#71 Help Me !! auth LDAP

[pleg]

Hello,

I come to you to ask a question that was asked already.
Unfortunately, I drove the answers but nothing solves my problem.

I created a group in my AD to allow members to connect. But users do not belong manage to connect.
There must be a legal problem but I do not see at all.

---

$CONFIG['auth'] = 'ldap';

$CONFIG['ldap']['host'] = 'IP';
$CONFIG['ldap']['type'] = 'AD';
$CONFIG['ldap']['user'] = 'readerad@dom.local';
$CONFIG['ldap']['password'] = 'password';
$CONFIG['ldap']['domain'] = 'dom.local';
$CONFIG['ldap']['basedn'] = 'ou=Upload,ou=Info,dc=dom,dc=local';
$CONFIG['ldap']['userdn'] = 'ou=Upload,ou=Info,dc=dom,dc=local';
$CONFIG['ldap']['userclass'] = 'user';
$CONFIG['ldap']['uid'] = 'sAMAccountName';
$CONFIG['ldap']['userfields'] = array( 'samaccountname' => 'login',
'name' => 'displayname', 'memberof' => 'group_id', 'mail' => 'email',
'distinguishedName' => 'uid');
$CONFIG['ldap']['groupdn'] = 'ou=Upload,ou=Info,dc=dom,dc=local';
$CONFIG['ldap']['groupclass'] = 'group';
$CONFIG['ldap']['gid'] = 'member';
$CONFIG['ldap']['groupfields'] = array( 'description' => 'description',
'name' => 'name');

table "acl"

(1, '', '', 'admins', 'allow'),
(2, 'admin', '', 'admins', 'allow'),
(100, 'files', 'g', 'adminsopenupload', 'allow'),
(6, 'auth', '', 'unregistered', 'allow'),
(8, 'files', 'd', 'unregistered', 'allow'),
(9, 'files', 'g', 'unregistered', 'allow'),
(10, 'files', '', 'unregistered', 'deny'),
(12, 'files', 'u', 'adminsopenupload', 'allow'),
(13, 'files', 'd', 'adminsopenupload', 'allow'),
(14, 'auth', 'login', 'adminsopenupload', 'allow'),
(15, 'auth', 'profile', 'adminsopenupload', 'allow'),
(16, 'auth', 'logout', 'adminsopenupload', 'allow'),
(17, 'auth', 'register', 'adminsopenupload', 'allow'),
(18, 'admin', '', 'adminsopenupload', 'allow'),
(101, 'files', 'r', 'adminsopenupload', 'allow'),
(102, 'files', 'l', 'adminsopenupload', 'allow'),
(103, 'files', '', 'adminsopenupload', 'allow'),
(104, 'auth', '', 'adminsopenupload', 'allow');

Thank you for your help !!

Pleg

[Alessandro Briosi]

I'm not sure what the real problem is, but:

(6, 'auth', '', 'unregistered', 'allow'),
does not seem correct it should be
(6, 'auth', 'login', 'unregistered', 'allow'),
(7, 'auth', '', 'unregistered', 'deny'),

What's the group that should be allowed to login and upload
who is allowed to download?

[pleg]

Hi,

a group of my AD should be allowed to upload, download and login.
the people who are not in this group must be allowed to download.

acl is what should be in any particular order ?

[pleg]

I forget
I have users that are part of several groups

[Alessandro Briosi]

The fact that they are part of more than one group with AD authentication is pretty normal.
Basically you need to have at least 3 groups in AD
unregistered (nobody is part of this group, but it's needed to set the acl)
registered (or whatever you want adminsopenupload is fine, which are openupload users),
please note that by default all users are set to be part of the "Domain Users" group
admins (whatever you want here too, which are openupload administrators and access the admin interface)

The acl must be like (order is not important)
module,action,group,action
files, , unregistered,deny
files,d,unregistered,allow
files,g,unregistered,allow
auth,,unregistered,deny
auth,login,unregistered,allow

files,,registered,allow
auth,,registered,allow

admin,,admins,allow
files,,admins,allow
auth,admins,allow

I have not tested it but it should be ok.

Another way to set this up is to run the setup (renaming the config.inc.php) again (and reinitialize the database with the correct schema - check the readme) and use the AD group names.
After the setup is done restore the config.inc.php with ldap settings or add them to the resulting one.

If you need also the users allowed to download to login then you need to remove everything for the unregistered and allow the "downloaders" group the profile,logout,d,g actions

Hope is clear enough.

Also note that if this is not what the result is, and your users are not allowed to do anything after login, there is a problem with the AD configuration.

[Alessandro Briosi]

Oops, I know what the problem is.
It's the setting for the $config['register']['default_group']

You need to set this to a different group (i.e. Domain Users) or to unregistered, and allow only the logout to them

You cannot block them from logging in, but they can then only logout.

Alessandro

[pleg]

bonjour,
Merci pour les infos, je regarde dès que j'ai 15 mn et je fais un retour

[pleg]

hello,
Thank you for the info, I look when I'm 15 minutes and I look back

[Anonymous]

Hello. Im try to use 0.4.2 version of OpenUpload. I can't do to work with auth.

The error are:

PHP Strict Standards: Declaration of defaultAuth::useredit() should be compatible with authBase::useredit($user) in /var/www/openupload/lib/base.inc.php on line 57, referer: http://server/openupload/www/index.php?action=login

Anyone knows where i can download a patch or a new version?

Thanks for all.

[Alessandro Briosi]

simply change line in auth/default.inc.php to function useredit($user)