Page 1 of 2

Auth_LDAP Support thread

Posted: 02 May 2013, 20:44
by hydrian
Please any post any problems or issues you are having with auth_ldap here. I cannot watch every forum for support requests.

Re: Auth_LDAP Support thread

Posted: 02 May 2013, 20:51
by blainemono
Hi. I was having a good time with auth_ldap, but yesterday I found auth_ldap in bed with another man. I request a patch that stops auth_ldap from being a dirty lying whore.

Re: Auth_LDAP Support thread

Posted: 02 May 2013, 20:58
by hydrian
For help with common issues, check out the auth_ldap wiki (Work in progress) : https://github.com/hydrian/TTRSS-Auth-LDAP/wiki

If you think you have found a bug, please create an Issue over on my development fork at GitHub: https://github.com/hydrian/TTRSS-Auth-LDAP/issues

If you what to try out development versions or what to play with the code, check out: https://github.com/hydrian/TTRSS-Auth-LDAP/

Re: Auth_LDAP Support thread

Posted: 02 Jul 2013, 23:21
by emmjott
Hi there,
at first, thanks alot for your effort in creating this useful plugin!

Unfortunately, i'm struggling to get this to work with TT RSS 1.8.
Because auth_ldap is not included in TT RSS since 1.7.9, i've tried the following:
Cloned the last version from your GIT repo, which leads me to the following message in the log:

Code: Select all

Plugin auth_ldap is not compatible with current API version (need: 2, got: 1)


Added the following to init.php to make TT RSS recognize auth_ldap:

Code: Select all

function api_version(){return 2;}

This leads to:

Code: Select all

E_USER_WARNING (512)   plugins/auth_ldap/init.php:73   Could not connect to LDAP Server: Bind failed: Can't contact LDAP server: Unknown Net_LDAP2 Error (-1)      19:11
E_STRICT (2048)   plugins/auth_ldap/init.php:152   Non-static method PEAR::isError() should not be called statically, assuming $this from incompatible context      19:11
E_STRICT (2048)   usr/share/php/Net/LDAP2.php:208   Non-static method PEAR::isError() should not be called statically      19:11
E_STRICT (2048)   usr/share/php/Net/LDAP2.php:1801   Non-static method Net_LDAP2::errorMessage() should not be called statically, assuming $this from incompatible context      19:11
E_STRICT (2048)   usr/share/php/Net/LDAP2.php:198   Non-static method PEAR::isError() should not be called statically      19:11


I have also tried the auth_ldap version from the contrib repo (which already seems to be API version 2 enabled), but i receive the same error message:

Code: Select all


E_USER_WARNING (512)   plugins/auth_ldap/init.php:69   Could not connect to LDAP Server: Bind failed: Can't contact LDAP server: Unknown Net_LDAP2 Error (-1)      19:17
E_STRICT (2048)   plugins/auth_ldap/init.php:148   Non-static method PEAR::isError() should not be called statically, assuming $this from incompatible context      19:17
E_STRICT (2048)   usr/share/php/Net/LDAP2.php:208   Non-static method PEAR::isError() should not be called statically      19:17
E_STRICT (2048)   usr/share/php/Net/LDAP2.php:1801   Non-static method Net_LDAP2::errorMessage() should not be called statically, assuming $this from incompatible context      19:17
E_STRICT (2048)   usr/share/php/Net/LDAP2.php:198   Non-static method PEAR::isError() should not be called statically      19:17


Authentication for LDAP users always fails :(
Anyone got an idea? I would really love to use TT RSS 1.8, i'm especially looking forward to integrate the fever API, but auth_ldap is a must-have, sort of...

Regards,
Markus

Re: Auth_LDAP Support thread

Posted: 03 Jul 2013, 14:37
by Horst
Yep, thanks a lot for the plugin. It's awesome!

What type of LDAP server are you using? I've got it to work with a Windows Server 2008.

It took me some time experimenting with several combinations of LDAP settings. I suggest you activate LDAP_AUTH_DEBUG first and disable encryption temporarily (to the LDAP server) until it's working in cleartext.
I also replaced "uid" in the LDAP_AUTH_SEARCHFILTER by "sAMAccountName" (for Active Directory).

