phpgroupware-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [phpGroupWare-users] Problems with LDAP account import - Can't log i


From: Dave Hall
Subject: Re: [phpGroupWare-users] Problems with LDAP account import - Can't log in!
Date: Wed, 18 Oct 2006 14:20:52 +1000

Hi Stephen,

On Tue, 2006-10-17 at 13:17 -0700, Stephen Weiss wrote:
> 
> So I'm trying to set up phpgroupware.  Here are my specs:
> 
> Version from tarball phpgroupware-0.9.16.011.tar.bz2
> OS: Mac OS X Server 10.4.8
> MySQL: 4.1.13a-log
> PHP: 5.1.4 (with ini_set('zend.ze1_compatibility_mode', '1'); in
> header.inc.php , same problem without though)
> Apache: Server version: Apache/1.3.33 (Darwin)
> 
> In essense, I'm using the stock MySQL, PHP, and Apache that come with
> Mac OS X Server 10.4.
> 

I don't have access to a mac running OSX to test our stuff on OSX :(  It
should be very similar to a LAMP stack.

> I need to set this up to authenticate off of LDAP (we use apple's Open
> Directory for single sign-on), but store user accounts in SQL (so as
> not to screw with Apple's schema).  This seems to be quite possible,
> but it doesn't actually work so far.
> 
> There are some weird things that happen as I go through the
> configuration procedure.  I have tried a few things but I always end
> up with the same result.
> 

<snip />

> Now, I've used settings just like these in other such applications
> with no difficulty.  I have PhpLDAPadmin installed using the exact
> same credentials and it can read and write to LDAP perfectly.
> 
> That goes ok, and I get the LDAP setup screen.  I choose:
> 
> Import accounts from LDAP to the phpGroupWare accounts table (for a
> new install using SQL accounts) 
> 
> I select the users I want to import (all between 1000 and 65536), the
> admin users, NO groups (because we don't have any meaningful groups
> set up, and Mac OS X Server intermixes the group and user ids, so I
> wouldn't want any conflicts - for the record, I did try once with
> importing the groups and I had the same problem anyway).  When I click
> import, I get two PHP errors:
> 
> Warning: Invalid argument supplied for foreach()
> in /Library/WebServer/Documents/phpgroupware/setup/ldapimport.php on
> line 165
> 

Fixed in cvs

> Warning: Variable passed to each() is not an array or object
> in /Library/WebServer/Documents/phpgroupware/setup/ldapimport.php on
> line 389

Fixed in cvs

> 
> Which look like someone forgot to check if there were items in some
> array before running a loop (I know it's in BETA, but seriously?)
> 

Actually it looks like it was caused be the code not being designed to
run with register_globals = off

> But at the bottom of that page, I also see: Import has been completed!
> Click here to return to setup.
> 

The error detection/handling in that code is pretty poor, but I don't
currently have time to make it more robust.

> So it seems like things go ok anyway.  Then, I go to log in as my own
> personal user account (which was given admin permissions).
> 
> If I log in with a bad password, it rejects the log in as it should.
> If I log in with the correct password, I get:
> 
> You are required to change your password during your first login
> Click here
> 
> (Which will SERIOUSLY piss off my users, we *already have* an LDAP
> policy which makes them change their passwords - I didn't set this
> option, is that really the default setting?)
> 

It is the default, you can hack around it, which involves editing some
code.  Let me know if you want/need the hack.

> So, we know that the LDAP authentication went ok.  But, I "click here"
> to change the password, and I get:
> 
> Access not permitted
> 

This has also been fixed in cvs.  The script wasn't granting the user's
the rights to change their passwords as it should have.

> With the standard layout (I guess), a logout link and a welcome link -
> no applications, no interface to speak of, basically a program that
> can authenticate with LDAP and fall on its face.
> 

Again this was a bug in the import script.  It has now been fixed.  It
wasn't adding users to groups as it should have been.

> I really like the concept and if I can get it installed I will make so
> many people happy, but this seems...  extremely buggy.  Is this a PHP5
> issue?  Some other your-software-is-too-recent-or-too-old thing?  Or
> is this software just that buggy?  I can't really go back to PHP4, I
> have programs that are settled now on PHP5.  If it's not that, any
> idea what it is?  Would be so grateful for any help or advice.  Thank
> you!!!!

It is caused by the ldap import code not being looked at or tested for
some time (read several years).  The code was not updated to work with
0.9.16 or register_globals off.

I have tested and fixed the code.  Please update from cvs to get the
latest updates (not this is generic command line options, mac options
may differ)

cd /path/to/phpgroupware
cvs update -dP

Use the command line, phpmyadmin or the mysql query browser and run the
following on the database

TRUNCATE phpgw_acl;
TRUNCATE phpgw_accounts;

Please let me know if this fixes your problems.

Cheers

Dave
-- 
Dave Hall (aka skwashd)
API Coordinator
phpGroupWare
e address@hidden
w phpgroupware.org
j address@hidden
sip address@hidden
       _            ____                    __        __             
 _ __ | |__  _ __  / ___|_ __ ___  _   _ _ _\ \      / /_ _ _ __ ___ 
| '_ \| '_ \| '_ \| |  _| '__/ _ \| | | | '_ \ \ /\ / / _` | '__/ _ \
| |_) | | | | |_) | |_| | | | (_) | |_| | |_) \ V  V / (_| | | |  __/
| .__/|_| |_| .__/ \____|_|  \___/ \__,_| .__/ \_/\_/ \__,_|_|  \___|
|_|         |_|                         |_|Web based collaboration platform






reply via email to

[Prev in Thread] Current Thread [Next in Thread]