The problem is that I can't any groups. I was trying to show that the
user was in the group. When I try to search I get a lot of information
but not the groups (user belongs). :-(
debugging set
protocol 3 set
Bind was successful
search time: 0.0024378299713135
results time: 0.004133939743042
Array
(
[count] => 1
[0] => Array
(
[objectclass] => Array
(
[count] => 7
[0] => top
[1] => person
[2] => inetOrgPerson
[3] => posixAccount
[4] => aluno
[5] => shadowAccount
[6] => sambaSamAccount
)
[0] => objectclass
[uid] => Array
(
[count] => 1
[0] => a12596
)
[1] => uid
[uidnumber] => Array
(
[count] => 1
[0] => 10661
)
[2] => uidnumber
[gidnumber] => Array
(
[count] => 1
[0] => 505
)
[3] => gidnumber
[homedirectory] => Array
(
[count] => 1
[0] => /home/lei/a12596
)
[4] => homedirectory
[loginshell] => Array
(
[count] => 1
[0] => /bin/bash
)
[5] => loginshell
[sambalogontime] => Array
(
[count] => 1
[0] => 0
)
[6] => sambalogontime
[sambaacctflags] => Array
(
[count] => 1
[0] => [UX
)
[7] => sambaacctflags
[sambakickofftime] => Array
(
[count] => 1
[0] => 2147483647
)
[8] => sambakickofftime
[sambapwdlastset] => Array
(
[count] => 1
[0] => 1010179230
)
[9] => sambapwdlastset
[sambasid] => Array
(
[count] => 1
[0] => S-1-5-21-2447931902-1787058256-3961074038-513
)
[10] => sambasid
[sambapwdcanchange] => Array
(
[count] => 1
[0] => 0
)
[11] => sambapwdcanchange
[sambapwdmustchange] => Array
(
[count] => 1
[0] => 2147483647
)
[12] => sambapwdmustchange
[sambaprimarygroupsid] => Array
(
[count] => 1
[0] => S-1-5-21-2447931902-1787058256-3961074038-1201
)
[13] => sambaprimarygroupsid
[uminhoestadoperfil] => Array
(
[count] => 1
[0] => -1
)
[14] => uminhoestadoperfil
[mail] => Array
(
[count] => 1
[0] => [email protected]
)
[15] => mail
[uminhonumeromecanografico] => Array
(
[count] => 1
[0] => 12596
)
[16] => uminhonumeromecanografico
[uminhoanocurricular] => Array
(
[count] => 1
[0] => 1
)
[17] => uminhoanocurricular
[uminhocurso] => Array
(
[count] => 1
[0] => Licenciatura em Engenharia Informática
)
[18] => uminhocurso
[uminhociclo] => Array
(
[count] => 1
[0] => 1
)
[19] => uminhociclo
[uminhoestatutoaluno] => Array
(
[count] => 1
[0] => ordinário
)
[20] => uminhoestatutoaluno
[structuralobjectclass] => Array
(
[count] => 1
[0] => inetOrgPerson
)
[21] => structuralobjectclass
[entryuuid] => Array
(
[count] => 1
[0] => 9bc6025a-2a6c-102d-9e6b-551c94d4c913
)
[22] => entryuuid
[creatorsname] => Array
(
[count] => 1
[0] => cn=RWadmin,dc=di,dc=uminho,dc=pt
)
[23] => creatorsname
[createtimestamp] => Array
(
[count] => 1
[0] => 20081009163938Z
)
[24] => createtimestamp
[uminhocodigocontrole] => Array
(
[count] => 1
[0] => --
)
[25] => uminhocodigocontrole
[cn] => Array
(
[count] => 1
[0] => António Pedro Aragão
)
[26] => cn
[displayname] => Array
(
[count] => 1
[0] => António Pedro Aragão
)
[27] => displayname
[sn] => Array
(
[count] => 1
[0] => António Pedro Aragão
)
[28] => sn
[userpassword] => Array
(
[count] => 1
[0] => {SSHA}ButOP2UNCaVufnwm3tWF9OeTcLmL2gSf
)
[29] => userpassword
[sambalmpassword] => Array
(
[count] => 1
[0] => DB8BB37F7910A3B7AAD3B435B51404EE
)
