-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
António,
This line
$results = array("dn");
is only going to give you the DN of the user that you looked up. Try using
$results = array("*", "+");
That should give you everything you can see about the user. Somewhere in
there, you should see an attribute that lists the groups of which the user is
a member. For example, when Active Directory is the LDAP system, the
attribute is usually "memberof". So, if that was the case for you, you would
then change it to
$results = array("memberof");
But, I think you'll find something other than "memberof" is the attribute you
need.
Josh
On Friday, March 07, 2014 9:25:59 AM António Aragão wrote:
> I put this:
>
> $toplevel = 'dc=di,dc=uminho,dc=pt'; # base DN to use
> $search = 'uid=a12596'; # what to search for, examples:
> uid=someuserid, cn=someuserid, samaccountname=someuserid; follows
> normal LDAP query rules
> #$results = array("*","+");
> $results = array("dn");
> #$results = array('dn', 'givenname', 'sn', 'mail');
>
> 2014-03-06 20:13 GMT+00:00 Josh Thompson <[email protected]>:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > António,
> >
> > What did you set $toplevel, $search, and $results to in the debug script?
> >
> > Josh
> >
> > On Thursday, March 06, 2014 6:43:32 PM António Aragão wrote:
> >> I try it and:
> >>
> >> debugging set
> >> protocol 3 set
> >> Bind was successful
> >> search time: 0.0014631748199463
> >> results time: 0.0016670227050781
> >>
> >> Array
> >> (
> >>
> >> [count] => 1
> >> [0] => Array
> >>
> >> (
> >>
> >> [count] => 0
> >> [dn] => uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
> >>
> >> )
> >>
> >> )
> >>
> >> It doesn't show the group. Can anyone sends me ldap group description
> >> that works ?
> >>
> >> Thanks.
> >>
> >> 2014-03-05 15:34 GMT+00:00 António Aragão <[email protected]>:
> >> > The account I use it's admin (read only) account but I will try the
> >> > debug script soon as I can.
> >> >
> >> > Thanks.
> >> >
> >> > 2014-03-03 20:19 GMT+00:00 Josh Thompson <[email protected]>:
> >> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> >> Hash: SHA1
> >> >>
> >> >> António,
> >> >>
> >> >> I'm not sure why it is not seeing the group membership. You may want
> >> >> to
> >> >> check that the account you are using to log in to LDAP has access to
> >> >> see
> >> >> the group memberships.
> >> >>
> >> >> Also, I updated http://vcl.apache.org/docs/ldapauth.html to have a
> >> >> brief
> >> >> paragraph at the bottom about how to debug connections. There is a
> >> >> link
> >> >> to a debug script I often use to get things sorted out. You may find
> >> >> that script helpful.
> >> >>
> >> >> Josh
> >> >>
> >> >> On Monday, March 03, 2014 4:48:08 PM António Aragão wrote:
> >> >>> Hi Josh,
> >> >>>
> >> >>> the binddn is: dc=di,dc=uminho,dc=pt
> >> >>>
> >> >>> the attribute is: memberUid
> >> >>>
> >> >>> Thanks.
> >> >>>
> >> >>> 2014-03-03 15:42 GMT+00:00 Josh Thompson <[email protected]>:
> >> >>> > -----BEGIN PGP SIGNED MESSAGE-----
> >> >>> > Hash: SHA1
> >> >>> >
> >> >>> > António,
> >> >>> >
> >> >>> > Sorry for the late response.
> >> >>> >
> >> >>> > What do you have set for binddn for your LDAP server? Also, what
> >> >>> > attribute
> >> >>> > are you searching on in LDAP?
