<html><body bgcolor="#FFFFFF">
<p>Hello Jules,<br>
<br>
thank you for you fast response.<br>
<br>
I tested the new configuration settings, but there seem to be some additional changes needed:<br>
<br>
<b>What did i made:</b><br>
<ul type="disc">
<li>added <font color="#FF0000">"ErrorUnauthorizedUser = "Sorry, you are not authorized to use this service""</font> to <font color="#0000FF">/opt/zendto/config/zendto.conf</font>
<li>changed <font color="#0000FF">/opt/zendto/config/preferences.php</font> </ul>
<br>
//<br>
// Settings for the LDAP authenticator.<br>
//<br>
'authenticator' => 'LDAP',<br>
'authLDAPAdmins' => array('xxxxxx','xxxxxx'),<br>
'authLDAPBaseDN' => 'o=kl',<br>
// 'authLDAPServers' => array('ldap2.kaufland'),<br>
'authLDAPServers' => array('x.x.1.118','x.xx.1.117'),<br>
// 'authLDAPAccountSuffix' => '@ecs.soton.ac.uk',<br>
'authLDAPUseSSL' => false,<br>
// 'authLDAPBindDn' => 'o=MyOrganization,uid=MyUser',<br>
// 'authLDAPBindPass' => 'SecretPassword',<br>
// This is the list of LDAP properties used to build the user's full name<br>
'authLDAPFullName' => 'givenName sn',<br>
'authLDAPMemberKey' => 'groupMembership',<br>
'authLDAPMemberRole' => 'cn=citrix,ou=portal,ou=sslvpn,ou=roles,o=kl',<br>
<ul type="disc">
<li>Changed <font color="#0000FF">NSSLDAPAuthenticator.php</font> to the new one</ul>
<br>
If the groupMembership exists, i can login successfully. If i changed something on the string for <font color="#FF0000">authLDAPMemberRole</font> so that the role does not match, i got PHP-Error message "<b><font size="4">Fatal error</font></b><font size="4">: Call to a member function getConfigVariable() on a non-object in </font><b><font size="4">/opt/zendto/lib/NSSLDAPAuthenticator.php</font></b><font size="4"> on line </font><b><font size="4">299</font></b><font size="4">" </font><br>
<br>
<b>Content of line 299 --> NSSError($smarty->getConfigVariable('ErrorUnauthorizedUser'),'Authorisation Failed');</b><br>
<br>
<br>
greetings<br>
<br>
Patrick<br>
<br>
<br>
<br>
<br>
<a href="http://www.kaufland.de">http://www.kaufland.de</a> <br>
<br>
Kaufland Informationssysteme GmbH & Co. KG<br>
Postfach 12 53 - 74149 Neckarsulm<br>
Kommanditgesellschaft<br>
Sitz: Neckarsulm<br>
Registergericht: Amtsgericht Stuttgart HRA 104163<br>
<br>
Diese Nachricht enthält vertrauliche Informationen und ist ausschließlich für<br>
den Adressaten bestimmt. Jeder Gebrauch durch Dritte ist verboten. Falls Sie<br>
die Daten irrtümlich erhalten haben, nehmen Sie bitte Kontakt mit dem<br>
Absender auf und löschen Sie die Daten auf jedem Computer und Datenträger.<br>
This message contains confidential information and is intended solely for the<br>
use by the addressee. Any use of this message by a third party is prohibited.<br>
If you receive this message in error, please contact the sender and delete the<br>
data from any computer and data carrier. <br>
<ul><img src="cid:10__=4EBBFD6ADFDECE5F8f9e8a93@de.int.kaufland" width="16" height="16" alt="Inactive hide details for Jules <Jules@zend.to>">Jules <Jules@zend.to></ul>
<br>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr valign="top"><td width="40%">
<ul><b><font size="2">Jules <Jules@zend.to></font></b><font size="2"> </font><br>
<font size="2">Gesendet von: zendto-bounces@zend.to</font>
<p><font size="2">14.12.2010 12:47</font>
<table border="1">
<tr valign="top"><td width="168" bgcolor="#FFFFFF"><font size="2">Bitte antworten an<br>
ZendTo Users <zendto@zend.to></font></td></tr>
