Josh,
I try this:
[root@ldap1 private]# ldapsearch -x -h localhost -a find -v -b
dc=di,dc=uminho,dc=pt -w XXXXXX -D cn=XXXXXX,dc=di,dc=uminho,dc=pt -z
0 cn=alunos
ldap_initialize( ldap://localhost )
filter: cn=alunos
requesting: All userApplication attributes
# extended LDIF
#
# LDAPv3
# base <dc=di,dc=uminho,dc=pt> with scope subtree
# filter: cn=alunos
# requesting: ALL
#
# alunos, Groups, di.uminho.pt
dn: cn=alunos,ou=Groups,dc=di,dc=uminho,dc=pt
cn: alunos
gidNumber: 505
objectClass: posixGroup
objectClass: top
memberUid: a12596
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
I get this output, there is any problem with posixGroup ? I use
generic.php with memberUid it outputs:
debugging set
protocol 3 set
Bind was successful
search time: 0.002673864364624
results time: 0.0031049251556396
Array
(
[count] => 1
[0] => Array
(
[count] => 0
[dn] => uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
)
)
I have used:
$toplevel = 'dc=di,dc=uminho,dc=pt'; # base DN to use
$search = 'uid=a12596'; # what to search for, examples:
uid=someuserid, cn=someuserid, samaccountname=someuserid; follows
normal LDAP query rules
#$results = array("*","+");
$results = array("memberUid");
#$results = array("dn");
#$results = array('dn', 'givenname', 'sn', 'mail');
It is not able to find which uid=a12596 group belongs. Does anyone
have this problem ?
Thanks.
2014-03-07 13:59 GMT+00:00 Josh Thompson <[email protected]>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> António,
>
> This line
>
> $results = array("dn");
>
> is only going to give you the DN of the user that you looked up. Try using
>
> $results = array("*", "+");
>
> That should give you everything you can see about the user. Somewhere in
> there, you should see an attribute that lists the groups of which the user is
> a member. For example, when Active Directory is the LDAP system, the
> attribute is usually "memberof". So, if that was the case for you, you would
> then change it to
>
> $results = array("memberof");
>
> But, I think you'll find something other than "memberof" is the attribute you
> need.
>
> Josh
>
> On Friday, March 07, 2014 9:25:59 AM António Aragão wrote:
>> I put this:
>>
>> $toplevel = 'dc=di,dc=uminho,dc=pt'; # base DN to use
>> $search = 'uid=a12596'; # what to search for, examples:
>> uid=someuserid, cn=someuserid, samaccountname=someuserid; follows
>> normal LDAP query rules
>> #$results = array("*","+");
>> $results = array("dn");
>> #$results = array('dn', 'givenname', 'sn', 'mail');
>>
>> 2014-03-06 20:13 GMT+00:00 Josh Thompson <[email protected]>:
>> > -----BEGIN PGP SIGNED MESSAGE-----
>> > Hash: SHA1
>> >
>> > António,
>> >
>> > What did you set $toplevel, $search, and $results to in the debug script?
>> >
>> > Josh
>> >
>> > On Thursday, March 06, 2014 6:43:32 PM António Aragão wrote:
>> >> I try it and:
>> >>
>> >> debugging set
>> >> protocol 3 set
>> >> Bind was successful
>> >> search time: 0.0014631748199463
>> >> results time: 0.0016670227050781
>> >>
>> >> Array
>> >> (
>> >>
>> >> [count] => 1
>> >> [0] => Array
>> >>
>> >> (
>> >>
>> >> [count] => 0
>> >> [dn] => uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
>> >>
>> >> )
>> >>
>> >> )
>> >>
>> >> It doesn't show the group. Can anyone sends me ldap group description
>> >> that works ?
>> >>
>> >> Thanks.
>> >>
>> >> 2014-03-05 15:34 GMT+00:00 António Aragão <[email protected]>:
>> >> > The account I use it's admin (read only) account but I will try the
>> >> > debug script soon as I can.
>> >> >
>> >> > Thanks.
>> >> >
>> >> > 2014-03-03 20:19 GMT+00:00 Josh Thompson <[email protected]>:
>> >> >> -----BEGIN PGP SIGNED MESSAGE-----
>> >> >> Hash: SHA1
>> >> >>
>> >> >> António,
>> >> >>
>> >> >> I'm not sure why it is not seeing the group membership. You may want
>> >> >> to
>> >> >> check that the account you are using to log in to LDAP has access to
>> >> >> see
>> >> >> the group memberships.
>> >> >>
>> >> >> Also, I updated http://vcl.apache.org/docs/ldapauth.html to have a
>> >> >> brief
>> >> >> paragraph at the bottom about how to debug connections. There is a
>> >> >> link
>> >> >> to a debug script I often use to get things sorted out. You may find
>> >> >> that script helpful.
>> >> >>
>> >> >> Josh
>> >> >>
>> >> >> On Monday, March 03, 2014 4:48:08 PM António Aragão wrote:
>> >> >>> Hi Josh,
>> >> >>>
>> >> >>> the binddn is: dc=di,dc=uminho,dc=pt
>> >> >>>
>> >> >>> the attribute is: memberUid
>> >> >>>
>> >> >>> Thanks.
