Hi. On 08.09.2010 18:17, Chris Cowley wrote: > Works a treat (release 1.0.3)! FYI I am authenticating against Window Server > 2003r2 > > I just uncommented the msad_ldap1 section in auth.xml, put in one of my DCs > along with a username that I had created. After clearing the cache (sudo rm > /usr/local/icinga-web/app/cache/config/*) it authenticated my user. > > Next I need to make it work in a VirtualHost and enable Kerberos. Will a > REMOTE_USER make it skip the login form?
If you setup your providers like this: ldap: authoritative=false, auth_create=true, auth_update=true basic: authoritative=true, auth_create=false, auth_update=false Hope this works, the comlete workflow will be in the logs if something went wrong (or right) LG Marius. > > > -----Original Message----- > From: Marius Hein [mailto:marius.h...@netways.de] > Sent: 01 September 2010 11:45 > To: kbra...@sditcs.com; icinga-users@lists.sourceforge.net > Subject: Re: [icinga-users] LDAP authentication from icinga-web > > Hi. > >> Sorry for the list spam, but one more question: >> Do I create an auth.xml or do I add my auth config to an existing xml >> file like icinga.xml? If I add it to an existing XML file, how much do I >> need to include of the parent containers? For example: >> >> <settings prefix="modules.appkit.auth." > xmlns="http://agavi.org/agavi/config/parts/module/1.0"; > xmlns:ae="http://agavi.org/agavi/config/global/envelope/1.0";> >> > > The simplest solution to add your auth configuration to the existing > auth.xml. > > If you want heavy debugging: Agavi supports XInclude. You can use this > to include new XML files into existing settings xml files (like > app/config/settings.xml, modules.xml, or any other valid agavi places). > > You can see this in module.xml config (from AppKit). This file includes > the auth.xml. > > >> This sits at the top of auth.xml so would it need to be included? >> > > Depending on your scope of including. If you include in a already > prefixed scope (e.g. modules.apppkit) you only need a new settings > directive for e.g. auth. > > You can test around include xml settings arround the application, but > always clean the cache to start new (Agavi compiles all settings (after > XInclude) together) > > Depending on your mail how the auth system works: > > At the moment there is no documentation available. The best thing to > look into app/modules/AppKit/models/Auth/DispatchModel.class.php. This > is the master instance to control all authenticate requests and > distributes to the configured provider. > > I will write some flowchart but at first I try to use some words to > describe the process: > > - 1.0 User tries to login > - 1.1 Yes user is in the system > - Loading the belonging provider > - Provider can update (auth_update) > - Update user profile > - Provider is 'authoritative' > - Authenticate against > - Fail and auth_resume > - Try other provider in the configured order > - Iterate to all the others and try only > authenticate > - Fail and not auth_resume > - NO LOGIN > - Provider is not authoritative and auth_resume > - Try other provider in the configured order > - Provider is not authoritative > - NO LOGIN > - 1.2 NO user is not available > - Iterate through all providers > - Yes user is available on the provider > - Yes provider can import (auth_import) > - Import the user profile and goto 1.1 > > > This is already implemented and the dispatcher logs all steps into > app/data/log/debug* log. > > Kind Regards, > Marius. > -- Marius Hein Application Developer NETWAYS GmbH | Deutschherrnstr. 15-19 | D-90429 Nürnberg Tel: +49 911 92885-0 | Fax: +49 911 92885-77 GF: Julian Hein | AG Nürnberg HRB18461 http://www.netways.de | marius.h...@netways.de ** NETWAYS Open Source Monitoring Conference 2010 | Nürnberg, 06. und 07. Oktober 2010 | http://www.netways.de/osmc ** ------------------------------------------------------------------------------ This SF.net Dev2Dev email is sponsored by: Show off your parallel programming skills. Enter the Intel(R) Threading Challenge 2010. http://p.sf.net/sfu/intel-thread-sfd _______________________________________________ icinga-users mailing list icinga-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/icinga-users
