Hello, there,

I've just downloaded and installed this module and found a few features missing (for me, anyway ;). One of them is that you need to form the DN for the user to be authenticated manually, via the LDAP login pattern and LDAP login replacement settings (if I'm right). What I'd prefer is connect to the LDAP server anonymously, do a query to determine a dn, then use that dn to connect and authenticate. (This is much what courier's ldapauth package does, thence the idea.) If feasible, of course...

CommentFileSizeAuthor
#5 ldap_integration.module16.68 KBpablobm

Comments

pablobm’s picture

pablobm commented

Sorry, but my knowledge of LDAP is quite limited. Anyway I'd love to implement such idea, so... do you know what type of query would determine a proper DN?.

Anonymous’s picture

(not verified) commented

I'm not an LDAP expert myself, my understanding is limited to what I've seen other software do. I give it a try, anyway. Beforehand, however, a question: am I correct that authentication works by binding to the LDAP server (specified by "LDAP server") and with DN formed through "LDAP login replacement" and the password the user gave, then run the query formed via "LDAP filter" and consider the login successful if both binding and the query succeeded?

[It would look logical, except that if it works this way, then I don't see the point of including the username in the filter (as suggested).]

Also, do I understand that the %username used in the filter is just the string before the first @ in the username, independent of the setting of "LDAP login pattern"?

Sorry for the flood of questions, I don't read php very well.

Please let me know.

--Gábor

Anonymous’s picture

(not verified) commented

Oops, I take the comment in squere brackets back.

--Gábor

pablobm’s picture

pablobm commented

I see I haven't placed the setting in a logical order in the configuration page. I've arranged them again so their relation (and the mechanism) is more understandable.

Now it reads this way:

Server
organisation name, LDAP server, LDAP port.
Users
LDAP login pattern, LDAP login replacement, attributes displayed on user pages, attributes that can be edited by users.
Search
LDAP DN, LDAP search filter, attributes displayed on search results page.

Also, I have changed the explanatory text for LDAP search filter, that was just a remnant from a prior version and didn't make much sense to me.

So, when users log in, the only information needed is that contained in the "Users" group above. When using the searching facility, it is the info at "Search" the one used. Searches need the user to be logged on, too.

pablobm’s picture

pablobm commented
StatusFileSize
new ldap_integration.module16.68 KB

CVS is not working for me at the moment, so I upload here the new version of the module featuring the new settings page.

By the way, does anybody know what's wrong when I get the next output from my CVS client?:

<code>[pablo@caronte ldap_integration]$ cvs ci ldap_integration.module
Fatal error, aborting.
drupal : no such system user
[pablo@caronte ldap_integration]$

pablobm’s picture

pablobm commented

This seems to be a duplicate of issue #18899.