How to give an admin access to the users who have logged in using ldap username and password after authentication. And should we store this $_POST values in drupal database.
If you are using the ldap_integration module after an LDAP user logs in for the first time a full local Drupal user is created for them. Install http://drupal.org/project/adminrole which lets you assign your users, even LDAP users, into an "Admin Role". This module gives all available permissions to users in this role.
Related
I have a Wordpress/WooCommerce installation using Wordpress itself for authentication. I want to switch to LDAP-based authentication (e.g. OpenLDAP). How can I migrate existing users with minimal intervention on their part?
Ideally they would simply continue using their pre-existing credentials for Wordpress and for any other resources using the same LDAP database.
In addition, new users created via WooCommerce purchases should be created as LDAP users.
(Existing plugins like Simple LDAP Login seem to handle creating Wordpress users for pre-existing LDAP credentials just fine. I'm looking for support in the other direction.)
I think you'll have to develop this task yourself. You could check tools like : https://lsc-project.org/start which will allow you to configure mapping and synchronising SQL database to LDAP directory and schedule the task regularly (or trigger it on new row in the DB)
Only point where you could have some problem would be the "keep their credentials". I don't know wordpress, but if the hashing and/or crypting mechanism of the passwords are not natively supported by OpenLDAP, you will have to hash the clear password of the user to store it with a mechanism compatible.
One way would be to tell every user that the password will be reset and that they will have to retype it (some custom landing page where you authenticate the user with his credentials on the wordpress DB and if successful write the password on the LDAP)
Another way would be to deploy some self service password with all account reset and a need to re-set them with a link send to their email (from the LDAP). There are tools like that, for example : https://ltb-project.org/documentation/self-service-password
Follow Esteban's advice I developed a solution as follows:
Wordpress interface
Install Simple LDAP Login
Install JWT Authentication for WP REST API
Users authenticate against LDAP, fall back on Wordpress
"Change password" sends them to new interface
New interface
User logs in via new interface
Users authenticate against LDAP, fall back on:
Authenticate against Wordpress via JWT. On success:
Create LDAP user (we have the password)
Delete Wordpress password hash (no longer needed, forces LDAP-based authentication in future)
Workflow
Existing users can sign in via Wordpress or the new interface. Once they use the new interface (to sign in or change their password), they are migrated to LDAP-based authentication.
New users are registered in LDAP. They can sign in via Wordpress or the new interface, both backed by LDAP.
I have successfully set up the FOSUserBundle and the FR3D LDAP bundle to allow my company users to login to the web app with their own login.
From now, if someone logins, they will have the default role, which is ROLE_USER.
However, I only want a specific role to be allowed (in this case it's ROLE_CONSULT, which I created).
What I am doing to allow users at this moment is:
Ask the user to login to the web app
They get the "You have no right to access this web page"
They tell me he connected
I change the user's role to "ROLE_CONSULT" with a form I created within the admin panel.
What I want to do is:
I select the user from the LDAP list
Change the user role (which is not on the database yet, but will be as soon as I change the role)
The user logins successfully
I already developed the 1 and 2 points, but as the "salt" is empty on the database, it doesn't allow the user to connect as it must believe the password isn't correct.
Any idea how I can make it work by telling Symfony2 it is the first login, it will automatically ONLY check the entered password at my LDAP configuration ?
Thanks.
Alright, that was easy.
I just forgot to put the "DN" to the database.
Now it's working.
I'm setting up a Wordpress site that I need to get and store user info in LDAP. I have found a few plugins that will let me auth my users against LDAP and that is a start. What I need is new user registration to create the users in LDAP and password resets to update the passwords in LDAP as well.
The LDAP server is running OpenLDAP and LAM is installed, I know that there pro version does user provisioning but it doesn't let me redirect the people back to my WP install after they have created an account.
Ideally I would like to find a plugin for WP that would solve this but if I had to redirect users to my LDAP server for account creation that would be ok if at the end of the process I could send them back to the URL they came from.
Can the Admin users in Artifactory be validated with the LDAP group. In short, we do not want to enable the user as a Admin in artifactory manually. We want artifactory to look at the ldap group and validate if the user can be a admin.
No, you can't, and for a very good reason. Think about a change in your LDAP query schema. Everybody will be locked out forever.
Since version 5.3 Artifactory supports granting Admin privileges to a group of users.
This allows you to import a group from your LDAP or Crowd server and grant Admin privileges to the whole group in a single action.
I am a system administrator of one ldap server.
As a sys amdin my aim is to inform all the users their uid's and password stored ldap directory. I am able to get the uid's of all the user, but I am not able to fetch the password for individual user.
Essentially, I want to query ldap server to get the password details of each user.
I am not able to find the solution for this.
Please share how can I achieve this.