[RC] CAS and LDAP authentication v3.0.1

A place for MOD Authors to post and receive feedback on MODs still in development. No MODs within this forum should be used within a live environment! No new topics are allowed in this forum.
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

IMPORTANT: MOD Development Forum rules

On February 1, 2009 this forum will be set to read only as part of retiring of phpBB2.
coley07
Registered User
Posts: 2
Joined: Sat Feb 03, 2007 2:01 pm

Troubleshooting Groups

Post by coley07 » Sat Feb 03, 2007 2:06 pm

users from my Active Directory log in fine.

I have followed all of the Documentation, in Configuration/Authentication Settings LDAP group synchronisation enabled: Yes

and LDAP group membership attribute: memberOf (as I am using active directory)

I have created a group called GamesProg in AD and also in Group Admin of phpbb, in the group properties Group membership managed by LDAP: ticked yes

I have added 2 users to the group in AD and when I log into phpbb via ldap click on usergroups and then the group, it says no members :-(

Can anybody help me troubleshoot why Groups are not working properly?

fjammes
Registered User
Posts: 9
Joined: Fri Jun 09, 2006 3:41 pm

Post by fjammes » Sun Feb 04, 2007 2:19 am

The users will be added to phpBB group during their first login to phpBB. Have you logged to phpBB with these 2 users accounts ?

Furthermore i've only tested these functionnality with OpenLDAP and i'm very interested on your experience with AD.

Thanks

coley07
Registered User
Posts: 2
Joined: Sat Feb 03, 2007 2:01 pm

Post by coley07 » Sun Feb 04, 2007 9:13 am

fjammes wrote: The users will be added to phpBB group during their first login to phpBB. Have you logged to phpBB with these 2 users accounts ?

Furthermore i've only tested these functionnality with OpenLDAP and i'm very interested on your experience with AD.

Thanks


I deleted the 2 user accounts out of the mysql database, and I have created a new account in the AD but still nothing in the group in forum.

if I perform the ldapcheck.php and choose the search type user dn then information is reported back, but group information (memberOf) is not!

if I perform the ldapcheck.php and choose the search type user name, it returns all user information (including memberOf), but at the end does not give group information. I do not want to post this as it is not information I would like in the public domain, but I could message or email it to you?

=====================================================================================
LDAP Group this user is apart of
=====================================================================================

Fatal error: Cannot instantiate non-existent class: ldapgroups in LDAPcheck.php on line 616

I know in a previous post you said that you didnt write ldapcheck.php, so Is there any debugging we can put on to see what is being searched for etc?

dude939
Registered User
Posts: 1
Joined: Thu Mar 08, 2007 11:21 pm

Authenticate Against Multiple Containers

Post by dude939 » Thu Mar 08, 2007 11:27 pm

I have a lot of containers and would ideally like to just specific an LDAP DN like this:

dc=domain,dc=com

And have it search through all the containers within for the given user. This does not work however, and results in an error (Could not perform query to LDAP directory.).

If I do specific a container, such as cn=users,dc=domain,dc=com it does work, but only for users within the specified container obviously.

How do I authenticate against multiple containers? Can I provide a wildcard somehow? Ideally I don't want to even specify the container level because when we add more containers, I don't want to have to update the DN string. Does this mod support anything like this? If not, do any of the other LDAP mods?

snafu_az
Registered User
Posts: 1
Joined: Tue Mar 20, 2007 5:36 am

user info reset after every login

Post by snafu_az » Tue Mar 20, 2007 6:01 am

I was able to get CAS LDAP Auth 1.2.1_RC1 to work with my phpBB 2.0.22 with no problems thanks to EasyMod.
I have a very limited LDAP directory as far as attributes are concerned. I have uid, cn, sn, givenName, employeeNumber and mail. It's strictly used for http authentication. I have approximately 3000 users.

If I update a user's profile with Occupation, Location or Signature it saves that info to the database but the next time the user logs in it clears the fields in the database because there is no corresponding attribute in the directory.

I would like to change this but I thought I'd check here first to see if there is an easier way before I hacked at it and possibly break something.

Thanks
snafu

t-readyroc
Registered User
Posts: 1
Joined: Wed May 23, 2007 12:13 pm

Re: [RC] CAS and LDAP authentication v1.2.1

Post by t-readyroc » Wed May 23, 2007 2:15 pm

Are there plans to make this mod compatible with phpbb3 (or is it already compatible)?

diablosnuevos
Registered User
Posts: 1
Joined: Thu Sep 20, 2007 7:10 pm

Re: [RC] CAS and LDAP authentication v1.2.1

Post by diablosnuevos » Thu Sep 20, 2007 7:14 pm

I have this mod working with CAS and can log in correctly, but for some reason when I log in with the administrator account and click on the Go To Administration Panel link, the page quickly forwards me back to the index page. I have tried manually going to the different admin pages but I get the same result. Any idea what's going on? It does work when I use (normal) phpbb authentication.

I haven't used any other mods and I am using the default template.

nesrin
Registered User
Posts: 1
Joined: Wed Sep 05, 2007 9:04 am

Re: [RC] CAS and LDAP authentication v1.2.1

Post by nesrin » Thu Jan 10, 2008 2:31 pm

Hi,

we have used CAS and LDAP authentication v1.2.1 (with SUN ONE LDAP server), we can authenticate user from LDAP, but we can't get group information. I have to set forum permission by group.

