LDAP user authentication?

Pietrzak Karl -- le 28 juil. 2006

authenticate users using LDAP

Hey everyone!

You may remember me as the guy who's setting up YACS for his university. So far, it's awesome, and we're impressed with all the functionality.

So now we would like to use our university's LDAP system to authenticate users. The page entitled Why should you suggest your boss switch to YACS? talks about YACS's LDAP support.

However, I couldn't find any documentation on it. I might be going blind or crazy, heh.

Can anyone point me in the right direction?

Thanks!

Vincent	le 17 déc. 2008 Yet a newer and happier YACS Just installed the latest (RC30). Thanks Bernard and others, keeping yacs going! Back to LDAP With my server: ldap.example.com authentication works if i fill out this in http://example.com/yacs/users/configure.php -> 'tab authentication' -> 'use the authenticator' ldap ldap.example.com "cn=%u,ou=users,dc=ldap,dc=example,dc=com" %p Great! BUT this works only if plaintext passwords are stored in the LDAP directory. What if i would like to authenticate against passwords stored as {md5}? FRANCOIS Alexandre - le 27 déc. 2008 Unfortunately, I was not able to reproduce the bug : Yacs 8.11RC30 + OpenLdap 2.4.11 + passwords stored as MD5 = works fine Maybe an issue in your server configuration ? What do your server logs say ? Have you tried to bind with another software ? Vincent - le 30 jan. 2009 The issue might be there then, we still run openldap 2.3.30 via debian/stable. Maybe a little wait until the latest debian goes stable. Thanks for the reply! Bernard Paques - le 23 fév. 2009 FRANCOIS Alexandre : What is your setting on yacs side, in the configuration panel ? Thanks for your support. Vincent - le 24 fév. 2009 Hi Bernard, see the post above, from december 17, or did i miss something there? Anyway, all works fine with these settings, if only i store the passwords in plaintext...; MD5 hashes are not processed, I wait for the server to get ldap2.4 via debian stable, I cannot play with it too much, it is in production. Bernard Paques - le 24 fév. 2009 Vincent : Ok ok I should have spent a little more time on this one. Thanks for your patience...
FRANCOIS Alexandre	le 3 juin 2008 Vincent: The latest patch may help you : * You can now authenticate the user by binding to the LDAP server under a deduced login name (instead of doing a search in the LDAP tree) * LDAP v3 is now the default * A bug has been solved which allowed any user to enter the site if anonymous binding was activated. Isn't it related to your second point ? vincent - le 30 août 2008 Alf83: Sorry to leave the discussion go cold - for several reasons i was not able to handle the server anymore, nor to finish this post. I hope to be back on track with this server in a month or so.
FRANCOIS Alexandre	le 21 mai 2008 Vincent : Maybe is it a LDAP V2 protocol issue ? In this case, try adding the following code between at line Nr 120 (after ldap_connect() & before ldap_bind())in the file called users/authenticators/ldap.php: `@ldap_set_option($handle, LDAP_OPT_PROTOCOL_VERSION, 3);` vincent - le 28 mai 2008 Alf83: Thanks Alf, you got me going into the right direction. It stopped complaining about can't bind. However, when i start 'slapd -d 256' to see what acutally hits the ldap server, it seems that: - I have to provide fields for parameters 3 and 4 (dn of user, password to bind to the ldap server.) - i don't have to provide a password anymore for the user to be accepted I expected from the code that the cn was searched for and returned, but this is not the case. I'll dig some more ...
Vincent	le 21 mai 2008 Hi All, I am (also) trying to set up LDAP authentication with YACS, sofar no luck. My LDAP server allows for anonymous bind and when i read yacs/users/authenticators/ldap.php i think it suggests that leaving uname and passwd parameters out results in anonymous bind. in http://test.azu.nl/yacs/users/configure.php I write in the Authentication management -> Screening -> Use the authenticator : ldap test.azu.nl "dc=ribs,dc=azu,dc=nl" This results in "Impossible to bind to LDAP server test.azu.nl." when i try to log in with a valid name. A simple php script does the anonymous without trouble and returns what the LDAP contents. Can someone point out what goes wrong plz?
Pietrzak Karl	le 6 avr. 2007 TheAlchemist: Success! The YACS installation for my university now successfully authenticates against the university's LDAP server. Thanks, Bernard! Next step: SSO? Bernard - le 6 avr. 2007 TheAlchemist: Thank you for the positive feed-back. Would you mind to document what you've done in a simple web page, maybe in the section for Guide d'installation et de mise à jour please? Of course we will move to SSO! After your homework, do not hesitate to suggest adequate technical standard for this, by creating another web page at the special space: Post your requirements here See you...
Bernard Paques	le 23 mar. 2007 YACS version 7.3 adds LDAP authentication. The code is ready, yet not tested against a real server. Would you like to check it please? TheAlchemist - le 25 mar. 2007 Bernard: Hi there again! Glad to hear LDAP authentication made it! I'll give a test within the next few days and see whether it works with my university's LDAP server and I'll post back. =) Thanks!
Manu	le 28 juil. 2006 Hello, I'm sorry, i don't know very well about LDAP login. This function is not ready but maybe Bernard can tell you what to do for this. TheAlchemist - le 28 juil. 2006 GnapZ: Thanks for the quick reply! I can help write the code if necessary. My PHP skills are pretty new, but with guidance I could do anything. Thanks! GnapZ - le 28 juil. 2006 TheAlchemist : Fine, so take a look at the file users/login.php to adapt a LDAP authentification. Thanks.