the groups of which the user is
a member. For example, when Active Directory is the LDAP system, the
attribute is usually "memberof". So, if that was the case for you, you would
then change it to
$results = array("memberof");
But, I think you'll find something other than "memberof" is the attribute you
need.
Josh
On Friday, March 07, 2014 9:25:59 AM António Aragão wrote:
> I put this:
>
> $toplevel = 'dc=di,dc=uminho,dc=pt'; # base DN to use
> $search = 'uid=a12596'; # what to search for, examples:
> uid=someuserid, cn=someuserid, samaccountname=someuserid; follows
> normal LDAP query rules
> #$results = array("*","+");
> $results = array("dn");
> #$results = array('dn', 'givenname', 'sn', 'mail');
>
> 2014-03-06 20:13 GMT+00:00 Josh Thompson <jo...@ncsu.edu>:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > António,
> >
> > What did you set $toplevel, $search, and $results to in the debug script?
> >
> > Josh
> >
> > On Thursday, March 06, 2014 6:43:32 PM António Aragão wrote:
> >> I try it and:
> >>
> >> debugging set
> >> protocol 3 set
> >> Bind was successful
> >> search time: 0.0014631748199463
> >> results time: 0.0016670227050781
> >>
> >> Array
> >> (
> >>
> >> [count] => 1
> >> [0] => Array
> >>
> >> (
> >>
> >> [count] => 0
> >> [dn] => uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
> >>
> >> )
> >>
> >> )
> >>
> >> It doesn't show the group. Can anyone sends me ldap group description
> >> that works ?
> >>
> >> Thanks.
> >>
> >> 2014-03-05 15:34 GMT+00:00 António Aragão <aa...@di.uminho.pt>:
> >> > The account I use it's admin (read only) account but I will try the
> >> > debug script soon as I can.
> >> >
> >> > Thanks.
> >> >
> >> > 2014-03-03 20:19 GMT+00:00 Josh Thompson <jo...@ncsu.edu>:
> >> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> >> Hash: SHA1
> >> >>
> >> >> António,
> >> >>
> >> >> I'm not sure why it is not seeing the group membership. You may want
> >> >> to
> >> >> check that the account you are using to log in to LDAP has access to
> >> >> see
> >> >> the group memberships.
> >> >>
> >> >> Also, I updated http://vcl.apache.org/docs/ldapauth.html to have a
> >> >> brief
> >> >> paragraph at the bottom about how to debug connections. There is a
> >> >> link
> >> >> to a debug script I often use to get things sorted out. You may find
> >> >> that script helpful.
> >> >>
> >> >> Josh
> >> >>
> >> >> On Monday, March 03, 2014 4:48:08 PM António Aragão wrote:
> >> >>> Hi Josh,
> >> >>>
> >> >>> the binddn is: dc=di,dc=uminho,dc=pt
> >> >>>
> >> >>> the attribute is: memberUid
> >> >>>
> >> >>> Thanks.
> >> >>>
> >> >>> 2014-03-03 15:42 GMT+00:00 Josh Thompson <jo...@ncsu.edu>:
> >> >>> > -----BEGIN PGP SIGNED MESSAGE-----
> >> >>> > Hash: SHA1
> >> >>> >
> >> >>> > António,
> >> >>> >
> >> >>> > Sorry for the late response.
> >> >>> >
> >> >>> > What do you have set for binddn for your LDAP server? Also, what
> >> >>> > attribute
> >> >>> > are you searching on in LDAP?
> >> >>> >
> >> >>> > Josh
> >> >>> >
> >> >>> > On Thursday, February 27, 2014 11:01:49 AM António Aragão wrote:
> >> >>> >> I get this:
> >> >>> >>
> >> >>> >> Array
> >> >>> >> (
> >> >>> >>
> >> >>> >> [count] => 1
> >> >>> >> [0] => Array
> >> >>> >>
> >> >>> >> (
> >> >>> >>
> >> >>> >> [count] => 0
> >> >>> >> [dn] => uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
> >> >>> >>
> >> >>> >> )
> >> >>> >>
> >> >>> >> )
> >> >>> >>
> >> >>> >> But in LDAP server:
> >> >>> >>
> >> >>> >> dn: cn=alunos,ou=Groups,dc=di,dc=uminho,dc=pt
> >> >>> >> cn: alunos
> >> >>> >> gidNumber: 505
> >> >>> >> objectClass: posixGroup
> >> >>> >> objectClass: top
> >> >>> >> structuralObjectClass: posixGroup
> >> >>> >> entryUUID: a4050df8-298b-102d-9292-83a608533f73
> >> >>> >> creatorsName: cn=admin,dc=di,dc=uminho,dc=pt
> >> >>> >> createTimestamp: 20081008134915Z
> >> >>> >> memberUid: uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
> >> >>> >> memberUid: a12596
> >> >>> >> memberUid: uid=a12596
> >> >>> >> entryCSN: 20140227104950Z#000000#00#000000
> >> >>> >> modifiersName: cn=admin,dc=di,dc=uminho,dc=pt
> >> >>> >> modifyTimestamp: 20140227104950Z
> >> >>> >>
> >> >>> >> It appears that cannot find the group.
> >> >>> >>
> >> >>> >> Any clues ?
> >> >>> >>
> >> >>> >> Em 20-02-2014 13:49, David DeMizio escreveu:
> >> >>> >> > Have a look at this post, I think it's what you are referring to
> >> >>> >> >
> >> >>> >> > http://vcl.markmail.org/search/?q=ldap+groups#query:ldap%20group
> >> >>> >> > s+p
> >> >>> >> > age:
> >> >>> >> > 2+m
> >> >>> >> > id:y5s64fhipakutbkp+state:results
> >> >>> >> >
> >> >>> >> > David DeMizio
> >> >>> >> > /Academic Systems Coordinator/
> >> >>> >> > Office of Information Technology
> >> >>> >> > New College of Florida
> >> >>> >> > Phone: 941-487-4222 | Fax: 941-487-4356
> >> >>> >> > www.ncf.edu <http://www.ncf.edu/>
> >> >>> >> >
> >> >>> >> >
> >> >>> >> > On Thu, Feb 20, 2014 at 4:38 AM, António Aragão
> >> >>> >> > <aaragao@di.uminho.pt
> >> >>> >> >
> >> >>> >> > <ma...@di.uminho.pt>> wrote:
> >> >>> >> > Hello,
> >> >>> >> >
> >> >>> >> > i tested this changes and works. I was only unable to
> >> >>> >> > populate
> >> >>> >> > a
> >> >>> >> > group with LDAP users, does anyone have this problem ?
> >> >>> >> >
> >> >>> >> > Em 19-02-2014 19:37, David DeMizio escreveu:
> >> >>> >> >> Hello Mike,
> >> >>> >> >>
> >> >>> >> >> I believe it's possible but you will need to make some
> >> >>> >> >> changes
> >> >>> >> >> to
> >> >>> >> >> the code in the .htc-inc folders. I had it working before I
> >> >>> >> >> changed over to ldaps. first in authentication.php look for
> >> >>> >> >> a
> >> >>> >> >> line like $ds = ldap_connect("ldaps://{$auth['server']}/");
> >> >>> >> >> and
> >> >>> >> >> then there might be a few others in
> >> >>> >> >> authmethods/ldapauth.php.
> >> >>> >> >> so
> >> >>> >> >> just change ldaps:// to ldap://
> >> >>> >> >>
> >> >>> >> >> David DeMizio
> >> >>> >> >> /Academic Systems Coordinator/
> >> >>> >> >> Office of Information Technology
> >> >>> >> >> New College of Florida
> >> >>> >> >> Phone: 941-487-4222 | Fax: 941-487-4356
> >> >>> >> >> www.ncf.edu <http://www.ncf.edu/>
> >> >>> >> >>
> >> >>> >> >>
> >> >>> >> >> On Wed, Feb 19, 2014 at 2:25 PM, Mike Haudenschild
> >> >>> >> >>
> >> >>> >> >> <mike@longsight.com <ma...@longsight.com>> wrote:
> >> >>> >> >> I'm attempting to bind VCL to an LDAP server that is
> >> >>> >> >> NOT
> >> >>> >> >> using SSL. Before I started the configuration process
> >> >>> >> >> and
> >> >>> >> >> tried to troubleshoot, I thought I would ask if this is
> >> >>> >> >> even
> >> >>> >> >> supported.