[30] => sambalmpassword
[sambantpassword] => Array
(
[count] => 1
[0] => A42DADD78E4B2D7FF4CA69CD8339613B
)
[31] => sambantpassword
[entrycsn] => Array
(
[count] => 1
[0] => 20081009164642Z#000000#00#000000
)
[32] => entrycsn
[modifiersname] => Array
(
[count] => 1
[0] => uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
)
[33] => modifiersname
[modifytimestamp] => Array
(
[count] => 1
[0] => 20081009164642Z
)
[34] => modifytimestamp
[entrydn] => Array
(
[count] => 1
[0] => uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
)
[35] => entrydn
[subschemasubentry] => Array
(
[count] => 1
[0] => cn=Subschema
)
[36] => subschemasubentry
[hassubordinates] => Array
(
[count] => 1
[0] => FALSE
)
[37] => hassubordinates
[count] => 38
[dn] => uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
)
)
2014-03-07 19:09 GMT+00:00 Josh Thompson <[email protected]>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> António,
>
> I may be misunderstanding, but it looks like you are trying to look up the
> *group* in LDAP to see which users are members. VCL looks up the *user* to
> see which groups the user is a member of. That way, it only needs to do one
> lookup in LDAP to determine which groups a user is a member of. Make sure you
> are using the generic.php script to look up the user and then looking for the
> list of groups for that user. Did you try using
>
> $results = array("*", "+");
>
> for the results?
>
> Josh
>
> On Friday, March 07, 2014 6:12:56 PM António Aragão wrote:
>> Josh,
>>
>> I try this:
>> [root@ldap1 private]# ldapsearch -x -h localhost -a find -v -b
>> dc=di,dc=uminho,dc=pt -w XXXXXX -D cn=XXXXXX,dc=di,dc=uminho,dc=pt -z
>> 0 cn=alunos
>> ldap_initialize( ldap://localhost )
>> filter: cn=alunos
>> requesting: All userApplication attributes
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <dc=di,dc=uminho,dc=pt> with scope subtree
>> # filter: cn=alunos
>> # requesting: ALL
>> #
>>
>> # alunos, Groups, di.uminho.pt
>> dn: cn=alunos,ou=Groups,dc=di,dc=uminho,dc=pt
>> cn: alunos
>> gidNumber: 505
>> objectClass: posixGroup
>> objectClass: top
>> memberUid: a12596
>>
>>
>> # search result
>> search: 2
>> result: 0 Success
>>
>> # numResponses: 2
>> # numEntries: 1
>>
>> I get this output, there is any problem with posixGroup ? I use
>> generic.php with memberUid it outputs:
>>
>> debugging set
>> protocol 3 set
>> Bind was successful
>> search time: 0.002673864364624
>> results time: 0.0031049251556396
>>
>> Array
>> (
>> [count] => 1
>> [0] => Array
>> (
>> [count] => 0
>> [dn] => uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
>> )
>>
>> )
>>
>> I have used:
>>
>> $toplevel = 'dc=di,dc=uminho,dc=pt'; # base DN to use
>> $search = 'uid=a12596'; # what to search for, examples:
>> uid=someuserid, cn=someuserid, samaccountname=someuserid; follows
>> normal LDAP query rules
>> #$results = array("*","+");
>> $results = array("memberUid");
>> #$results = array("dn");
>> #$results = array('dn', 'givenname', 'sn', 'mail');
>>
>> It is not able to find which uid=a12596 group belongs. Does anyone
>> have this problem ?
>>
>> Thanks.
