Back to limesurvey.org

Welcome to the LimeSurvey Community Forum

Ask the community, share ideas, and connect with other LimeSurvey users!

Search Results (Searched for: ldap)

  • stefanosts
  • stefanosts's Avatar
23 May 2025 14:52
Replied by stefanosts on topic AuthLDAP with Active Directory not working
What is the proper way to enable debug mode and full logging for LDAP? I only managed to enable debug mode but I could not find any way to check any actuals logs. Neither specific to LDAP nor generic.

I appreciate any help

Thanks
  • DenisChenu
  • DenisChenu's Avatar
21 May 2025 08:38
Replied by DenisChenu on topic AuthLDAP with Active Directory not working

anybody had any luck in using AuthLDAP with Active Directory?
 
I have it… and  no issue.

No idea here.
  • stefanosts
  • stefanosts's Avatar
20 May 2025 19:27 - 20 May 2025 19:27
Replied by stefanosts on topic AuthLDAP with Active Directory not working
anybody had any luck in using AuthLDAP with Active Directory?
  • Leroy75
  • Leroy75's Avatar
02 May 2025 15:40
Comment mettre une authentifi SSO en front pour accèder à un questionnaire ? was created by Leroy75
Please help us help you and fill where relevant:
LimeSurvey version: [see right hand bottom of your LimeSurvey admin screen]
Own server or LimeSurvey Cloud:
Survey theme/template:
==================
(Write here your question/remark)Please help us help you and fill where relevant:
LimeSurvey version: [6.13.1]
Own server : hébergé sur notre serveur : u-paris.fr
Survey theme/template: Bootswatch
==================
Bonjour,
Nous sommes une université et cherchons à mettre en place une authentification SSO pour accéder en front à un questionnaire.
Nous souhaiterions injectés des données prérempli dans un questionnaire et que les données rattachées à l'utilisateur (connecté en SSO) s'affichent dans sa session.
L'utilisateur doit pouvoir ensuite modifier ces informations et valider le questionnaire.

Est-ce possible de faire cela avec LimeSurvey ?
Nous avons un annuaire LDAP.

Cordialement
  • stefanosts
  • stefanosts's Avatar
30 Apr 2025 17:11 - 02 May 2025 11:08
Replied by stefanosts on topic AuthLDAP with Active Directory not working
Hi,

The script I used for testing the ldap connection from the same server limesurvey is installed to the actual LDAP server is this:

Code:
<?php
$ldap_host = "ldap://ldap.server.IP.address";
$ldap_port = 389;
$bind_dn   = "CN=bind_user,OU=User Account,DC=domain,DC=com";
$bind_pwd  = "bind_user_password";
$base_dn   = "ou=actual ou,dc=domain,dc=com";
$username  = "username of actual user on AD";        // sAMAccountName of a real AD user
 
$filter = "(&amp;;(objectClass=user)(sAMAccountName=$username))";
 
$ds = ldap_connect($ldap_host, $ldap_port);
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
 
if (!$ds) {
    die("Could not connect to LDAP server");
}
 
echo "Connected to LDAP<br>";
 
if (!ldap_bind($ds, $bind_dn, $bind_pwd)) {
    die("LDAP bind failed<br>");
}
 
echo "Bind successful<br>";
 
$search = ldap_search($ds, $base_dn, $filter);
$entries = ldap_get_entries($ds, $search);
 
if ($entries["count"] == 0) {
    die("User not found in LDAP<br>");
}
 
$user_dn = $entries[0]["dn"];
 
echo "Found user: $user_dn<br>";
 
// Now try binding as the actual user
$user_password = "password_for_test_user"; // AD password
if (@ldap_bind($ds, $user_dn, $user_password)) {
    echo "<strong>LDAP login successful for user $username</strong>";
} else {
    echo "<strong>LDAP login failed for user $username</strong>";
}
?>


Using the above script, both the bind and search as well as the login test worked successfully. 

