LDAP Plugin with openLDAP


  • Moderator

    @Fernando-Gietz said in LDAP Plugin with openLDAP:

    |(name=dsp))(memberuid=uid=dsptest

    The issue is with this bit of the query syntax.

    We are doing an or between ‘(name=dsp)’ ad ‘)’ There is a missing parameter the other part of the or test or there is an extra ‘)’ in that syntax. I really need to count opening and closing parentheses here, but my gut feeling is its wrong. As well as the ‘memberuid=uid=dsptest’ test. I haven’t had time to see what changed in the ldap auth module but I’m a bit surprised that it authenticates AD since AD is really picky on the query syntax.

    I’m pretty sure when Tom was debugging my code he was testing against an OpenLDAP server in his dev environment.


  • Developer

    You can see the code in /var/www/[html/]fog/lib/plugin/ldap/class/ldap.class.php
    functions: authLDAP() and _getAccessLevel()


  • Developer

    I knew the plugin XD but @Tom-Elliott and @george1421 made a lot of changes to give support to active directory.

    The connection to the openLDAP server works fine but the problem is when the script try to know if the user belong to the admin group.

    Well, I am seeing the code and the problem is that the value of $accessLevel variable is 0. The possible values of this variable is:

         * Sets our default accessLevel to 0.
         * 0 = fail
         * 1 = mobile
         * 2 = admin
    

    If dsp user is in the admin group then the script returns 2.

    This variable changes his value when the code calls to _getAccessLevel($grpMemAttr, $userDN) function, I can suppose that the values of $grpMemAttr and $userDN are:
    $grpMemAttr = memberuid
    $userDN = uid=dsptest,ou=Users,dc=example,dc=com

    With this, the code returns 0 result because the user is not in the admin group or not find nothing with the filter:

    (&(|(name=dsp))(memberuid=uid=dsptest,ou=Users,dc=example,dc=com)); Result: 0

    As you don’t have setup the mobile group the next filter:
    (&(|(name=))(memberuid=uid=dsptest,ou=Users,dc=example,dc=com)); Result: 0
    Then the code returns $accessLevel = 0. if the user is not in the admin group or in the mobile group then the user don’t have access.


  • Developer

    @Fernando-Gietz knows the LDAP plugin best! :-)


Log in to reply
 

324
Online

6.1k
Users

13.5k
Topics

127.2k
Posts