> >> >>> >
> >> >>> > Josh
> >> >>> >
> >> >>> > On Thursday, February 27, 2014 11:01:49 AM António Aragão wrote:
> >> >>> >> I get this:
> >> >>> >>
> >> >>> >> Array
> >> >>> >> (
> >> >>> >>
> >> >>> >> [count] => 1
> >> >>> >> [0] => Array
> >> >>> >>
> >> >>> >> (
> >> >>> >>
> >> >>> >> [count] => 0
> >> >>> >> [dn] => uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
> >> >>> >>
> >> >>> >> )
> >> >>> >>
> >> >>> >> )
> >> >>> >>
> >> >>> >> But in LDAP server:
> >> >>> >>
> >> >>> >> dn: cn=alunos,ou=Groups,dc=di,dc=uminho,dc=pt
> >> >>> >> cn: alunos
> >> >>> >> gidNumber: 505
> >> >>> >> objectClass: posixGroup
> >> >>> >> objectClass: top
> >> >>> >> structuralObjectClass: posixGroup
> >> >>> >> entryUUID: a4050df8-298b-102d-9292-83a608533f73
> >> >>> >> creatorsName: cn=admin,dc=di,dc=uminho,dc=pt
> >> >>> >> createTimestamp: 20081008134915Z
> >> >>> >> memberUid: uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
> >> >>> >> memberUid: a12596
> >> >>> >> memberUid: uid=a12596
> >> >>> >> entryCSN: 20140227104950Z#000000#00#000000
> >> >>> >> modifiersName: cn=admin,dc=di,dc=uminho,dc=pt
> >> >>> >> modifyTimestamp: 20140227104950Z
> >> >>> >>
> >> >>> >> It appears that cannot find the group.
> >> >>> >>
> >> >>> >> Any clues ?
> >> >>> >>
> >> >>> >> Em 20-02-2014 13:49, David DeMizio escreveu:
> >> >>> >> > Have a look at this post, I think it's what you are referring to
> >> >>> >> >
> >> >>> >> > http://vcl.markmail.org/search/?q=ldap+groups#query:ldap%20group
> >> >>> >> > s+p
> >> >>> >> > age:
> >> >>> >> > 2+m
> >> >>> >> > id:y5s64fhipakutbkp+state:results
> >> >>> >> >
> >> >>> >> > David DeMizio
> >> >>> >> > /Academic Systems Coordinator/
> >> >>> >> > Office of Information Technology
> >> >>> >> > New College of Florida
> >> >>> >> > Phone: 941-487-4222 | Fax: 941-487-4356
> >> >>> >> > www.ncf.edu <http://www.ncf.edu/>
> >> >>> >> >
> >> >>> >> >
> >> >>> >> > On Thu, Feb 20, 2014 at 4:38 AM, António Aragão
> >> >>> >> > <[email protected]
> >> >>> >> >
> >> >>> >> > <mailto:[email protected]>> wrote:
> >> >>> >> > Hello,
> >> >>> >> >
> >> >>> >> > i tested this changes and works. I was only unable to
> >> >>> >> > populate
> >> >>> >> > a
> >> >>> >> > group with LDAP users, does anyone have this problem ?
> >> >>> >> >
> >> >>> >> > Em 19-02-2014 19:37, David DeMizio escreveu:
> >> >>> >> >> Hello Mike,
> >> >>> >> >>
> >> >>> >> >> I believe it's possible but you will need to make some
> >> >>> >> >> changes
> >> >>> >> >> to
> >> >>> >> >> the code in the .htc-inc folders. I had it working before I
> >> >>> >> >> changed over to ldaps. first in authentication.php look for
> >> >>> >> >> a
> >> >>> >> >> line like $ds = ldap_connect("ldaps://{$auth['server']}/");
> >> >>> >> >> and
> >> >>> >> >> then there might be a few others in
> >> >>> >> >> authmethods/ldapauth.php.
> >> >>> >> >> so
> >> >>> >> >> just change ldaps:// to ldap://
> >> >>> >> >>
> >> >>> >> >> David DeMizio
> >> >>> >> >> /Academic Systems Coordinator/
> >> >>> >> >> Office of Information Technology
> >> >>> >> >> New College of Florida
> >> >>> >> >> Phone: 941-487-4222 | Fax: 941-487-4356
> >> >>> >> >> www.ncf.edu <http://www.ncf.edu/>
> >> >>> >> >>
> >> >>> >> >>
> >> >>> >> >> On Wed, Feb 19, 2014 at 2:25 PM, Mike Haudenschild
> >> >>> >> >>
> >> >>> >> >> <[email protected] <mailto:[email protected]>> wrote:
> >> >>> >> >> I'm attempting to bind VCL to an LDAP server that is
> >> >>> >> >> NOT
> >> >>> >> >> using SSL. Before I started the configuration process
> >> >>> >> >> and
> >> >>> >> >> tried to troubleshoot, I thought I would ask if this is
> >> >>> >> >> even
> >> >>> >> >> supported.
