- Posts: 3
- Thank you received: 0
Welcome to the LimeSurvey Community Forum
Ask the community, share ideas, and connect with other LimeSurvey users!
LDAP authorization
- Procopii Smetanin
- Topic Author
- Offline
- New Member
Less
More
8 months 1 week ago #245818
by Procopii Smetanin
LDAP authorization was created by Procopii Smetanin
Hello everyone, please help me set up LDAP authorization!
I am interested in the relationship: email + password from the user account in the "AD" directory.
I tried to do it myself using this instruction: manual.limesurvey.org/Authentication_plugins but nothing comes out. As if everywhere you need to first create an account in the LimeSurvey database, and only then log in under the domain user account.
And I want the domain user to just enter their email address and account password and log in. Is it even possible?
LimeSurvey Community Edition Version 6.2.2+230814
I am interested in the relationship: email + password from the user account in the "AD" directory.
I tried to do it myself using this instruction: manual.limesurvey.org/Authentication_plugins but nothing comes out. As if everywhere you need to first create an account in the LimeSurvey database, and only then log in under the domain user account.
And I want the domain user to just enter their email address and account password and log in. Is it even possible?
LimeSurvey Community Edition Version 6.2.2+230814
Please Log in to join the conversation.
- Procopii Smetanin
- Topic Author
- Offline
- New Member
Less
More
- Posts: 3
- Thank you received: 0
8 months 1 week ago #245823
by Procopii Smetanin
Replied by Procopii Smetanin on topic LDAP authorization
Here is my plugin AuthLDAP setup:
LDAP server:
ldap://ad.moon.sp
Port number:
389
LDAP version:
LDAPv3
Select true if referrals must be followed (use false for ActiveDirectory):
False
Enable Start-TLS:
False
Select how to perform authentication.:
Search and bind
Attribute to compare to the given login can be uid, cn, mail, ..:
mail
Base DN for the user search operation. Multiple bases may be separated by a semicolon (:
CN=limesurvey;CN=Users;DC=Moon;DC=sp
Optional extra LDAP filter to be ANDed to the basic (searchuserattribute=username) filter. Don't forget the outmost enclosing parentheses:
None
Optional DN of the LDAP account used to search for the end-user's DN. An anonymous bind is performed if empty.:
None
Password of the LDAP account used to search for the end-user's DN if previoulsy set.:
Password of the limesurvey account
LDAP attribute of email address:
None
LDAP attribute of full name:
None
Check to make default authentication method:
Yes
Automatically create user if it exists in LDAP server:
Yes
Grant survey creation permission to automatically created users:
Yes
Optional base DN for group restriction:
None
Optional filter for group restriction:
None
Allow initial user to login via LDAP:
Yes
My server is MS Windows Server 2012 R2
But when logging in under credentials:
email address + domain account password, I get error:
LDAP server:
ldap://ad.moon.sp
Port number:
389
LDAP version:
LDAPv3
Select true if referrals must be followed (use false for ActiveDirectory):
False
Enable Start-TLS:
False
Select how to perform authentication.:
Search and bind
Attribute to compare to the given login can be uid, cn, mail, ..:
Base DN for the user search operation. Multiple bases may be separated by a semicolon (:
CN=limesurvey;CN=Users;DC=Moon;DC=sp
Optional extra LDAP filter to be ANDed to the basic (searchuserattribute=username) filter. Don't forget the outmost enclosing parentheses:
None
Optional DN of the LDAP account used to search for the end-user's DN. An anonymous bind is performed if empty.:
None
Password of the LDAP account used to search for the end-user's DN if previoulsy set.:
Password of the limesurvey account
LDAP attribute of email address:
None
LDAP attribute of full name:
None
Check to make default authentication method:
Yes
Automatically create user if it exists in LDAP server:
Yes
Grant survey creation permission to automatically created users:
Yes
Optional base DN for group restriction:
None
Optional filter for group restriction:
None
Allow initial user to login via LDAP:
Yes
My server is MS Windows Server 2012 R2
But when logging in under credentials:
email address + domain account password, I get error:
Code:
500: Internal server error ldap_count_entries(): Argument #2 ($result) must be of type LDAP\Result, bool given An internal error occurred during the processing of your request by the web server.
Please Log in to join the conversation.
- Procopii Smetanin
- Topic Author
- Offline
- New Member
Less
More
- Posts: 3
- Thank you received: 0
8 months 1 week ago #245824
by Procopii Smetanin
Replied by Procopii Smetanin on topic LDAP authorization
Problem solved!
Here is the solution: github.com/LimeSurvey/LimeSurvey/blob/21...AP/AuthLDAP.php#L303
Here is the solution: github.com/LimeSurvey/LimeSurvey/blob/21...AP/AuthLDAP.php#L303
Please Log in to join the conversation.