> >> >>> >> >>
> >> >>> >> >> Thanks very much,
> >> >>> >> >> Mike
> >> >>> >>
> >> >>> >> --
> >> >>> >
> >> >>> > - --
> >> >>> > - -------------------------------
> >> >>> > Josh Thompson
> >> >>> > VCL Developer
> >> >>> > North Carolina State University
> >> >>> >
> >> >>> > my GPG/PGP key can be found at pgp.mit.edu
> >> >>> >
> >> >>> > All electronic mail messages in connection with State business
> >> >>> > which
> >> >>> > are sent to or received by this account are subject to the NC
> >> >>> > Public
> >> >>> > Records Law and may be disclosed to third parties.
> >> >>> > -----BEGIN PGP SIGNATURE-----
> >> >>> > Version: GnuPG v2.0.22 (GNU/Linux)
> >> >>> >
> >> >>> > iEYEARECAAYFAlMUowEACgkQV/LQcNdtPQOpKACeK648IGA+FGCJXQsoVWbhK5ZT
> >> >>> > 04AAn0PXU/9HINkZLNAJ4tcwFBfeFddQ
> >> >>> > =MKhx
> >> >>> > -----END PGP SIGNATURE-----
> >> >>
> >> >> - --
> >> >> - -------------------------------
> >> >> Josh Thompson
> >> >> VCL Developer
> >> >> North Carolina State University
> >> >>
> >> >> my GPG/PGP key can be found at pgp.mit.edu
> >> >>
> >> >> All electronic mail messages in connection with State business which
> >> >> are sent to or received by this account are subject to the NC Public
> >> >> Records Law and may be disclosed to third parties.
> >> >> -----BEGIN PGP SIGNATURE-----
> >> >> Version: GnuPG v2.0.22 (GNU/Linux)
> >> >>
> >> >> iEYEARECAAYFAlMU4+YACgkQV/LQcNdtPQNogwCfcd+0cZYlbwNNKIW4GHpEwn5O
> >> >> 7FMAn1ZA7u1DlMW++CA7rytjXRqCJ0Bp
> >> >> =SxbG
> >> >> -----END PGP SIGNATURE-----
> >> >
> >> > --
> >> > --
> >> > http://www.di.uminho.pt/~apa/email/cartao_virtual_email_aaragao.png
> >
> > - --
> > - -------------------------------
> > Josh Thompson
> > VCL Developer
> > North Carolina State University
> >
> > my GPG/PGP key can be found at pgp.mit.edu
> >
> > All electronic mail messages in connection with State business which
> > are sent to or received by this account are subject to the NC Public
> > Records Law and may be disclosed to third parties.
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v2.0.22 (GNU/Linux)
> >
> > iEYEARECAAYFAlMY1uYACgkQV/LQcNdtPQNzVwCfQRxlbDf0ub/a16B4ct8YHqtS
> > Y/4An0z6tX0sgHIojFZKH32c6egygmuG
> > =8747
> > -----END PGP SIGNATURE-----
- --
- -------------------------------
Josh Thompson
VCL Developer
North Carolina State University
my GPG/PGP key can be found at pgp.mit.edu
All electronic mail messages in connection with State business which
are sent to or received by this account are subject to the NC Public
Records Law and may be disclosed to third parties.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iEYEARECAAYFAlMZ0NYACgkQV/LQcNdtPQOS2QCfap8wtiFFHeAASQjggcf1C1pr
aZ4An1wUnqTJuQzyJ1Acu4xXKY5E0+W1
=w1Im
-----END PGP SIGNATURE-----
Re: LDAP without SSL
Posted by António Aragão <aa...@di.uminho.pt>.
I put this:
$toplevel = 'dc=di,dc=uminho,dc=pt'; # base DN to use
$search = 'uid=a12596'; # what to search for, examples:
uid=someuserid, cn=someuserid, samaccountname=someuserid; follows
normal LDAP query rules
#$results = array("*","+");
$results = array("dn");
#$results = array('dn', 'givenname', 'sn', 'mail');
2014-03-06 20:13 GMT+00:00 Josh Thompson <jo...@ncsu.edu>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> António,
>
> What did you set $toplevel, $search, and $results to in the debug script?
>
> Josh
>
> On Thursday, March 06, 2014 6:43:32 PM António Aragão wrote:
>> I try it and:
>>
>> debugging set
>> protocol 3 set
>> Bind was successful
>> search time: 0.0014631748199463
>> results time: 0.0016670227050781
>>
>> Array
>> (
>> [count] => 1
>> [0] => Array
>> (
>> [count] => 0
>> [dn] => uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
>> )
>>
>> )
>>
>> It doesn't show the group. Can anyone sends me ldap group description
>> that works ?
>>
>> Thanks.
>>
>> 2014-03-05 15:34 GMT+00:00 António Aragão <aa...@di.uminho.pt>:
>> > The account I use it's admin (read only) account but I will try the
>> > debug script soon as I can.
>> >
>> > Thanks.
>> >
>> > 2014-03-03 20:19 GMT+00:00 Josh Thompson <jo...@ncsu.edu>:
>> >> -----BEGIN PGP SIGNED MESSAGE-----
>> >> Hash: SHA1
>> >>
>> >> António,
>> >>
>> >> I'm not sure why it is not seeing the group membership. You may want to
>> >> check that the account you are using to log in to LDAP has access to see
>> >> the group memberships.
>> >>
>> >> Also, I updated http://vcl.apache.org/docs/ldapauth.html to have a brief
>> >> paragraph at the bottom about how to debug connections. There is a link
>> >> to a debug script I often use to get things sorted out. You may find
>> >> that script helpful.
>> >>
>> >> Josh
>> >>
>> >> On Monday, March 03, 2014 4:48:08 PM António Aragão wrote:
>> >>> Hi Josh,
>> >>>
>> >>> the binddn is: dc=di,dc=uminho,dc=pt
>> >>>
>> >>> the attribute is: memberUid
>> >>>
>> >>> Thanks.
>> >>>
>> >>> 2014-03-03 15:42 GMT+00:00 Josh Thompson <jo...@ncsu.edu>:
>> >>> > -----BEGIN PGP SIGNED MESSAGE-----
>> >>> > Hash: SHA1
>> >>> >
>> >>> > António,
>> >>> >
>> >>> > Sorry for the late response.
>> >>> >
>> >>> > What do you have set for binddn for your LDAP server? Also, what
>> >>> > attribute
>> >>> > are you searching on in LDAP?
>> >>> >
>> >>> > Josh
>> >>> >
>> >>> > On Thursday, February 27, 2014 11:01:49 AM António Aragão wrote:
>> >>> >> I get this:
>> >>> >>
>> >>> >> Array
>> >>> >> (
>> >>> >>
>> >>> >> [count] => 1
>> >>> >> [0] => Array
>> >>> >>
>> >>> >> (
>> >>> >>
>> >>> >> [count] => 0
>> >>> >> [dn] => uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
>> >>> >>
>> >>> >> )
>> >>> >>
>> >>> >> )
>> >>> >>
>> >>> >> But in LDAP server:
>> >>> >>
>> >>> >> dn: cn=alunos,ou=Groups,dc=di,dc=uminho,dc=pt
>> >>> >> cn: alunos
>> >>> >> gidNumber: 505
>> >>> >> objectClass: posixGroup
>> >>> >> objectClass: top
>> >>> >> structuralObjectClass: posixGroup
>> >>> >> entryUUID: a4050df8-298b-102d-9292-83a608533f73
>> >>> >> creatorsName: cn=admin,dc=di,dc=uminho,dc=pt
>> >>> >> createTimestamp: 20081008134915Z
>> >>> >> memberUid: uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
>> >>> >> memberUid: a12596
>> >>> >> memberUid: uid=a12596
>> >>> >> entryCSN: 20140227104950Z#000000#00#000000
>> >>> >> modifiersName: cn=admin,dc=di,dc=uminho,dc=pt
>> >>> >> modifyTimestamp: 20140227104950Z
>> >>> >>
>> >>> >> It appears that cannot find the group.
>> >>> >>
>> >>> >> Any clues ?
