LDAP-Authentication

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

LDAP-Authentication

Hanns Mattes
Hi,

as the subject says: I'm stuck with ldap-auth.

Distribution: Opensuse 11.1
Davical/awl: Latest *.rpm

So far, I've got davical up and running. Good.

My "users" are stored in a ldap-directory. Username (uid) is constructed like "[hidden email]"

My *.conf:

,----[ /etc/davical/myserver.conf ]
| <?php                                                  
| $c->pg_connect[] = "dbname=davical user=davical_app";
| $c->system_name = "Hannsis DAViCal CalDAV Server";
| $c->default_locale = "de_DE";                    
| $c->admin_email ='[hidden email]';                                    
| $c->collections_always_exist = false;                              
| $c->default_privileges = array('read-free-busy', 'schedule-query-freebusy');        
|
|
| /********************************/
| /*********** LDAP hook **********/
| /********************************/
|
| $c->authenticate_hook['call'] = 'LDAP_check';
| $c->authenticate_hook['config'] = array(
|    'host' => 'ldap://my.server.de',
|    'port' => '389',
|     'bindDN'=> 'cn=bla,dc=fasel,dc=bla',
|     'passDN'=> 'totalgeheim',
|     'protocolVersion' => '3', //Version of LDAP protocol to use
|     'baseDNUsers'=> 'ou=bla,dc=fasel,dc=foo',
|     'filterUsers' => 'objectClass=CourierMailAccount',
|     'mapping_field' => array("username" => "uid",
|                              "updated" => "modifyTimestamp",
|                              "fullname" => "cn" ,
|                              "email" =>"mail"
|                              ),
|     'format_updated'=> array('Y' => array(0,4),
|                              'm' => array(4,2),
|                              'd'=> array(6,2),
|                              'H' => array(8,2),
|                              'M'=>array(10,2),
|                              'S' => array(12,2)),
|     'startTLS' => 'yes',
| );
| include('drivers_ldap.php');
`----

According to http://wiki.davical.org/w/Configuration#Using_LDAP I think,
this settings should be working?

Login with a user in the ldap-Tree shows in /var/log/messages
(shortened) errors::

,----[ /var/log/messages ]
| Jan 15 00:45:24 mail httpd2-prefork: PHP Notice:  Use of undefined constant __LINE - assumed '__LINE' in /usr/share/davical/inc/auth-functions.php on line 97          
| Jan 15 00:45:24 mail httpd2-prefork: PHP Notice:  Use of undefined constant __LINE - assumed '__LINE' in /usr/share/davical/inc/auth-functions.php on line 103          
`----

Apache/php unhappy ... (and no, I'm not an Apache-Expert. My server
mainly is a mail-Server, and Apache was - mainly - set up to serve a
webmail-client to the mail-server)

I'm sure, I'm missing something obvious.

Any hints?[1]

Thanks

Hanns

Footnotes:
[1]  and I hope, someone will understand my imitation of "english"

------------------------------------------------------------------------------
Throughout its 18-year history, RSA Conference consistently attracts the
world's best and brightest in the field, creating opportunities for Conference
attendees to learn about information security's most important issues through
interactions with peers, luminaries and emerging and established companies.
http://p.sf.net/sfu/rsaconf-dev2dev
_______________________________________________
rscds-general mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/rscds-general
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: LDAP-Authentication

Michael Rasmussen
On Fri, 15 Jan 2010 01:13:43 +0100
Hanns Mattes <[hidden email]> wrote:

> |    'host' => 'ldap://my.server.de',
shouldn't this be 'host' => 'my.server.de',


--
Hilsen/Regards
Michael Rasmussen

Get my public GnuPG keys:
michael <at> rasmussen <dot> cc
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xD3C9A00E
mir <at> datanom <dot> net
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE501F51C
mir <at> miras <dot> org
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE3E80917
--------------------------------------------------------------
The fashion wears out more apparel than the man.
                -- William Shakespeare, "Much Ado About Nothing"

