Open GoogleCodeExporter opened 9 years ago
Chech the following config settings:
http://code.google.com/p/ovz-web-panel/wiki/Configuration#LDAP
I didn't tested integration of Owp with AD server, but had project with such
auth in the past. Something similar to following should be used:
login_pattern: "DOMAIN\\<login>"
Replace DOMAIN with your AD domain name. And don't replace <login>, it will be
replaced dynamically.
Original comment by sibprogrammer
on 22 Jun 2011 at 4:55
Original comment by sibprogrammer
on 22 Jun 2011 at 4:55
That didn't work. I tried the following:
-Set host to IP of main AD server
-Set host to dns entry of "athens.RRC.local"
-Set host to "ldap.lan" (no connection to server)
-Set login_pattern to "RRC\\<login>"
-Set login_pattern to "RRC\<login>"
-Set login_pattern to "RRC.local\\<login>"
-Set login_pattern to "RRC.local\<login>"
Original comment by nshe...@gmail.com
on 22 Jun 2011 at 2:28
Here is the simple script to test LDAP connection:
#--->cut>---
require 'rubygems'
require 'net/ldap'
LDAPSERVER = "ldap.lan"
ldap = Net::LDAP.new(:host => LDAPSERVER)
ldap.auth "user", "password"
if ldap.bind
puts true
else
puts false
end
#---<cut<---
Place the content to test.rb file and run it using command:
ruby /opt/ovz-web-panel/script/runner -e production test.rb
Try to play with user login name. I've used for AD server "DOMAIN\\user" form.
In case of success you should see "true" word.
Original comment by sibprogrammer
on 23 Jun 2011 at 2:45
I got the script to work using RRC\\<username> (returns true), but after
copying the settings into config.yml, I still can't login with LDAP credentials.
test.rb
1 require 'rubygems'
2 require 'net/ldap'
3
4
5 LDAPSERVER = "Athens.RRC.local"
6
7 ldap = Net::LDAP.new(:host => LDAPSERVER)
8 ldap.auth "RRC\\<removed>", <removed>
9
10 if ldap.bind
11 puts true
12 else
13 puts false
14 end
config.yml
1 ldap:
2 enabled: true
3 host: "Athens.RRC.local"
4 login_pattern: "RRC\\<login>"
Original comment by nshe...@gmail.com
on 27 Jun 2011 at 9:05
Did you create user with corresponding login in Owp?
Original comment by sibprogrammer
on 28 Jun 2011 at 3:31
no, wouldn't that defeat the purpose of logging in with LDAP? If its not there,
make it and keep the password synced with the auth server?
Original comment by nshe...@gmail.com
on 28 Jun 2011 at 4:00
LDAP is used for authentication, not for authorization. If you didn't create
user in Owp, it will be impossible to understand what permissions should this
user have? You should create corresponding user in Owp, but there is no need
to provide password in such case.
Original comment by sibprogrammer
on 28 Jun 2011 at 5:32
Original comment by sibprogrammer
on 1 May 2012 at 8:47
A few things...
1) Wouldn't it make a lot more sense to "import" a user upon first login rather
than duplicating the process of adding users? phpBB3, for example, does this.
You can simply retrieve a user's information upon first login and store it in
the local database. I'd rather we just used LDAP entirely, but that'd be a
middleground approach to what you have and #2:
2) I host a whole bunch of stuff for people behind a VPN and would enjoy being
able to manage user creation and privileges totally inside of LDAP. Obviously
schemas will vary, so making those parameters configurable would be necessary.
3) I realize this is an older issue, but the behavior is same today.
Thanks for your time reading and considering this.
Original comment by intentio...@gmail.com
on 31 Oct 2012 at 3:46
Original issue reported on code.google.com by
nshe...@gmail.com
on 21 Jun 2011 at 5:19