>> >>> >>
>> >>> >> Em 20-02-2014 13:49, David DeMizio escreveu:
>> >>> >> > Have a look at this post, I think it's what you are referring to
>> >>> >> >
>> >>> >> > http://vcl.markmail.org/search/?q=ldap+groups#query:ldap%20groups+p
>> >>> >> > age:
>> >>> >> > 2+m
>> >>> >> > id:y5s64fhipakutbkp+state:results
>> >>> >> >
>> >>> >> > David DeMizio
>> >>> >> > /Academic Systems Coordinator/
>> >>> >> > Office of Information Technology
>> >>> >> > New College of Florida
>> >>> >> > Phone: 941-487-4222 | Fax: 941-487-4356
>> >>> >> > www.ncf.edu <http://www.ncf.edu/>
>> >>> >> >
>> >>> >> >
>> >>> >> > On Thu, Feb 20, 2014 at 4:38 AM, António Aragão
>> >>> >> > <aaragao@di.uminho.pt
>> >>> >> >
>> >>> >> > <ma...@di.uminho.pt>> wrote:
>> >>> >> > Hello,
>> >>> >> >
>> >>> >> > i tested this changes and works. I was only unable to populate
>> >>> >> > a
>> >>> >> > group with LDAP users, does anyone have this problem ?
>> >>> >> >
>> >>> >> > Em 19-02-2014 19:37, David DeMizio escreveu:
>> >>> >> >> Hello Mike,
>> >>> >> >>
>> >>> >> >> I believe it's possible but you will need to make some changes
>> >>> >> >> to
>> >>> >> >> the code in the .htc-inc folders. I had it working before I
>> >>> >> >> changed over to ldaps. first in authentication.php look for a
>> >>> >> >> line like $ds = ldap_connect("ldaps://{$auth['server']}/");
>> >>> >> >> and
>> >>> >> >> then there might be a few others in authmethods/ldapauth.php.
>> >>> >> >> so
>> >>> >> >> just change ldaps:// to ldap://
>> >>> >> >>
>> >>> >> >> David DeMizio
>> >>> >> >> /Academic Systems Coordinator/
>> >>> >> >> Office of Information Technology
>> >>> >> >> New College of Florida
>> >>> >> >> Phone: 941-487-4222 | Fax: 941-487-4356
>> >>> >> >> www.ncf.edu <http://www.ncf.edu/>
>> >>> >> >>
>> >>> >> >>
>> >>> >> >> On Wed, Feb 19, 2014 at 2:25 PM, Mike Haudenschild
>> >>> >> >>
>> >>> >> >> <mike@longsight.com <ma...@longsight.com>> wrote:
>> >>> >> >> I'm attempting to bind VCL to an LDAP server that is NOT
>> >>> >> >> using SSL. Before I started the configuration process and
>> >>> >> >> tried to troubleshoot, I thought I would ask if this is
>> >>> >> >> even
>> >>> >> >> supported.
>> >>> >> >>
>> >>> >> >> Thanks very much,
>> >>> >> >> Mike
>> >>> >>
>> >>> >> --
>> >>> >
>> >>> > - --
>> >>> > - -------------------------------
>> >>> > Josh Thompson
>> >>> > VCL Developer
>> >>> > North Carolina State University
>> >>> >
>> >>> > my GPG/PGP key can be found at pgp.mit.edu
>> >>> >
>> >>> > All electronic mail messages in connection with State business which
>> >>> > are sent to or received by this account are subject to the NC Public
>> >>> > Records Law and may be disclosed to third parties.
>> >>> > -----BEGIN PGP SIGNATURE-----
>> >>> > Version: GnuPG v2.0.22 (GNU/Linux)
>> >>> >
>> >>> > iEYEARECAAYFAlMUowEACgkQV/LQcNdtPQOpKACeK648IGA+FGCJXQsoVWbhK5ZT
>> >>> > 04AAn0PXU/9HINkZLNAJ4tcwFBfeFddQ
>> >>> > =MKhx
>> >>> > -----END PGP SIGNATURE-----
>> >>
>> >> - --
>> >> - -------------------------------
>> >> Josh Thompson
>> >> VCL Developer
>> >> North Carolina State University
>> >>
>> >> my GPG/PGP key can be found at pgp.mit.edu
>> >>
>> >> All electronic mail messages in connection with State business which
>> >> are sent to or received by this account are subject to the NC Public
>> >> Records Law and may be disclosed to third parties.
>> >> -----BEGIN PGP SIGNATURE-----
>> >> Version: GnuPG v2.0.22 (GNU/Linux)
>> >>
>> >> iEYEARECAAYFAlMU4+YACgkQV/LQcNdtPQNogwCfcd+0cZYlbwNNKIW4GHpEwn5O
>> >> 7FMAn1ZA7u1DlMW++CA7rytjXRqCJ0Bp
>> >> =SxbG
>> >> -----END PGP SIGNATURE-----
>> >
>> > --
>> > --
>> > http://www.di.uminho.pt/~apa/email/cartao_virtual_email_aaragao.png
> - --
> - -------------------------------
> Josh Thompson
> VCL Developer
> North Carolina State University
>
> my GPG/PGP key can be found at pgp.mit.edu
>
> All electronic mail messages in connection with State business which
> are sent to or received by this account are subject to the NC Public
> Records Law and may be disclosed to third parties.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (GNU/Linux)
>
> iEYEARECAAYFAlMY1uYACgkQV/LQcNdtPQNzVwCfQRxlbDf0ub/a16B4ct8YHqtS
> Y/4An0z6tX0sgHIojFZKH32c6egygmuG
> =8747
> -----END PGP SIGNATURE-----
>
--
http://www.di.uminho.pt/~apa/email/cartao_virtual_email_aaragao.png
Re: LDAP without SSL
Posted by Josh Thompson <jo...@ncsu.edu>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
António,
What did you set $toplevel, $search, and $results to in the debug script?
Josh
On Thursday, March 06, 2014 6:43:32 PM António Aragão wrote:
> I try it and:
>
> debugging set
> protocol 3 set
> Bind was successful
> search time: 0.0014631748199463
> results time: 0.0016670227050781
>
> Array
> (
> [count] => 1
> [0] => Array
> (
> [count] => 0
> [dn] => uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
> )
>
> )
>
> It doesn't show the group. Can anyone sends me ldap group description
> that works ?
>
> Thanks.
>
> 2014-03-05 15:34 GMT+00:00 António Aragão <aa...@di.uminho.pt>:
> > The account I use it's admin (read only) account but I will try the
> > debug script soon as I can.
> >
> > Thanks.
> >
> > 2014-03-03 20:19 GMT+00:00 Josh Thompson <jo...@ncsu.edu>:
> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> Hash: SHA1
> >>
> >> António,
> >>
> >> I'm not sure why it is not seeing the group membership. You may want to
> >> check that the account you are using to log in to LDAP has access to see
> >> the group memberships.
> >>
> >> Also, I updated http://vcl.apache.org/docs/ldapauth.html to have a brief
> >> paragraph at the bottom about how to debug connections. There is a link
> >> to a debug script I often use to get things sorted out. You may find
> >> that script helpful.
> >>
> >> Josh
> >>
> >> On Monday, March 03, 2014 4:48:08 PM António Aragão wrote:
> >>> Hi Josh,
> >>>
> >>> the binddn is: dc=di,dc=uminho,dc=pt
> >>>
> >>> the attribute is: memberUid
> >>>
> >>> Thanks.
> >>>
> >>> 2014-03-03 15:42 GMT+00:00 Josh Thompson <jo...@ncsu.edu>:
> >>> > -----BEGIN PGP SIGNED MESSAGE-----
> >>> > Hash: SHA1
> >>> >
> >>> > António,
> >>> >
> >>> > Sorry for the late response.
> >>> >
> >>> > What do you have set for binddn for your LDAP server? Also, what
> >>> > attribute
> >>> > are you searching on in LDAP?
