[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [phpGroupWare-users] Problems with LDAP account import - Can't log i
|
From: |
Dave Hall |
|
Subject: |
Re: [phpGroupWare-users] Problems with LDAP account import - Can't log in! |
|
Date: |
Wed, 18 Oct 2006 14:20:52 +1000 |
Hi Stephen,
On Tue, 2006-10-17 at 13:17 -0700, Stephen Weiss wrote:
>
> So I'm trying to set up phpgroupware. Here are my specs:
>
> Version from tarball phpgroupware-0.9.16.011.tar.bz2
> OS: Mac OS X Server 10.4.8
> MySQL: 4.1.13a-log
> PHP: 5.1.4 (with ini_set('zend.ze1_compatibility_mode', '1'); in
> header.inc.php , same problem without though)
> Apache: Server version: Apache/1.3.33 (Darwin)
>
> In essense, I'm using the stock MySQL, PHP, and Apache that come with
> Mac OS X Server 10.4.
>
I don't have access to a mac running OSX to test our stuff on OSX :( It
should be very similar to a LAMP stack.
> I need to set this up to authenticate off of LDAP (we use apple's Open
> Directory for single sign-on), but store user accounts in SQL (so as
> not to screw with Apple's schema). This seems to be quite possible,
> but it doesn't actually work so far.
>
> There are some weird things that happen as I go through the
> configuration procedure. I have tried a few things but I always end
> up with the same result.
>
<snip />
> Now, I've used settings just like these in other such applications
> with no difficulty. I have PhpLDAPadmin installed using the exact
> same credentials and it can read and write to LDAP perfectly.
>
> That goes ok, and I get the LDAP setup screen. I choose:
>
> Import accounts from LDAP to the phpGroupWare accounts table (for a
> new install using SQL accounts)
>
> I select the users I want to import (all between 1000 and 65536), the
> admin users, NO groups (because we don't have any meaningful groups
> set up, and Mac OS X Server intermixes the group and user ids, so I
> wouldn't want any conflicts - for the record, I did try once with
> importing the groups and I had the same problem anyway). When I click
> import, I get two PHP errors:
>
> Warning: Invalid argument supplied for foreach()
> in /Library/WebServer/Documents/phpgroupware/setup/ldapimport.php on
> line 165
>
Fixed in cvs
> Warning: Variable passed to each() is not an array or object
> in /Library/WebServer/Documents/phpgroupware/setup/ldapimport.php on
> line 389
Fixed in cvs
>
> Which look like someone forgot to check if there were items in some
> array before running a loop (I know it's in BETA, but seriously?)
>
Actually it looks like it was caused be the code not being designed to
run with register_globals = off
> But at the bottom of that page, I also see: Import has been completed!
> Click here to return to setup.
>
The error detection/handling in that code is pretty poor, but I don't
currently have time to make it more robust.
> So it seems like things go ok anyway. Then, I go to log in as my own
> personal user account (which was given admin permissions).
>
> If I log in with a bad password, it rejects the log in as it should.
> If I log in with the correct password, I get:
>
> You are required to change your password during your first login
> Click here
>
> (Which will SERIOUSLY piss off my users, we *already have* an LDAP
> policy which makes them change their passwords - I didn't set this
> option, is that really the default setting?)
>
It is the default, you can hack around it, which involves editing some
code. Let me know if you want/need the hack.
> So, we know that the LDAP authentication went ok. But, I "click here"
> to change the password, and I get:
>
> Access not permitted
>
This has also been fixed in cvs. The script wasn't granting the user's
the rights to change their passwords as it should have.
> With the standard layout (I guess), a logout link and a welcome link -
> no applications, no interface to speak of, basically a program that
> can authenticate with LDAP and fall on its face.
>
Again this was a bug in the import script. It has now been fixed. It
wasn't adding users to groups as it should have been.
> I really like the concept and if I can get it installed I will make so
> many people happy, but this seems... extremely buggy. Is this a PHP5
> issue? Some other your-software-is-too-recent-or-too-old thing? Or
> is this software just that buggy? I can't really go back to PHP4, I
> have programs that are settled now on PHP5. If it's not that, any
> idea what it is? Would be so grateful for any help or advice. Thank
> you!!!!
It is caused by the ldap import code not being looked at or tested for
some time (read several years). The code was not updated to work with
0.9.16 or register_globals off.
I have tested and fixed the code. Please update from cvs to get the
latest updates (not this is generic command line options, mac options
may differ)
cd /path/to/phpgroupware
cvs update -dP
Use the command line, phpmyadmin or the mysql query browser and run the
following on the database
TRUNCATE phpgw_acl;
TRUNCATE phpgw_accounts;
Please let me know if this fixes your problems.
Cheers
Dave
--
Dave Hall (aka skwashd)
API Coordinator
phpGroupWare
e address@hidden
w phpgroupware.org
j address@hidden
sip address@hidden
_ ____ __ __
_ __ | |__ _ __ / ___|_ __ ___ _ _ _ _\ \ / /_ _ _ __ ___
| '_ \| '_ \| '_ \| | _| '__/ _ \| | | | '_ \ \ /\ / / _` | '__/ _ \
| |_) | | | | |_) | |_| | | | (_) | |_| | |_) \ V V / (_| | | | __/
| .__/|_| |_| .__/ \____|_| \___/ \__,_| .__/ \_/\_/ \__,_|_| \___|
|_| |_| |_|Web based collaboration platform