>>
>> 2014-03-07 13:59 GMT+00:00 Josh Thompson <[email protected]>:
>> > -----BEGIN PGP SIGNED MESSAGE-----
>> > Hash: SHA1
>> >
>> > António,
>> >
>> > This line
>> >
>> > $results = array("dn");
>> >
>> > is only going to give you the DN of the user that you looked up. Try
>> > using
>> >
>> > $results = array("*", "+");
>> >
>> > That should give you everything you can see about the user. Somewhere in
>> > there, you should see an attribute that lists the groups of which the user
>> > is a member. For example, when Active Directory is the LDAP system, the
>> > attribute is usually "memberof". So, if that was the case for you, you
>> > would then change it to
>> >
>> > $results = array("memberof");
>> >
>> > But, I think you'll find something other than "memberof" is the attribute
>> > you need.
>> >
>> > Josh
>> >
>> > On Friday, March 07, 2014 9:25:59 AM António Aragão wrote:
>> >> I put this:
>> >>
>> >> $toplevel = 'dc=di,dc=uminho,dc=pt'; # base DN to use
>> >> $search = 'uid=a12596'; # what to search for, examples:
>> >> uid=someuserid, cn=someuserid, samaccountname=someuserid; follows
>> >> normal LDAP query rules
>> >> #$results = array("*","+");
>> >> $results = array("dn");
>> >> #$results = array('dn', 'givenname', 'sn', 'mail');
>> >>
>> >> 2014-03-06 20:13 GMT+00:00 Josh Thompson <[email protected]>:
>> >> > -----BEGIN PGP SIGNED MESSAGE-----
>> >> > Hash: SHA1
>> >> >
>> >> > António,
>> >> >
>> >> > What did you set $toplevel, $search, and $results to in the debug
>> >> > script?
>> >> >
>> >> > Josh
>> >> >
>> >> > On Thursday, March 06, 2014 6:43:32 PM António Aragão wrote:
>> >> >> I try it and:
>> >> >>
>> >> >> debugging set
>> >> >> protocol 3 set
>> >> >> Bind was successful
>> >> >> search time: 0.0014631748199463
>> >> >> results time: 0.0016670227050781
>> >> >>
>> >> >> Array
>> >> >> (
>> >> >>
>> >> >> [count] => 1
>> >> >> [0] => Array
>> >> >>
>> >> >> (
>> >> >>
>> >> >> [count] => 0
>> >> >> [dn] => uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
>> >> >>
>> >> >> )
>> >> >>
>> >> >> )
>> >> >>
>> >> >> It doesn't show the group. Can anyone sends me ldap group description
>> >> >> that works ?
>> >> >>
>> >> >> Thanks.
>> >> >>
>> >> >> 2014-03-05 15:34 GMT+00:00 António Aragão <[email protected]>:
>> >> >> > The account I use it's admin (read only) account but I will try the
>> >> >> > debug script soon as I can.
>> >> >> >
>> >> >> > Thanks.
>> >> >> >
>> >> >> > 2014-03-03 20:19 GMT+00:00 Josh Thompson <[email protected]>:
>> >> >> >> -----BEGIN PGP SIGNED MESSAGE-----
>> >> >> >> Hash: SHA1
>> >> >> >>
>> >> >> >> António,
>> >> >> >>
>> >> >> >> I'm not sure why it is not seeing the group membership. You may
>> >> >> >> want
>> >> >> >> to
>> >> >> >> check that the account you are using to log in to LDAP has access
>> >> >> >> to
>> >> >> >> see
>> >> >> >> the group memberships.
>> >> >> >>
>> >> >> >> Also, I updated http://vcl.apache.org/docs/ldapauth.html to have a
>> >> >> >> brief
>> >> >> >> paragraph at the bottom about how to debug connections. There is a
>> >> >> >> link
>> >> >> >> to a debug script I often use to get things sorted out. You may
>> >> >> >> find
>> >> >> >> that script helpful.
>> >> >> >>
>> >> >> >> Josh
>> >> >> >>
>> >> >> >> On Monday, March 03, 2014 4:48:08 PM António Aragão wrote:
>> >> >> >>> Hi Josh,
>> >> >> >>>
>> >> >> >>> the binddn is: dc=di,dc=uminho,dc=pt
>> >> >> >>>
>> >> >> >>> the attribute is: memberUid
>> >> >> >>>
>> >> >> >>> Thanks.