------------------------------------------------------------------------------
Throughout its 18-year history, RSA Conference consistently attracts the
world's best and brightest in the field, creating opportunities for Conference
attendees to learn about information security's most important issues through
interactions with peers, luminaries and emerging and established companies.
http://p.sf.net/sfu/rsaconf-dev2dev
_______________________________________________
rscds-general mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/rscds-general

signature.asc (205 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: LDAP-Authentication

Hanns Mattes
Hei, Michael,

Michael Rasmussen <[hidden email]> schrieb:

>Hanns Mattes <[hidden email]> wrote:
>
>> |    'host' => 'ldap://my.server.de',
>shouldn't this be 'host' => 'my.server.de',

No, the setting ist correct, as the config seems to be: After I've found
the "Synchronize LDAP with Davical"-Page, my users were imported to
Davical. Good.

But now I'can't login to the webinterface with my admin-account. Not
good. Probably, because there's no user "admin" in the ldap-tree and
authentication is failing for this reason. (Creating "admin" in LDAP
doesn't help.)

Any Hints?

Thanx

Hanns

------------------------------------------------------------------------------
Throughout its 18-year history, RSA Conference consistently attracts the
world's best and brightest in the field, creating opportunities for Conference
attendees to learn about information security's most important issues through
interactions with peers, luminaries and emerging and established companies.
http://p.sf.net/sfu/rsaconf-dev2dev
_______________________________________________
rscds-general mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/rscds-general
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: LDAP-Authentication

Hanns Mattes
In reply to this post by Michael Rasmussen
Hei, Michael,

Michael Rasmussen <[hidden email]> schrieb:

>Hanns Mattes <[hidden email]> wrote:
>
>> |    'host' => 'ldap://my.server.de',
>shouldn't this be 'host' => 'my.server.de',

No, the setting ist correct, as the config seems to be: After I've found
the "Synchronize LDAP with Davical"-Page, my users were imported to
Davical. Good.

But now I'can't login to the webinterface with my admin-account. Not
good. Probably, because there's no user "admin" in the ldap-tree and
authentication is failing for this reason. (Creating "admin" in LDAP
doesn't help.)

Any Hints?

Thanx

Hanns

------------------------------------------------------------------------------
Throughout its 18-year history, RSA Conference consistently attracts the
world's best and brightest in the field, creating opportunities for Conference
attendees to learn about information security's most important issues through
interactions with peers, luminaries and emerging and established companies.
http://p.sf.net/sfu/rsaconf-dev2dev
_______________________________________________
rscds-general mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/rscds-general
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: LDAP-Authentication

Norbert Püschel
In reply to this post by Hanns Mattes
Which davical version is "the latest rpm"? Even the latest 0.9.7-Version
was buggy with LDAP.

Regards,
  Norbert

Am 15.01.2010 01:13, schrieb Hanns Mattes:

