LDAP Groups and Debugging log

  • Resolved ben-tompia

    (@ben-tompia)


    8 years, 3 months ago

    Hello,

    I have the plugin working if I’m just using the default role but I’m having a tough time getting the mapped groups working and I think it’s because I’m not sure what to use for the group-filter. I have this talking with Microsoft AD. Here are the settings I have:

    Default role = deny access
    Group-Attribute = cn
    group-separator = ,
    group-filter = left this at default

    Role mapping:
    Administrator = Sec.Wordpress.Admins

    Also when you turn debugging on does it write it’s own log file somewhere or does it just put it in with the server logs? I can’t see any logs on the server being generated from the plugin.

    Thanks!

    https://www.ads-software.com/plugins/authldap/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author heiglandreas

    (@heiglandreas)

    Hi.

    The default group-filter will not work in AD environments as AD stores group-memberships in the user-object. The filter needs to be something like this:

    (&(objectclass=group)(member=%dn%)) (If I recall correctly)

    The debugging messages are added to the default error-log php uses. That might be a separate file or the system log. But that strongly depends on your setup…

    Thread Starter ben-tompia

    (@ben-tompia)

    Thanks for the fast reply. I have it working now and was able to find the log. For anyone else that needs it, this is what I have now:

    Group-Attribute: distinguishedName
    Group-Separator: ;
    Group-Filter: (&(objectclass=group)(member=%dn%))

    Under the Role, I have this under Administrator:
    CN=MySecurityGroup,OU=My OU,DC=corp,DC=domain,DC=int

    Plugin Author heiglandreas

    (@heiglandreas)

    Great to read that!

    Thanks for getting back ??

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘LDAP Groups and Debugging log’ is closed to new replies.