Check out the LimeSurvey source code on GitHub!

LDAP authentication in LS 2.00+

4 years 5 months ago #86212 by rolando_isidoro
Hi,

I've been using a LS 1.92 setup with LDAP authentication via web server for sometime now. So far everything worked fine by using the instructions in the LS LDAP settings wiki article .

I'm now in the process of testing the LS 2.00+ upgrade and noticed the config files have suffered some changes, which means the LDAP settings require some changes too.

I've been debugging the source code and asked for help in the #limesurvey IRC channel (nickname gerundio) for a few days but still wasn't able to come up with a solution.

Thanks in advance for anyone who can help me out on this,
Rolando Isidoro

Please Log in to join the conversation.

4 years 5 months ago #86215 by Mazi
I will try to point our Limesurvey 1.x LDAP expert to this but I'm not sure if he will be able to help.


Best regards/Beste Grüße,
Dr. Marcel Minke
(Limesurvey Head of Support)
Need Help? We offer professional Limesurvey support
Contact: marcel.minke(at)survey-consulting.com'"

Please Log in to join the conversation.

4 years 5 months ago #86218 by lemeur

rolando_isidoro wrote: LDAP authentication via web server


Hi,
Just to be sure, are you talking about either:
1- Delegating authentication for the LS admin GUI to your WebServer (using for instance mod_authnz_LDAP)
2- Or, configuring LS to use LDAP to import tokens in order to manage participants ?

Thibault

Please Log in to join the conversation.

4 years 5 months ago #86220 by rolando_isidoro
Hi,

I meant door #1 - Delegating authentication for the LS admin GUI to your WebServer (using for instance mod_authnz_LDAP).

Rolando Isidoro

Please Log in to join the conversation.

4 years 4 months ago #86349 by rolando_isidoro
Hi, just a little update on this topic.

I've spent some more time looking into the source code trying to figure out how to make this to work in the new version, but I'm realizing it just isn't possible yet.

I performed a grep on LS 1.92 source code and found references to the useWebserverAuth setting in the following files:
  • admin/usercontrol.php
  • common_functions.php
  • config.php
  • config-defaults.php

I made the same search on LS 2.00+ source code and this was the result:
  • application/config/config-defaults.php
  • application/controllers/admin/useraction.php

A closer look at the source code shows that the reference in the useraction.php is just related to whether or not to send an email upon a user creation.

Mazi, lemeur, any new thoughts on this?

Thanks in advance,
Rolando Isidoro

Please Log in to join the conversation.

4 years 4 months ago #86695 by chinaski01
I'm using LDAP authorization as well in a 1.9+ setup (web server handles authentication).I won't be able to migrate unless this piece of the puzzle works in v 2+.

Please Log in to join the conversation.

4 years 4 months ago #87233 by hermann
Hello Everyone

Sorry Rolando I cannot help you with that but I want to confirm this problem: When installing LimeSurvey I decided to take the 2.00+ Version. But now I am quite surprised to find useWebserverauth not working! I did the same as you did (searching the code for useWebserverauth and found the same as you did)...

Do I really have to downgrade to below 2.0 to get this feature?
Or may I be able to port the working implentation in 1.9 to 2.0?

Greetings
Hermann

Please Log in to join the conversation.

4 years 4 months ago #87367 by mdekker
Could you please add this to our bug tracker and put a link to this topic in the Bugtracker (and maybe put a link here to the relevant bug) so it won't get lost?

---
Menno Dekker

Please Log in to join the conversation.

4 years 2 months ago #89958 by nicktruch
Any update concerning this topic ? How can we move on ?

Can somebody in LimeSurvey team can give us some clues so that we can get organized and maybe find a solution : developing a patch, doing some testing ... ?

Nicolas

PS. Did somebody add this to bug tracker as mdekker asked ?

Please Log in to join the conversation.

4 years 2 months ago - 4 years 2 months ago #89978 by mdekker
EDIT:
It seems all is related to web auth and that has serval bugs (all closed)

bugs.limesurvey.org/view.php?id=7049
bugs.limesurvey.org/view.php?id=7021
bugs.limesurvey.org/view.php?id=6938
bugs.limesurvey.org/view.php?id=6871
bugs.limesurvey.org/view.php?id=6828

If still an issue, feel free to open a new ticket in our Bugtracker.

---
Menno Dekker

Please Log in to join the conversation.

4 years 2 months ago #89983 by nicktruch
No as far as you need to configure LS to use LDAP to import tokens in order to manage participants, it works fine. I think it was better to have the possibility to have a field to write your own 'userfilter' (like in v1.98), but it works !

I didn't check the authentication delegation for the LS admin GUI to our WebServer.

Thanks for your help.

Please Log in to join the conversation.

3 years 10 months ago #94553 by harnas1977
Hi,

Can anyone confirm that LS 2.00+ has working LDAP authentication?
I'm in particularly interested to authenticate admins against MS AD.

Thanks,
Maciej

Please Log in to join the conversation.

3 years 10 months ago #94559 by mdekker
At the moment this is not possible, but with the 2.05 beta that is just released you can write your own authentication plugin to handle loging in using LDAP. If you have the means to give that a try, please do so as we are still developing the plugin api and it helps to get feedback.

---
Menno Dekker

Please Log in to join the conversation.

3 years 10 months ago #94589 by DenisChenu
Maybe you can use:
An apache server with mod_auth_LDAP : httpd.apache.org/docs/2.0/mod/mod_auth_LDAP.html
and
use elegate Authentication to the Webserver : docs.limesurvey.org/Optional+settings#De...ion_to_the_Webserver

Denis

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand (or search sondages pro).

Please Log in to join the conversation.

3 years 8 months ago #96836 by atlet

mdekker wrote: At the moment this is not possible, but with the 2.05 beta that is just released you can write your own authentication plugin to handle loging in using LDAP. If you have the means to give that a try, please do so as we are still developing the plugin api and it helps to get feedback.


I also need to develop an authentication plugin. I looked at the documentation, and I can't find anything usable.

Where I put the plugin, where is the API, ...

Please Log in to join the conversation.

Imprint                   Privacy policy         General Terms & Conditions         Revocation information and revocation form