- Posts: 18
- Thank you received: 3
Welcome to the LimeSurvey Community Forum
Ask the community, share ideas, and connect with other LimeSurvey users!
AuthLDAP inner workings
- ViliusS
- Topic Author
- Offline
- New Member
Less
More
3 years 5 months ago - 3 years 5 months ago #207840
by ViliusS
AuthLDAP inner workings was created by ViliusS
I have successfully configured AuthLDAP plugin to authenticate LimeSurvey against ActiveDirectory however I want to know more how exactly AuthLDAP works. My questions are:
1) Can I disable LimeSurvey internal database so I can use only LDAP?
2) If yes, what happens if my LDAP server will be unavailable? Will public survey execution work for my users? Is there a way to switch Internal Auth database ON again without a user interface?
3) How exactly "Allow initial user to login via LDAP" option work?
4) Can I use LDAP login via API to get a session token for /remotecontrol link?
5) If I enable "Check to make default authentication method" in plugin configuration will the default authentication method change for API logins on /remotecontrol too?
1) Can I disable LimeSurvey internal database so I can use only LDAP?
2) If yes, what happens if my LDAP server will be unavailable? Will public survey execution work for my users? Is there a way to switch Internal Auth database ON again without a user interface?
3) How exactly "Allow initial user to login via LDAP" option work?
4) Can I use LDAP login via API to get a session token for /remotecontrol link?
5) If I enable "Check to make default authentication method" in plugin configuration will the default authentication method change for API logins on /remotecontrol too?
Last edit: 3 years 5 months ago by ViliusS.
The topic has been locked.
- DenisChenu
- Offline
- LimeSurvey Community Team
Less
More
- Posts: 13643
- Thank you received: 2491
3 years 5 months ago #207843
by DenisChenu
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
Replied by DenisChenu on topic AuthLDAP inner workings
1. I don't think, but each user have a rigt (or no) to login via Auth.
2. No change on public execution, only log in are disabled. No way to disable except remove the AuthLdap file (or update via DB) but : user without AuthDB right still can not log in.
3. The initial user admin is user #1, by default ;: he can not log via LDAP (it was created before config was set) with he can : github.com/LimeSurvey/LimeSurvey/blob/82...AP/AuthLDAP.php#L448
4. Yes, because LDAP have user/password. See manual.limesurvey.org/RemoteControl_2_API#get_session_key , the plugin parameter
5. No change : default is for GUI login only, for remote see manual.limesurvey.org/RemoteControl_2_API#get_session_key
2. No change on public execution, only log in are disabled. No way to disable except remove the AuthLdap file (or update via DB) but : user without AuthDB right still can not log in.
3. The initial user admin is user #1, by default ;: he can not log via LDAP (it was created before config was set) with he can : github.com/LimeSurvey/LimeSurvey/blob/82...AP/AuthLDAP.php#L448
4. Yes, because LDAP have user/password. See manual.limesurvey.org/RemoteControl_2_API#get_session_key , the plugin parameter
5. No change : default is for GUI login only, for remote see manual.limesurvey.org/RemoteControl_2_API#get_session_key
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
The topic has been locked.
- ViliusS
- Topic Author
- Offline
- New Member
Less
More
- Posts: 18
- Thank you received: 3
3 years 5 months ago #207844
by ViliusS
Replied by ViliusS on topic AuthLDAP inner workings
Thank you. One more question. If I create a user from LimeSurvey GUI with type set to LDAP or if I the user is created automatically by the initial login process I assume it sets a password in the Authdb too? Is it some kind of random password and can I use it in case of LDAP failure (assuming that Authdb rights are given to the user)?
The topic has been locked.
- DenisChenu
- Offline
- LimeSurvey Community Team
Less
More
- Posts: 13643
- Thank you received: 2491
3 years 5 months ago #207845
by DenisChenu
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
Replied by DenisChenu on topic AuthLDAP inner workings
If you create the user : you have to set a password (in my opinion : it's an issue :
bugs.limesurvey.org/view.php?id=13222
)
If user was created via LDAP : have password github.com/LimeSurvey/LimeSurvey/blob/82...AP/AuthLDAP.php#L286 (still an issue)
Then : user can ask a new password too (for example)
If user was created via LDAP : have password github.com/LimeSurvey/LimeSurvey/blob/82...AP/AuthLDAP.php#L286 (still an issue)
Then : user can ask a new password too (for example)
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
The topic has been locked.
- ViliusS
- Topic Author
- Offline
- New Member
Less
More
- Posts: 18
- Thank you received: 3
3 years 5 months ago #207847
by ViliusS
Replied by ViliusS on topic AuthLDAP inner workings
So what default password does LimeSurvey set if a user is automatically created on LDAP login? Is it random?
The topic has been locked.
- DenisChenu
- Offline
- LimeSurvey Community Team
Less
More
- Posts: 13643
- Thank you received: 2491
3 years 5 months ago #207856
by DenisChenu
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
Replied by DenisChenu on topic AuthLDAP inner workings
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
The topic has been locked.