</table>
</ul>
</td><td width="60%">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr valign="top"><td width="1%" valign="middle"><img src="cid:20__=4EBBFD6ADFDECE5F8f9e8a93@de.int.kaufland" border="0" height="1" width="66" alt=""><br>
</td><td width="100%"><img src="cid:20__=4EBBFD6ADFDECE5F8f9e8a93@de.int.kaufland" border="0" height="1" width="1" alt=""><br>
<font size="2">ZendTo Users <zendto@zend.to></font></td></tr>
<tr valign="top"><td width="1%" valign="middle"><img src="cid:20__=4EBBFD6ADFDECE5F8f9e8a93@de.int.kaufland" border="0" height="1" width="66" alt=""><br>
</td><td width="100%"><img src="cid:20__=4EBBFD6ADFDECE5F8f9e8a93@de.int.kaufland" border="0" height="1" width="1" alt=""><br>
</td></tr>
<tr valign="top"><td width="1%" valign="middle"><img src="cid:20__=4EBBFD6ADFDECE5F8f9e8a93@de.int.kaufland" border="0" height="1" width="66" alt=""><br>
<div align="right"><font size="2">Thema </font></div></td><td width="100%"><img src="cid:20__=4EBBFD6ADFDECE5F8f9e8a93@de.int.kaufland" border="0" height="1" width="1" alt=""><br>
<font size="2">[ZendTo] Re: LDAPAuthorization for zendto</font></td></tr>
</table>
<table border="0" cellspacing="0" cellpadding="0">
<tr valign="top"><td width="58"><img src="cid:20__=4EBBFD6ADFDECE5F8f9e8a93@de.int.kaufland" border="0" height="1" width="1" alt=""></td><td width="336"><img src="cid:20__=4EBBFD6ADFDECE5F8f9e8a93@de.int.kaufland" border="0" height="1" width="1" alt=""></td></tr>
</table>
</td></tr>
</table>
<br>
<font size="4">Patrick,<br>
<br>
I have changed your approach slightly, resulting in only changing NSSADAuthentication.php and NSSLDAPAuthentication.php. I figured the AD people might want the feature too, so it's implemented in both systems.<br>
<br>
There are a couple of new preferences.php settings and one new zendto.conf setting, so you never have to mess with the code to translate it or tweak it.<br>
<br>
Look in the attached zip file and you will find the 2 new files and a README.txt which tells you how to install and configure it. Hopefully you'll find that pretty simple.<br>
<br>
I haven't got my own LDAP system, so I've only been able to test the AD version. So please let me know if it works for you or not!<br>
<br>
This will be included in the next release.<br>
<br>
Cheers,<br>
Jules.<br>
<br>
On 13/12/2010 16:08, </font><a href="mailto:patrick.gaikowski@kaufland.com"><u><font size="4" color="#0000FF">patrick.gaikowski@kaufland.com</font></u></a><font size="4"> wrote: </font>
<ul>
<ul><font size="4">Hello,<br>
<br>
we like to use LDAP-Authentication in combination with LDAP-Authorization, means the user needs a special LDAP-Role to get access as authorized user.<br>
</font><font size="4" color="#FF0000"><br>
We changed </font><b><font size="4" color="#FF0000">NSSDropbox.php</font></b><font size="4" color="#FF0000">:</font><font size="4"><br>
</font><font size="4" color="#FF0000"><br>
919,921d918<br>
< } elseif ($result == 2){<br>
< $this->_authorizationFailed = TRUE;<br>
< $this->writeToLog("authorization attempt for not authorized user $uname - please add the group");</font><font size="4"><br>
</font><font size="4" color="#FF0000"><br>
We changed </font><b><font size="4" color="#FF0000">NSSLDAPAuthenticator.php</font></b><font size="4" color="#FF0000">:</font><font size="4"><br>
</font><font size="4" color="#FF0000"><br>
236,239d235<br>
< // Kaufland Added<br>
< // Benutzer status auf nicht autorisiert aendern<br>
< $result=2;<br>
<<br>
241d236<br>