I controlled settings from http://casldapauthbb.univ-paris1.fr/adm ... ide.html#1 ,
and i can see log on LDAP server. Do u have any suggestions ? I need help.

Code: Select all

[10/Jan/2008:14:37:42 +0200] conn=31687079 op=1 msgId=2 - SRCH base="ou=people,o=xxx.edu" scope=2 filter="(uid=xyz)" attrs=ALL
[10/Jan/2008:14:37:42 +0200] conn=31687079 op=1 msgId=2 - RESULT err=0 tag=101 nentries=1 etime=0   
Thanks.

I solved it.
Thanks.

Khalil
Registered User
Posts: 9
Joined: Wed Jul 23, 2008 8:41 am

Re: [RC] CAS and LDAP authentication v3.0.1

Post by Khalil » Wed Jul 23, 2008 8:50 am

Hi,

I have a very important question : Does this MOD work with phpBB 3.0.x ??

Thanks.

leanne.kwok
Registered User
Posts: 2
Joined: Wed Oct 29, 2008 9:13 pm

Re: [RC] CAS and LDAP authentication v3.0.1

Post by leanne.kwok » Wed Nov 12, 2008 1:10 am

I have installed this MOD for phpbb3 and it works great. Thank you fjammes!

There were a few things I have noticed...

1. My CAS service is not running on the default port (443) and I was getting an error when I click on links that takes me to the CAS login page. To fix this, I have included the 'cas_port' in the CAS service URLs in index.php, viewforum.php and includes/functions.php. I have also included the forum's port in the redirect links.
index.php
Find

Code: Select all

$cas_service_path="https://".$config['cas_host']."/".$config['cas_uri']."?service=".$config['server_protocol'].$config['server_name'].$config['script_path'];
Replace with

Code: Select all

$cas_service_path="https://{$config['cas_host']}:{$config['cas_port']}/{$config['cas_uri']}?service={$config['server_protocol']}{$config['server_name']}:{$config['server_port']}{$config['script_path']}";
viewforum.php
Find

Code: Select all

$cas_service_path="https://".$config['cas_host']."/".$config['cas_uri']."?service=".$config['server_protocol'].$config['server_name'].$config['script_path'];
Replace with

Code: Select all

$cas_service_path="https://{$config['cas_host']}:{$config['cas_port']}/{$config['cas_uri']}?service={$config['server_protocol']}{$config['server_name']}:{$config['server_port']}{$config['script_path']}";
includes/functions.php
Find

Code: Select all

			$u_login_logout = append_sid("https://".$config['cas_host']."/".$config['cas_uri']."?service=".$config['server_protocol'].$config['server_name'].$config['script_path']."/ucp.$phpEx?mode=login");
Replace with

Code: Select all

			$u_login_logout = append_sid("https://{$config['cas_host']}:{$config['cas_port']}/{$config['cas_uri']}?service={$config['server_protocol']}{$config['server_name']}{$config['server_port']}:{$config['script_path']}/ucp.$phpEx?mode=login");
2. When I click on the "Post Reply" link on a post (which requires registered user permission to access) as a guest, I encounter the following error:
Fatal error: Class 'phpCAS' not found in /var/www/forum/includes/auth/auth_casldap.php on line 115
To fix the error, in includes/auth/auth_casldap.php,
Find

Code: Select all

if (!defined('IN_PHPBB'))
{
	exit;
}
Add after

Code: Select all

if (basename(trim($config['auth_method'])) === 'casldap')
{
	require_once('CAS/CAS.php');
}
I have also modified includes/functions.php to redirect the user to the CAS login page instead of the phpbb login page:
Find

Code: Select all

		$redirect .= $user->page['page_name'] . (($user->page['query_string']) ? '?' . htmlspecialchars($user->page['query_string']) : '');
Replace with

Code: Select all

		$redirect .= $user->page['page_name'];
		if ($user->page['query_string'])
		{
			$query_string = $user->page['query_string'];
			if ($method !== 'casldap')
			{
				$query_string = htmlspecialchars($query_string);
			}
			$redirect .= '?' . $query_string;
		}
Find

Code: Select all

	// Assign credential for username/password pair
	$credential = ($admin) ? md5(unique_id()) : false;
Add before

Code: Select all

	if ($method==='casldap')
	{
		$redirect = "{$config['server_protocol']}{$config['server_name']}:{$config['server_port']}{$config['script_path']}/$redirect";
		$redirect = urlencode($redirect);
		$cas_service_path = "https://{$config['cas_host']}:{$config['cas_port']}/{$config['cas_uri']}?service=$redirect";
		redirect($cas_service_path, false, true);
	}
	else
	{
Find

Code: Select all

		make_jumpbox(append_sid("{$phpbb_root_path}viewforum.$phpEx"));
	
		page_footer();
Add after

Code: Select all

	}
I am new to both php and phpbb. If anyone could suggest a better solution it would be much appreciated. :)

Post Reply

Return to “[2.0.x] MODs in Development”

Who is online

Users browsing this forum: No registered users and 10 guests