Re: Auth_LDAP Support thread

Posted: 03 Jul 2013, 19:18
by emmjott
Hi,
thanks for your reply, i'm using OpenLDAP.
The weird thing is, with 1.7.8 LDAP was working fine, but it stopped working after upgrading TT RSS to 1.8 (tried 1.7.9 as well, same there).
My LDAP config is still the same as in 1.7.8..

I'll try setting LDAP to debug and will post the outcome..

Re: Auth_LDAP Support thread

Posted: 23 Jul 2013, 10:40
by 1of16
you tried to update the auth_ldap plugin?
here you can get the new, hopefully working, version: https://github.com/hydrian/TTRSS-Auth-L ... /auth_ldap

I don't know, if its important, but there is another error maybe: "Plugin auth_ldap is not compatible with current API version (need: 2, got: 1)"

edit: now its working!
I used the newest version of the plugin, added like emmjott "function api_version(){return 2;}" at the end of it and installed net_ldap2 via "pear install Net_LDAP2"
maybe it will help others too :)

nevertheless there are stil these messages in the system-log:
E_STRICT (2048) usr/share/php/Net/LDAP2/Schema.php:493 Non-static method PEAR::isError() should not be called statically, assuming $this from incompatible context 13:22
E_STRICT (2048) plugins/auth_ldap/init.php:197 Non-static method PEAR::isError() should not be called statically, assuming $this from incompatible context 13:22
E_STRICT (2048) usr/share/php/Net/LDAP2/Filter.php:295 Non-static method PEAR::isError() should not be called statically

but it works... :)

Re: Auth_LDAP Support thread

Posted: 28 Jul 2013, 12:13
by hydrian
All, I just pushed to the fixes for a isError() bug and the API version to Master. I did my bug checking and all looks good, but it is 4am now so I may not be thinking clearly. Give it all a try and let me know.

Re: Auth_LDAP Support thread

Posted: 28 Jul 2013, 12:55
by fox
Can I remove auth_ldap from contrib and put a link to your repository instead since it's the one being developed on?

Re: Auth_LDAP Support thread

Posted: 07 Nov 2013, 22:16
by hydrian
fox wrote:Can I remove auth_ldap from contrib and put a link to your repository instead since it's the one being developed on?


Sure. All the bug reporting should go on the there anyway.

Re: Auth_LDAP Support thread

Posted: 04 Dec 2013, 21:49
by mc128k
Hi all
I have successfully setup the LDAP subsystem and it's working beautifully. How can I limit access only to a defined group?

Thanks.

Re: Auth_LDAP Support thread

Posted: 04 Dec 2013, 22:24
by hydrian
mc128k wrote:Hi all
I have successfully setup the LDAP subsystem and it's working beautifully. How can I limit access only to a defined group?

Thanks.


You need to customize your LDAP_AUTH_SEARCHFILTER filter. Just make a filter that will only return users that are apart of a specific group. The syntax will specific to your LDAP server and tree structure. I'm using OpenLDAP with the MemberOf module. Here is an example:

Code: Select all

(&(objectClass=person)(uid=???)(memberOf=cn=tinytinyrss,ou=Groups,dc=example,dc=local))

Re: Auth_LDAP Support thread

Posted: 04 Dec 2013, 23:36
by hydrian
auth_ldap 0.5rc1 Released

Here is the release candidate for 0.5. If all looks good, this will probabably be the 0.5 release. If you find bugs please file them at https://github.com/hydrian/TTRSS-Auth-LDAP/issues

https://github.com/hydrian/TTRSS-Auth-LDAP/releases/tag/0.5rc1

Re: Auth_LDAP Support thread

Posted: 14 Aug 2014, 13:14
by stormbyte
I have written a LDAP extention and used it with Zentyal 3.5 Samba LDAP server.
Running TTrss version v1.13.1
PHP version 5.5.9
Only the php5-ldap extention is used.

The Net_LDAP2 from PEAR isn't really compatible with my server

https://github.com/stormbyte/auth_ldap_php5

Re: Auth_LDAP Support thread

Posted: 25 Aug 2014, 20:14
by hydrian
Hey all,
Anybody using the 0.5rc1 release should upgrade to the 0.5rc2 release. There is a possible security exploit in the auth_ldap 0.5rc1 version of the code. Here is the link to the 0.5rc2 release that corrects this issue: https://github.com/hydrian/TTRSS-Auth-L ... tag/0.5rc2