Back to limesurvey.org

Welcome to the LimeSurvey Community Forum

Ask the community, share ideas, and connect with other LimeSurvey users!

LDAP configuration

More
4 years 11 months ago - 4 years 11 months ago #205727 by krojQu
LDAP configuration was created by krojQu
Hi,
I am trying to connect by LDAP with Active Directory. I fill out the AuthLDAP form as shown in the picture, but it doesn't find the user and password.I try to log in with credentials:

Authentication: LDAP
Login: Name Surname *sAMAccountName*
Pass : ******

Please tell me what I'm doing wrong, maybe I haven't set up something else.
Last edit: 4 years 11 months ago by krojQu.
The topic has been locked.
More
4 years 11 months ago #205734 by DenisChenu
Replied by DenisChenu on topic LDAP configuration
«CN=Name Surname» Are you sure ?
Remove the optionnal filter for start : make it the most simple.

LDAP filter is complex, but it's not related to LimeSurvey.
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member. - Professional support - Plugins, theme and development .
I don't answer to private message.
The topic has been locked.
More
4 years 11 months ago #205780 by krojQu
Replied by krojQu on topic LDAP configuration
Name Surname - this data has been changed in the screenshot, and normally I enter the data from the Active Directory. In AD I have CN like myName mySurname myNumber. In this form in place "Optional DN of the LDAP account used to search for the end-user's DN. An anonymous bind is performed if empty." I type distinguishedName from AD.
The topic has been locked.
More
4 years 11 months ago #205782 by DenisChenu
Replied by DenisChenu on topic LDAP configuration
In my opinion : the issue is here.

To use search and bind : you need a user with rights on all users's.

With AD : i think you must use "Simple bind" authentication : AD check if user can log in with current account.

There are sample www.limesurvey.org/manual/Authentication...s_AD2008_.26_2.05.2B
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member. - Professional support - Plugins, theme and development .
I don't answer to private message.
The topic has been locked.
More
4 years 11 months ago #205798 by krojQu
Replied by krojQu on topic LDAP configuration
and I must "Create a LimeSurvey user with the same name as a AD(active directory) user account "? What does that mean? I need create user in User Contol in Lime?
The topic has been locked.
More
4 years 11 months ago #205800 by DenisChenu
Replied by DenisChenu on topic LDAP configuration
2 solution :
1. all AD user can access LimeSUrvey, no need to create (create is done automatically)
2. If not (you disable the autocreate) : the same login must be created before the 1st login.
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member. - Professional support - Plugins, theme and development .
I don't answer to private message.
The topic has been locked.
More
4 years 11 months ago #205855 by krojQu
Replied by krojQu on topic LDAP configuration
But if i check option "Automatically create user if it exists in LDAP server" in AuthLDAP form then I get such an error as in the attachment. Maybe I have a wrong connection with AD? This connection is set only in limesurvey form or somewhere in the configuration files?
The topic has been locked.
More
4 years 11 months ago #205863 by DenisChenu
Replied by DenisChenu on topic LDAP configuration
Not related to LimeSurvey :
stackoverflow.com/a/15110468/2239406

Except : it muts not shown an error like this byu a clean error to user : if you can report like this "Show a clean error with bad settings in LDAP"
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member. - Professional support - Plugins, theme and development .
I don't answer to private message.
The topic has been locked.
More
4 years 11 months ago - 4 years 11 months ago #205871 by krojQu
Replied by krojQu on topic LDAP configuration
I dont understand u with this "Show a clean error with bad settings in LDAP", where it is?
And now I have another error
Last edit: 4 years 11 months ago by krojQu.
The topic has been locked.
More
4 years 11 months ago #205908 by DenisChenu
Replied by DenisChenu on topic LDAP configuration

krojQu wrote: I dont understand u with this "Show a clean error with bad settings in LDAP", where it is?

I mean : you can report an issue to show a better error.

krojQu wrote: And now I have another error

Here it's an issue too, but why you use debug mode ?

It's seems youn have more than one user here ?
github.com/LimeSurvey/LimeSurvey/blob/62...thLDAP.php#L516-L517
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member. - Professional support - Plugins, theme and development .
I don't answer to private message.
The topic has been locked.
More
4 years 11 months ago #205924 by krojQu
Replied by krojQu on topic LDAP configuration
Sorry, but where I can report this issue to show better error?
I use debug mode because I see an error other than just a bad username/password. In my AD I have only one user with this number/mail which I'm trying to log in to ldap. He is also domain administrator.
The topic has been locked.
More
4 years 11 months ago - 4 years 11 months ago #206016 by krojQu
Replied by krojQu on topic LDAP configuration
Ok, create users and log in works.
But very user I create is an admin and I want them to be normal users who can fill in the polls.
Last edit: 4 years 11 months ago by krojQu.
The topic has been locked.
More
4 years 11 months ago #206020 by DenisChenu
Replied by DenisChenu on topic LDAP configuration

krojQu wrote: Ok, create users and log in works.

Maybe it can be great to explain what is your error , then we can improve manual …
Or maybe someone find this topic and want some help …

krojQu wrote: But very user I create is an admin and I want them to be normal users who can fill in the polls.

Strange ?

The only Permission set was auth_ldap
github.com/LimeSurvey/LimeSurvey/blob/6c...AP/AuthLDAP.php#L300
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member. - Professional support - Plugins, theme and development .
I don't answer to private message.
The topic has been locked.
More
4 years 11 months ago #206022 by krojQu
Replied by krojQu on topic LDAP configuration
Ok, sorry. I am enclosing my correct configuration. I had a problem with the "Optional DN of the LDAP account used to search for the end-user's DN." field because I was entering the wrong user. In the "Attribute to compare" field I compared the "cn" attributes, and now I changed it to "mail". Additionally, for the user to be created, the fields "LDAP attribute of email address" and "LDAP attribute of full name" must be completed. Now I log in with my e-mail and password and get to the application.

So what should I do to create a normal user without admin rights?
The following user(s) said Thank You: DenisChenu
The topic has been locked.
More
4 years 11 months ago #206031 by DenisChenu
Replied by DenisChenu on topic LDAP configuration

krojQu wrote:
So what should I do to create a normal user without admin rights?

It must be the case (for new user).

Warning : LDAP allow to search without case, but LimeSurvey use case.

Then : the 1st case system must be used by user. If the entre with MyName@example.org, they can not entre with myname@example.org.
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member. - Professional support - Plugins, theme and development .
I don't answer to private message.
The topic has been locked.
Moderators: holchtpartner

Lime-years ahead

Online-surveys for every purse and purpose

Pricing & Plans
Get started

Legal

About Us

Open Source