Auth_LDAP Support thread

[hydrian]

Please any post any problems or issues you are having with auth_ldap here. I cannot watch every forum for support requests.

[blainemono]

Hi. I was having a good time with auth_ldap, but yesterday I found auth_ldap in bed with another man. I request a patch that stops auth_ldap from being a dirty lying whore.

[hydrian]

For help with common issues, check out the auth_ldap wiki (Work in progress) : https://github.com/hydrian/TTRSS-Auth-LDAP/wiki

If you think you have found a bug, please create an Issue over on my development fork at GitHub: https://github.com/hydrian/TTRSS-Auth-LDAP/issues

If you what to try out development versions or what to play with the code, check out: https://github.com/hydrian/TTRSS-Auth-LDAP/

[emmjott]

Hi there,
at first, thanks alot for your effort in creating this useful plugin!

Unfortunately, i'm struggling to get this to work with TT RSS 1.8.
Because auth_ldap is not included in TT RSS since 1.7.9, i've tried the following:
Cloned the last version from your GIT repo, which leads me to the following message in the log:

Code: Select all

Plugin auth_ldap is not compatible with current API version (need: 2, got: 1)

Added the following to init.php to make TT RSS recognize auth_ldap:

Code: Select all

function api_version(){return 2;}

This leads to:

Code: Select all

E_USER_WARNING (512)   plugins/auth_ldap/init.php:73   Could not connect to LDAP Server: Bind failed: Can't contact LDAP server: Unknown Net_LDAP2 Error (-1)      19:11
E_STRICT (2048)   plugins/auth_ldap/init.php:152   Non-static method PEAR::isError() should not be called statically, assuming $this from incompatible context      19:11
E_STRICT (2048)   usr/share/php/Net/LDAP2.php:208   Non-static method PEAR::isError() should not be called statically      19:11
E_STRICT (2048)   usr/share/php/Net/LDAP2.php:1801   Non-static method Net_LDAP2::errorMessage() should not be called statically, assuming $this from incompatible context      19:11
E_STRICT (2048)   usr/share/php/Net/LDAP2.php:198   Non-static method PEAR::isError() should not be called statically      19:11

I have also tried the auth_ldap version from the contrib repo (which already seems to be API version 2 enabled), but i receive the same error message:

Code: Select all


E_USER_WARNING (512)   plugins/auth_ldap/init.php:69   Could not connect to LDAP Server: Bind failed: Can't contact LDAP server: Unknown Net_LDAP2 Error (-1)      19:17
E_STRICT (2048)   plugins/auth_ldap/init.php:148   Non-static method PEAR::isError() should not be called statically, assuming $this from incompatible context      19:17
E_STRICT (2048)   usr/share/php/Net/LDAP2.php:208   Non-static method PEAR::isError() should not be called statically      19:17
E_STRICT (2048)   usr/share/php/Net/LDAP2.php:1801   Non-static method Net_LDAP2::errorMessage() should not be called statically, assuming $this from incompatible context      19:17
E_STRICT (2048)   usr/share/php/Net/LDAP2.php:198   Non-static method PEAR::isError() should not be called statically      19:17

Authentication for LDAP users always fails
Anyone got an idea? I would really love to use TT RSS 1.8, i'm especially looking forward to integrate the fever API, but auth_ldap is a must-have, sort of...

Regards,
Markus

[Horst]

Yep, thanks a lot for the plugin. It's awesome!

What type of LDAP server are you using? I've got it to work with a Windows Server 2008.

It took me some time experimenting with several combinations of LDAP settings. I suggest you activate LDAP_AUTH_DEBUG first and disable encryption temporarily (to the LDAP server) until it's working in cleartext.
I also replaced "uid" in the LDAP_AUTH_SEARCHFILTER by "sAMAccountName" (for Active Directory).

[emmjott]

Hi,
thanks for your reply, i'm using OpenLDAP.
The weird thing is, with 1.7.8 LDAP was working fine, but it stopped working after upgrading TT RSS to 1.8 (tried 1.7.9 as well, same there).
My LDAP config is still the same as in 1.7.8..

I'll try setting LDAP to debug and will post the outcome..

[1of16]

you tried to update the auth_ldap plugin?
here you can get the new, hopefully working, version: https://github.com/hydrian/TTRSS-Auth-L ... /auth_ldap

I don't know, if its important, but there is another error maybe: "Plugin auth_ldap is not compatible with current API version (need: 2, got: 1)"

edit: now its working!
I used the newest version of the plugin, added like emmjott "function api_version(){return 2;}" at the end of it and installed net_ldap2 via "pear install Net_LDAP2"
maybe it will help others too

nevertheless there are stil these messages in the system-log:

E_STRICT (2048) usr/share/php/Net/LDAP2/Schema.php:493 Non-static method PEAR::isError() should not be called statically, assuming $this from incompatible context 13:22
E_STRICT (2048) plugins/auth_ldap/init.php:197 Non-static method PEAR::isError() should not be called statically, assuming $this from incompatible context 13:22
E_STRICT (2048) usr/share/php/Net/LDAP2/Filter.php:295 Non-static method PEAR::isError() should not be called statically

but it works...

[hydrian]

All, I just pushed to the fixes for a isError() bug and the API version to Master. I did my bug checking and all looks good, but it is 4am now so I may not be thinking clearly. Give it all a try and let me know.

[fox]

Can I remove auth_ldap from contrib and put a link to your repository instead since it's the one being developed on?

[hydrian]

Can I remove auth_ldap from contrib and put a link to your repository instead since it's the one being developed on?

Sure. All the bug reporting should go on the there anyway.

[mc128k]

Hi all
I have successfully setup the LDAP subsystem and it's working beautifully. How can I limit access only to a defined group?

Thanks.

[hydrian]

Hi all
I have successfully setup the LDAP subsystem and it's working beautifully. How can I limit access only to a defined group?

Thanks.

You need to customize your LDAP_AUTH_SEARCHFILTER filter. Just make a filter that will only return users that are apart of a specific group. The syntax will specific to your LDAP server and tree structure. I'm using OpenLDAP with the MemberOf module. Here is an example:

Code: Select all

(&(objectClass=person)(uid=???)(memberOf=cn=tinytinyrss,ou=Groups,dc=example,dc=local))

[hydrian]

auth_ldap 0.5rc1 Released

Here is the release candidate for 0.5. If all looks good, this will probabably be the 0.5 release. If you find bugs please file them at https://github.com/hydrian/TTRSS-Auth-LDAP/issues

https://github.com/hydrian/TTRSS-Auth-LDAP/releases/tag/0.5rc1

[stormbyte]

I have written a LDAP extention and used it with Zentyal 3.5 Samba LDAP server.
Running TTrss version v1.13.1
PHP version 5.5.9
Only the php5-ldap extention is used.

The Net_LDAP2 from PEAR isn't really compatible with my server

https://github.com/stormbyte/auth_ldap_php5

[hydrian]

Hey all,
Anybody using the 0.5rc1 release should upgrade to the 0.5rc2 release. There is a possible security exploit in the auth_ldap 0.5rc1 version of the code. Here is the link to the 0.5rc2 release that corrects this issue: https://github.com/hydrian/TTRSS-Auth-L ... tag/0.5rc2