Loading...
 
LDAP / Active directory

LDAP / Active directory


Trouble with LDAP Auth in 1.9.7

I have recently upgraded a site from v1.9.5 to v1.9.7. This site has been using LDAP auth since early 1.8.x with a few modifications that have allowed user attributes in the LDAP directory to pass to tiki and join users to tiki groups that match their attributes. (e.g. A user belonging to "staff" in LDAP gets added to a group called "staff" in tiki. If such a group doesn't exist, it is created).

In the upgrade to 1.9.7, I have lost some LDAP auth functionality. I am able to log in as a user that belongs to the ldap directory without errors, but it appears that I am somehow immediately logged out. The evidence that I am temporarily logged in comes from the page that I am redirected to after logging in and the tiki user that gets created and assigned to appropriate groups (as viewed by admin). The evidence that the user is not logged in comes from the user only getting the default anonymous modules and the login-src.php not showing a logged in user. Also, if I log in elsewhere as admin and look at currently logged in users, I can see that no one else is logged in.

If anyone has thoughts on where these mods have gone wrong in 1.9.7 or how to accomplish the same thing by other means, it'd be greatly appreciated.

-Thanks


My upgrade path went something like this...


Create dir of new files over the top of the current files

  • Create new directory to hold new tiki files (e.g. tikwiki-1.9.7)
    • Copy current tiki directory to new tiki directory
      • E.g: cp –r tikiwiki-1.9.5 tikiwiki-1.9.7
    • Copy new unzipped tiki upgrade dir (downloaded from sourceforge) over newly created tiki dir
      • E,g: File transfer \\local\tikiwiki-1.9.7 over \\srv\www\htdocs\tikiwiki-1.9.7


Run setup.sh on new tiki dir (e.g.: tikwiki-1.9.5)

  • CHMOD the file setup.sh to 755.
    • chmod 755 setup.sh
  • Run setup
    • su -c './setup.sh wwwrun'


Run htaccess.sh

  • CHMOD the file htaccess.sh to 755.
    • chmod 755 htaccess.sh
  • Run htaccess
    • Su ./htaccess


Check php files with customization and redo customization or copy back file from previous tiki version if timestamp is the same.

  • See “System Modifications??? in Modifications.xls
  • Pay special attention to userlib.php and ldap.php (If logins don’t work after upgrade these are likely the culprits)


Check for changes in the style that was the parent of the customized style in use


Check to see that customized templates (tpl files) still work in the new version.

  • They all sit in \templates\styles\<css style in use>\
  • As long as there were no databases changes, you can view the new installation before making it live by directing your browser to the new directory e.g. http://helpdesk.luther.edu/tikiwiki-1.9.7/


Point \\srv\www\htdocs\tiki to the new install directory.

  • E.g.: ln -s tikiwiki-1.9.7 tiki



My mods for LDAP look like this..


IN LDAP.PHP

Near line 552 in make search filter the code below replaced $filter= in previous tiki versions. LDAP logins did not work at all in v1.9.7 until I removed that customization.

// custom filter that we apparently no longer need as of v1.9.7
// $filter = sprintf('(No value assigneds)',
// $this->options'userattr', $username);
// end custom


Near line 645 after
// try binding as this user with the supplied password
if (@ldap_bind($this->conn_id, $user_dn, $password)) {
$this->_debug('Bind successful', LINE);

Added the following to grab attributes from LDAP...
//Custom information pull
$attrs = array('cn','eduPersonPrimaryAffiliation','mail','studentYearInSchool','studentResidenceHallBldg','departmentName');
$func_params = array($this->conn_id, $search_basedn, $filter, $attrs);
if $result_id = @call_user_func_array($func_name, $func_params == false) {
return false;
}
$entry_id = ldap_first_entry($this->conn_id, $result_id);
foreach($attrs as $attr){
$pulled_values$attr = @ldap_get_values($this->conn_id, $entry_id, $attr);
$pulled_values$attr = $pulled_values$attr0;
}
$this->pulled_values = $pulled_values;
// End custom information pull

IN LIB\USERSLIB.PHP

Find the validate_user_auth() function

Add -
// Custom LDAP line
$this->pulled_values = $a->storage->pulled_values;
To-
case AUTH_LOGIN_OK:

find the add_user() function

Add after 'Registered'-

// Custom LDAP section
$tikilib->set_user_preference($user, 'realName',$this->pulled_values'cn');
$user_fields'email'=$this->pulled_values'mail';
$user_fields'login'=$user;
$this->set_user_fields($user_fields);