> >>> >
> >>> > Josh
> >>> >
> >>> > On Thursday, February 27, 2014 11:01:49 AM António Aragão wrote:
> >>> >> I get this:
> >>> >>
> >>> >> Array
> >>> >> (
> >>> >>
> >>> >> [count] => 1
> >>> >> [0] => Array
> >>> >>
> >>> >> (
> >>> >>
> >>> >> [count] => 0
> >>> >> [dn] => uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
> >>> >>
> >>> >> )
> >>> >>
> >>> >> )
> >>> >>
> >>> >> But in LDAP server:
> >>> >>
> >>> >> dn: cn=alunos,ou=Groups,dc=di,dc=uminho,dc=pt
> >>> >> cn: alunos
> >>> >> gidNumber: 505
> >>> >> objectClass: posixGroup
> >>> >> objectClass: top
> >>> >> structuralObjectClass: posixGroup
> >>> >> entryUUID: a4050df8-298b-102d-9292-83a608533f73
> >>> >> creatorsName: cn=admin,dc=di,dc=uminho,dc=pt
> >>> >> createTimestamp: 20081008134915Z
> >>> >> memberUid: uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
> >>> >> memberUid: a12596
> >>> >> memberUid: uid=a12596
> >>> >> entryCSN: 20140227104950Z#000000#00#000000
> >>> >> modifiersName: cn=admin,dc=di,dc=uminho,dc=pt
> >>> >> modifyTimestamp: 20140227104950Z
> >>> >>
> >>> >> It appears that cannot find the group.
> >>> >>
> >>> >> Any clues ?
> >>> >>
> >>> >> Em 20-02-2014 13:49, David DeMizio escreveu:
> >>> >> > Have a look at this post, I think it's what you are referring to
> >>> >> >
> >>> >> > http://vcl.markmail.org/search/?q=ldap+groups#query:ldap%20groups+p
> >>> >> > age:
> >>> >> > 2+m
> >>> >> > id:y5s64fhipakutbkp+state:results
> >>> >> >
> >>> >> > David DeMizio
> >>> >> > /Academic Systems Coordinator/
> >>> >> > Office of Information Technology
> >>> >> > New College of Florida
> >>> >> > Phone: 941-487-4222 | Fax: 941-487-4356
> >>> >> > www.ncf.edu <http://www.ncf.edu/>
> >>> >> >
> >>> >> >
> >>> >> > On Thu, Feb 20, 2014 at 4:38 AM, António Aragão
> >>> >> > <aaragao@di.uminho.pt
> >>> >> >
> >>> >> > <ma...@di.uminho.pt>> wrote:
> >>> >> > Hello,
> >>> >> >
> >>> >> > i tested this changes and works. I was only unable to populate
> >>> >> > a
> >>> >> > group with LDAP users, does anyone have this problem ?
> >>> >> >
> >>> >> > Em 19-02-2014 19:37, David DeMizio escreveu:
> >>> >> >> Hello Mike,
> >>> >> >>
> >>> >> >> I believe it's possible but you will need to make some changes
> >>> >> >> to
> >>> >> >> the code in the .htc-inc folders. I had it working before I
> >>> >> >> changed over to ldaps. first in authentication.php look for a
> >>> >> >> line like $ds = ldap_connect("ldaps://{$auth['server']}/");
> >>> >> >> and
> >>> >> >> then there might be a few others in authmethods/ldapauth.php.
> >>> >> >> so
> >>> >> >> just change ldaps:// to ldap://
> >>> >> >>
> >>> >> >> David DeMizio
> >>> >> >> /Academic Systems Coordinator/
> >>> >> >> Office of Information Technology
> >>> >> >> New College of Florida
> >>> >> >> Phone: 941-487-4222 | Fax: 941-487-4356
> >>> >> >> www.ncf.edu <http://www.ncf.edu/>
> >>> >> >>
> >>> >> >>
> >>> >> >> On Wed, Feb 19, 2014 at 2:25 PM, Mike Haudenschild
> >>> >> >>
> >>> >> >> <mike@longsight.com <ma...@longsight.com>> wrote:
> >>> >> >> I'm attempting to bind VCL to an LDAP server that is NOT
> >>> >> >> using SSL. Before I started the configuration process and
> >>> >> >> tried to troubleshoot, I thought I would ask if this is
> >>> >> >> even
> >>> >> >> supported.
> >>> >> >>
> >>> >> >> Thanks very much,
> >>> >> >> Mike
> >>> >>
> >>> >> --
> >>> >
> >>> > - --
> >>> > - -------------------------------
> >>> > Josh Thompson
> >>> > VCL Developer
> >>> > North Carolina State University
> >>> >
> >>> > my GPG/PGP key can be found at pgp.mit.edu
> >>> >
> >>> > All electronic mail messages in connection with State business which
> >>> > are sent to or received by this account are subject to the NC Public
> >>> > Records Law and may be disclosed to third parties.
> >>> > -----BEGIN PGP SIGNATURE-----
> >>> > Version: GnuPG v2.0.22 (GNU/Linux)
> >>> >
> >>> > iEYEARECAAYFAlMUowEACgkQV/LQcNdtPQOpKACeK648IGA+FGCJXQsoVWbhK5ZT
> >>> > 04AAn0PXU/9HINkZLNAJ4tcwFBfeFddQ
> >>> > =MKhx
> >>> > -----END PGP SIGNATURE-----
> >>
> >> - --
> >> - -------------------------------
> >> Josh Thompson
> >> VCL Developer
> >> North Carolina State University
> >>
> >> my GPG/PGP key can be found at pgp.mit.edu
> >>
> >> All electronic mail messages in connection with State business which
> >> are sent to or received by this account are subject to the NC Public
> >> Records Law and may be disclosed to third parties.
> >> -----BEGIN PGP SIGNATURE-----
> >> Version: GnuPG v2.0.22 (GNU/Linux)
> >>
> >> iEYEARECAAYFAlMU4+YACgkQV/LQcNdtPQNogwCfcd+0cZYlbwNNKIW4GHpEwn5O
> >> 7FMAn1ZA7u1DlMW++CA7rytjXRqCJ0Bp
> >> =SxbG
> >> -----END PGP SIGNATURE-----
> >
> > --
> > --
> > http://www.di.uminho.pt/~apa/email/cartao_virtual_email_aaragao.png
- --
- -------------------------------
Josh Thompson
VCL Developer
North Carolina State University
my GPG/PGP key can be found at pgp.mit.edu
All electronic mail messages in connection with State business which
are sent to or received by this account are subject to the NC Public
Records Law and may be disclosed to third parties.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iEYEARECAAYFAlMY1uYACgkQV/LQcNdtPQNzVwCfQRxlbDf0ub/a16B4ct8YHqtS
Y/4An0z6tX0sgHIojFZKH32c6egygmuG
=8747
-----END PGP SIGNATURE-----
Re: LDAP without SSL
Posted by António Aragão <aa...@di.uminho.pt>.
I try it and:
debugging set
protocol 3 set
Bind was successful
search time: 0.0014631748199463
results time: 0.0016670227050781
Array
(
[count] => 1
[0] => Array
(
[count] => 0
[dn] => uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
)
)
It doesn't show the group. Can anyone sends me ldap group description
that works ?
Thanks.
2014-03-05 15:34 GMT+00:00 António Aragão <aa...@di.uminho.pt>:
> The account I use it's admin (read only) account but I will try the
> debug script soon as I can.
>
> Thanks.
>
> 2014-03-03 20:19 GMT+00:00 Josh Thompson <jo...@ncsu.edu>:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> António,
>>
>> I'm not sure why it is not seeing the group membership. You may want to check
>> that the account you are using to log in to LDAP has access to see the group
>> memberships.
>>
>> Also, I updated http://vcl.apache.org/docs/ldapauth.html to have a brief
>> paragraph at the bottom about how to debug connections. There is a link to a
>> debug script I often use to get things sorted out. You may find that script
>> helpful.
>>
>> Josh
>>
>> On Monday, March 03, 2014 4:48:08 PM António Aragão wrote:
>>> Hi Josh,
>>>
>>> the binddn is: dc=di,dc=uminho,dc=pt
>>>
>>> the attribute is: memberUid
>>>
>>> Thanks.
>>>
>>> 2014-03-03 15:42 GMT+00:00 Josh Thompson <jo...@ncsu.edu>:
>>> > -----BEGIN PGP SIGNED MESSAGE-----
>>> > Hash: SHA1
>>> >
>>> > António,
>>> >
>>> > Sorry for the late response.
>>> >
>>> > What do you have set for binddn for your LDAP server? Also, what
>>> > attribute
>>> > are you searching on in LDAP?
