Forum: open-discussion

Monitor Forum | Start New Thread Start New Thread
RE: plugin auth_ldap on a fresh jessie install [ Reply ]
By: Laurent Bardi on 2016-04-29 14:44
[forum:916]
ok i ve tests more and found :-}

i must have "use shell = no" because the account exists in local database AND in LDAP database ... so it conflict.

the tests are in /usr/share/fusionforge/common/include/account.php on lines

if (forge_get_config('use_shell') && $check_exists) {
if (exec("getent passwd $name") != "" ){
$GLOBALS['register_error'] = _('That username already exists.');
return false;
}


RE: plugin auth_ldap on a fresh jessie install [ Reply ]
By: Franck Villaume on 2016-04-28 15:09
[forum:909]

The AuthLDAP authentification workflow is:
- checkAuthentification
- if user does not exist in FusionForge database then
=> create user in FusionForge database
- if user exists
=> create the session in the database.

Unfortunately the debug of that plugin is not that easy.
Check if your user created in the FusionForge database? If not, something goes wrong during the creation of the user.



plugin auth_ldap on a fresh jessie install [ Reply ]
By: Laurent Bardi on 2016-04-28 13:25
[forum:907]
Version is fusionforge 6.0.3+20151023-1~bpo8+1; when i try to log it redirect to the base page and i am not connected.
I try to authenticate against and active directory. Everything seems fine, apart this.

In order to see if the auth is good i ve modified the file /usr/share/fusionforge/plugins/authldap/www/post-login.php for printing walues and all are good
(i ve added $warning_msg = "StartSession OK".$return_to; on line 83 ; and it print on the page "StartSessionOk /")

here is my /etc/fusionforge/config.ini.d/authldap.ini file

[authldap]

; Current authldap is to be validate by developers
; plugin_status is a string.
; valid means : production ready.
; Any other strings means it's under work or broken and plugin
; is available in installation_environment = development only.
plugin_status = valid

; By default, LDAP is enough to log in
required = no
sufficient = yes

; Allowed values: never, user-creation, login, every-page
sync_data_on = never

; LDAP parameters
ldap_server = ad.bureau.ipbs.fr
ldap_port = 389
ldap_version = 3
; Uncomment the following line if you use Active Directory as LDAP server
ldap_opt_referrals = 0
start_tls = no
base_dn = "ou=people,ou=ipbs,ou=sophie,dc=bureau,dc=ipbs,dc=fr"
; Comma-separated list of usernames
manager_dn = '<masqued>'
manager_password = '<masqued>'

; LDAP attributes mapping for data sync
; Comma-separated list of fusionforgefield=ldapfield
; the ldapfield MUST be in lower case
; Available values for fusionforgefield:
; email, firstname, lastname, username, phone, address, md5_password, unix_password
mapping = "username=cn,firstname=givenname,lastname=sn,email=mail,phone=telephonenumber"


Is there a misconfig from me ?