>> >> >>>
>> >> >>> 2014-03-03 15:42 GMT+00:00 Josh Thompson <[email protected]>:
>> >> >>> > -----BEGIN PGP SIGNED MESSAGE-----
>> >> >>> > Hash: SHA1
>> >> >>> >
>> >> >>> > António,
>> >> >>> >
>> >> >>> > Sorry for the late response.
>> >> >>> >
>> >> >>> > What do you have set for binddn for your LDAP server? Also, what
>> >> >>> > attribute
>> >> >>> > are you searching on in LDAP?
>> >> >>> >
>> >> >>> > Josh
>> >> >>> >
>> >> >>> > On Thursday, February 27, 2014 11:01:49 AM António Aragão wrote:
>> >> >>> >> I get this:
>> >> >>> >>
>> >> >>> >> Array
>> >> >>> >> (
>> >> >>> >>
>> >> >>> >> [count] => 1
>> >> >>> >> [0] => Array
>> >> >>> >>
>> >> >>> >> (
>> >> >>> >>
>> >> >>> >> [count] => 0
>> >> >>> >> [dn] => uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
>> >> >>> >>
>> >> >>> >> )
>> >> >>> >>
>> >> >>> >> )
>> >> >>> >>
>> >> >>> >> But in LDAP server:
>> >> >>> >>
>> >> >>> >> dn: cn=alunos,ou=Groups,dc=di,dc=uminho,dc=pt
>> >> >>> >> cn: alunos
>> >> >>> >> gidNumber: 505
>> >> >>> >> objectClass: posixGroup
>> >> >>> >> objectClass: top
>> >> >>> >> structuralObjectClass: posixGroup
>> >> >>> >> entryUUID: a4050df8-298b-102d-9292-83a608533f73
>> >> >>> >> creatorsName: cn=admin,dc=di,dc=uminho,dc=pt
>> >> >>> >> createTimestamp: 20081008134915Z
>> >> >>> >> memberUid: uid=a12596,ou=alunos,dc=di,dc=uminho,dc=pt
>> >> >>> >> memberUid: a12596
>> >> >>> >> memberUid: uid=a12596
>> >> >>> >> entryCSN: 20140227104950Z#000000#00#000000
>> >> >>> >> modifiersName: cn=admin,dc=di,dc=uminho,dc=pt
>> >> >>> >> modifyTimestamp: 20140227104950Z
>> >> >>> >>
>> >> >>> >> It appears that cannot find the group.
>> >> >>> >>
>> >> >>> >> Any clues ?
>> >> >>> >>
>> >> >>> >> Em 20-02-2014 13:49, David DeMizio escreveu:
>> >> >>> >> > Have a look at this post, I think it's what you are referring to
>> >> >>> >> >
>> >> >>> >> > http://vcl.markmail.org/search/?q=ldap+groups#query:ldap%20group
>> >> >>> >> > s+p
>> >> >>> >> > age:
>> >> >>> >> > 2+m
>> >> >>> >> > id:y5s64fhipakutbkp+state:results
>> >> >>> >> >
>> >> >>> >> > David DeMizio
>> >> >>> >> > /Academic Systems Coordinator/
>> >> >>> >> > Office of Information Technology
>> >> >>> >> > New College of Florida
>> >> >>> >> > Phone: 941-487-4222 | Fax: 941-487-4356
>> >> >>> >> > www.ncf.edu <http://www.ncf.edu/>
>> >> >>> >> >
>> >> >>> >> >
>> >> >>> >> > On Thu, Feb 20, 2014 at 4:38 AM, António Aragão
>> >> >>> >> > <[email protected]
>> >> >>> >> >
>> >> >>> >> > <mailto:[email protected]>> wrote:
>> >> >>> >> > Hello,
>> >> >>> >> >
>> >> >>> >> > i tested this changes and works. I was only unable to
>> >> >>> >> > populate
>> >> >>> >> > a
>> >> >>> >> > group with LDAP users, does anyone have this problem ?
>> >> >>> >> >
>> >> >>> >> > Em 19-02-2014 19:37, David DeMizio escreveu:
>> >> >>> >> >> Hello Mike,
>> >> >>> >> >>
>> >> >>> >> >> I believe it's possible but you will need to make some
>> >> >>> >> >> changes
>> >> >>> >> >> to
>> >> >>> >> >> the code in the .htc-inc folders. I had it working before I
>> >> >>> >> >> changed over to ldaps. first in authentication.php look for
>> >> >>> >> >> a
>> >> >>> >> >> line like $ds = ldap_connect("ldaps://{$auth['server']}/");
>> >> >>> >> >> and
>> >> >>> >> >> then there might be a few others in
>> >> >>> >> >> authmethods/ldapauth.php.