> Hi,
>
> as the subject says: I'm stuck with ldap-auth.
>
> Distribution: Opensuse 11.1
> Davical/awl: Latest *.rpm
>
> So far, I've got davical up and running. Good.
>
> My "users" are stored in a ldap-directory. Username (uid) is constructed like "[hidden email]"
>
> My *.conf:
>
> ,----[ /etc/davical/myserver.conf ]
> | <?php                                                  
> | $c->pg_connect[] = "dbname=davical user=davical_app";
> | $c->system_name = "Hannsis DAViCal CalDAV Server";
> | $c->default_locale = "de_DE";                    
> | $c->admin_email ='[hidden email]';                                    
> | $c->collections_always_exist = false;                              
> | $c->default_privileges = array('read-free-busy', 'schedule-query-freebusy');        
> |
> |
> | /********************************/
> | /*********** LDAP hook **********/
> | /********************************/
> |
> | $c->authenticate_hook['call'] = 'LDAP_check';
> | $c->authenticate_hook['config'] = array(
> |    'host' => 'ldap://my.server.de',
> |    'port' => '389',
> |     'bindDN'=> 'cn=bla,dc=fasel,dc=bla',
> |     'passDN'=> 'totalgeheim',
> |     'protocolVersion' => '3', //Version of LDAP protocol to use
> |     'baseDNUsers'=> 'ou=bla,dc=fasel,dc=foo',
> |     'filterUsers' => 'objectClass=CourierMailAccount',
> |     'mapping_field' => array("username" => "uid",
> |                              "updated" => "modifyTimestamp",
> |                              "fullname" => "cn" ,
> |                              "email" =>"mail"
> |                              ),
> |     'format_updated'=> array('Y' => array(0,4),
> |                              'm' => array(4,2),
> |                              'd'=> array(6,2),
> |                              'H' => array(8,2),
> |                              'M'=>array(10,2),
> |                              'S' => array(12,2)),
> |     'startTLS' => 'yes',
> | );
> | include('drivers_ldap.php');
> `----
>
> According to http://wiki.davical.org/w/Configuration#Using_LDAP I think,
> this settings should be working?
>
> Login with a user in the ldap-Tree shows in /var/log/messages
> (shortened) errors::
>
> ,----[ /var/log/messages ]
> | Jan 15 00:45:24 mail httpd2-prefork: PHP Notice:  Use of undefined constant __LINE - assumed '__LINE' in /usr/share/davical/inc/auth-functions.php on line 97          
> | Jan 15 00:45:24 mail httpd2-prefork: PHP Notice:  Use of undefined constant __LINE - assumed '__LINE' in /usr/share/davical/inc/auth-functions.php on line 103          
> `----
>
> Apache/php unhappy ... (and no, I'm not an Apache-Expert. My server
> mainly is a mail-Server, and Apache was - mainly - set up to serve a
> webmail-client to the mail-server)
>
> I'm sure, I'm missing something obvious.
>
> Any hints?[1]
>
> Thanks
>
> Hanns
>
> Footnotes:
> [1]  and I hope, someone will understand my imitation of "english"
>
> ------------------------------------------------------------------------------
> Throughout its 18-year history, RSA Conference consistently attracts the
> world's best and brightest in the field, creating opportunities for Conference
> attendees to learn about information security's most important issues through
> interactions with peers, luminaries and emerging and established companies.
> http://p.sf.net/sfu/rsaconf-dev2dev
> _______________________________________________
> rscds-general mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/rscds-general
>

--
networker, projektberatung GmbH
Kirchstr. 11a
53604 Bad Honnef

Tel.:  02224/986158
Fax:   02224/986174
Mobil: 0163/5768493

------------------------------------------------------------------------------
Throughout its 18-year history, RSA Conference consistently attracts the
world's best and brightest in the field, creating opportunities for Conference
attendees to learn about information security's most important issues through
interactions with peers, luminaries and emerging and established companies.
http://p.sf.net/sfu/rsaconf-dev2dev
_______________________________________________
rscds-general mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/rscds-general
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: LDAP-Authentication

fabien
In reply to this post by Hanns Mattes

On Fri, 15 Jan 2010 13:14:01 +0100, Hanns Mattes <[hidden email]>
wrote:

> No, the setting ist correct, as the config seems to be: After I've found
> the "Synchronize LDAP with Davical"-Page, my users were imported to
> Davical. Good.
>
> But now I'can't login to the webinterface with my admin-account. Not
> good. Probably, because there's no user "admin" in the ldap-tree and
> authentication is failing for this reason. (Creating "admin" in LDAP
> doesn't help.)
>
> Any Hints?
>
> Thanx
>
> Hanns
>

You can connect to your database and manually re-enable the admin user :


$ psql --dbname davical --username davical_app

davical=> update usr SET active='t' WHERE username='admin';

And your admin user should work again.
Think about setting the admin flag to an ldap user because the admin will
be disabled again with the next sync.

--
Fabien Zouaoui

------------------------------------------------------------------------------
Throughout its 18-year history, RSA Conference consistently attracts the
world's best and brightest in the field, creating opportunities for Conference
attendees to learn about information security's most important issues through
interactions with peers, luminaries and emerging and established companies.
http://p.sf.net/sfu/rsaconf-dev2dev
_______________________________________________
rscds-general mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/rscds-general
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: LDAP-Authentication

Hanns Mattes
In reply to this post by Norbert Püschel
Hei, Norbert,

Norbert Püschel <[hidden email]> schrieb:

>Which davical version is "the latest rpm"? Even the latest 0.9.7-Version
>was buggy with LDAP.

