Re: ajaXplorer and slx-ldap

To: debian-edu@lists.debian.org
Subject: Re: ajaXplorer and slx-ldap
From: Martin Schulte <schulte-martin@web.de>
Date: Sun, 06 May 2012 18:42:14 +0200
Message-id: <4FA6A9E6.8010404@web.de>
In-reply-to: <20120505193448.18671g50ca8smym0@mail.das-netzwerkteam.de>
References: <4FA411CA.9050602@web.de> <20120505193448.18671g50ca8smym0@mail.das-netzwerkteam.de>

Hi,

and thank you Mike, now it works. Below summarized the settings, ifsome one is interest in using ajaXplorer:

Put the following as entry into the array $PLUGINS in<ajaXplorerdir>/conf/bootstrap_plugins.php:


...
"AUTH_DRIVER" => array(
        "NAME" => "ldap",
        "OPTIONS" => array(
            "LDAP_URL" => 'ldaps://ldap',

"LDAP_USER" =>'cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no',

            'LDAP_PASSWORD' => '<tjenerPasswort>',
            "LDAP_DN" => 'ou=People,dc=skole,dc=skolelinux,dc=no',
            "LOGIN_REDIRECT" => false,
            "AUTOCREATE_AJXPUSER" => true,
            "TRANSMIT_CLEAR_PASS" => true,
            "LDAP_FILTER" => "objectClass=posixAccount",
            "LDAP_USERATTR" => 'uid'
        )
  ),
...

All in all you see "TRANSMIT_CLEAR_PASS" => true. If you set it tofalse, it doesn't work. I don't no why, but the corresponding code is

if($this->getOption("TRANSMIT_CLEAR_PASS") === true){ // Seed = -1 meansthat password is not encoded.

                return ($userStoredPass == md5($pass));
            }else{
                return (md5($userStoredPass.$seed) == $pass);
            }


Someone an idea?

Martin



Am 05.05.2012 19:34, schrieb Mike Gabriel:

Hi Martin,
not sure about the settings for lenny (have never installed a lennytjener)... But from what I have seen in the old Debian Edu lenny code...
On Fr 04 Mai 2012 19:28:42 CEST Martin Schulte wrote:
Hi,
i'm trying to setup ajaXplorer ( http://ajaxplorer.info/ ) on a(still) lenny based skolelinux server. ajaXplorer comes with an ldapplugin. To get an ldap authentication i've to set this variables (description is here: http://ajaxplorer.info/plugins/auth/ldap/#tabs-2 )
        "LDAP_URL" => 'ldaps://10.0.2.2',
"LDAP_USER" =>'cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no',
cn=admin,ou=ldap-access,dc=skole,dc=skolelinux,dc=no (?)
        'LDAP_PASSWORD' => 'mySecretPassword',
<tjener's-root-password>
        "LDAP_DN" => 'ou=People,dc=skole,dc=skolelinux,dc=no',
        "LOGIN_REDIRECT" => false,
        "AUTOCREATE_AJXPUSER" => false,
you might want auto creation to be enabled...
        "TRANSMIT_CLEAR_PASS" => true,
really???
        "LDAP_FILTER" => "objectClass=uid"
This is definitely wrong. It has to be ,,objectClass=posixAccount''*
        "LDAP_USERATTR" => 'samaccountname'
This smells like Adtive Directory stuff... not appropriate for DebianEdu / OpenLDAP. Use ,,uid'' as LDAP_USERATTR instead.
Greets,
Mike

Reply to:

References:
- ajaXplorer and slx-ldap
  - From: Martin Schulte <schulte-martin@web.de>
- Re: ajaXplorer and slx-ldap
  - From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

Prev by Date: Content and translation status for the debian-edu-squeeze manual
Next by Date: Re: Content and translation status for the debian-edu-squeeze manual
Previous by thread: Re: ajaXplorer and slx-ldap
Next by thread: access control for printer and internetconnection
Index(es):
- Date
- Thread