Home
Re:Inscription par requêtes LDAP (1 viewing) (1) Guest
Favoured: 0
|
|
|
TOPIC: Re:Inscription par requêtes LDAP
|
taltos (Visitor)
Fresh Lemon
Posts: 11
|
|
Re:Inscription par requêtes LDAP 9 Months, 2 Weeks ago
|
Karma: 0
|
voila... comme l'erreur semble faire reference au type de recherche "sub" "one" ou "base" j'ai modifié le reglage dans config-ldap pour essayer les 3 types de recherche j'ai la meme erreur a chaque fois (juste le numero de ligne qui change
| Code: |
<?php
$serverId=0;
$ldap_server[$serverId]['server'] = "172.10.1.1";
$ldap_server[$serverId]['port'] = "389";
$ldap_server[$serverId]['protoversion'] = "ldapv3";
$ldap_server[$serverId]['encrypt'] = "none";
$ldap_server[$serverId]['referrals'] = false;
$query_id=0;
$ldap_queries[$query_id]['ldapServerId'] = 0;
$ldap_queries[$query_id]['name'] = 'Staff with an enabled account';
$ldap_queries[$query_id]['userbase'] = 'ou=user,dc=domain,dc=fr';
$ldap_queries[$query_id]['userfilter'] = '(&(objectCategory=Person)(objectClass=user)(!(userAccountControl=514)))';
$ldap_queries[$query_id]['userscope'] = 'sub';
$ldap_queries[$query_id]['firstname_attr'] = 'givenname';
$ldap_queries[$query_id]['lastname_attr'] = 'sn';
$ldap_queries[$query_id]['email_attr'] = 'mail';
$query_id++;
$ldap_queries[$query_id]['ldapServerId'] = 0;
$ldap_queries[$query_id]['name'] = 'Administrator group';
$ldap_queries[$query_id]['groupbase'] = 'ou=groups,dc=mycompany,dc=org';
$ldap_queries[$query_id]['groupfilter'] = '(&(objectClass=groupOfNames)(cn=AdministratorGroup))';
$ldap_queries[$query_id]['groupscope'] = 'sub';
$ldap_queries[$query_id]['groupmemberattr'] = 'member';
$ldap_queries[$query_id]['groupmemberisdn'] = true;
$ldap_queries[$query_id]['userbase'] = 'ou=users,dc=mycompany,dc=org';
$ldap_queries[$query_id]['userfilter'] = '(account-status=enabled)';
$ldap_queries[$query_id]['userscope'] = 'sub';
$ldap_queries[$query_id]['firstname_attr'] = 'givenname';
$ldap_queries[$query_id]['lastname_attr'] = 'sn';
$ldap_queries[$query_id]['email_attr'] = 'mail';
$ldap_queries[$query_id]['token_attr'] = ''; // Leave empty for Auto Token generation bu phpsv
$ldap_queries[$query_id]['language'] = '';
$ldap_queries[$query_id]['attr1'] = '';
$ldap_queries[$query_id]['attr2'] = '';
$query_id++;
$ldap_queries[$query_id]['ldapServerId'] = 0;
$ldap_queries[$query_id]['name'] = 'Admins via POSIXGroups';
$ldap_queries[$query_id]['groupbase'] = 'ou=group,dc=mycompany,dc=org';
$ldap_queries[$query_id]['groupfilter'] = '(&(cn=admins)(objectclass=posixgroup))';
$ldap_queries[$query_id]['groupscope'] = 'sub';
$ldap_queries[$query_id]['groupmemberattr'] = 'memberuid';
$ldap_queries[$query_id]['groupmemberisdn'] = FALSE;
$ldap_queries[$query_id]['useridattr'] = 'uid';
$ldap_queries[$query_id]['userbase'] = 'ou=people,dc=mycompany,dc=org';
$ldap_queries[$query_id]['userfilter'] = '(objectclass=*)';
$ldap_queries[$query_id]['userscope'] = 'sub';
$ldap_queries[$query_id]['firstname_attr'] = 'givenname';
$ldap_queries[$query_id]['lastname_attr'] = 'sn';
$ldap_queries[$query_id]['email_attr'] = 'mail';
$ldap_queries[$query_id]['token_attr'] = ''; // Leave empty for Auto Token generation bu phpsv
$ldap_queries[$query_id]['language'] = '';
$ldap_queries[$query_id]['attr1'] = '';
$ldap_queries[$query_id]['attr2'] = '';
require_once(dirname(__FILE__).'/ldap-functions.php');
?>
|
Merci de votre aide |
|
|
|
 Logged
|
|
|
Last Edit: 2008/02/21 09:18 By .