>>> >
>>> > Josh
>>> >
>>> > On Thursday, February 27, 2014 11:01:49 AM António Aragão wrote:
>>> >> I get this:
>>> >>
>>> >> Array
>>> >> (
>>> >>
>>> >> [count] => 1
>>> >> [0] => Array
>>> >>
>>> >> (
>>> >>
>>> >> [count] => 0
>>> >> [dn] => uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
>>> >>
>>> >> )
>>> >>
>>> >> )
>>> >>
>>> >> But in LDAP server:
>>> >>
>>> >> dn: cn=alunos,ou=Groups,dc=di,dc=uminho,dc=pt
>>> >> cn: alunos
>>> >> gidNumber: 505
>>> >> objectClass: posixGroup
>>> >> objectClass: top
>>> >> structuralObjectClass: posixGroup
>>> >> entryUUID: a4050df8-298b-102d-9292-83a608533f73
>>> >> creatorsName: cn=admin,dc=di,dc=uminho,dc=pt
>>> >> createTimestamp: 20081008134915Z
>>> >> memberUid: uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
>>> >> memberUid: a12596
>>> >> memberUid: uid=a12596
>>> >> entryCSN: 20140227104950Z#000000#00#000000
>>> >> modifiersName: cn=admin,dc=di,dc=uminho,dc=pt
>>> >> modifyTimestamp: 20140227104950Z
>>> >>
>>> >> It appears that cannot find the group.
>>> >>
>>> >> Any clues ?
>>> >>
>>> >> Em 20-02-2014 13:49, David DeMizio escreveu:
>>> >> > Have a look at this post, I think it's what you are referring to
>>> >> >
>>> >> > http://vcl.markmail.org/search/?q=ldap+groups#query:ldap%20groups+page:
>>> >> > 2+m
>>> >> > id:y5s64fhipakutbkp+state:results
>>> >> >
>>> >> > David DeMizio
>>> >> > /Academic Systems Coordinator/
>>> >> > Office of Information Technology
>>> >> > New College of Florida
>>> >> > Phone: 941-487-4222 | Fax: 941-487-4356
>>> >> > www.ncf.edu <http://www.ncf.edu/>
>>> >> >
>>> >> >
>>> >> > On Thu, Feb 20, 2014 at 4:38 AM, António Aragão <aaragao@di.uminho.pt
>>> >> >
>>> >> > <ma...@di.uminho.pt>> wrote:
>>> >> > Hello,
>>> >> >
>>> >> > i tested this changes and works. I was only unable to populate a
>>> >> > group with LDAP users, does anyone have this problem ?
>>> >> >
>>> >> > Em 19-02-2014 19:37, David DeMizio escreveu:
>>> >> >> Hello Mike,
>>> >> >>
>>> >> >> I believe it's possible but you will need to make some changes to
>>> >> >> the code in the .htc-inc folders. I had it working before I
>>> >> >> changed over to ldaps. first in authentication.php look for a
>>> >> >> line like $ds = ldap_connect("ldaps://{$auth['server']}/"); and
>>> >> >> then there might be a few others in authmethods/ldapauth.php. so
>>> >> >> just change ldaps:// to ldap://
>>> >> >>
>>> >> >> David DeMizio
>>> >> >> /Academic Systems Coordinator/
>>> >> >> Office of Information Technology
>>> >> >> New College of Florida
>>> >> >> Phone: 941-487-4222 | Fax: 941-487-4356
>>> >> >> www.ncf.edu <http://www.ncf.edu/>
>>> >> >>
>>> >> >>
>>> >> >> On Wed, Feb 19, 2014 at 2:25 PM, Mike Haudenschild
>>> >> >>
>>> >> >> <mike@longsight.com <ma...@longsight.com>> wrote:
>>> >> >> I'm attempting to bind VCL to an LDAP server that is NOT
>>> >> >> using SSL. Before I started the configuration process and
>>> >> >> tried to troubleshoot, I thought I would ask if this is even
>>> >> >> supported.
>>> >> >>
>>> >> >> Thanks very much,
>>> >> >> Mike
>>> >>
>>> >> --
>>> >
>>> > - --
>>> > - -------------------------------
>>> > Josh Thompson
>>> > VCL Developer
>>> > North Carolina State University
>>> >
>>> > my GPG/PGP key can be found at pgp.mit.edu
>>> >
>>> > All electronic mail messages in connection with State business which
>>> > are sent to or received by this account are subject to the NC Public
>>> > Records Law and may be disclosed to third parties.
>>> > -----BEGIN PGP SIGNATURE-----
>>> > Version: GnuPG v2.0.22 (GNU/Linux)
>>> >
>>> > iEYEARECAAYFAlMUowEACgkQV/LQcNdtPQOpKACeK648IGA+FGCJXQsoVWbhK5ZT
>>> > 04AAn0PXU/9HINkZLNAJ4tcwFBfeFddQ
>>> > =MKhx
>>> > -----END PGP SIGNATURE-----
>> - --
>> - -------------------------------
>> Josh Thompson
>> VCL Developer
>> North Carolina State University
>>
>> my GPG/PGP key can be found at pgp.mit.edu
>>
>> All electronic mail messages in connection with State business which
>> are sent to or received by this account are subject to the NC Public
>> Records Law and may be disclosed to third parties.
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v2.0.22 (GNU/Linux)
>>
>> iEYEARECAAYFAlMU4+YACgkQV/LQcNdtPQNogwCfcd+0cZYlbwNNKIW4GHpEwn5O
>> 7FMAn1ZA7u1DlMW++CA7rytjXRqCJ0Bp
>> =SxbG
>> -----END PGP SIGNATURE-----
>>
>
>
>
> --
> --
> http://www.di.uminho.pt/~apa/email/cartao_virtual_email_aaragao.png
--
http://www.di.uminho.pt/~apa/email/cartao_virtual_email_aaragao.png
Re: LDAP without SSL
Posted by António Aragão <aa...@di.uminho.pt>.
The account I use it's admin (read only) account but I will try the
debug script soon as I can.
Thanks.
2014-03-03 20:19 GMT+00:00 Josh Thompson <jo...@ncsu.edu>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> António,
>
> I'm not sure why it is not seeing the group membership. You may want to check
> that the account you are using to log in to LDAP has access to see the group
> memberships.
>
> Also, I updated http://vcl.apache.org/docs/ldapauth.html to have a brief
> paragraph at the bottom about how to debug connections. There is a link to a
> debug script I often use to get things sorted out. You may find that script
> helpful.
>
> Josh
>
> On Monday, March 03, 2014 4:48:08 PM António Aragão wrote:
>> Hi Josh,
>>
>> the binddn is: dc=di,dc=uminho,dc=pt
>>
>> the attribute is: memberUid
>>
>> Thanks.
>>
>> 2014-03-03 15:42 GMT+00:00 Josh Thompson <jo...@ncsu.edu>:
>> > -----BEGIN PGP SIGNED MESSAGE-----
>> > Hash: SHA1
>> >
>> > António,
>> >
>> > Sorry for the late response.
>> >
>> > What do you have set for binddn for your LDAP server? Also, what
>> > attribute
>> > are you searching on in LDAP?
>> >
>> > Josh
>> >
>> > On Thursday, February 27, 2014 11:01:49 AM António Aragão wrote:
>> >> I get this:
>> >>
>> >> Array
>> >> (
>> >>
>> >> [count] => 1
>> >> [0] => Array
>> >>
>> >> (
>> >>
>> >> [count] => 0
>> >> [dn] => uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
>> >>
>> >> )
>> >>
>> >> )
>> >>
>> >> But in LDAP server:
>> >>
>> >> dn: cn=alunos,ou=Groups,dc=di,dc=uminho,dc=pt
>> >> cn: alunos
>> >> gidNumber: 505
>> >> objectClass: posixGroup
>> >> objectClass: top
>> >> structuralObjectClass: posixGroup
>> >> entryUUID: a4050df8-298b-102d-9292-83a608533f73
>> >> creatorsName: cn=admin,dc=di,dc=uminho,dc=pt
>> >> createTimestamp: 20081008134915Z
>> >> memberUid: uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
>> >> memberUid: a12596
>> >> memberUid: uid=a12596
>> >> entryCSN: 20140227104950Z#000000#00#000000
>> >> modifiersName: cn=admin,dc=di,dc=uminho,dc=pt
>> >> modifyTimestamp: 20140227104950Z
>> >>
>> >> It appears that cannot find the group.