>> >> >> >>>
>> >> >> >>> 2014-03-03 15:42 GMT+00:00 Josh Thompson <[email protected]>:
>> >> >> >>> > -----BEGIN PGP SIGNED MESSAGE-----
>> >> >> >>> > Hash: SHA1
>> >> >> >>> >
>> >> >> >>> > António,
>> >> >> >>> >
>> >> >> >>> > Sorry for the late response.
>> >> >> >>> >
>> >> >> >>> > What do you have set for binddn for your LDAP server? Also,
>> >> >> >>> > what
>> >> >> >>> > attribute
>> >> >> >>> > are you searching on in LDAP?
>> >> >> >>> >
>> >> >> >>> > Josh
>> >> >> >>> >
>> >> >> >>> > On Thursday, February 27, 2014 11:01:49 AM António Aragão wrote:
>> >> >> >>> >> I get this:
>> >> >> >>> >>
>> >> >> >>> >> Array
>> >> >> >>> >> (
>> >> >> >>> >>
>> >> >> >>> >> [count] => 1
>> >> >> >>> >> [0] => Array
>> >> >> >>> >>
>> >> >> >>> >> (
>> >> >> >>> >>
>> >> >> >>> >> [count] => 0
>> >> >> >>> >> [dn] => uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
>> >> >> >>> >>
>> >> >> >>> >> )
>> >> >> >>> >>
>> >> >> >>> >> )
>> >> >> >>> >>
>> >> >> >>> >> But in LDAP server:
>> >> >> >>> >>
>> >> >> >>> >> dn: cn=alunos,ou=Groups,dc=di,dc=uminho,dc=pt
>> >> >> >>> >> cn: alunos
>> >> >> >>> >> gidNumber: 505
>> >> >> >>> >> objectClass: posixGroup
>> >> >> >>> >> objectClass: top
>> >> >> >>> >> structuralObjectClass: posixGroup
>> >> >> >>> >> entryUUID: a4050df8-298b-102d-9292-83a608533f73
>> >> >> >>> >> creatorsName: cn=admin,dc=di,dc=uminho,dc=pt
>> >> >> >>> >> createTimestamp: 20081008134915Z
>> >> >> >>> >> memberUid: uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
>> >> >> >>> >> memberUid: a12596
>> >> >> >>> >> memberUid: uid=a12596
>> >> >> >>> >> entryCSN: 20140227104950Z#000000#00#000000
>> >> >> >>> >> modifiersName: cn=admin,dc=di,dc=uminho,dc=pt
>> >> >> >>> >> modifyTimestamp: 20140227104950Z
>> >> >> >>> >>
>> >> >> >>> >> It appears that cannot find the group.
>> >> >> >>> >>
>> >> >> >>> >> Any clues ?
>> >> >> >>> >>
>> >> >> >>> >> Em 20-02-2014 13:49, David DeMizio escreveu:
>> >> >> >>> >> > Have a look at this post, I think it's what you are referring
>> >> >> >>> >> > to
>> >> >> >>> >> >
>> >> >> >>> >> > http://vcl.markmail.org/search/?q=ldap+groups#query:ldap%20gr
>> >> >> >>> >> > oup
>> >> >> >>> >> > s+p
>> >> >> >>> >> > age:
>> >> >> >>> >> > 2+m
>> >> >> >>> >> > id:y5s64fhipakutbkp+state:results
>> >> >> >>> >> >
>> >> >> >>> >> > David DeMizio
>> >> >> >>> >> > /Academic Systems Coordinator/
>> >> >> >>> >> > Office of Information Technology
>> >> >> >>> >> > New College of Florida
>> >> >> >>> >> > Phone: 941-487-4222 | Fax: 941-487-4356
>> >> >> >>> >> > www.ncf.edu <http://www.ncf.edu/>
>> >> >> >>> >> >
>> >> >> >>> >> >
>> >> >> >>> >> > On Thu, Feb 20, 2014 at 4:38 AM, António Aragão
>> >> >> >>> >> > <[email protected]
>> >> >> >>> >> >
>> >> >> >>> >> > <mailto:[email protected]>> wrote:
>> >> >> >>> >> > Hello,
>> >> >> >>> >> >
>> >> >> >>> >> > i tested this changes and works. I was only unable to
>> >> >> >>> >> > populate
>> >> >> >>> >> > a
>> >> >> >>> >> > group with LDAP users, does anyone have this problem ?