|
|
|
The administrator has disabled public write access.
|
lemeur (Admin)
LimeSurvey Team
Posts: 316
|
|
Re:Inscription par requêtes LDAP 9 Months, 2 Weeks ago
|
Karma: 10
|
Je ne suis pas un expert en Active Directory, mais il me semble que votre configuration en suit toujours pas les recommandations de la FAQ
$ldap_server[$serverId]]['protoversion']] = "ldapv2";
Vous avez ldapv3
$ldap_queries[$query_id]['userbase'] = 'ou=user,dc=domain,dc=fr'
C'est vraiement votre domaine Windows ?
En fait je pense que vous devriez plutot utiliser:
$ldap_queries[$query_id]['userbase'] = 'cn=users,dc=domain,dc=fr' |
|
|
|
Logged
|
|
|
The administrator has disabled public write access.
|
taltos (Visitor)
Fresh Lemon
Posts: 11
|
|
Re:Inscription par requêtes LDAP 9 Months, 2 Weeks ago
|
Karma: 0
|
tututut vous m'avez quand meme l'air calé ^^
il se trouve que j'ai sur le meme serveur linux, la derniere version de joomla. celle -ci gere en natif l'interfacage avec AD.
joomla me demande les infos suivantes:
| Code: |
Hôte 172.10.1.1
Port 389
LDAP V3 Oui
Négociation TLS Non
Ne pas suivre les référents. Non
Méthode d'autorisation attaache directement
Nom distingué de base (DN) OU=services,DC=entreprise,DC=fr
Requête de recherche sAMAccountName=[search]
Nom distingué des Utilisateurs (conteneur) (Noms absolus) [username]@entreprise.fr
Utilisateur pour la connexion vide
Mot de passe pour la connexion vide
Map: Nom complet displayName
Map: Email mail
Map: ID utilisateur sAMAccountName
|
et mon interfacage fonctionne a merveille
j'ai essayé ldapv2 par acqui de conscience mais cela ne change rien...
par ailleur vous remarquerez que lime me dit
| Code: |
Succès
0 enregistrements créés
|
comme si il laissait sous entendre que la connexion a l'annuaire fonctionnait bien ...
par ailleur j'ai ce poste la qui evoque le meme probleme que le mien:
www.limesurvey.org/component/option,com_...atid,1/lang,en/#6566
enfin j'ai essayé en réalité chez moi c'est 'ou=services,dc=xxx,dc=fr'
merci de ton aide ! |
|
|
|
Logged
|
|
|
Last Edit: 2008/02/21 10:12 By .
|
|
|
The administrator has disabled public write access.
|
lemeur (Admin)
LimeSurvey Team
Posts: 316
|
|
Re:Inscription par requêtes LDAP 9 Months, 2 Weeks ago
|
Karma: 10
|
Avant d'aller plus loin je voudrais que la strucutre de l'annuaire et le binding soientt vérifiés avec un outil du type Ldap Explorer:
* bien configurer le serveur exactement comme c'est fait dans LS
* configurer le même compte pour se binder
* explorer la structure (particulièrement ou=services).
