<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Verdana","sans-serif";
color:blue;
font-weight:normal;
font-style:normal;
text-decoration:none none;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-GB link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";
color:blue'>Hello<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";
color:blue'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";
color:blue'>Ignore the installer on that front. I need to change a line.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";
color:blue'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";
color:blue'>You need to separate the hosts with $$$ as the delimiter.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";
color:blue'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";
color:blue'>As a caveat this is new territory for an install. We’ve done
a proof of concept using two LDAP strings here, but never three. It should be scalable,
but there is also the situation at present that certain features (peer review,
lockfile emails when a shared template editor window closes) are not guaranteed
to work (early assumptions in the code limit it).<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";
color:blue'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";
color:blue'>I have been debating whether or not to store an email in the logindetails
table – but this requires altering that table and I am a bit reluctant to
do this before we release version 1.5. It is an omission on my part, but it’s
one of those problems when developing open source is how to keep the system
relatively stable.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";
color:blue'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";
color:blue'>If you have a PHP developer person I would suspect these
modifications would take under an hour or so to make (I could tell you
precisely what to change). But you would have a slightly custom install for a
few files (index.php, website_code/php/peer/peer_review.php and
website_code/php/versioncontrol/template_close.php) and a slightly different
login_details table.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";
color:blue'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";
color:blue'>So for the LDAP<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";
color:blue'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";
color:blue'>I would do <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";
color:blue'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";
color:blue'>Host1$$$Host2$$$Host3 for hosts<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";
color:blue'>Port1$$$Port2$$$Port3 for ports<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";
color:blue'>And so on for each variable for the LDAP settings (bind dn, basedn,
password).<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";
color:blue'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";
color:blue'>Reiterating my lack of LDAP knowledge – I don’t
understand this to any great level – </span><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>sAMAccountName – appears to be a good
default academic value for searching. The case sensitivity issues has occurred before
with one install. </span><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";
color:blue'>Maybe I could resolve this with a PHP string function of some
nature.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";
color:blue'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";
color:blue'>I’ve had two people feedback on LDAP so far (hence number of
login_library bug fixes) but I am not sure how best to proceed. I have been
mulling over making a post installer test suite – including an LDAP page
to help people work out why their settings don’t like the code. We also
have the issue that we can’t predict how IT literate people installing
the code are. I think the installer does a pretty good job at the moment,
though I could see scope for it providing more support – but these things
all take time. It’s also very likely a lot of people installing the code
won’t care for LDAP as they’ll be authenticating to something else.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";
color:blue'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";
color:blue'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";
color:blue'>I am not aware of what the LDAP filters do, but the code needs them
and they are used in the LDAP filter function, so I called them LDAP filter 1
and LDAP filter 2. Not the most original or informative, but again, I plead
ignorance on this front. <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";
color:blue'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";
color:blue'>I could see a case that the LDAP function “learns”, or
maybe just uses an if not statement on the givenName attribute. My worry would
be how many “given names” are there – what do our non-English
(apologies for taxonomy) LDAP usernames appear as? <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";
color:blue'>I don’t think you’ve misunderstood anything either –
we are just at the very edge of the code here and I am grateful for your
feedback.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";
color:blue'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";
color:blue'>I hope this helps.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";
color:blue'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";
color:blue'>Pat<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";
color:blue'><o:p> </o:p></span></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'>
<p class=MsoNormal style='margin-left:36.0pt'><b><span lang=EN-US
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>
xerte-bounces@lists.nottingham.ac.uk
[mailto:xerte-bounces@lists.nottingham.ac.uk] <b>On Behalf Of </b>Johnathan
Kemp<br>
<b>Sent:</b> 19 May 2009 12:55<br>
<b>To:</b> xerte@lists.nottingham.ac.uk<br>
<b>Subject:</b> [Xerte] Configuration of LDAP authentication and
thelogin_library.php file<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal style='margin-left:36.0pt'><o:p> </o:p></p>
<div>
<p class=MsoNormal style='margin-left:36.0pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>Hello Xerte Team,</span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='margin-left:36.0pt'> <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='margin-left:36.0pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>I now have a Xerte On-line Toolkits site that
