<div>The 'xerte_author' account is temporary for development. Using dsa.msc to access the Active Directory on the Windows 2008 Server I find the first and last name fields populated ('Xerte' and 'Author' respectively). Upon deployment we will have multiple users, ideally within multiple user groups, maintained within Active Directory.</div>
<div> </div>
<div>Presently we have several clients, each with multiple users, some of which will be authorized to author content. These users are currently maintained in a customized MSSQL database (i.e. not Active Directory). Originally I was planning to bypass LDAP and auto-login to Xerte Toolkits via customized MSSQL queries within a modified login_library.php. Then I ran into what appeared to be additional LDAP queries coming from other script files and that, combined with your comment about MSSQL and LDAP not being alternatives and the additional benefits I've since read about since on LDAP encryption I thought it best to stay within LDAP. </div>
<div> </div>
<div>What do you think, Pat?<br><br></div>
<div class="gmail_quote">On Tue, Mar 31, 2009 at 11:18 AM, Patrick Lockley <span dir="ltr"><<a href="mailto:Patrick.Lockley@nottingham.ac.uk">Patrick.Lockley@nottingham.ac.uk</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">
<div>
<div dir="ltr">
<div dir="ltr"><font face="Arial" color="#000000" size="2">When I used to do systems admin on a 2k server i used a tool called Active Directory to manage the active directory? You installed it from something call admin pack and it didn't need to be ran from the server (just from an account with suitable management rights on that part of the tree / forest).</font></div>
<div dir="ltr"><font face="Arial" size="2"></font> </div>
<div dir="ltr"><font face="Arial" size="2">The only issue would be that the $entry array is what sets the firstname and surname attributes when a user is created - check you logindetails table in the database, I would assume there are two blank name fields?</font></div>
<div dir="ltr"><font face="Arial" size="2"></font> </div>
<div dir="ltr"><font face="Arial" size="2">Could I ask why you are authenticating in this way - because you'll need to disable a few things as well because they only really work when there are multiple users - peer review, project sharing are two for examples.</font></div>
</div>
<div dir="ltr"><br>
<hr>
<font face="Tahoma" size="2"><b>From:</b> <a href="mailto:xerte-bounces@lists.nottingham.ac.uk" target="_blank">xerte-bounces@lists.nottingham.ac.uk</a> on behalf of Vince Byfield<br><b>Sent:</b> Tue 31/03/2009 18:23<br>
<b>To:</b> Xerte discussion list<br><b>Subject:</b> [Xerte] login_library.php Script Modifications Regarding LDAP<br></font><br></div>
<div>
<div></div>
<div class="h5">
<div>
<div>Thank you Julian and Patrick for your comments and advice.</div>
<div> </div>
<div>I've decided to follow Patrick's suggestion to work within LDAP and have created a dedicated user within the Windows active directory which only edits content ('xerte_author') -- this Windows user account is used for nothing else and has never been logged in or signed in to any system other that via Xerte/LDAP. (I will have to find some LDAP administration software that will allow me to manage LDAP/Active Directory users and groups in conjunction with a customized Microsoft ASP/MSSQL user database--your suggestions for the most appropriate software to accomplish this would be appreciated).</div>
<div> </div>
<div>Meanwhile, I was able to get the LDAP authentication working after commenting out the following section of code within login_library.php:</div>
<div> </div>
<div>// ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);<br></div>
<div>Setting this particular option generates an error response of 1 which according the MSDN/LDAP reference is LDAP_OPERATIONS_ERROR. Interestingly, if I replace the line with ldap_get_option I see that the LDAP_OPT_PROTOCOL_VERSION is already set to 3 so I commented the line out.</div>
<div> </div>
<div>and later on :</div>
<div> </div>
<div>//$entry = ldap_get_entries($ds, $sr);</div>
<div>//if(! $entry or ! $entry[0]) {<br>// receive_message($username, "USER", "CRITICAL", "Login failed for " . $username, "Login failed for " . $username);<br>//return false;</div>
<div>//}else {</div>
<div>{<br><br>$entry is presently returning an array of 0 elements. </div>
<div> </div>
<div>Once these two sections of code are commented out I am able to log in, create and edit templates with ease. Do you foresee any difficulties with keeping these customizations?</div>
<div> </div>
<div>Thanks :-)</div>
<div> </div>
<div>Vince.</div>
<div><br> </div>
<div class="gmail_quote">On Sat, Mar 28, 2009 at 12:02 PM, Patrick Lockley <span dir="ltr"><<a href="mailto:Patrick.Lockley@nottingham.ac.uk" target="_blank">Patrick.Lockley@nottingham.ac.uk</a>></span> wrote:
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">
<div>
<div dir="ltr">
<div dir="ltr"><font face="Arial" size="2"></font> </div>
<div dir="ltr"><font face="Arial" size="2">I don't see ms sql and LDAP as alternatives to each other - but if you wish to use another form of authentication then you would need to modify the code in the login_library.php functions. It would be a matter of writing a select query on the password and username variables, and then seeing what it returns.</font></div>
<div dir="ltr"><font face="Arial" size="2"></font> </div>
<div dir="ltr"><font face="Arial" size="2">Pat</font></div></div></div></blockquote></div></div></div></div></div><br>_______________________________________________<br>Xerte mailing list<br><a href="mailto:Xerte@lists.nottingham.ac.uk">Xerte@lists.nottingham.ac.uk</a><br>
<a href="http://lists.nottingham.ac.uk/mailman/listinfo/xerte" target="_blank">http://lists.nottingham.ac.uk/mailman/listinfo/xerte</a><br><br></blockquote></div><br>