0.9.7.6

But in the meantime I've managed to import my ldap-Users and also
re-established the admin-account, so this part of the Configuration is
done.

CU

Hanns

------------------------------------------------------------------------------
Throughout its 18-year history, RSA Conference consistently attracts the
world's best and brightest in the field, creating opportunities for Conference
attendees to learn about information security's most important issues through
interactions with peers, luminaries and emerging and established companies.
http://p.sf.net/sfu/rsaconf-dev2dev
_______________________________________________
rscds-general mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/rscds-general
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: LDAP-Authentication

Hanns Mattes
In reply to this post by Hanns Mattes
Hi,

answering myself correcting myself:

Hanns Mattes <[hidden email]> schrieb:

>[LDAP and Davical]
>
>But now I'can't login to the webinterface with my admin-account. Not
>good. Probably, because there's no user "admin" in the ldap-tree and
>authentication is failing for this reason. (Creating "admin" in LDAP
>doesn't help.)

correcting myself ... it does help. I had to create an "admin"-account
in Ldap and to sync ldap to davical once more.

So far, so good.

CU

Hanns

------------------------------------------------------------------------------
Throughout its 18-year history, RSA Conference consistently attracts the
world's best and brightest in the field, creating opportunities for Conference
attendees to learn about information security's most important issues through
interactions with peers, luminaries and emerging and established companies.
http://p.sf.net/sfu/rsaconf-dev2dev
_______________________________________________
rscds-general mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/rscds-general
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: LDAP-Authentication

Norbert Püschel
Hi,

with 0.9.8 you do not need LDAP-Sync; LDAP-users are created
automatically on first login. A bug in 0.9.7.6 prevents this.

Regards,
  Norbert Püschel

Am 15.01.2010 15:10, schrieb Hanns Mattes:

> Hi,
>
> answering myself correcting myself:
>
> Hanns Mattes <[hidden email]> schrieb:
>
>> [LDAP and Davical]
>>
>> But now I'can't login to the webinterface with my admin-account. Not
>> good. Probably, because there's no user "admin" in the ldap-tree and
>> authentication is failing for this reason. (Creating "admin" in LDAP
>> doesn't help.)
>
> correcting myself ... it does help. I had to create an "admin"-account
> in Ldap and to sync ldap to davical once more.
>
> So far, so good.
>
> CU
>
> Hanns
>
> ------------------------------------------------------------------------------
> Throughout its 18-year history, RSA Conference consistently attracts the
> world's best and brightest in the field, creating opportunities for Conference
> attendees to learn about information security's most important issues through
> interactions with peers, luminaries and emerging and established companies.
> http://p.sf.net/sfu/rsaconf-dev2dev
> _______________________________________________
> rscds-general mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/rscds-general
>

--
networker, projektberatung GmbH
Kirchstr. 11a
53604 Bad Honnef

Tel.:  02224/986158
Fax:   02224/986174
Mobil: 0163/5768493

------------------------------------------------------------------------------
Throughout its 18-year history, RSA Conference consistently attracts the
world's best and brightest in the field, creating opportunities for Conference
attendees to learn about information security's most important issues through
interactions with peers, luminaries and emerging and established companies.
http://p.sf.net/sfu/rsaconf-dev2dev
_______________________________________________
rscds-general mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/rscds-general
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: LDAP-Authentication

Hanns Mattes
Hei, Norbert,

Am 15.01.2010 15:47, schrieb Norbert Püschel:

> with 0.9.8 you do not need LDAP-Sync; LDAP-users are created
> automatically on first login. A bug in 0.9.7.6 prevents this.

Thank You (and Michael and Fabien)! Re-installed, started from scratch -
things are looking good.

Time to have a closer look to the docs for further configuration.

CU

------------------------------------------------------------------------------
Throughout its 18-year history, RSA Conference consistently attracts the
world's best and brightest in the field, creating opportunities for Conference
attendees to learn about information security's most important issues through
interactions with peers, luminaries and emerging and established companies.
http://p.sf.net/sfu/rsaconf-dev2dev
_______________________________________________
rscds-general mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/rscds-general
Loading...