>> >> >> >>> >> >
>> >> >> >>> >> > Em 19-02-2014 19:37, David DeMizio escreveu:
>> >> >> >>> >> >> Hello Mike,
>> >> >> >>> >> >>
>> >> >> >>> >> >> I believe it's possible but you will need to make some
>> >> >> >>> >> >> changes
>> >> >> >>> >> >> to
>> >> >> >>> >> >> the code in the .htc-inc folders. I had it working
>> >> >> >>> >> >> before I
>> >> >> >>> >> >> changed over to ldaps. first in authentication.php look
>> >> >> >>> >> >> for
>> >> >> >>> >> >> a
>> >> >> >>> >> >> line like $ds =
>> >> >> >>> >> >> ldap_connect("ldaps://{$auth['server']}/");
>> >> >> >>> >> >> and
>> >> >> >>> >> >> then there might be a few others in
>> >> >> >>> >> >> authmethods/ldapauth.php.
>> >> >> >>> >> >> so
>> >> >> >>> >> >> just change ldaps:// to ldap://
>> >> >> >>> >> >>
>> >> >> >>> >> >> David DeMizio
>> >> >> >>> >> >> /Academic Systems Coordinator/
>> >> >> >>> >> >> Office of Information Technology
>> >> >> >>> >> >> New College of Florida
>> >> >> >>> >> >> Phone: 941-487-4222 | Fax: 941-487-4356
>> >> >> >>> >> >> www.ncf.edu <http://www.ncf.edu/>
>> >> >> >>> >> >>
>> >> >> >>> >> >>
>> >> >> >>> >> >> On Wed, Feb 19, 2014 at 2:25 PM, Mike Haudenschild
>> >> >> >>> >> >>
>> >> >> >>> >> >> <[email protected] <mailto:[email protected]>> wrote:
>> >> >> >>> >> >> I'm attempting to bind VCL to an LDAP server that is
>> >> >> >>> >> >> NOT
>> >> >> >>> >> >> using SSL. Before I started the configuration
>> >> >> >>> >> >> process
>> >> >> >>> >> >> and
>> >> >> >>> >> >> tried to troubleshoot, I thought I would ask if this
>> >> >> >>> >> >> is
>> >> >> >>> >> >> even
>> >> >> >>> >> >> supported.
>> >> >> >>> >> >>
>> >> >> >>> >> >> Thanks very much,
>> >> >> >>> >> >> Mike
>> >> >> >>> >>
>> >> >> >>> >> --
>> >> >> >>> >
>> >> >> >>> > - --
>> >> >> >>> > - -------------------------------
>> >> >> >>> > Josh Thompson
>> >> >> >>> > VCL Developer
>> >> >> >>> > North Carolina State University
>> >> >> >>> >
>> >> >> >>> > my GPG/PGP key can be found at pgp.mit.edu
>> >> >> >>> >
>> >> >> >>> > All electronic mail messages in connection with State business
>> >> >> >>> > which
>> >> >> >>> > are sent to or received by this account are subject to the NC
>> >> >> >>> > Public
>> >> >> >>> > Records Law and may be disclosed to third parties.
