Forum: open-discussion
Monitor Forum | Start New ThreadBy: Laurent Bardi on 2016-04-29 14:44 | [forum:916] |
ok i ve tests more and found :-} i must have "use shell = no" because the account exists in local database AND in LDAP database ... so it conflict. the tests are in /usr/share/fusionforge/common/include/account.php on lines if (forge_get_config('use_shell') && $check_exists) { if (exec("getent passwd $name") != "" ){ $GLOBALS['register_error'] = _('That username already exists.'); return false; } |
By: Franck Villaume on 2016-04-28 15:09 | [forum:909] |
The AuthLDAP authentification workflow is: - checkAuthentification - if user does not exist in FusionForge database then => create user in FusionForge database - if user exists => create the session in the database. Unfortunately the debug of that plugin is not that easy. Check if your user created in the FusionForge database? If not, something goes wrong during the creation of the user. |
By: Laurent Bardi on 2016-04-28 13:25 | [forum:907] |
Version is fusionforge 6.0.3+20151023-1~bpo8+1; when i try to log it redirect to the base page and i am not connected. I try to authenticate against and active directory. Everything seems fine, apart this. In order to see if the auth is good i ve modified the file /usr/share/fusionforge/plugins/authldap/www/post-login.php for printing walues and all are good (i ve added $warning_msg = "StartSession OK".$return_to; on line 83 ; and it print on the page "StartSessionOk /") here is my /etc/fusionforge/config.ini.d/authldap.ini file [authldap] ; Current authldap is to be validate by developers ; plugin_status is a string. ; valid means : production ready. ; Any other strings means it's under work or broken and plugin ; is available in installation_environment = development only. plugin_status = valid ; By default, LDAP is enough to log in required = no sufficient = yes ; Allowed values: never, user-creation, login, every-page sync_data_on = never ; LDAP parameters ldap_server = ad.bureau.ipbs.fr ldap_port = 389 ldap_version = 3 ; Uncomment the following line if you use Active Directory as LDAP server ldap_opt_referrals = 0 start_tls = no base_dn = "ou=people,ou=ipbs,ou=sophie,dc=bureau,dc=ipbs,dc=fr" ; Comma-separated list of usernames manager_dn = '<masqued>' manager_password = '<masqued>' ; LDAP attributes mapping for data sync ; Comma-separated list of fusionforgefield=ldapfield ; the ldapfield MUST be in lower case ; Available values for fusionforgefield: ; email, firstname, lastname, username, phone, address, md5_password, unix_password mapping = "username=cn,firstname=givenname,lastname=sn,email=mail,phone=telephonenumber" Is there a misconfig from me ? |