help with configuring DocMGR to authenticate against zentyal LDAP

[Barrydocks]

I am trying to set up DocMGR as a document management system, currently I have managed to get everything to work except authenticating users against my LDAP server which is Zentyal 2.2.

Here is the document ation form the DocMGR site:
http://www.docmgr.org/documentation/ldap-configuration/

Here is my ldap-config.php file for DocMGR:

Code: [Select]

<?php /******************************************************************************$ 
Fileame: ldap-config.php 

Purpose: Contains all settings for ldap connectiving and attribute mapping 

Created: 11-20-2005 
*******************************************************************************$ 

/************************************************************ 
LDAP Connectivity 
************************************************************/ 

//your ldap server uri 
define("LDAP_SERVER","ldap://10.0.0.1"); 

//your ldap server port 
define("LDAP_PORT","389"); 

//the dn to bind to your server with 
define("BIND_DN","dc=myserver,dc=mydomain,dc=com"); 

//the password of the above specified dn 
define("BIND_PASSWORD","secret"); 

//your search attribute base for accounts 
define("LDAP_BASE","ou=Users,dc=myserver,dc=mydomain,dc=com"); 

//default base for creating accounts 
define("LDAP_CREATE_BASE",LDAP_BASE); 

//a search filter to limit valid accounts to 
define("LDAP_FILTER","(uid=*)"); 

//password encrytion in database 
define("LDAP_CRYPT","MD5"); 

//ldap protocol 
define("LDAP_PROTOCOL","3"); 

//default group id for a new account 
define("DEFAULT_GID","100"); 

//base of our tree 
define("LDAP_ROOT","cn=ebox,dc=myserver,dc=mydomain,dc=com"); 

/*********************************************************** 
Attribute Mapping *
**********************************************************/ 
define("LDAP_UID","uid"); define("LDAP_UIDNUMBER","uidNumber"); 
define("LDAP_GIDNUMBER","gidNumber"); 
define("LDAP_USERPASSWORD","userPassword"); 
define("LDAP_CLEARPASSWORD","plainPassword"); 
define("LDAP_CN","cn"); 
define("LDAP_SN","sn"); define("LDAP_GECOS","gecos"); 
define("LDAP_TELEPHONENUMBER","telephoneNumber"); 
define("LDAP_GIVENNAME","givenName"); define("LDAP_MAIL","mail"); 

//your dn in your directory should look like this: 
//<UID>=<login>,<LDAP_BASE> 
//ex: uid=mylogin,ou=people,dc=mydomain,dc=com
I have posted on the DocMGR project forum but the response time is not exactly quick

I would be grateful for any suggestions as I am not entirely sure these settings are correct.

Thanks

[christian]

I am trying to set up DocMGR as a document management system, currently I have managed to get everything to work except authenticating users against my LDAP server which is Zentyal 2.2.

This should not be a blocking point 

Here is my ldap-config.php file for DocMGR:

Code: [Select]

//your ldap server uri
define("LDAP_SERVER","ldap://10.0.0.1");

//your ldap server port
define("LDAP_PORT","389");

//the dn to bind to your server with
define("BIND_DN","dc=myserver,dc=mydomain,dc=com");

//the password of the above specified dn
define("BIND_PASSWORD","secret");


if you access from Zentyal server itself (if you have installed DocMGR on Zentyal, then address should rather be 127.0.0.1
if you access from another server, then be sure you have open access to port 389 in FW.

Your BIND_DN is wrong. You should put there what account you will find in LDAP settings. Something like

Code: [Select]

cn=ebox,dc=myserver,dc=mydomain,dc=com

Code: [Select]

//your search attribute base for accounts
define("LDAP_BASE","ou=Users,dc=myserver,dc=mydomain,dc=com");

//default base for creating accounts
define("LDAP_CREATE_BASE",LDAP_BASE);

//a search filter to limit valid accounts to
define("LDAP_FILTER","(uid=*)");

//password encrytion in database
define("LDAP_CRYPT","MD5");

//ldap protocol
define("LDAP_PROTOCOL","3");

//default group id for a new account
define("DEFAULT_GID","100");

//base of our tree
define("LDAP_ROOT","cn=ebox,dc=myserver,dc=mydomain,dc=com");

as you may guess, LDAP_ROOT is wrong too. you should put here

Code: [Select]

dc=myserver,dc=mydomain,dc=com
Be very cautious with this application that is thinking as entitled to create accounts in LDAP. Strongly refrain yourself to do this as such created accounts will not work in Zentyal.

Code: [Select]

//your dn in your directory should look like this:
//<UID>=<login>,<LDAP_BASE>
//ex: uid=mylogin,ou=people,dc=mydomain,dc=com

I really hate this applications that are forging DN or make supposition on what DN should be. Poor LDAP knowledge 

[Barrydocks]

Thanks Christian, I was really not sure what the correct entries should be.  The DocMGR is on a virtual box and the correct firewall rules have been set to access ldap across my LAN as other boxes are using it (ie my subsonic box).  Any way it still doesn't work
I have found the following entry in the apache log:

Code: [Select]

[error] [client 10.0.0.30] PHP Fatal error: Call to undefined function ldap_connect() in /var/www/docmgr/lib/account/ldap.php on line 43, referer: http://docmgr.mydomain.com/docmgr/index.php
So i guess there is something wrong with the php coding??

[christian]

have you installed php5-ldap package on machine running DocMGR

[Barrydocks]

have you installed php5-ldap package on machine running DocMGR

Nope    Installing it has solved the error in the apache log but I can't log in:

Code: [Select]

API: Invalid username and/or password specified
Which log file on the zentyal server do I need to check in order to see if the DocMGR application is even sending a query?

[christian]

syslog... but this first needs that you increase LDAP log level (Olcloglevel) in cn=config.  Don't do this if you don't know LDAP 
Regarding invalid password, how did you specify it?

[Barrydocks]

Regarding invalid password, how did you specify it?

Sorry, not sure what you mean

[christian]

is it wrong password once you tried to authenticate or is it wrong password as set in docmgr conf ?

[Barrydocks]

is it wrong password once you tried to authenticate or is it wrong password as set in docmgr conf ?

Ah, right, sorry.  Wrong password to authenticate the user.  Currently can't login any users.
Just had a look at the subsonic configuration, also tried various combinations of:

Code: [Select]

//a search filter to limit valid accounts to
define("LDAP_FILTER","(uid={0})");and

Code: [Select]

//your search attribute base for accounts
define("LDAP_BASE","ou=Users,dc=myserver,dc=mydomain,dc=com");
But still no luck


Also tried switching off the password encryption:

Code: [Select]

//password encrytion in database
//define("LDAP_CRYPT","MD5");
Is this encryption type correct?  As I note there are several different password encrytpions listed is I browse the LDAP user entries using the webmin LDAP browser

[Barrydocks]

Christian - Thanks for your help, I have now managed to get it all sorted and have posted a How to
http://forum.zentyal.org/index.php/topic,14253.0.html