>> >> >> >>> > -----BEGIN PGP SIGNATURE-----
>> >> >> >>> > Version: GnuPG v2.0.22 (GNU/Linux)
>> >> >> >>> >
>> >> >> >>> > iEYEARECAAYFAlMUowEACgkQV/LQcNdtPQOpKACeK648IGA+FGCJXQsoVWbhK5ZT
>> >> >> >>> > 04AAn0PXU/9HINkZLNAJ4tcwFBfeFddQ
>> >> >> >>> > =MKhx
>> >> >> >>> > -----END PGP SIGNATURE-----
>> >> >> >>
>> >> >> >> - --
>> >> >> >> - -------------------------------
>> >> >> >> Josh Thompson
>> >> >> >> VCL Developer
>> >> >> >> North Carolina State University
>> >> >> >>
>> >> >> >> my GPG/PGP key can be found at pgp.mit.edu
>> >> >> >>
>> >> >> >> All electronic mail messages in connection with State business
>> >> >> >> which
>> >> >> >> are sent to or received by this account are subject to the NC
>> >> >> >> Public
>> >> >> >> Records Law and may be disclosed to third parties.
>> >> >> >> -----BEGIN PGP SIGNATURE-----
>> >> >> >> Version: GnuPG v2.0.22 (GNU/Linux)
>> >> >> >>
>> >> >> >> iEYEARECAAYFAlMU4+YACgkQV/LQcNdtPQNogwCfcd+0cZYlbwNNKIW4GHpEwn5O
>> >> >> >> 7FMAn1ZA7u1DlMW++CA7rytjXRqCJ0Bp
>> >> >> >> =SxbG
>> >> >> >> -----END PGP SIGNATURE-----
>> >> >> >
>> >> >> > --
>> >> >> > --
>> >> >> > http://www.di.uminho.pt/~apa/email/cartao_virtual_email_aaragao.png
>> >> >
>> >> > - --
>> >> > - -------------------------------
>> >> > Josh Thompson
>> >> > VCL Developer
>> >> > North Carolina State University
>> >> >
>> >> > my GPG/PGP key can be found at pgp.mit.edu
>> >> >
>> >> > All electronic mail messages in connection with State business which
>> >> > are sent to or received by this account are subject to the NC Public
>> >> > Records Law and may be disclosed to third parties.
>> >> > -----BEGIN PGP SIGNATURE-----
>> >> > Version: GnuPG v2.0.22 (GNU/Linux)
>> >> >
>> >> > iEYEARECAAYFAlMY1uYACgkQV/LQcNdtPQNzVwCfQRxlbDf0ub/a16B4ct8YHqtS
>> >> > Y/4An0z6tX0sgHIojFZKH32c6egygmuG
>> >> > =8747
>> >> > -----END PGP SIGNATURE-----
>> >
>> > - --
>> > - -------------------------------
>> > Josh Thompson
>> > VCL Developer
>> > North Carolina State University
>> >
>> > my GPG/PGP key can be found at pgp.mit.edu
>> >
>> > All electronic mail messages in connection with State business which
>> > are sent to or received by this account are subject to the NC Public
>> > Records Law and may be disclosed to third parties.
>> > -----BEGIN PGP SIGNATURE-----
>> > Version: GnuPG v2.0.22 (GNU/Linux)
>> >
>> > iEYEARECAAYFAlMZ0NYACgkQV/LQcNdtPQOS2QCfap8wtiFFHeAASQjggcf1C1pr
>> > aZ4An1wUnqTJuQzyJ1Acu4xXKY5E0+W1
>> > =w1Im
>> > -----END PGP SIGNATURE-----
> - --
> - -------------------------------
> Josh Thompson
> VCL Developer
> North Carolina State University
>
> my GPG/PGP key can be found at pgp.mit.edu
>
> All electronic mail messages in connection with State business which
> are sent to or received by this account are subject to the NC Public
> Records Law and may be disclosed to third parties.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (GNU/Linux)
>
> iEYEARECAAYFAlMaGW4ACgkQV/LQcNdtPQMYRACfew0x3SrDix0Wzqamcbb+EIll
> HEwAn3dSJUadmgNqqEf0MySVw5xHOsCF
> =Ij+S
> -----END PGP SIGNATURE-----
>
--
http://www.di.uminho.pt/~apa/email/cartao_virtual_email_aaragao.png
