phpgroupware-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [phpGroupWare-users] Problems with LDAP account import - Can't log i

From: Chris Weiss
Subject: Re: [phpGroupWare-users] Problems with LDAP account import - Can't log in!
Date: Tue, 17 Oct 2006 20:57:13 -0500 
first, I should note that I've never used ldap, so what i say are just
suggestions to try.


I select the users I want to import (all between 1000 and 65536), the admin 
users, NO groups (because we don't have any meaningful groups set up, and Mac 
OS X Server


this may or may not go so well.  I don't know of phpgw requires any
groups bu tit wouldn't suprize me if it did.  I also don't know if it
matters if htese groups come from ldap.



Warning: Invalid argument supplied for foreach() in 
/Library/WebServer/Documents/phpgroupware/setup/ldapimport.php on line 165

Warning: Variable passed to each() is not an array or object in 
/Library/WebServer/Documents/phpgroupware/setup/ldapimport.php on line 389

Which look like someone forgot to check if there were items in some array 
before running a loop (I know it's in BETA, but seriously?)


yeah, there's still a lot of really old code, but in generaly what you
are seeing simply shoudn't happen.


So it seems like things go ok anyway.  Then, I go to log in as my own personal 
user account (which was given admin permissions).


how was this granted?  admin on the ldap deosn't automaticaly gte you
admin in phpgw.  the permission is managed by having access to the
Admin phpgw app.  there's also restrictions within that so that you
asing non-admin users some managerial type rights through the admin
app.


You are required to change your password during your first login
Click here

(Which will SERIOUSLY piss off my users, we *already have* an LDAP policy which 
makes them change their passwords - I didn't set this option, is that really 
the default setting?)


I've heard of this a lot lately, I personaly don't know what changed,
but I think there is a bug report on it already.


So, we know that the LDAP authentication went ok.  But, I "click here" to 
change the password, and I get:

Access not permitted


I don't know that changing ldap pw is currently supported.  it used to
be, but some things have been changed (for the better overall) and not
all the peices are finished.


With the standard layout (I guess), a logout link and a welcome link - no 
applications, no interface to speak of, basically a program that can 
authenticate with LDAP and fall on its face.


that's generaly the default for a new user.  you simply have no apps
assigned to you, including the aforementioned Admin app.


What i do for mail/IMAP auth is to setup for sql auth only and create
an account that matches a mail acocunt that I want to use as admin.  I
grant the Admin app to the user, then make the change to mail auth and
it's all good after that.  sort of a bootstrap of the permissions
system since the default is to not trust the user.  not sure this will
work as well for ldap, but it might be worth a try.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]