I have a question relating to ldap auth. Does it support ldaps? As a matter of just changing the the ldap dsn? And do I need to specify the ldaps port in the dsn as well?
On Wed, Sep 8, 2010 at 1:42 PM, Marius Hein <[email protected]> wrote: > Hi. > > On 08.09.2010 18:17, Chris Cowley wrote: >> Works a treat (release 1.0.3)! FYI I am authenticating against Window Server >> 2003r2 >> >> I just uncommented the msad_ldap1 section in auth.xml, put in one of my DCs >> along with a username that I had created. After clearing the cache (sudo rm >> /usr/local/icinga-web/app/cache/config/*) it authenticated my user. >> >> Next I need to make it work in a VirtualHost and enable Kerberos. Will a >> REMOTE_USER make it skip the login form? > > If you setup your providers like this: > > ldap: authoritative=false, auth_create=true, auth_update=true > basic: authoritative=true, auth_create=false, auth_update=false > > Hope this works, the comlete workflow will be in the logs if something > went wrong (or right) > > LG Marius. > > >> >> >> -----Original Message----- >> From: Marius Hein [mailto:[email protected]] >> Sent: 01 September 2010 11:45 >> To: [email protected]; [email protected] >> Subject: Re: [icinga-users] LDAP authentication from icinga-web >> >> Hi. >> >>> Sorry for the list spam, but one more question: >>> Do I create an auth.xml or do I add my auth config to an existing xml >>> file like icinga.xml? If I add it to an existing XML file, how much do I >>> need to include of the parent containers? For example: >>> >>> <settings prefix="modules.appkit.auth." >> xmlns="http://agavi.org/agavi/config/parts/module/1.0"; >> xmlns:ae="http://agavi.org/agavi/config/global/envelope/1.0";> >>> >> >> The simplest solution to add your auth configuration to the existing >> auth.xml. >> >> If you want heavy debugging: Agavi supports XInclude. You can use this >> to include new XML files into existing settings xml files (like >> app/config/settings.xml, modules.xml, or any other valid agavi places). >> >> You can see this in module.xml config (from AppKit). This file includes >> the auth.xml. >> >> >>> This sits at the top of auth.xml so would it need to be included? >>> >> >> Depending on your scope of including. If you include in a already >> prefixed scope (e.g. modules.apppkit) you only need a new settings >> directive for e.g. auth. >> >> You can test around include xml settings arround the application, but >> always clean the cache to start new (Agavi compiles all settings (after >> XInclude) together) >> >> Depending on your mail how the auth system works: >> >> At the moment there is no documentation available. The best thing to >> look into app/modules/AppKit/models/Auth/DispatchModel.class.php. This >> is the master instance to control all authenticate requests and >> distributes to the configured provider. >> >> I will write some flowchart but at first I try to use some words to >> describe the process: >> >> - 1.0 User tries to login >> - 1.1 Yes user is in the system >> - Loading the belonging provider >> - Provider can update (auth_update) >> - Update user profile >> - Provider is 'authoritative' >> - Authenticate against >> - Fail and auth_resume >> - Try other provider in the configured order >> - Iterate to all the others and try only >> authenticate >> - Fail and not auth_resume >> - NO LOGIN >> - Provider is not authoritative and auth_resume >> - Try other provider in the configured order >> - Provider is not authoritative >> - NO LOGIN >> - 1.2 NO user is not available >> - Iterate through all providers >> - Yes user is available on the provider >> - Yes provider can import (auth_import) >> - Import the user profile and goto 1.1 >> >> >> This is already implemented and the dispatcher logs all steps into >> app/data/log/debug* log. >> >> Kind Regards, >> Marius. >> > > > -- > Marius Hein > Application Developer > > NETWAYS GmbH | Deutschherrnstr. 15-19 | D-90429 Nürnberg > Tel: +49 911 92885-0 | Fax: +49 911 92885-77 > GF: Julian Hein | AG Nürnberg HRB18461 > > http://www.netways.de | [email protected] > > ** NETWAYS Open Source Monitoring Conference 2010 | Nürnberg, 06. und > 07. Oktober 2010 | http://www.netways.de/osmc ** > > ------------------------------------------------------------------------------ > This SF.net Dev2Dev email is sponsored by: > > Show off your parallel programming skills. > Enter the Intel(R) Threading Challenge 2010. > http://p.sf.net/sfu/intel-thread-sfd > _______________________________________________ > icinga-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/icinga-users > ------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev _______________________________________________ icinga-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/icinga-users