Activating debug and testing just shows the following, I do not see any LDAP activity in it:

Code:
system.db.CDbCommand.query(SHOW FULL COLUMNS FROM lime_surveys)    1    0.00288    0.00288    0.00288    0.00288
system.db.CDbCommand.query(SHOW FULL COLUMNS FROM lime_plugins)    1    0.00106    0.00106    0.00106    0.00106
system.db.CDbCommand.query(SHOW FULL COLUMNS FROM lime_plugin_settings)    1    0.00100    0.00100    0.00100    0.00100
system.db.CDbCommand.query(SHOW FULL COLUMNS FROM lime_settings_global)    1    0.00098    0.00098    0.00098    0.00098
system.db.CDbCommand.query(SHOW FULL COLUMNS FROM lime_asset_version)    1    0.00094    0.00094    0.00094    0.00094
system.db.CDbCommand.query(SHOW CREATE TABLE lime_surveys)    1    0.00064    0.00064    0.00064    0.00064
system.db.CDbCommand.query(SHOW CREATE TABLE lime_plugins)    1    0.00049    0.00049    0.00049    0.00049
system.db.CDbCommand.query(SELECT * FROM lime_asset_version t WHERE path = :path LIMIT 1. Bound with :path='/var/www/html/limesurvey/application/extensions/yiiwheels/widgets/select2/assets')    1    0.00046    0.00046    0.00046    0.00046
system.db.CDbCommand.query(SELECT t1.message AS message, t2.translation AS translation FROM lime_source_message t1, lime_message t2 WHERE t1.id=t2.id AND t1.category=:category AND t2.language=:language. Bound with :category='', :language='en')    1    0.00045    0.00045    0.00045    0.00045
system.db.CDbCommand.query(SELECT * FROM lime_plugins t WHERE t.active=:yp0 ORDER BY priority DESC. Bound with :yp0=1)    1    0.00045    0.00045    0.00045    0.00045
system.db.CDbCommand.query(SELECT * FROM lime_settings_global t WHERE stg_name=:name LIMIT 1. Bound with :name='DBVersion')    1    0.00044    0.00044    0.00044    0.00044
system.db.CDbCommand.query(SHOW CREATE TABLE lime_asset_version)    1    0.00044    0.00044    0.00044    0.00044
system.db.CDbCommand.query(SHOW CREATE TABLE lime_plugin_settings)    1    0.00042    0.00042    0.00042    0.00042
system.db.CDbCommand.query(SELECT * FROM lime_asset_version t WHERE path = :path LIMIT 1. Bound with :path='/var/www/html/limesurvey/application/extensions/FlashMessage/assets')    1    0.00039    0.00039    0.00039    0.00039
system.db.CDbCommand.query(SELECT * FROM lime_settings_global t)    1    0.00038    0.00038    0.00038    0.00038
system.db.CDbCommand.query(SELECT * FROM lime_asset_version t WHERE path = :path LIMIT 1. Bound with :path='/var/www/html/limesurvey/application/extensions/LimeScript/assets/script.js')    1    0.00037    0.00037    0.00037    0.00037
system.db.CDbCommand.query(SHOW CREATE TABLE lime_settings_global)    1    0.00036    0.00036    0.00036    0.00036
system.db.CDbCommand.query(SELECT * FROM lime_plugin_settings t WHERE t.plugin_id=:yp0 AND t.model IS NULL AND t.model_id IS NULL AND t.key=:yp1. Bound with :yp0='5', :yp1='is_default')    1    0.00033    0.00033    0.00033    0.00033
  • DenisChenu
  • DenisChenu's Avatar
28 Apr 2025 08:31
Replied by DenisChenu on topic AuthLDAP with Active Directory not working
Can you show your script ?
Can you activate debug mode and test ?
  • stefanosts
  • stefanosts's Avatar
27 Apr 2025 01:46 - 02 May 2025 11:48
AuthLDAP with Active Directory not working was created by stefanosts
Hi,

I am using self hosted installations. I have Version 2.62.0+170124 which was then upgraded via comfort update to Version 3.28.77+231213 which was then subsequently upgraded to Version 6.10.0+250106I have then installed a clean 6.10.0+250106 as well in order to avoid any bugs or database schema miscarried from version upgrades (if any) and also a 6.13.0 all of them running on Rocky Linux 9.I have tried using AuthLDAP with all these version with settings known to work with other platforms like moodle and even a custom PHP LDAP script I wrote running on the same server as limesurvey just to confirm that the settings actually work properly with AD through ldap.

