This forum is no longer open and is for reading/searching only.
Please use our new MachForm Community Forum instead.
MachForm Community Forums » News & Announcement
[10 March 2015] MachForm 4.3 Released!
Started 9 years ago by yuniar | 12 posts |
-
This update contains two new features, improvements and bugfixes:
http://www.appnitro.com/blog-machform43-releasedEnjoy! :-)
MachForm Founder
Posted 9 years ago # -
Thanks for yet more features. I cannot really use the LDAP support, but the new CAPTCHA is something that I certainly will.
Posted 9 years ago # -
Thank you so much for integrating LDAP into MachForms! Your software is such a gem and now feature really rounds out the product. Keep up the great work.
Posted 9 years ago # -
Awesome, installed and ldap is working. However, I would like to limit access to groups, how should you id the groups?
Tried, cn=groupname, memberof=cn=groupname, and just groupname, and getting You're not in an authorized group! (LDAP) when trying to login.
Posted 9 years ago # -
That's great to hear guys!
@jscott02
Simply put your group name into the "Required Group" setting. (example: Staff)
Or if you need to enter multiple groups, separate them with commas, such as: Staff,Students,GuestsAlso make sure that the user already belong to the group. Are you using Active Directory or OpenLDAP?
MachForm Founder
Posted 9 years ago # -
We are using OpenLDAP, however it would likely require an ADMIN user to search our other groups. I did a little research and see that you can include admin credentials in adLDAP, can that be done with MF?
In the adLDAP.php file, could I include it here?
* Optional account with higher privileges for searching
* This should be set to a domain admin account
*
* @var string
* @var string
*/
protected $adminUsername = NULL;
protected $adminPassword = NULL;Posted 9 years ago # -
We have a similar issue where we need to pass a username and password to our Active Directory. Also, some of our groups have spaces in them. Is that an issue? Finally, do we use the short name in AD to authenticate or the email address?
Posted 9 years ago # -
@ jscott02 -- By default, MachForm will bind as the user (not ADMIN) to do the search. However, if you've configured LDAP to only allow ADMIN to do the search, you can pass the admin credentials by adding a small custom code.
If you are using OpenLDAP:
=====================You can edit the "index.php" file. Search around line 220 for this code:
$user_current_groups = array();
exactly below that line, add this code:
$openldap_admin_username = "admin"; $openldap_admin_password = "adminpassword"; ldap_bind($opldap_conn, $openldap_login_attribute.'='.$openldap_admin_username.','.$mf_settings['ldap_basedn'], $openldap_admin_password);
adjust the above username and password with your own.
If you are using Active Directory:
=========================Edit the "index.php" file. Search around line 142 for this code:
$adldap_auth_result = $adldap->authenticate($username, $password);
above that line, add this code:
$adldap->setAdminUsername("admin"); $adldap->setAdminPassword("adminpassword");
adjust the above username and password with your own.
MachForm Founder
Posted 9 years ago # -
@mhannen -- Spaces within group names shouldn't be a problem. To authenticate, you can use the email or the user logon name (which is actually the first part of the email).
MachForm Founder
Posted 9 years ago # -
Thanks got it working, even without the code and I put the whole DN in the Base DN field (cn=xx,ou=xx,o=xx), nothing in the group field.
I think the issue we were having was because of the group I wanted to use, it added users using "member" attributes and not actual users.
Once I copied in users it started to work.
Posted 9 years ago # -
Thanks, Yuniar. Our email addresses are actually different from the short name.
Posted 9 years ago # -
Excellent update - I've been waiting/hoping for LDAP integration for awhile. Like mhannen, our AD has different shortnames than the E-mail addresses. This is a problem when I try to elevate someone to an administrator. It requires a vaild E-mail address. I can only update someone via the database (unless I want to disable the regex validation in the php). Neither of those options are ideal. Still, it's better than asking our users to come up with another password that they'll never change otherwise.
Thanks!
Posted 9 years ago #
Reply
You must log in to post.