>> >> >>> >> >> so
>> >> >>> >> >> just change ldaps:// to ldap://
>> >> >>> >> >>
>> >> >>> >> >> David DeMizio
>> >> >>> >> >> /Academic Systems Coordinator/
>> >> >>> >> >> Office of Information Technology
>> >> >>> >> >> New College of Florida
>> >> >>> >> >> Phone: 941-487-4222 | Fax: 941-487-4356
>> >> >>> >> >> www.ncf.edu <http://www.ncf.edu/>
>> >> >>> >> >>
>> >> >>> >> >>
>> >> >>> >> >> On Wed, Feb 19, 2014 at 2:25 PM, Mike Haudenschild
>> >> >>> >> >>
>> >> >>> >> >> <[email protected] <mailto:[email protected]>> wrote:
>> >> >>> >> >> I'm attempting to bind VCL to an LDAP server that is
>> >> >>> >> >> NOT
>> >> >>> >> >> using SSL. Before I started the configuration process
>> >> >>> >> >> and
>> >> >>> >> >> tried to troubleshoot, I thought I would ask if this is
>> >> >>> >> >> even
>> >> >>> >> >> supported.
>> >> >>> >> >>
>> >> >>> >> >> Thanks very much,
>> >> >>> >> >> Mike
>> >> >>> >>
>> >> >>> >> --
>> >> >>> >
>> >> >>> > - --
>> >> >>> > - -------------------------------
>> >> >>> > Josh Thompson
>> >> >>> > VCL Developer
>> >> >>> > North Carolina State University
>> >> >>> >
>> >> >>> > my GPG/PGP key can be found at pgp.mit.edu
>> >> >>> >
>> >> >>> > All electronic mail messages in connection with State business
>> >> >>> > which
>> >> >>> > are sent to or received by this account are subject to the NC
>> >> >>> > Public
>> >> >>> > Records Law and may be disclosed to third parties.
>> >> >>> > -----BEGIN PGP SIGNATURE-----
>> >> >>> > Version: GnuPG v2.0.22 (GNU/Linux)
>> >> >>> >
>> >> >>> > iEYEARECAAYFAlMUowEACgkQV/LQcNdtPQOpKACeK648IGA+FGCJXQsoVWbhK5ZT
>> >> >>> > 04AAn0PXU/9HINkZLNAJ4tcwFBfeFddQ
>> >> >>> > =MKhx
>> >> >>> > -----END PGP SIGNATURE-----
>> >> >>
>> >> >> - --
>> >> >> - -------------------------------
>> >> >> Josh Thompson
>> >> >> VCL Developer
>> >> >> North Carolina State University
>> >> >>
>> >> >> my GPG/PGP key can be found at pgp.mit.edu
>> >> >>
>> >> >> All electronic mail messages in connection with State business which
>> >> >> are sent to or received by this account are subject to the NC Public
>> >> >> Records Law and may be disclosed to third parties.
>> >> >> -----BEGIN PGP SIGNATURE-----
>> >> >> Version: GnuPG v2.0.22 (GNU/Linux)
>> >> >>
>> >> >> iEYEARECAAYFAlMU4+YACgkQV/LQcNdtPQNogwCfcd+0cZYlbwNNKIW4GHpEwn5O
>> >> >> 7FMAn1ZA7u1DlMW++CA7rytjXRqCJ0Bp
>> >> >> =SxbG
>> >> >> -----END PGP SIGNATURE-----
>> >> >
>> >> > --
>> >> > --
>> >> > http://www.di.uminho.pt/~apa/email/cartao_virtual_email_aaragao.png
>> >
>> > - --
>> > - -------------------------------
>> > Josh Thompson
>> > VCL Developer
>> > North Carolina State University
>> >
>> > my GPG/PGP key can be found at pgp.mit.edu
>> >
>> > All electronic mail messages in connection with State business which
>> > are sent to or received by this account are subject to the NC Public
>> > Records Law and may be disclosed to third parties.
>> > -----BEGIN PGP SIGNATURE-----
>> > Version: GnuPG v2.0.22 (GNU/Linux)
>> >
>> > iEYEARECAAYFAlMY1uYACgkQV/LQcNdtPQNzVwCfQRxlbDf0ub/a16B4ct8YHqtS
>> > Y/4An0z6tX0sgHIojFZKH32c6egygmuG
>> > =8747
>> > -----END PGP SIGNATURE-----
> - --
> - -------------------------------
> Josh Thompson
> VCL Developer
> North Carolina State University
>
> my GPG/PGP key can be found at pgp.mit.edu
>
> All electronic mail messages in connection with State business which
> are sent to or received by this account are subject to the NC Public
> Records Law and may be disclosed to third parties.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (GNU/Linux)
>
> iEYEARECAAYFAlMZ0NYACgkQV/LQcNdtPQOS2QCfap8wtiFFHeAASQjggcf1C1pr
> aZ4An1wUnqTJuQzyJ1Acu4xXKY5E0+W1
> =w1Im
> -----END PGP SIGNATURE-----
>
--
http://www.di.uminho.pt/~apa/email/cartao_virtual_email_aaragao.png