I failed miserably in ALL my tries no matter what combinations I tried and going through all info I could find online. The custom test script worked fine by the way as ldapsearch on Linux.I am not really getting a proper error except from a wrong username and/or password when ever trying to login via LDAP (even when the user with the exact same username from AD it was locally created in Limesurvey).

The settings I have used are:
Code:
LDAP server: ldap://IP_of_AD_server (I have tried ldaps:// as well)
Port number: 389 (tried 636 with ldaps://)
LDAP version LDAPv3Select true if referrals must be followed (use false for ActiveDirectory): Off
Enable Start-TLS: Off
Select how to perform authentication: Search and bind
Attribute to compare to the given login cab uid, cn, mail,: sAMAccountNameBase
DN for the user search operation. Multiple bases may be separated by a semicolon (: ou=name of,dc=domain,dc=ac,dc=cy (of course using correct OU name and Domain)
Optional extra LDAP filter to be ANDed to the basic (searchuserattribute=username) filter: (&amp;objectClass=user)(sAMAccountName={username}))
Optional DN of the LDAP account used to search for the end-user's DN. An anonymous bind is performed if empty: CN=properuseraccount,OU=User Account,DC=domain,DC=ac,DC=cy (using a proper account and domain)
LDAP attribute of email address: mail
LDAP attribute of full name: displayName (I have used cn as well)
Check to make default authentication method: unticked (I have tried both tick and unticked)
Automatically create user if it exists in LDAP server: unticked (I have tried both tick and unticked)
Grant survey creation permission to automatically created users: unticked
Optional base DN for group restriction: empty
Optional filter for group restriction: empty
Allow initial user to login via LDAP: unticked (I have tried both tick and unticked)

Regarding logs, I have tried to enable full debug mode but I do not see anything related to LDAP in it.

It’s like the call is not even made on the login screen.I have no idea though which other log would have to be enabled to log any more information on why it fails to authenticate.

I appreciate any information anyone has on the matter. At this point I am wondering if AuthLDAP does indeed work at all.

Thanks,
  • DenisChenu
  • DenisChenu's Avatar
11 Apr 2025 16:24
Replied by DenisChenu on topic New create user - default permission
Plugin source ?

For example AuthWebserver use auth_webserver_autocreate_permissions array in config

For AuthLDAP : it's fixed github.com/LimeSurvey/LimeSurvey/blob/fc...AP/AuthLDAP.php#L572

On AuthOAuth2 : it can be set on config GUI
github.com/SondagesPro/limesurvey-oauth2.../AuthOAuth2.php#L270
  • SESSOU
  • SESSOU's Avatar
01 Apr 2025 13:46
Replied by SESSOU on topic Informations incorrectes renvoyées par l'API 'list_users' (permissions)
Bonjour Denis,

Je m'aperçois que mon premier message a été tronqué.

L'API renvoie actuellement cela (j'ai supprimé quelque lignes pour raisons de clarté) :
[permissions] => Array
(
[0] => Array
(
[entity] => global
[permission] => auth_db
[read_p] => 1
...
)

En fonction du rôle attaché à l'utilisateur, elle devrait plutôt envoyer cela :
[permissions] => Array
(
[0] => Array
(
[entity] => global
[permission] => auth_ldap
[create_p] => 0
[read_p] => 1
...
)
[1] => Array
(
[id] => 52822
[entity] => global
[permission] => surveys
[read_p] => 1
...
)

En fait, j'ai l'impression que l'API ne tient pas compte des permissions associées au(x) rôle(s) plaqués sur l'usage alors que c'est le cas au niveau de l'interface web d'administration (voir capture d'écran attachée au post).

O.L.
  • SESSOU
  • SESSOU's Avatar
01 Apr 2025 11:51
Informations incorrectes renvoyées par l'API 'list_users' (permissions) was created by SESSOU
Bonjour,

En utilisant l'API JSON-RPC, je me suis aperçu que la fonction list_users renvoyait de mauvaises informations au niveau des permissions, dans la mesure où nous utilisons des rôles (lesquels rôles font préemption vis à vis des permissions par défaut).

