Author Topic: Using LDAP for AUTH  (Read 13058 times)

framirez

  • Newbie
  • *
  • Posts: 13
  • Karma: 0
    • View Profile
    • Email
Using LDAP for AUTH
« on: July 01, 2009, 02:20:27 »
I am trying to get another project going and would like some input on it. Has anyone gotten LDAP to work for auth? I am not too good with either queuemetrics or ldap and am a complete noob at php. I would like some assistance with this.

Thanks in advance.

QueueMetrics

  • Loway
  • Hero Member
  • *
  • Posts: 2999
  • Karma: 39
    • View Profile
    • QueueMetrics
Re: Using LDAP for AUTH
« Reply #1 on: July 01, 2009, 23:18:07 »
I am no expert of LDAP, but I know that the supplied script works with minimal changes....

framirez

  • Newbie
  • *
  • Posts: 13
  • Karma: 0
    • View Profile
    • Email
Re: Using LDAP for AUTH
« Reply #2 on: July 02, 2009, 00:30:58 »
If you don't mind me asking what supplied script? Can you point me to it?

Thanks much, I really appreciate the assistance.

QueueMetrics

  • Loway
  • Hero Member
  • *
  • Posts: 2999
  • Karma: 39
    • View Profile
    • QueueMetrics
Re: Using LDAP for AUTH
« Reply #3 on: July 06, 2009, 09:41:08 »
Yes - under the directory queuemetrics\WEB-INF\mysql-utils\xml-rpc you'll find a file called xmlrpc_audio_server.php...

framirez

  • Newbie
  • *
  • Posts: 13
  • Karma: 0
    • View Profile
    • Email
Re: Using LDAP for AUTH
« Reply #4 on: July 11, 2009, 23:57:09 »
Ok guys. We got the script written to authenticate to ldap.. Can't figure out what to do to get Queuemetrics to use the script... The file is actually named xmlrpc_auth_server.php‎

If anyone can offer that solution, we can start testing this beast..

framirez

  • Newbie
  • *
  • Posts: 13
  • Karma: 0
    • View Profile
    • Email
Re: Using LDAP for AUTH
« Reply #5 on: July 14, 2009, 19:34:09 »
I found the spot to make the entry.. However I keep getting this message:


Alert:
Tech exception: Problems contacting the XML-RPC auth source.

framirez

  • Newbie
  • *
  • Posts: 13
  • Karma: 0
    • View Profile
    • Email
Re: Using LDAP for AUTH
« Reply #6 on: July 14, 2009, 20:28:00 »
So this is what we are getting if we go directly to the php file:

Warning: require_once(XML/RPC/Server.php) [function.require-once]: failed to open stream: No such file or directory in /var/www/apache2-default/login2.php on line 19

Fatal error: require_once() [function.require]: Failed opening required 'XML/RPC/Server.php' (include_path='.:/usr/share/php:/usr/share/pear') in /var/www/apache2-default/login2.php on line 19


Is this caused by the script being outdated or not calling the right file? Please provide some insight on this.

framirez

  • Newbie
  • *
  • Posts: 13
  • Karma: 0
    • View Profile
    • Email
Re: Using LDAP for AUTH
« Reply #7 on: July 14, 2009, 23:58:40 »
Fixed prior issue with pear install XML_RPC

Now getting:

Fatal error: Class 'XML_RPC_Server' not found

This is being pulled from the following part of the xmlrpc_auth_server.php file

//
// Instantiates a very simple XML-RPC server for QueueMetrics
//
$server = new XML_RPC_Server(
    array(
        'QMAuth.auth' => array(
            'function' => 'xmlrpc_run_auth'
        )
    ),
    1  // serviceNow
);


Any takers on assisting with this?

« Last Edit: July 15, 2009, 00:04:06 by framirez »

marcos

  • Loway
  • Full Member
  • *
  • Posts: 138
  • Karma: 3
    • View Profile
Re: Using LDAP for AUTH
« Reply #8 on: July 16, 2009, 10:05:36 »
Hi Ramirez.
We received your e-mail and we are working on it.

Thanks and regards,
Marco Signorini.

marcos

  • Loway
  • Full Member
  • *
  • Posts: 138
  • Karma: 3
    • View Profile
Re: Using LDAP for AUTH
« Reply #9 on: July 16, 2009, 11:09:15 »
Hi,

The message you have "Fatal error: Class 'XML_RPC_Server' not found" is reported by PHP because the interpreter is not able to find the implementation of XML_RPC_Server.
This is due, probably, because your PHP/PEAR installation does not provide this class installation and is not related to QueueMetrics.
In my private installation I can find the implementation of XML_RPC_Server in the file I can find under PHP\PEAR\XML\Server.php.

I suggest to check what packages are installed (and where) to your PEAR distribution and then to start your authorization script directly from command line until you'll be able to have a result like what I've reported below:

XML_RPC>php TestAuthServer.php
<?xml version="1.0" encoding="UTF-8"?>
<methodResponse>
<fault>
  <value>
    <struct>
      <member>
        <name>faultCode</name>
        <value><int>105</int></value>
      </member>
      <member>
        <name>faultString</name>
        <value><string>XML error: Invalid document end at line 1</string></value>
      </member>
    </struct>
  </value>
</fault>
</methodResponse>

As you can see, this is the answer of XML_RPC_Server when no options were found on the submitted query and is proving that the XML_RPC_Server was correctly instanciated by the PHP interpreter.

