Show Posts
1
Scripting QueueMetrics / Re: Using LDAP for AUTH
« on: May 27, 2019, 08:39:26 »
This is really old thread but I could not find helpful info on how to implement ldap login for QM, and this thread is not giving an answer so I decided to reply with solution.
1. Install web server (apache or nginx) and php. Make sure phpinfo() will display properly on your browser.
2. Install php-ldap (yum install php-ldap for CentOS).
3. Install pear (yum install php-pear for CentOS).
4. Install XML_RPC (wget http://download.pear.php.net/package/XML_RPC-1.5.5.tgz) *Don't use XML_RPC2, it won't work.
Extract tgz and locate XML directory under web root. (My web root is /var/www/html so you will see something like /var/www/html/XML/RPC/Server.php)
5. Copy xmlrpc_auth_server.php to your web root. (cp WEB-INF/mysql-utils/xml-rpc/xmlrpc_auth_server.php /var/www/html/)
6. Add default.authRpcServerUrl into QM configuration.properties file.
default.authRpcServerUrl=http://127.0.0.1/xmlrpc_auth_server.php
7. Edit xmlrpc_auth_server.php
line 19;
require_once '/var/www/html/XML/RPC/Server.php';
line 53-69;
function doAuth_ldap( $serviceId, $username, $password ) {
global $RESPONSE_AUTH, $RESPONSE_SUCC, $RESPONSE_DELE, $RESPONSE_FORB;
global $R_STATUS, $R_REALNAME, $R_EMAIL, $R_CLASS, $R_KEYS;
// set the following parameters according to your environment:
$_ldap_hosts = "your.ldap.server"; // Edit this
$_ldap_port = 389;
//$_ldap_bdn = "uid=$username,ou=Users,dc=mycompany,dc=com";
$_ldap_bdn = "uid=$username,ou=xxx,dc=yyyy,dc=com"; // Edit this
$ds = ldap_connect($_ldap_hosts, $_ldap_port) or die("Could not connect to $ldaphost");
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); //Add this
if (ldap_bind($ds, $_ldap_bdn, $password))
$R_STATUS = $RESPONSE_SUCC;
else
$R_STATUS = $RESPONSE_DELE;
}
line 88;
doAuth_ldap( $p0, $p1, $p2 ); // change to doAuth_ldap
8. Edit /var/www/html/XML/RPC/Server.php
Line 29;
require_once '/var/www/html/XML/RPC.php';
9. Give exec permission.
chmod 755 -Rf /var/www/html/XML
10. Now try logging on with ldap user&password. Note: Once ldap is enabled local users are no longer available in my case.. so to make first ldap user admin, I needed to edit mysql table directory.
1. Install web server (apache or nginx) and php. Make sure phpinfo() will display properly on your browser.
2. Install php-ldap (yum install php-ldap for CentOS).
3. Install pear (yum install php-pear for CentOS).
4. Install XML_RPC (wget http://download.pear.php.net/package/XML_RPC-1.5.5.tgz) *Don't use XML_RPC2, it won't work.
Extract tgz and locate XML directory under web root. (My web root is /var/www/html so you will see something like /var/www/html/XML/RPC/Server.php)
5. Copy xmlrpc_auth_server.php to your web root. (cp WEB-INF/mysql-utils/xml-rpc/xmlrpc_auth_server.php /var/www/html/)
6. Add default.authRpcServerUrl into QM configuration.properties file.
default.authRpcServerUrl=http://127.0.0.1/xmlrpc_auth_server.php
7. Edit xmlrpc_auth_server.php
line 19;
require_once '/var/www/html/XML/RPC/Server.php';
line 53-69;
function doAuth_ldap( $serviceId, $username, $password ) {
global $RESPONSE_AUTH, $RESPONSE_SUCC, $RESPONSE_DELE, $RESPONSE_FORB;
global $R_STATUS, $R_REALNAME, $R_EMAIL, $R_CLASS, $R_KEYS;
// set the following parameters according to your environment:
$_ldap_hosts = "your.ldap.server"; // Edit this
$_ldap_port = 389;
//$_ldap_bdn = "uid=$username,ou=Users,dc=mycompany,dc=com";
$_ldap_bdn = "uid=$username,ou=xxx,dc=yyyy,dc=com"; // Edit this
$ds = ldap_connect($_ldap_hosts, $_ldap_port) or die("Could not connect to $ldaphost");
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); //Add this
if (ldap_bind($ds, $_ldap_bdn, $password))
$R_STATUS = $RESPONSE_SUCC;
else
$R_STATUS = $RESPONSE_DELE;
}
line 88;
doAuth_ldap( $p0, $p1, $p2 ); // change to doAuth_ldap
8. Edit /var/www/html/XML/RPC/Server.php
Line 29;
require_once '/var/www/html/XML/RPC.php';
9. Give exec permission.
chmod 755 -Rf /var/www/html/XML
10. Now try logging on with ldap user&password. Note: Once ldap is enabled local users are no longer available in my case.. so to make first ldap user admin, I needed to edit mysql table directory.