< $ldapGroups = array(); // Kaufland Added<br>
243,246d237<br>
< // Kaufland Added<br>
< if ($key == "groupMembership") {<br>
< $ldapGroups = $value;<br>
< }<br>
253,261d243<br>
<<br>
< // Kaufland Added<br>
< foreach ($ldapGroups as $group){<br>
< // Gruppenmitgliedschaft des Benutzers pruefen<br>
< if ( $group == "cn=citrix,ou=portal,ou=sslvpn,ou=roles,o=kls") {<br>
< // Status des benutzers auf OK setzten<br>
< $result = 1;<br>
< }<br>
< }</font><font size="4"><br>
<br>
</font><i><font size="4"><br>
(See attached file: NSSLDAPAuthenticator.php)(See attached file: NSSDropbox.php)</font></i><font size="4"><br>
<br>
We know that this is a quick and dirty solution, but it works. <br>
<br>
Question from us is, if such a request can be implemented cleanly in the installation Source?<br>
<br>
Mit freundlichen Grüßen / Best regards<br>
<br>
Patrick Gaikowski<br>
Tel: +49 7132 94 3568<br>
Fax: +49 7132 94 73568<br>
E-Mail: </font><a href="mailto:patrick.gaikowski@kaufland.com"><u><font size="4" color="#0000FF">patrick.gaikowski@kaufland.com</font></u></a><font size="4"><br>
KI 967800 IT International / Infrastruktur<br>
Office:<br>
Lindichstrasse 11<br>
D-74189 Weinsberg<br>
<br>
</font><u><font size="4" color="#0000FF"><br>
</font></u><a href="http://www.kaufland.de/"><u><font size="4" color="#0000FF">http://www.kaufland.de</font></u></a><font size="4"> <br>
<br>
Kaufland Informationssysteme GmbH & Co. KG<br>
Postfach 12 53 - 74149 Neckarsulm<br>
Kommanditgesellschaft<br>
Sitz: Neckarsulm<br>
Registergericht: Amtsgericht Stuttgart HRA 104163<br>
<br>
Diese Nachricht enthält vertrauliche Informationen und ist ausschließlich für<br>
den Adressaten bestimmt. Jeder Gebrauch durch Dritte ist verboten. Falls Sie<br>
die Daten irrtümlich erhalten haben, nehmen Sie bitte Kontakt mit dem<br>
Absender auf und löschen Sie die Daten auf jedem Computer und Datenträger.<br>
This message contains confidential information and is intended solely for the<br>
use by the addressee. Any use of this message by a third party is prohibited.<br>
If you receive this message in error, please contact the sender and delete the<br>
data from any computer and data carrier. </font>
<p><tt><font size="4"><br>
<br>
_______________________________________________<br>
ZendTo mailing list<br>
</font></tt><a href="mailto:ZendTo@zend.to"><tt><u><font size="4" color="#0000FF">ZendTo@zend.to</font></u></tt></a><tt><font size="4"><br>
</font></tt><a href="http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto"><tt><u><font size="4" color="#0000FF">http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto</font></u></tt></a></ul>
</ul>
<br>
<tt><font size="4">Jules<br>
<br>
-- <br>
Julian Field MEng CITP CEng<br>
</font></tt><a href="http://www.zend.to/"><tt><u><font size="4" color="#0000FF">www.Zend.To</font></u></tt></a><tt><font size="4"><br>
<br>
Need help fixing or optimising your systems?<br>
Contact me!<br>
Need help getting you started solving new requirements from your boss?<br>
Contact me!<br>
<br>
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654<br>
Follow me at twitter.com/JulesFM<br>
[Anhang "Authorization.zip" gelöscht von Patrick Gaikowski/IS/KI/KAUFLAND] </font></tt><tt>_______________________________________________<br>
ZendTo mailing list<br>
ZendTo@zend.to<br>
</tt><tt><a href="http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto">http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto</a></tt><br>
</body></html>