>> >>
>> >> Any clues ?
>> >>
>> >> Em 20-02-2014 13:49, David DeMizio escreveu:
>> >> > Have a look at this post, I think it's what you are referring to
>> >> >
>> >> > http://vcl.markmail.org/search/?q=ldap+groups#query:ldap%20groups+page:
>> >> > 2+m
>> >> > id:y5s64fhipakutbkp+state:results
>> >> >
>> >> > David DeMizio
>> >> > /Academic Systems Coordinator/
>> >> > Office of Information Technology
>> >> > New College of Florida
>> >> > Phone: 941-487-4222 | Fax: 941-487-4356
>> >> > www.ncf.edu <http://www.ncf.edu/>
>> >> >
>> >> >
>> >> > On Thu, Feb 20, 2014 at 4:38 AM, António Aragão <aaragao@di.uminho.pt
>> >> >
>> >> > <ma...@di.uminho.pt>> wrote:
>> >> > Hello,
>> >> >
>> >> > i tested this changes and works. I was only unable to populate a
>> >> > group with LDAP users, does anyone have this problem ?
>> >> >
>> >> > Em 19-02-2014 19:37, David DeMizio escreveu:
>> >> >> Hello Mike,
>> >> >>
>> >> >> I believe it's possible but you will need to make some changes to
>> >> >> the code in the .htc-inc folders. I had it working before I
>> >> >> changed over to ldaps. first in authentication.php look for a
>> >> >> line like $ds = ldap_connect("ldaps://{$auth['server']}/"); and
>> >> >> then there might be a few others in authmethods/ldapauth.php. so
>> >> >> just change ldaps:// to ldap://
>> >> >>
>> >> >> David DeMizio
>> >> >> /Academic Systems Coordinator/
>> >> >> Office of Information Technology
>> >> >> New College of Florida
>> >> >> Phone: 941-487-4222 | Fax: 941-487-4356
>> >> >> www.ncf.edu <http://www.ncf.edu/>
>> >> >>
>> >> >>
>> >> >> On Wed, Feb 19, 2014 at 2:25 PM, Mike Haudenschild
>> >> >>
>> >> >> <mike@longsight.com <ma...@longsight.com>> wrote:
>> >> >> I'm attempting to bind VCL to an LDAP server that is NOT
>> >> >> using SSL. Before I started the configuration process and
>> >> >> tried to troubleshoot, I thought I would ask if this is even
>> >> >> supported.
>> >> >>
>> >> >> Thanks very much,
>> >> >> Mike
>> >>
>> >> --
>> >
>> > - --
>> > - -------------------------------
>> > Josh Thompson
>> > VCL Developer
>> > North Carolina State University
>> >
>> > my GPG/PGP key can be found at pgp.mit.edu
>> >
>> > All electronic mail messages in connection with State business which
>> > are sent to or received by this account are subject to the NC Public
>> > Records Law and may be disclosed to third parties.
>> > -----BEGIN PGP SIGNATURE-----
>> > Version: GnuPG v2.0.22 (GNU/Linux)
>> >
>> > iEYEARECAAYFAlMUowEACgkQV/LQcNdtPQOpKACeK648IGA+FGCJXQsoVWbhK5ZT
>> > 04AAn0PXU/9HINkZLNAJ4tcwFBfeFddQ
>> > =MKhx
>> > -----END PGP SIGNATURE-----
> - --
> - -------------------------------
> Josh Thompson
> VCL Developer
> North Carolina State University
>
> my GPG/PGP key can be found at pgp.mit.edu
>
> All electronic mail messages in connection with State business which
> are sent to or received by this account are subject to the NC Public
> Records Law and may be disclosed to third parties.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (GNU/Linux)
>
> iEYEARECAAYFAlMU4+YACgkQV/LQcNdtPQNogwCfcd+0cZYlbwNNKIW4GHpEwn5O
> 7FMAn1ZA7u1DlMW++CA7rytjXRqCJ0Bp
> =SxbG
> -----END PGP SIGNATURE-----
>
--
--
http://www.di.uminho.pt/~apa/email/cartao_virtual_email_aaragao.png
Re: LDAP without SSL
Posted by Josh Thompson <jo...@ncsu.edu>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
António,
I'm not sure why it is not seeing the group membership. You may want to check
that the account you are using to log in to LDAP has access to see the group
memberships.
Also, I updated http://vcl.apache.org/docs/ldapauth.html to have a brief
paragraph at the bottom about how to debug connections. There is a link to a
debug script I often use to get things sorted out. You may find that script
helpful.
Josh
On Monday, March 03, 2014 4:48:08 PM António Aragão wrote:
> Hi Josh,
>
> the binddn is: dc=di,dc=uminho,dc=pt
>
> the attribute is: memberUid
>
> Thanks.
>
> 2014-03-03 15:42 GMT+00:00 Josh Thompson <jo...@ncsu.edu>:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > António,
> >
> > Sorry for the late response.
> >
> > What do you have set for binddn for your LDAP server? Also, what
> > attribute
> > are you searching on in LDAP?
> >
> > Josh
> >
> > On Thursday, February 27, 2014 11:01:49 AM António Aragão wrote:
> >> I get this:
> >>
> >> Array
> >> (
> >>
> >> [count] => 1
> >> [0] => Array
> >>
> >> (
> >>
> >> [count] => 0
> >> [dn] => uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
> >>
> >> )
> >>
> >> )
> >>
> >> But in LDAP server:
> >>
> >> dn: cn=alunos,ou=Groups,dc=di,dc=uminho,dc=pt
> >> cn: alunos
> >> gidNumber: 505
> >> objectClass: posixGroup
> >> objectClass: top
> >> structuralObjectClass: posixGroup
> >> entryUUID: a4050df8-298b-102d-9292-83a608533f73
> >> creatorsName: cn=admin,dc=di,dc=uminho,dc=pt
> >> createTimestamp: 20081008134915Z
> >> memberUid: uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
> >> memberUid: a12596
> >> memberUid: uid=a12596
> >> entryCSN: 20140227104950Z#000000#00#000000
> >> modifiersName: cn=admin,dc=di,dc=uminho,dc=pt
> >> modifyTimestamp: 20140227104950Z
> >>
> >> It appears that cannot find the group.
> >>
> >> Any clues ?
> >>
> >> Em 20-02-2014 13:49, David DeMizio escreveu:
> >> > Have a look at this post, I think it's what you are referring to
> >> >
> >> > http://vcl.markmail.org/search/?q=ldap+groups#query:ldap%20groups+page:
> >> > 2+m
> >> > id:y5s64fhipakutbkp+state:results
> >> >
> >> > David DeMizio
> >> > /Academic Systems Coordinator/
> >> > Office of Information Technology
> >> > New College of Florida
> >> > Phone: 941-487-4222 | Fax: 941-487-4356
> >> > www.ncf.edu <http://www.ncf.edu/>
> >> >
> >> >
> >> > On Thu, Feb 20, 2014 at 4:38 AM, António Aragão <aaragao@di.uminho.pt
> >> >
> >> > <ma...@di.uminho.pt>> wrote:
> >> > Hello,
> >> >
> >> > i tested this changes and works. I was only unable to populate a
> >> > group with LDAP users, does anyone have this problem ?
> >> >
> >> > Em 19-02-2014 19:37, David DeMizio escreveu:
> >> >> Hello Mike,
> >> >>
> >> >> I believe it's possible but you will need to make some changes to
> >> >> the code in the .htc-inc folders. I had it working before I
> >> >> changed over to ldaps. first in authentication.php look for a
> >> >> line like $ds = ldap_connect("ldaps://{$auth['server']}/"); and
> >> >> then there might be a few others in authmethods/ldapauth.php. so
> >> >> just change ldaps:// to ldap://
> >> >>
> >> >> David DeMizio
> >> >> /Academic Systems Coordinator/
> >> >> Office of Information Technology
> >> >> New College of Florida
> >> >> Phone: 941-487-4222 | Fax: 941-487-4356
> >> >> www.ncf.edu <http://www.ncf.edu/>
> >> >>
> >> >>
> >> >> On Wed, Feb 19, 2014 at 2:25 PM, Mike Haudenschild
> >> >>
> >> >> <mike@longsight.com <ma...@longsight.com>> wrote:
> >> >> I'm attempting to bind VCL to an LDAP server that is NOT
> >> >> using SSL. Before I started the configuration process and
> >> >> tried to troubleshoot, I thought I would ask if this is even
> >> >> supported.