Merci de faire ce test et de commenter les résultats. |
|
|
|
Logged
|
|
|
The administrator has disabled public write access.
|
taltos (Visitor)
Fresh Lemon
Posts: 11
|
|
Re:Inscription par requêtes LDAP 9 Months, 2 Weeks ago
|
Karma: 0
|
j'suis encore la hein ?!! 
mais je galere sec 
bien j'ai en premier trouvé un outils:
webscripts.softpedia.com/script/File-Man...Explorer--29346.html
avec lui (il suffit de le lancer et de mettre l'ip de mon serveur AD, j'explore toute mon arborescence cf l'image pour le prouver)
edit: arf pas possible d'uploader des jpg..
www.picturepush.com/public/428695
avec ladp explorer (installé sur mon winxp - j'ai pas d'interface graphique sur mon serveur lime)
j'ai que des soucis vieux messages d'erreurs etc... j'arrive bien a voir des trucs qui proviennet de mon ad mais j'suis un peu dépassé....
www.picturepush.com/public/428696 |
|
|
|
Logged
|
|
|
Last Edit: 2008/02/21 14:31 By .
|
|
|
The administrator has disabled public write access.
|
lemeur (Admin)
LimeSurvey Team
Posts: 316
|
|
Re:Inscription par requêtes LDAP 9 Months, 2 Weeks ago
|
Karma: 10
|
|
J'ai fait un essai avec un AD.
La connexion en bind anonyme ne fonctionne pas. Vous DEVEZ donc donner un bindn et un bindpw
Le fonctionnement de Joomla est différetn: je suppose qu'il ne fait qu'une authentification sur l'annuaire et qu'il ne récupère pas les données ??
Pouvez-vous faire un test en ajoutant un compte valide sur l'AD.
|
|
|
|
Logged
|
|
|
The administrator has disabled public write access.
|
taltos (Visitor)
Fresh Lemon
Posts: 11
|
|
Re:Inscription par requêtes LDAP 9 Months, 2 Weeks ago
|
Karma: 0
|
j'ai un peu honte de vous prendre autant de temps
bon j'ai créé un user ds mon ad et lui ait donné les droit de lecture sur l'ad
avec les 2 browser ldap j'arrive a parcourir mon annuaire
lorsque j'edit le config-ldap en mettant mon user et un faux mot de passe j'ai comme réponse de lime:
Erreur: Ne peut se lier à l'annuaire LDAP
si je met le bon mot de passe je retombe exactement sur le meme message d'erreur qu'au début
bref je suis pas plus avancé ^^
j'espere que tu a encore un peu de temps et des idées  |
|
|
|
Logged
|
|
|
The administrator has disabled public write access.
|
BOYEAU (User)
Fresh Lemon
Posts: 3
|
|
Re:Inscription par requêtes LDAP 6 Months, 3 Weeks ago
|
Karma: 0
|
|
bonjour,
avez-vous des nouvelles pour ce problème,
car j'ai aussi le même soucis
d'avance merci de votre réponse
Cordialement
py
|
|
|
|
Logged
|
|
|
The administrator has disabled public write access.
|
taltos (Visitor)
Fresh Lemon
Posts: 11
|
|
Re:Inscription par requêtes LDAP 6 Months, 3 Weeks ago
|
Karma: 0
|
voila mon config-ldap.php
| Code: |
<?php
/*
* LimeSurvey
* Copyright (C) 2007 The LimeSurvey Project Team / Carsten Schmitz
* All rights reserved.
* License: GNU/GPL License v2 or later, see LICENSE.php
* LimeSurvey is free software. This version may have been modified pursuant
* to the GNU General Public License, and as distributed it includes or
* is derivative of works licensed under the GNU General Public License or
* other free or open source software licenses.
* See COPYRIGHT.php for copyright notices and details.
