Giters

stephanediondev / readerself

Replaced by a new version

Home Page:https://github.com/stephanediondev/feed

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Request for documentation: LDAP

MrDrMcCoy opened this issue · comments

commented

I was rather excited to see that there was LDAP support in readerself. However, I have not been able to get it working. I have tried configuring the following files

/application/config/readerself_config.php
/application/controllers/setup.php

with the following information:

$config['salt_password'] = '2028q5id8x';
$config['ldap'] = TRUE;
$config['ldap_server'] = 'ldap://<IP of LDAP DC>';
$config['ldap_port'] = 389;
$config['ldap_protocol'] = 3;
$config['ldap_rootdn'] = 'cn=administrator,dc=awesomegeek,dc=com';
$config['ldap_rootpw'] = '<CENSORED>';
$config['ldap_basedn'] = 'dc=awesomegeek,dc=com';
$config['ldap_filter'] = 'mail=[email]';
$config['email_protocol'] = 'mail';
$config['smtp_host'] = '<IP of SMTP server>';
$config['smtp_user'] = '';
$config['smtp_pass'] = '';
$config['smtp_port'] = 25;

After doing so, I am not able to log in with the short name, nor with the email address of my LDAP users. My LDAP server is Zentyal 3.5, which uses Samba. I see no place in the web UI to configure this, nor any comments in the code that indicate what I have missed or done wrong. Is this something we can get documented?

commented

Sorry for poor documentation
The LDAP feature is ready and tested with OpenLdap and Active Directory (Windows Server)

To use this feature you need to enable the php ldap module (apt-get install php5-ldap with ubuntu/debian)
If you have a message like "Fatal error: Call to undefined function ldap_connect()", it's your first problem

When you login you can look in html source code (except with fatal error) if there are errors (comments at the bottom of the source)

If your connection is ok (no error like "ldap_bind(): Unable to bind to server: Can't contact LDAP server" OR "ldap_bind(): Unable to bind to server: Invalid credentials") but connection fails, the problem is probably with the ldap_filter parameter

In the value mail=[email]
"mail" is the key in your ldap server that store the email of users
On OpenLdap it's ok

But maybe it's another key on your server
For example on Windows Server it's "userprincipalname"

"[email]" is a tag replaced by the email filled on login, no need to replace

the message "Unable to bind to server: Invalid credentials" can be ambiguous:
user defined in configuration is invalid (it's the user allowed to search in ldap)
OR
user on login is invalid
(because it's the same php function ldap_bind)