> >> >>
> >> >> Thanks very much,
> >> >> Mike
> >>
> >> --
> >
> > - --
> > - -------------------------------
> > Josh Thompson
> > VCL Developer
> > North Carolina State University
> >
> > my GPG/PGP key can be found at pgp.mit.edu
> >
> > All electronic mail messages in connection with State business which
> > are sent to or received by this account are subject to the NC Public
> > Records Law and may be disclosed to third parties.
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v2.0.22 (GNU/Linux)
> >
> > iEYEARECAAYFAlMUowEACgkQV/LQcNdtPQOpKACeK648IGA+FGCJXQsoVWbhK5ZT
> > 04AAn0PXU/9HINkZLNAJ4tcwFBfeFddQ
> > =MKhx
> > -----END PGP SIGNATURE-----
- --
- -------------------------------
Josh Thompson
VCL Developer
North Carolina State University
my GPG/PGP key can be found at pgp.mit.edu
All electronic mail messages in connection with State business which
are sent to or received by this account are subject to the NC Public
Records Law and may be disclosed to third parties.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iEYEARECAAYFAlMU4+YACgkQV/LQcNdtPQNogwCfcd+0cZYlbwNNKIW4GHpEwn5O
7FMAn1ZA7u1DlMW++CA7rytjXRqCJ0Bp
=SxbG
-----END PGP SIGNATURE-----
Re: LDAP without SSL
Posted by António Aragão <aa...@gmail.com>.
Hi Josh,
the binddn is: dc=di,dc=uminho,dc=pt
the attribute is: memberUid
Thanks.
2014-03-03 15:42 GMT+00:00 Josh Thompson <jo...@ncsu.edu>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> António,
>
> Sorry for the late response.
>
> What do you have set for binddn for your LDAP server? Also, what attribute
> are you searching on in LDAP?
>
> Josh
>
> On Thursday, February 27, 2014 11:01:49 AM António Aragão wrote:
>> I get this:
>>
>> Array
>> (
>> [count] => 1
>> [0] => Array
>> (
>> [count] => 0
>> [dn] => uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
>> )
>>
>> )
>>
>> But in LDAP server:
>>
>> dn: cn=alunos,ou=Groups,dc=di,dc=uminho,dc=pt
>> cn: alunos
>> gidNumber: 505
>> objectClass: posixGroup
>> objectClass: top
>> structuralObjectClass: posixGroup
>> entryUUID: a4050df8-298b-102d-9292-83a608533f73
>> creatorsName: cn=admin,dc=di,dc=uminho,dc=pt
>> createTimestamp: 20081008134915Z
>> memberUid: uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
>> memberUid: a12596
>> memberUid: uid=a12596
>> entryCSN: 20140227104950Z#000000#00#000000
>> modifiersName: cn=admin,dc=di,dc=uminho,dc=pt
>> modifyTimestamp: 20140227104950Z
>>
>> It appears that cannot find the group.
>>
>> Any clues ?
>>
>> Em 20-02-2014 13:49, David DeMizio escreveu:
>> > Have a look at this post, I think it's what you are referring to
>> >
>> > http://vcl.markmail.org/search/?q=ldap+groups#query:ldap%20groups+page:2+m
>> > id:y5s64fhipakutbkp+state:results
>> >
>> > David DeMizio
>> > /Academic Systems Coordinator/
>> > Office of Information Technology
>> > New College of Florida
>> > Phone: 941-487-4222 | Fax: 941-487-4356
>> > www.ncf.edu <http://www.ncf.edu/>
>> >
>> >
>> > On Thu, Feb 20, 2014 at 4:38 AM, António Aragão <aaragao@di.uminho.pt
>> >
>> > <ma...@di.uminho.pt>> wrote:
>> > Hello,
>> >
>> > i tested this changes and works. I was only unable to populate a
>> > group with LDAP users, does anyone have this problem ?
>> >
>> > Em 19-02-2014 19:37, David DeMizio escreveu:
>> >> Hello Mike,
>> >>
>> >> I believe it's possible but you will need to make some changes to
>> >> the code in the .htc-inc folders. I had it working before I
>> >> changed over to ldaps. first in authentication.php look for a
>> >> line like $ds = ldap_connect("ldaps://{$auth['server']}/"); and
>> >> then there might be a few others in authmethods/ldapauth.php. so
>> >> just change ldaps:// to ldap://
>> >>
>> >> David DeMizio
>> >> /Academic Systems Coordinator/
>> >> Office of Information Technology
>> >> New College of Florida
>> >> Phone: 941-487-4222 | Fax: 941-487-4356
>> >> www.ncf.edu <http://www.ncf.edu/>
>> >>
>> >>
>> >> On Wed, Feb 19, 2014 at 2:25 PM, Mike Haudenschild
>> >>
>> >> <mike@longsight.com <ma...@longsight.com>> wrote:
>> >> I'm attempting to bind VCL to an LDAP server that is NOT
>> >> using SSL. Before I started the configuration process and
>> >> tried to troubleshoot, I thought I would ask if this is even
>> >> supported.
>> >>
>> >> Thanks very much,
>> >> Mike
>>
>> --
> - --
> - -------------------------------
> Josh Thompson
> VCL Developer
> North Carolina State University
>
> my GPG/PGP key can be found at pgp.mit.edu
>
> All electronic mail messages in connection with State business which
> are sent to or received by this account are subject to the NC Public
> Records Law and may be disclosed to third parties.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (GNU/Linux)
>
> iEYEARECAAYFAlMUowEACgkQV/LQcNdtPQOpKACeK648IGA+FGCJXQsoVWbhK5ZT
> 04AAn0PXU/9HINkZLNAJ4tcwFBfeFddQ
> =MKhx
> -----END PGP SIGNATURE-----
>
Re: LDAP without SSL
Posted by Josh Thompson <jo...@ncsu.edu>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
António,
Sorry for the late response.
What do you have set for binddn for your LDAP server? Also, what attribute
are you searching on in LDAP?
Josh
On Thursday, February 27, 2014 11:01:49 AM António Aragão wrote:
> I get this:
>
> Array
> (
> [count] => 1
> [0] => Array
> (
> [count] => 0
> [dn] => uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
> )
>
> )
>
> But in LDAP server:
>
> dn: cn=alunos,ou=Groups,dc=di,dc=uminho,dc=pt
> cn: alunos
> gidNumber: 505
> objectClass: posixGroup
> objectClass: top
> structuralObjectClass: posixGroup
> entryUUID: a4050df8-298b-102d-9292-83a608533f73
> creatorsName: cn=admin,dc=di,dc=uminho,dc=pt
> createTimestamp: 20081008134915Z
> memberUid: uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
> memberUid: a12596
> memberUid: uid=a12596
> entryCSN: 20140227104950Z#000000#00#000000
> modifiersName: cn=admin,dc=di,dc=uminho,dc=pt
> modifyTimestamp: 20140227104950Z
>
> It appears that cannot find the group.
>
> Any clues ?
>
> Em 20-02-2014 13:49, David DeMizio escreveu:
> > Have a look at this post, I think it's what you are referring to
> >
> > http://vcl.markmail.org/search/?q=ldap+groups#query:ldap%20groups+page:2+m
> > id:y5s64fhipakutbkp+state:results
> >
> > David DeMizio
> > /Academic Systems Coordinator/
> > Office of Information Technology
> > New College of Florida
> > Phone: 941-487-4222 | Fax: 941-487-4356
> > www.ncf.edu <http://www.ncf.edu/>
> >
> >
> > On Thu, Feb 20, 2014 at 4:38 AM, António Aragão <aaragao@di.uminho.pt
> >
> > <ma...@di.uminho.pt>> wrote:
> > Hello,
> >
> > i tested this changes and works. I was only unable to populate a
> > group with LDAP users, does anyone have this problem ?
