I appreciate a lot this piece of info, I just was looking right direction on
this, just yesterday I was testing the ldap module and I successfully
connected and extracted some info from my AD container, so right now I am
going to test the ldap auth adapter, thank you for the tip =)
Another thing I'm thinking is how to solve the mapping of the roles of these
users (from AD) to be loaded into my ACL object (I have a plugin that loads
all resources and roles config to Zend_Acl object from DB by the way).
Before it was easy because the mapping is straightforward from my users
table, just add some field to map the role with acl's table, but now I just
try figuring out how to accomplish with this mapping since I can't add
arbitrary fields to AD container..
my thought:
Extract each single user from AD and insert this into my DB (mysql) users
table, then do the mapping through this. but, what happens if an user from
AD is deleted? Not so bad since not logon is allowed to this user, but yet
her permissions are on DB table (mysql)... have you faced this before? Any
thoughts on this will be appreciated, thanks in advance to all.
My best regards,
JG
> -----Mensaje original-----
> De: Jamie Sutherland [mailto:jsutherland@bloxx.com]
> Enviado el: Viernes, 30 de Enero de 2009 09:48 a.m.
> Para: Jaime Garcia
> CC: fw-mvc@lists.zend.com
> Asunto: RE: [fw-mvc] Auth against AztiveDirectory
>
> Jaime,
>
> I've found that the documentation on the website is a bit misleading in
> getting a server to connect with Active Directory (AD). I've recently
> gone through the process myself and had to refer to the source several
> times to workout how to implement it. Also this is pretty difficult to
> debug if you've previously setup an authorisation plugin like in
> previous examples using a database table. If you have implemented this
> plugin, disable it until you've proved the LDAP auth is working.
>
> I'll assume you are attempting to follow the instructions here:
> http://framework.zend.com/manual/en/zend.auth.adapter.ldap.html
>
> Firstly the config.ini setup required for AD:
>
> Don't copy the example on the website completely. First off the line
>
> "ldap.log_path = /tmp/ldap.log"
>
> This line will cause issues when passing the options to
> Zend_Auth_Adapter_Ldap as it doesn't provide an array. If you whis to
> setup a log. I suggest having a different config option. (i.e.
> log.ldap.log_path = /tmp/ldap.log)
>
> Also make sure you *do not* have the line below in your config.ini.
>
> "ldap.server.bindRequiresDn = 1"
>
> This will perform a lookup on the uid (eDirectory/OpenLDAP) rather than
> the sAMAccountName (AD)
>
> A stupid point, but it's also worth mentioning is that you must have
> the
> php module ldap.so loaded or available.
>
> sudo apt-get install php5-ldap // if your running ubnutu
>
>
> Hope this helps!
>
> Cheers,
> Jamie
>
> -----Original Message-----
> From: Tobias Gies [mailto:tobiasgies@googlemail.com]
> Sent: 29 January 2009 22:32
> To: Jaime Garcia
> Cc: fw-mvc@lists.zend.com
> Subject: Re: [fw-mvc] Auth against AztiveDirectory
>
> Hi Jamie,
>
> you can use Zend_Ldap and Zend_Auth_Adapter_Ldap for that task.
> Examples of how to use Zend_Ldap with AD can be found in the manual.
>
> Best regards,
> Tobias
>
> 2009/1/29 Jaime Garcia <jgarcia@vali.com.mx>:
> > Hi my friends,
> >
> > Has anyone authenticated users against Active Directory using MVC ZF?
> >
> >
> >
> > Best regards,
> >
> > J.G.
没有评论:
发表评论