Welcome, Guest. Please login or register.

Author Topic: LDAP Auth and Roles  (Read 2922 times)

tuxfrog

  • Guest
LDAP Auth and Roles
« on: June 06, 2013, 10:49:08 AM »
If i use LDAP Accounts for Nedi, i could not grant any Acces to that User.
Login is possible but the user can do nothing.
I doesent matter what kind of access i grant from the admin Site to that user.

Bug or not?

ascii

  • Jr. Member
  • **
  • Posts: 77
    • View Profile
Re: LDAP Auth and Roles
« Reply #1 on: June 06, 2013, 11:10:40 AM »
do you have the correct structure in our AD?

#               adm     net     dsk     mon     mgr     oth     mail    phone
#ldapmap        cisco   cisco   cisco   support manager users   mail    telephoneNumber

i use ldap login but not privilege structure because our AD does not have these fields.
What i did is commended out a couple lines in the index.php
now the user is checked against the AD but the rights are set in the NeDi Database.

in html/index.php
comment our the lines 137 until 183 and line 209 the corresponding } for the else
Code: [Select]
$_SESSION['bread'] = array();
/*             if(strstr($guiauth,'ldap') && $_POST['user'] != "admin"){


$_SESSION['ver'] = "1.0.8-116";
                }else{  */
                        if ($usr[2] &  1) {$_SESSION['group']   .= "adm,";}


@DbQuery($query,$link);
       //      }
        }else{
            print @DbError($link);


tuxfrog

  • Guest
Re: LDAP Auth and Roles
« Reply #2 on: June 07, 2013, 09:08:13 AM »
yes that works :)
thanks!

I also don't want manage the roles with LDAP.
Did the mapping config line in nedi.conf means mapping to attributes or do i need groups for roles?

It would be nice if nedi could check against a attribuet or group if the LDAP user is enabled for nedi or not.
Access roles definition would bette be done inside nedi.

dobst

  • Full Member
  • ***
  • Posts: 153
    • View Profile
Re: LDAP Auth and Roles
« Reply #3 on: June 17, 2013, 01:07:14 PM »
We've got the same problem but I could solve it with the tip above. Thanks!

@remo:
Maybe you could add a variable 'authorization' in the nedi config file and a switch/if funtion in the index.php which defines against what user should be authorized.

rickli

  • Administrator
  • Hero Member
  • *****
  • Posts: 2632
    • View Profile
    • NeDi
Re: LDAP Auth and Roles
« Reply #4 on: June 17, 2013, 10:00:13 PM »
Can you change line 137 to this?

      if( strstr($guiauth,'ldap') and $_POST['user'] != "admin" and is_array($ldapmap) ){

And simply keep ldapmap commented...
Please consider Other-Invoices on your NeDi installation for an annual contribution, tx!
-Remo

dobst

  • Full Member
  • ***
  • Posts: 153
    • View Profile
Re: LDAP Auth and Roles
« Reply #5 on: June 18, 2013, 09:39:00 AM »
Works!

Could you add the comment

Code: [Select]
# Map attributes, if desired
# for ldap authentification without authorization keep commented
#               adm     net     dsk     mon     mgr     oth     mail    phone
;ldapmap        cisco   cisco   cisco   support manager users   mail    telephoneNumber


to nedi.conf and the changes of index.php above to 1.0.9?

rickli

  • Administrator
  • Hero Member
  • *****
  • Posts: 2632
    • View Profile
    • NeDi
Re: LDAP Auth and Roles
« Reply #6 on: June 18, 2013, 09:58:31 PM »
done, tx :)
Please consider Other-Invoices on your NeDi installation for an annual contribution, tx!
-Remo