#68 Logging off users when using LDAP authentication

[Anonymous]

Currently when authentication is set to LDAP the users are not logged so we do not know who added the files or who did what in the activitylog table. I can see we can still see who failed login in the logs so the user info is there at the login page. Can you just save the user info from the login page after successful login and track it with the sessionid? It would be good to be able to track which user did what on the system. I have another idea about ownership with ldap but user tracking would be a good start. Thanks and this web app is excellent!

-Alan

[Alan Wong]

This request is from me. Just registered.

[Alessandro Briosi]

it absolutely should be logged in, so probably there is something which is missing from the configuration.

the log function saves the user 'login' field, which should be associated to a value in the ldap configuration which is uid for LDAP and cn for AD by default (should be distinguishedName )

Also the user must own the file.

[Nobody/Anonymous]

Hi. I've been looking at this for a day and can't figure it out. /usr/bin/ldapsearch works perfectly fine. I check the code in openupload/lib/modules/auth/ldap.inc.php and even try to force direct values to ldap_search but no results.

Seems like this line is not providing any value (line 65):
$r = @ldap_search($this->ds, $this->config['userdn'],
'(&('.$this->ufield.'='.$login.')(objectclass='.$this->config['userclass'].'))');

$CONFIG['ldap']['host'] = 'AD_HOST;
$CONFIG['ldap']['type'] = 'AD';
$CONFIG['ldap']['domain'] = 'DOMAIN';
$CONFIG['ldap']['basedn'] = '"dc=domain,dc=company,dc=com"';
$CONFIG['ldap']['userdn'] = '"dc=domain,dc=company,dc=com"';
$CONFIG['ldap']['userclass'] = 'person';
$CONFIG['ldap']['uid'] = 'sAMAccountName';
$CONFIG['ldap']['userfields'] = 'Array';

This ldapsearch command works perfectly fine
ldapsearch -h AD_HOST -b dc=domain,dc=company,dc=com -D "username@domain" -W sAMAccountName=username

Any ideas? Thanks.