I can log on to using LDAP, but I had some fun getting it set up and would like
to clarify a couple of things.</span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='margin-left:36.0pt'> <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='margin-left:36.0pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>In the site setup I have set up a single ldap
host, however I would like to have three, would the correct syntax be</span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='margin-left:36.0pt'> <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='margin-left:36.0pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>999.999.999.999\n999.999.999.999\n999.999.999.999
</span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='margin-left:36.0pt'> <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='margin-left:36.0pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>for this, using the \n as a separator of the
IP addresses, rather than a ";" ?</span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='margin-left:36.0pt'> <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='margin-left:36.0pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>Is it possible to specify more than one ldap
base and if so would it be correct to use "\n" as the separator
between bases?</span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='margin-left:36.0pt'> <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='margin-left:36.0pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>Is there somewhere in the setup that is
intended to specify the LDAP field that will be used in the login process, so
that when a username is entered in the login form it is matched to the correct
LDAP field when checking the user name and password against LDAP? I set
"The first LDAP filter is" box to sAMAccountName but found that the
login_library.php file was using the "dn" field to match against. It
was only after working my way back through the Xerte code that I found out why
I could not log on. I had to edit lines 48 and 171 of login_library.php to use
sAMAccountName rather than dn. Similarly lines 8 and 131 refer to
"givenname" whereas our LDAP field is "givenName" so I had
to edit these as well.</span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='margin-left:36.0pt'> <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='margin-left:36.0pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>I have to admit I am not sure what your
intended use is for the fields in the set up "The first LDAP filter"
and "The second LDAP filter".</span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='margin-left:36.0pt'> <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='margin-left:36.0pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>How practical would it be to include in the
LDAP set up fields for the LDAP values that will be</span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='margin-left:36.0pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>a) matched to the user id entered at login</span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='margin-left:36.0pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>b) used to gather the user first name</span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='margin-left:36.0pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>c) used to gather the user last name</span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='margin-left:36.0pt'> <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='margin-left:36.0pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>So that discrepancies between different
systems can be accommodated without the need to edit code?</span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='margin-left:36.0pt'> <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='margin-left:36.0pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>Or have I misunderstood something?</span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='margin-left:36.0pt'> <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='margin-left:36.0pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>Kind regards</span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='margin-left:36.0pt'> <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='margin-left:36.0pt'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>Johnathan</span><o:p></o:p></p>
</div>
<p style='margin-left:36.0pt'><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Johnathan
Kemp<br>
IT Dev. Manager<br>
Connexions Staffordshire<br>
</span><a href="http://www.cxstaffs.co.uk/"><span style='font-size:10.0pt;
font-family:"Arial","sans-serif"'>www.cxstaffs.co.uk</span></a><br>
<span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>01785 355714</span><o:p></o:p></p>
<p style='margin-left:36.0pt'> <o:p></o:p></p>
<div>
<p class=MsoNormal style='margin-left:36.0pt'> <o:p></o:p></p>
</div>
<div>
<div class=MsoNormal align=center style='margin-left:36.0pt;text-align:center'>
<hr size=2 width="100%" align=center>
</div>
<p class=MsoNormal style='margin-left:36.0pt'>This email and any files
transmitted with it are confidential and are intended solely for the use of the
individual(s) or entity(s) to whom they are addressed. All messages are
monitored for virus, high risk files and inappropriate content. As a result
users should be aware that this mail maybe accessed, read and the right is reserved
to reject, return, remove attachments or delete if considered to be
inappropriate or unsuitable. Liability cannot be accepted for any loss or
damage arising from this email (or any attachments) or from scripts or any
virus transmitted. This communication represents the originator's personal
views and opinions, which do not necessarily reflect those of Connexions
Staffordshire. If you are not the original recipient or the person responsible
for delivering the email to the intended recipient, be advised that you have
received this email in error, and that any use, dissemination, forwarding,
printing, or copying of this email is strictly prohibited. If you received this
email in error, please immediately reply to the sender or notify
postmaster@cxstaffs.co.uk Connexions Staffordshire Limited is registered in
England No.4355170 Registered office: Foregate House, 70 Foregate Street,
Stafford, Staffordshire, ST16 2PX<o:p></o:p></p>
</div>
</div>
</body>
</html>