*
* $Id: config-ldap.php 3614 2007-11-09 20:11:32Z leochaton $
*/
/*********** LDAP Parameters and Functions ***********************
*
* - First define your ldap servers and remember the serverId
* - Then define your ldap_query and 'attach' it to the serverId
******************************************************************/
/*********************************************/
/* LDAP servers */
/*********************************************/
$serverId=0;
// Define the server DNS name or IP Address
// If encryption is enabled, make sure the name given here
// corresponds to the certificate's identity
$ldap_server[$serverId]['server'] = "IP serveur AD";
// Define the TCP port on which the LDAP server is listenning
// This should be 389 for standard LDAP servers
// or 686 for standard LDAPS connections
$ldap_server[$serverId]['port'] = "389";
// Define the ldap protocol to use
// 'ldapv2' and 'ldapv3' are supported
$ldap_server[$serverId]['protoversion'] = "ldapv3";
// Define the encryption method to use
// 'ldaps' is supported for 'ldapv2' servers
// 'start-tls' is supproted for 'ldapv3' servers
// 'none' is supproted for no encryption at all
// Don't forget to setup your CA's certificate in
// the openldap ldap.conf file
$ldap_server[$serverId]['encrypt'] = "none";
// Define the referral option
// 'false' is recommended for ActiveDirectory servers
$ldap_server[$serverId]['referrals'] = false;
// Define the authentication used to bind to the directory
// We currently support simple authentication
// If anonymous bind must be performed, comment the following two lines
$ldap_server[$serverId]['binddn'] = "cn=administrateur,cn=users,dc=entrepirse,dc=fr";
$ldap_server[$serverId]['bindpw'] = "password";
/********* Copy for more definitions *****
// $serverId++;
// $ldap_server[$serverId]['server'] = "IP serveur";
// $ldap_server[$serverId]['port'] = "389";
// $ldap_server[$serverId]['protoversion'] = "ldapv3";
// $ldap_server[$serverId]['encrypt'] = "none";
// $ldap_server[$serverId]['referrals'] = false;
// $ldap_server[$serverId]['binddn'] = "uid=administrateur,ou=users,dc=entreprise,dc=fr";
// $ldap_server[$serverId]['bindpw'] = "password";
*****************************************/
/**********************************************************************/
/* Predefined Queries for Token Imports */
/* */
/* This sample query definition is just an fake template: do not */
/* expect it to do something intelligent on your directory */
/* Instead have a look at the online documentation: */
/* - Section Installation, paragraph LDAP_Settings */
/* And for Active Directory tips: */
/* - Section Installation FAQ, paragraph */
/* How_do_I_configure_LDAP_settings_to_work_with_Active_Directory_ */
/**********************************************************************/
$query_id=0;
// First define the serverId on which you want to run the query
$ldap_queries[$query_id]['ldapServerId'] = 0;
// Give a name that will appear on the user interface
$ldap_queries[$query_id]['name'] = 'Utilisateurs de l'entreprise';
// Define the ldap base used for user searches
$ldap_queries[$query_id]['userbase'] = 'ou=services,dc=entreprise,dc=fr';
// $ldap_queries[$query_id]['userbase'] = 'ou=users,dc=entreprise,dc=fr';
// Define the user filter to apply
// Must begin with '(' and end with ')'
$ldap_queries[$query_id]['userfilter'] = '(&(objectCategory=Person)(objectClass=user)(!(email=*))(!(userAccountControl=514)))';
// $ldap_queries[$query_id]['userfilter'] = '(objectClass=samaccountname)';
// Define how deep under the userbase you want to search
// 'sub' means: search on the entire subtree
// 'one' means: only search 1 level under the userbase
// 'base' means: only search the userbase DN entry
$ldap_queries[$query_id]['userscope'] = 'sub';
// Define the user's attribute that provides the firstname
// do not use capital letters in the attribute name
// for instance use 'givenname' and not 'givenName'
$ldap_queries[$query_id]['firstname_attr'] = 'givenname';
// Give the user's attribute that provides the lastname
// do not use capital letters in the attribute name
$ldap_queries[$query_id]['lastname_attr'] = 'sn';
// Give the user's attribute that provides the email address
// do not use capital letters in the attribute name
// If multivalued, only the first entry is read
$ldap_queries[$query_id]['email_attr'] = 'mail';
// Optionnally give the user's attributes that provides the
// token, language, attr1 and attr2 piece of information
// do not use capital letters in the attribute name
// if unused, leave empty or comment the lines
//$ldap_queries[$query_id]['token_attr'] = ''; // Leave empty for Auto Token generation bu phpsv
//$ldap_queries[$query_id]['language'] = '';
//$ldap_queries[$query_id]['attr1'] = '';
//$ldap_queries[$query_id]['attr2'] = '';
/********** Other queries examples ********************/
// This query is an example of a group search in which group members are DNs
// The query runs in two steps:
// 1- Look for user candidates matching the group filter part
// 2- Then, Apply a user filter to user candidates found in step 1
$query_id++;
$ldap_queries[$query_id]['ldapServerId'] = 0;
$ldap_queries[$query_id]['name'] = 'Administrator group';
// Define a group filter (base, filter, scope)
$ldap_queries[$query_id]['groupbase'] = 'ou=groups,dc=mycompany,dc=org';
$ldap_queries[$query_id]['groupfilter'] = '(&(objectClass=groupOfNames)(cn=AdministratorGroup))';
$ldap_queries[$query_id]['groupscope'] = 'sub';
// Define which group's attribute is used to get users' Ids
$ldap_queries[$query_id]['groupmemberattr'] = 'member';
// Define if the groupmemberattr contains users's DNs or NOT
$ldap_queries[$query_id]['groupmemberisdn'] = true;
// Optionnally you can complete the group query with an additionnal
// user filter that will be applied to the user's found by the group search
// Comment the userbase, userfilter, and userscope lines
// if you don't use this extra filter.