// Create and add a user to a group for their departmentName
$join_groups = array('eduPersonPrimaryAffiliation','departmentName','studentYearInSchool','studentResidenceHallBldg');
foreach($join_groups as $group){
if $group" class="wiki wikinew text-danger tips strlen">$this->pulled_values$group {
if (!$this->group_exists($this->pulled_values$group)){
$this->add_group($this->pulled_values$group, "", '');
}
$this->assign_user_to_group($user, $this->pulled_values$group);
}
}
if 'eduPersonPrimaryAffiliation'" class="wiki wikinew text-danger tips strlen">$this->pulled_values'eduPersonPrimaryAffiliation' {
$this->assign_user_to_group($user, $this->pulled_values'eduPersonPrimaryAffiliation');
$this->set_default_group($user,$this->pulled_values'eduPersonPrimaryAffiliation');
}
// End custom LDAP section


> Did you run the DB uprade script?
>
> http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/db/tiki_1.8to1.9.sql?view=log&pathrev=BRANCH-1-9
>
> M ;-)

I did not run it for the move from 1.9.5 to 1.9.7, but I believe that I did in an earlier upgrade months ago. Does it need to be run again?

I have to admit that its been a bit confusing to me trying to figure out when to run the scripts and when to not, especially when some ReleaseNotes pages mention whether or not a db upgrade is needed and some don't.

> > Did you run the DB uprade script?
> >
> > http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/db/tiki_1.8to1.9.sql?view=log&pathrev=BRANCH-1-9
> >
> > M ;-)
>
> I did not run it for the move from 1.9.5 to 1.9.7, but I believe that I did in an earlier upgrade months ago. Does it need to be run again?
>
> I have to admit that its been a bit confusing to me trying to figure out when to run the scripts and when to not, especially when some ReleaseNotes pages mention whether or not a db upgrade is needed and some don't.

Didn't notice that marclaporte gave me the answer in his reply by sending me to the tiki_1.8to1.9 script. After finding it on my own, a somewhat more complete answer is that all 1.9.x upgrades should have the 1.8to1.9 script run regardless of whether or not you've already moved from 1.8 to 1.9 in a previous version. Lesson learned - when in doubt, run the tiki-install.php script and see if it gives you a better idea of what script(s) to run.

> > > Did you run the DB uprade script?
> > >
> > > http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/db/tiki_1.8to1.9.sql?view=log&pathrev=BRANCH-1-9
> > >
> > > M ;-)
> >
> > I did not run it for the move from 1.9.5 to 1.9.7, but I believe that I did in an earlier upgrade months ago. Does it need to be run again?
> >
> > I have to admit that its been a bit confusing to me trying to figure out when to run the scripts and when to not, especially when some ReleaseNotes pages mention whether or not a db upgrade is needed and some don't.
>
> Didn't notice that marclaporte gave me the answer in his reply by sending me to the tiki_1.8to1.9 script. After finding it on my own, a somewhat more complete answer is that all 1.9.x upgrades should have the 1.8to1.9 script run regardless of whether or not you've already moved from 1.8 to 1.9 in a previous version. Lesson learned - when in doubt, run the tiki-install.php script and see if it gives you a better idea of what script(s) to run.
>
>

BUT, running the upgrade script didn't solve the login problem (did solve a categories problem though). I'm currently running userlib.php and \pear from v.1.9.5 on the 1.9.7 install as a temporary work around. I'm guessing I'll need to figure it out at some point though so if anyone has other ideas, I'd be really happy to have them.

Thanks in advance!


Upcoming Events

1)  18 Apr 2024 14:00 GMT-0000
Tiki Roundtable Meeting
2)  16 May 2024 14:00 GMT-0000
Tiki Roundtable Meeting
3)  20 Jun 2024 14:00 GMT-0000
Tiki Roundtable Meeting
4)  18 Jul 2024 14:00 GMT-0000
Tiki Roundtable Meeting
5)  15 Aug 2024 14:00 GMT-0000
Tiki Roundtable Meeting
6)  19 Sep 2024 14:00 GMT-0000
Tiki Roundtable Meeting
7) 
Tiki birthday
8)  17 Oct 2024 14:00 GMT-0000
Tiki Roundtable Meeting
9)  21 Nov 2024 14:00 GMT-0000
Tiki Roundtable Meeting
10)  19 Dec 2024 14:00 GMT-0000
Tiki Roundtable Meeting