LDAP and Groups

Support requests, bug reports, questions etc.
yeahmag
beginner
beginner
Posts: 9
Joined: Thu Oct 27, 2011 01:06

LDAP and Groups

Post by yeahmag » Wed Apr 04, 2012 02:01

I'm hooking NConf in to our LDAP and it seems to work about halfway. It can pull my group, but still thinks my test user isn't in any allowed groups:

====================================================
Error Message:

User authenticated, but his group is not authorized to access NConf

====================================================

authentication.php snippets:

define('AUTH_TYPE', 'ldap');

# Groups
define('GROUP_USER', "user");
define('GROUP_ADMIN', "admin");
define('GROUP_NOBODY', "0");

define('ADMIN_GROUP', "cn=citstaff");
define('USER_GROUP', "cn=operator");

====================================================

Debug Output:

Array LDAP ldap_get_entries:
Array
(
[count] => 1
[0] => Array
(
[objectclass] => Array
(
[count] => 2
[0] => posixGroup
[1] => top
)

[0] => objectclass
[gidnumber] => Array
(
[count] => 1
[0] => 102
)

[1] => gidnumber
[cn] => Array
(
[count] => 1
[0] => citstaff
)

[2] => cn
[count] => 3
[dn] => cn=citstaff,ou=groups,ou=imss,o=caltech,c=us
)

)

Can someone set me straight?

Thanks.

-Aaron

yeahmag
beginner
beginner
Posts: 9
Joined: Thu Oct 27, 2011 01:06

Re: LDAP and Groups

Post by yeahmag » Wed Apr 04, 2012 02:22

I'm also seeing this in the apache error logs:

[Tue Apr 03 17:21:04 2012] [error] [client 131.215.234.71] PHP Notice: Undefined index: memberuid in /var/www/html/nconf/include/login_check.php on line 220
[Tue Apr 03 17:21:04 2012] [error] [client 131.215.234.71] PHP Warning: in_array() expects parameter 2 to be array, null given in /var/www/html/nconf/include/login_check.php on line 251

User avatar
scrat
NConf enthusiast
NConf enthusiast
Posts: 101
Joined: Mon Aug 23, 2010 16:28
Location: Vienna, Austria
Contact:

Re: LDAP and Groups

Post by scrat » Thu Apr 05, 2012 14:11

Hi,

Which objectClasses are assined to your LDAP users and groups?
Your LDAP group needs attribute memberUid which is part of posixGroup.


Regards,
René

Locked