Environnement : Limesurvey 6.12.3+250331 (Debian 12, Postgresql 15.12, PHP 8.2.28)

Protocole suivi :
  • Création d'un rôle 'Usager limité', dont Les 2 seules permissions activées sont l'authentification LDAP (auth_ldap) et la permission de lecture sur tous les questionnaires (surveys)
  • Création d'un compte utilisateur dont l'identifiant est 'test'. Au moment du choix des permissions initiales, on presse le bouton annuler (la seule permission activée par défaut dans la base de données est de ce fait auth_db).
  • Association du rôle 'Usager limité' à l'utilisateur 'test'
  • Contrôle des permissions alors associées à l'utilisateur, via l'interface web d'administration (voir capture d'écran)
  • Exécution de l'API list_users depuis php : $response=$lsJSONRPCClient->list_users($sessionKey,null,'test');
  • Voir ci-dessous l'extrait des informations envoyées (sous la forme d'un tableau associatif sous PHP) :
Array
(
    [0] => Array
        (
            [uid] => xxx
            [users_name] => test
            [full_name] => test test
            [parent_id] => xxx
           
  • Winterwolf
  • Winterwolf's Avatar
05 Mar 2025 03:58
Replied by Winterwolf on topic [[plugin] OAuth2 plugin for Admin Authentication
Thanks! I spent the day with the F5 guys. We enabled the possible options in F5.
- SSL offloading
- Add header X-Forwarded-Proto
- Sticky sessions

However, the error persists. With your debug code, it returns the message:
400: Bad request - cURL error 7: (see curl.haxx.se/libcurl/c/libcurl-errors.html ) for login.microsoftonline.com/tenantid/oauth2/v2.0/token
The request cannot be interpreted by the server due to malformed syntax. Please do not repeat the request without modification. If you think this is a server error, please contact Administrator.

I have no more ideas. Will have to go back to LDAP. :(
  • DenisChenu
  • DenisChenu's Avatar
13 Feb 2025 17:30 - 13 Feb 2025 17:31
Replied by DenisChenu on topic desactiver la possibilité aux utilisateurs de modifier leur adresse mail
>  1) est il possible de désactiver la modification du mail des utilisateurs par les utilisateurs eux meme dans leur profil?

Non, pas inclus. Possible de créer des plugin pour cela.

>  2) mes utilisateurs se connectent via l'authentification CAS (module auth_cas). Je voudrais que le champs mail (récupéré sur le ldap) soit mis à jour à chaque connection de l'utilisateur et pas seulement lors de la création de son compte. Est ce possible?

Faire la demande sur le plugin : github.com/univlorraine/limesurvey-cas/issues , c'est pas inclus actuellement.
  • cparment
  • cparment's Avatar
11 Feb 2025 16:34
desactiver la possibilité aux utilisateurs de modifier leur adresse mail was created by cparment
Aidez-nous à vous aider et remplissez les cases appropriées :
Votre version de LimeSurvey : Version de votre LimeSurvey : 5.6.68
Votre propre serveur ou LimeSurvey Cloud : propre
Thème :
==================
Bonjour, j'ai des questions sur limesurvey 5.6 et j'espère que vous pourrez m'aiguiller.
1) est il possible de désactiver la modification du mail des utilisateurs par les utilisateurs eux meme dans leur profil?
2) mes utilisateurs se connectent via l'authentification CAS (module auth_cas). Je voudrais que le champs mail (récupéré sur le ldap) soit mis à jour à chaque connection de l'utilisateur et pas seulement lors de la création de son compte. Est ce possible?
Merci pour votre aide
  • cparment
  • cparment's Avatar
11 Feb 2025 16:30
disable User Email Change was created by cparment
Please help us help you and fill where relevant:
Your LimeSurvey version: 5.6.68
Own server or LimeSurvey hosting: own server 
Survey theme/template:
==================
Hello, I have some questions about limesurvey 5.6 and I hope you can help me.
1) is it possible to deactivate the modification of users' emails by the users themselves in their profile?
2) my users connect via CAS authentication (auth_cas module). I would like the email field (retrieved from the ldap) to be updated each time the user logs in and not just when creating their account. Is this possible?
Thank you for your help
Displaying 1 - 15 out of 37 results.

Lime-years ahead

Online-surveys for every purse and purpose

Pricing & Plans
Get started

Legal

About Us

Open Source