$ldap_queries[$query_id]['userbase'] = 'ou=users,dc=mycompany,dc=org';
$ldap_queries[$query_id]['userfilter'] = '(account-status=enabled)';
$ldap_queries[$query_id]['userscope'] = 'sub';
$ldap_queries[$query_id]['firstname_attr'] = 'givenname';
$ldap_queries[$query_id]['lastname_attr'] = 'sn';
$ldap_queries[$query_id]['email_attr'] = 'mail';
$ldap_queries[$query_id]['token_attr'] = ''; // Leave empty for Auto Token generation bu phpsv
$ldap_queries[$query_id]['language'] = '';
$ldap_queries[$query_id]['attr1'] = '';
$ldap_queries[$query_id]['attr2'] = '';
// This query is an example of a group search in which group members are UIDs
// an additionnal user filter is applied to a already found users
$query_id++;
$ldap_queries[$query_id]['ldapServerId'] = 0;
$ldap_queries[$query_id]['name'] = 'Admins via POSIXGroups';
$ldap_queries[$query_id]['groupbase'] = 'ou=group,dc=mycompany,dc=org';
$ldap_queries[$query_id]['groupfilter'] = '(&(cn=admins)(objectclass=posixgroup))';
$ldap_queries[$query_id]['groupscope'] = 'sub';
// Define which attribute within the group entry contains users' IDs
$ldap_queries[$query_id]['groupmemberattr'] = 'memberuid';
// Declare that groupmemberattr contains users' IDs and not DNs
$ldap_queries[$query_id]['groupmemberisdn'] = FALSE;
// Give the name of the attribute in the user entry that matches the
// 'groupmemberattr' value
$ldap_queries[$query_id]['useridattr'] = 'uid';
// Give the base DN used to search the users based on the users' IDs
$ldap_queries[$query_id]['userbase'] = 'ou=people,dc=mycompany,dc=org';
// Optionnally give an additionnal filter to filter users
$ldap_queries[$query_id]['userfilter'] = '(objectclass=*)';
$ldap_queries[$query_id]['userscope'] = 'sub';
$ldap_queries[$query_id]['firstname_attr'] = 'givenname';
$ldap_queries[$query_id]['lastname_attr'] = 'sn';
$ldap_queries[$query_id]['email_attr'] = 'mail';
$ldap_queries[$query_id]['token_attr'] = ''; // Leave empty for Auto Token generation bu phpsv
$ldap_queries[$query_id]['language'] = '';
$ldap_queries[$query_id]['attr1'] = '';
$ldap_queries[$query_id]['attr2'] = '';
/********
$query_id++;
//Copy previous definition lines
********/
//DO NOT CHANGE BELOW HERE --------------------
require_once(dirname(__FILE__).'/ldap-functions.php');
?>
en esperant que cela te serve
|
|
|
|
|
Logged
|
|
|
Last Edit: 2008/05/14 15:45 By .
|
|
|
The administrator has disabled public write access.
|
|
 |
|
|