> >
> > Em 19-02-2014 19:37, David DeMizio escreveu:
> >> Hello Mike,
> >>
> >> I believe it's possible but you will need to make some changes to
> >> the code in the .htc-inc folders. I had it working before I
> >> changed over to ldaps. first in authentication.php look for a
> >> line like $ds = ldap_connect("ldaps://{$auth['server']}/"); and
> >> then there might be a few others in authmethods/ldapauth.php. so
> >> just change ldaps:// to ldap://
> >>
> >> David DeMizio
> >> /Academic Systems Coordinator/
> >> Office of Information Technology
> >> New College of Florida
> >> Phone: 941-487-4222 | Fax: 941-487-4356
> >> www.ncf.edu <http://www.ncf.edu/>
> >>
> >>
> >> On Wed, Feb 19, 2014 at 2:25 PM, Mike Haudenschild
> >>
> >> <mike@longsight.com <ma...@longsight.com>> wrote:
> >> I'm attempting to bind VCL to an LDAP server that is NOT
> >> using SSL. Before I started the configuration process and
> >> tried to troubleshoot, I thought I would ask if this is even
> >> supported.
> >>
> >> Thanks very much,
> >> Mike
>
> --
- --
- -------------------------------
Josh Thompson
VCL Developer
North Carolina State University
my GPG/PGP key can be found at pgp.mit.edu
All electronic mail messages in connection with State business which
are sent to or received by this account are subject to the NC Public
Records Law and may be disclosed to third parties.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iEYEARECAAYFAlMUowEACgkQV/LQcNdtPQOpKACeK648IGA+FGCJXQsoVWbhK5ZT
04AAn0PXU/9HINkZLNAJ4tcwFBfeFddQ
=MKhx
-----END PGP SIGNATURE-----
Re: LDAP without SSL
Posted by António Aragão <aa...@di.uminho.pt>.
I get this:
Array
(
[count] => 1
[0] => Array
(
[count] => 0
[dn] => uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
)
)
But in LDAP server:
dn: cn=alunos,ou=Groups,dc=di,dc=uminho,dc=pt
cn: alunos
gidNumber: 505
objectClass: posixGroup
objectClass: top
structuralObjectClass: posixGroup
entryUUID: a4050df8-298b-102d-9292-83a608533f73
creatorsName: cn=admin,dc=di,dc=uminho,dc=pt
createTimestamp: 20081008134915Z
memberUid: uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
memberUid: a12596
memberUid: uid=a12596
entryCSN: 20140227104950Z#000000#00#000000
modifiersName: cn=admin,dc=di,dc=uminho,dc=pt
modifyTimestamp: 20140227104950Z
It appears that cannot find the group.
Any clues ?
Em 20-02-2014 13:49, David DeMizio escreveu:
> Have a look at this post, I think it's what you are referring to
>
> http://vcl.markmail.org/search/?q=ldap+groups#query:ldap%20groups+page:2+mid:y5s64fhipakutbkp+state:results
>
> David DeMizio
> /Academic Systems Coordinator/
> Office of Information Technology
> New College of Florida
> Phone: 941-487-4222 | Fax: 941-487-4356
> www.ncf.edu <http://www.ncf.edu/>
>
>
> On Thu, Feb 20, 2014 at 4:38 AM, António Aragão <aaragao@di.uminho.pt
> <ma...@di.uminho.pt>> wrote:
>
> Hello,
>
> i tested this changes and works. I was only unable to populate a
> group with LDAP users, does anyone have this problem ?
>
> Em 19-02-2014 19:37, David DeMizio escreveu:
>> Hello Mike,
>>
>> I believe it's possible but you will need to make some changes to
>> the code in the .htc-inc folders. I had it working before I
>> changed over to ldaps. first in authentication.php look for a
>> line like $ds = ldap_connect("ldaps://{$auth['server']}/"); and
>> then there might be a few others in authmethods/ldapauth.php. so
>> just change ldaps:// to ldap://
>>
>> David DeMizio
>> /Academic Systems Coordinator/
>> Office of Information Technology
>> New College of Florida
>> Phone: 941-487-4222 | Fax: 941-487-4356
>> www.ncf.edu <http://www.ncf.edu/>
>>
>>
>> On Wed, Feb 19, 2014 at 2:25 PM, Mike Haudenschild
>> <mike@longsight.com <ma...@longsight.com>> wrote:
>>
>> I'm attempting to bind VCL to an LDAP server that is NOT
>> using SSL. Before I started the configuration process and
>> tried to troubleshoot, I thought I would ask if this is even
>> supported.
>>
>> Thanks very much,
>> Mike
>>
>>
>
> --
>
>
--
Re: LDAP without SSL
Posted by David DeMizio <dd...@ncf.edu>.
Have a look at this post, I think it's what you are referring to
http://vcl.markmail.org/search/?q=ldap+groups#query:ldap
%20groups+page:2+mid:y5s64fhipakutbkp+state:results
David DeMizio
*Academic Systems Coordinator*
Office of Information Technology
New College of Florida
Phone: 941-487-4222 | Fax: 941-487-4356
www.ncf.edu
On Thu, Feb 20, 2014 at 4:38 AM, António Aragão <aa...@di.uminho.pt>wrote:
> Hello,
>
> i tested this changes and works. I was only unable to populate a group
> with LDAP users, does anyone have this problem ?
>
> Em 19-02-2014 19:37, David DeMizio escreveu:
>
> Hello Mike,
>
> I believe it's possible but you will need to make some changes to the
> code in the .htc-inc folders. I had it working before I changed over to
> ldaps. first in authentication.php look for a line like $ds = ldap
> _connect("ldaps://{$auth['server']}/"); and then there might be a few
> others in authmethods/ldapauth.php. so just change ldaps:// to ldap://
>
> David DeMizio
> *Academic Systems Coordinator*
> Office of Information Technology
> New College of Florida
> Phone: 941-487-4222 | Fax: 941-487-4356
> www.ncf.edu
>
>
> On Wed, Feb 19, 2014 at 2:25 PM, Mike Haudenschild <mi...@longsight.com>wrote:
>
>> I'm attempting to bind VCL to an LDAP server that is NOT using SSL.
>> Before I started the configuration process and tried to troubleshoot, I
>> thought I would ask if this is even supported.
>>
>> Thanks very much,
>> Mike
>>
>
>
> --
>
Re: LDAP without SSL
Posted by António Aragão <aa...@di.uminho.pt>.
Hello,
i tested this changes and works. I was only unable to populate a group
with LDAP users, does anyone have this problem ?
Em 19-02-2014 19:37, David DeMizio escreveu:
> Hello Mike,
>
> I believe it's possible but you will need to make some changes to the
> code in the .htc-inc folders. I had it working before I changed over
> to ldaps. first in authentication.php look for a line like $ds =
> ldap_connect("ldaps://{$auth['server']}/"); and then there might be a
> few others in authmethods/ldapauth.php. so just change ldaps:// to ldap://
>
> David DeMizio
> /Academic Systems Coordinator/
> Office of Information Technology
> New College of Florida
> Phone: 941-487-4222 | Fax: 941-487-4356
> www.ncf.edu <http://www.ncf.edu/>
>
>
> On Wed, Feb 19, 2014 at 2:25 PM, Mike Haudenschild <mike@longsight.com
> <ma...@longsight.com>> wrote:
>
> I'm attempting to bind VCL to an LDAP server that is NOT using
> SSL. Before I started the configuration process and tried to
> troubleshoot, I thought I would ask if this is even supported.
>
> Thanks very much,
> Mike
>
>
--
Re: LDAP without SSL
Posted by David DeMizio <dd...@ncf.edu>.
Hello Mike,
I believe it's possible but you will need to make some changes to the code
in the .htc-inc folders. I had it working before I changed over to ldaps.
first in authentication.php look for a line like $ds = ldap_connect("ldaps
://{$auth['server']}/"); and then there might be a few others in authmethods
/ldapauth.php. so just change ldaps:// to ldap://
David DeMizio
*Academic Systems Coordinator*
Office of Information Technology
New College of Florida
Phone: 941-487-4222 | Fax: 941-487-4356
www.ncf.edu
On Wed, Feb 19, 2014 at 2:25 PM, Mike Haudenschild <mi...@longsight.com>wrote:
> I'm attempting to bind VCL to an LDAP server that is NOT using SSL.
> Before I started the configuration process and tried to troubleshoot, I
> thought I would ask if this is even supported.
>
> Thanks very much,
> Mike
>