> >> >>> >> >>
> >> >>> >> >> Thanks very much,
> >> >>> >> >> Mike
> >> >>> >>
> >> >>> >> --
> >> >>> >
> >> >>> > - --
> >> >>> > - -------------------------------
> >> >>> > Josh Thompson
> >> >>> > VCL Developer
> >> >>> > North Carolina State University
> >> >>> >
> >> >>> > my GPG/PGP key can be found at pgp.mit.edu
> >> >>> >
> >> >>> > All electronic mail messages in connection with State business
> >> >>> > which
> >> >>> > are sent to or received by this account are subject to the NC
> >> >>> > Public
> >> >>> > Records Law and may be disclosed to third parties.
> >> >>> > -----BEGIN PGP SIGNATURE-----
> >> >>> > Version: GnuPG v2.0.22 (GNU/Linux)
> >> >>> >
> >> >>> > iEYEARECAAYFAlMUowEACgkQV/LQcNdtPQOpKACeK648IGA+FGCJXQsoVWbhK5ZT
> >> >>> > 04AAn0PXU/9HINkZLNAJ4tcwFBfeFddQ
> >> >>> > =MKhx
> >> >>> > -----END PGP SIGNATURE-----
> >> >>
> >> >> - --
> >> >> - -------------------------------
> >> >> Josh Thompson
> >> >> VCL Developer
> >> >> North Carolina State University
> >> >>
> >> >> my GPG/PGP key can be found at pgp.mit.edu
> >> >>
> >> >> All electronic mail messages in connection with State business which
> >> >> are sent to or received by this account are subject to the NC Public
> >> >> Records Law and may be disclosed to third parties.
> >> >> -----BEGIN PGP SIGNATURE-----
> >> >> Version: GnuPG v2.0.22 (GNU/Linux)
> >> >>
> >> >> iEYEARECAAYFAlMU4+YACgkQV/LQcNdtPQNogwCfcd+0cZYlbwNNKIW4GHpEwn5O
> >> >> 7FMAn1ZA7u1DlMW++CA7rytjXRqCJ0Bp
> >> >> =SxbG
> >> >> -----END PGP SIGNATURE-----
> >> >
> >> > --
> >> > --
> >> > http://www.di.uminho.pt/~apa/email/cartao_virtual_email_aaragao.png
> >
> > - --
> > - -------------------------------
> > Josh Thompson
> > VCL Developer
> > North Carolina State University
> >
> > my GPG/PGP key can be found at pgp.mit.edu
> >
> > All electronic mail messages in connection with State business which
> > are sent to or received by this account are subject to the NC Public
> > Records Law and may be disclosed to third parties.
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v2.0.22 (GNU/Linux)
> >
> > iEYEARECAAYFAlMY1uYACgkQV/LQcNdtPQNzVwCfQRxlbDf0ub/a16B4ct8YHqtS
> > Y/4An0z6tX0sgHIojFZKH32c6egygmuG
> > =8747
> > -----END PGP SIGNATURE-----
- --
- -------------------------------
Josh Thompson
VCL Developer
North Carolina State University
my GPG/PGP key can be found at pgp.mit.edu
All electronic mail messages in connection with State business which
are sent to or received by this account are subject to the NC Public
Records Law and may be disclosed to third parties.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iEYEARECAAYFAlMZ0NYACgkQV/LQcNdtPQOS2QCfap8wtiFFHeAASQjggcf1C1pr
aZ4An1wUnqTJuQzyJ1Acu4xXKY5E0+W1
=w1Im
-----END PGP SIGNATURE-----
