first, I should note that I've never used ldap, so what i say are just suggestions to try.
I select the users I want to import (all between 1000 and 65536), the admin users, NO groups (because we don't have any meaningful groups set up, and Mac OS X Server
this may or may not go so well. I don't know of phpgw requires any groups bu tit wouldn't suprize me if it did. I also don't know if it matters if htese groups come from ldap.
Warning: Invalid argument supplied for foreach() in /Library/WebServer/Documents/phpgroupware/setup/ldapimport.php on line 165 Warning: Variable passed to each() is not an array or object in /Library/WebServer/Documents/phpgroupware/setup/ldapimport.php on line 389 Which look like someone forgot to check if there were items in some array before running a loop (I know it's in BETA, but seriously?)
yeah, there's still a lot of really old code, but in generaly what you are seeing simply shoudn't happen.
So it seems like things go ok anyway. Then, I go to log in as my own personal user account (which was given admin permissions).
how was this granted? admin on the ldap deosn't automaticaly gte you admin in phpgw. the permission is managed by having access to the Admin phpgw app. there's also restrictions within that so that you asing non-admin users some managerial type rights through the admin app.
You are required to change your password during your first login Click here (Which will SERIOUSLY piss off my users, we *already have* an LDAP policy which makes them change their passwords - I didn't set this option, is that really the default setting?)
I've heard of this a lot lately, I personaly don't know what changed, but I think there is a bug report on it already.
So, we know that the LDAP authentication went ok. But, I "click here" to change the password, and I get: Access not permitted
I don't know that changing ldap pw is currently supported. it used to be, but some things have been changed (for the better overall) and not all the peices are finished.
With the standard layout (I guess), a logout link and a welcome link - no applications, no interface to speak of, basically a program that can authenticate with LDAP and fall on its face.
that's generaly the default for a new user. you simply have no apps assigned to you, including the aforementioned Admin app. What i do for mail/IMAP auth is to setup for sql auth only and create an account that matches a mail acocunt that I want to use as admin. I grant the Admin app to the user, then make the change to mail auth and it's all good after that. sort of a bootstrap of the permissions system since the default is to not trust the user. not sure this will work as well for ldap, but it might be worth a try. _______________________________________________ phpGroupWare-users mailing list [email protected] http://lists.gnu.org/mailman/listinfo/phpgroupware-users
