Welcome, Guest. Please login or register.

Author Topic: LDAP - AD Authentication  (Read 3061 times)

big

  • Newbie
  • *
  • Posts: 26
    • View Profile
LDAP - AD Authentication
« on: August 06, 2015, 05:00:59 PM »
Hi Folks

good morning

is there any documentation available on how to setup LDAP authentication for NeDi?
I am only looking to do user authentication not authorization via ldap
perhaps an example nedi.conf with comments about what is needed.

I want to query a Microsoft Domain Controller for the user.

any help appreciated.

Kasper

  • Newbie
  • *
  • Posts: 24
    • View Profile
Re: LDAP - AD Authentication
« Reply #1 on: August 07, 2015, 07:26:38 AM »
If you already have a NPS installed you should be able to use that with radius authentication for NeDi.

Have not set it up myself but that should be a working option.

rickli

  • Administrator
  • Hero Member
  • *****
  • Posts: 2542
    • View Profile
    • NeDi
Re: LDAP - AD Authentication
« Reply #2 on: August 07, 2015, 02:14:27 PM »
BTW, I've just refactored the index.php and cleaned up local, SSO, radius and LDAP authentication for NeDi 1.5. LDAP needs some testing, but everything else works fine now...
Please consider Other-Invoices on your NeDi installation for an annual contribution, tx!
-Remo

big

  • Newbie
  • *
  • Posts: 26
    • View Profile
Re: LDAP - AD Authentication
« Reply #3 on: August 10, 2015, 08:31:27 PM »
thanks

when we go to 1.5 I'll give the LDAP / AD another try

big

  • Newbie
  • *
  • Posts: 26
    • View Profile
Re: LDAP - AD Authentication
« Reply #4 on: August 12, 2015, 09:04:02 PM »
Hi
I found what I think is a typeo in the inc/libldap.php file

the below is the modified function.... I now get network activity so I can try the next few steps on the LDAP server

more as we go


-------------------------------------------



function user_from_ldap_servers($login, $password = '', $import = true){
 
        global $ldapsrv, $user_dn, $fields; 
        global $dbhost,$dbuser,$dbpass,$dbname;
     
        // search if user exist in local user DB
                $link   = DbConnect($dbhost,$dbuser,$dbpass,$dbname);
                $query  = GenQuery('users','s','*','','',array(usrname'),array('='),array($login) ); // this line be array(usrname) NOT array(user) ??
                $res    = DbQuery($query,$link);

rickli

  • Administrator
  • Hero Member
  • *****
  • Posts: 2542
    • View Profile
    • NeDi
Re: LDAP - AD Authentication
« Reply #5 on: August 13, 2015, 10:37:40 AM »
This lib was a contribution and I can't test ldap here. I've change this DB field and missed this one, tx.
Please consider Other-Invoices on your NeDi installation for an annual contribution, tx!
-Remo

big

  • Newbie
  • *
  • Posts: 26
    • View Profile
Re: LDAP - AD Authentication
« Reply #6 on: August 13, 2015, 03:47:17 PM »


thanks
Glad you could confirm it.......

onward for me to test getting it to work with LDAP....
nedi is such a nice tool, glad to help with it


Kasper

  • Newbie
  • *
  • Posts: 24
    • View Profile
Re: LDAP - AD Authentication
« Reply #7 on: May 18, 2016, 03:17:52 PM »
Hi

When making the changes you have suggested in the libldap.php code I get the following error in apache log:
Code: [Select]
[Wed May 18 14:38:21.903712 2016] [:error] [pid 4877] [client 10.1.70.28:10775] PHP Fatal error:  Call to undefined function GenQuery() in /var/nedi/html/inc/libldap.php on line 20, referer: https://nedi/index.php?goto=User-Profile.php
I can't find the function GenQuery() in the file.

Running NeDi 1.6

harry

  • Full Member
  • ***
  • Posts: 125
    • View Profile
Re: LDAP - AD Authentication
« Reply #8 on: October 13, 2016, 11:56:05 PM »
HI All,
Could any one post(or page me) their working AD authentication string and any thing we require to do with config ?
I have tried this... in nedi.conf (not working for me)

guiauth            ldap

ldapsrv      ldap://172.18.133.67    389   Pas$$word!   OU=staff,OU=ICT,OU=staff,DC=xyz,DC=department,DC=win   CN=account nameS,OU=Service Accounts,DC=xyz,DC=department,DC=win  Servicesaccount   sAMAccountName

it will be very helpful if someone can share thier working AD Auth environment.