I'm writing the same answer to QueueMetrics forum.

Best regards,
Marco Signorini.

framirez

  • Newbie
  • *
  • Posts: 13
  • Karma: 0
    • View Profile
    • Email
Re: Using LDAP for AUTH
« Reply #10 on: July 17, 2009, 00:04:08 »
Thanks for the reply.  Now I got past that hurdle and am encountered with another issue.

In the file:    /WEB-INF/configuration.properties we need to make an entry for it to call the xmlrpc_auth_server.php file.

We had to set it up to run through apache as it would not work in tomcat.

So our entry is:

default.authRpcServerUrl=http://<servername>/apache2-default/xmlrpc_auth_server.php

When we try to login we get the following:

Alert:
Problems contacting the XML-RPC auth source. - http://<servername>/apache2-default/xmlrpc_auth_server.php


If I use the url http://<servername>/apache2-default/xmlrpc_auth_server.php I get the same results you got:


<methodResponse>
<fault>
  <value>
    <struct>
      <member>
        <name>faultCode</name>
        <value><int>105</int></value>
      </member>
      <member>
        <name>faultString</name>
        <value><string>XML error: Invalid document end at line 1</string></value>
      </member>
    </struct>
  </value>
</fault>
</methodResponse>



Can you provide any assistance with this part? Is there an easier way of doing this?


marcos

  • Loway
  • Full Member
  • *
  • Posts: 138
  • Karma: 3
    • View Profile
Re: Using LDAP for AUTH
« Reply #11 on: July 17, 2009, 11:22:14 »
I can rise some idea useful to debug your setup.

1. Are you sure that QM is really calling your script? Do you see on the apache log the call?
2. If yes, did you tried to write to a temporary file the parameters you received in your script when QM calls it?
3. Did you try to raise the debug on PHP XML_RPC_Server? (Please refers to http://pear.php.net/package/XML_RPC/docs/latest/XML_RPC/XML_RPC_Server.html)

Regards,
Marco Signorini.

John Mizuno

  • Newbie
  • *
  • Posts: 1
  • Karma: 0
    • View Profile
Re: Using LDAP for AUTH
« Reply #12 on: May 27, 2019, 08:39:26 »
This is really old thread but I could not find helpful info on how to implement ldap login for QM, and this thread is not giving an answer so I decided to reply with solution.

1. Install web server (apache or nginx) and php. Make sure phpinfo() will display properly on your browser.

2. Install php-ldap (yum install php-ldap for CentOS).

3. Install pear (yum install php-pear for CentOS).

4. Install XML_RPC (wget http://download.pear.php.net/package/XML_RPC-1.5.5.tgz) *Don't use XML_RPC2, it won't work.
 Extract tgz and locate XML directory under web root. (My web root is /var/www/html so you will see something like /var/www/html/XML/RPC/Server.php)

5. Copy xmlrpc_auth_server.php to your web root. (cp WEB-INF/mysql-utils/xml-rpc/xmlrpc_auth_server.php /var/www/html/)

6. Add default.authRpcServerUrl into QM configuration.properties file.
 default.authRpcServerUrl=http://127.0.0.1/xmlrpc_auth_server.php

7. Edit xmlrpc_auth_server.php
line 19;
require_once '/var/www/html/XML/RPC/Server.php';

line 53-69;
function doAuth_ldap( $serviceId, $username, $password ) {
    global $RESPONSE_AUTH, $RESPONSE_SUCC, $RESPONSE_DELE, $RESPONSE_FORB;
    global $R_STATUS, $R_REALNAME, $R_EMAIL, $R_CLASS, $R_KEYS;

    // set the following parameters according to your environment:
    $_ldap_hosts = "your.ldap.server"; // Edit this
    $_ldap_port = 389;
    //$_ldap_bdn = "uid=$username,ou=Users,dc=mycompany,dc=com";
    $_ldap_bdn = "uid=$username,ou=xxx,dc=yyyy,dc=com"; // Edit this

        $ds = ldap_connect($_ldap_hosts, $_ldap_port) or die("Could not connect to $ldaphost");
        ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); //Add this
        if (ldap_bind($ds, $_ldap_bdn, $password))
          $R_STATUS = $RESPONSE_SUCC;
        else
          $R_STATUS = $RESPONSE_DELE;
}

line 88;
doAuth_ldap( $p0, $p1, $p2 ); // change to doAuth_ldap

8. Edit /var/www/html/XML/RPC/Server.php

Line 29;
require_once '/var/www/html/XML/RPC.php';

9. Give exec permission.
chmod 755 -Rf /var/www/html/XML

10. Now try logging on with ldap user&password. Note: Once ldap is enabled local users are no longer available in my case.. so to make first ldap user admin, I needed to edit mysql table directory.
« Last Edit: May 28, 2019, 02:32:18 by John Mizuno »

Mausabot

  • Loway
  • Full Member
  • *
  • Posts: 129
  • Karma: 0
    • View Profile
    • Email
Re: Using LDAP for AUTH
« Reply #13 on: October 26, 2021, 14:04:52 »
Hi there,

recently we integrate it. You can find our tutorial here

https://www.queuemetrics.com/blog/2021/10/20/Active-Directory-Domain-Integration/