Kommentare zu: AD Integration Roadmap [Updated] http://blog.ecw.de/archives/55 The home of problems nobody else has. Wed, 21 Dec 2011 10:57:12 +0000 hourly 1 http://wordpress.org/?v=3.2.1 Von: Amol C http://blog.ecw.de/archives/55/comment-page-2#comment-885 Amol C Tue, 13 Dec 2011 04:56:57 +0000 http://blog.ecw.de/?p=55#comment-885 Hello, Thanks for the wonderful AD module, it has worked very easily and was the only module which got connected to my AD server without any issue. Please can you plan a similar module for drupal. Hello,

Thanks for the wonderful AD module, it has worked very easily and was the only module which got connected to my AD server without any issue.

Please can you plan a similar module for drupal.

]]> Von: cst http://blog.ecw.de/archives/55/comment-page-2#comment-884 cst Tue, 06 Dec 2011 12:05:56 +0000 http://blog.ecw.de/?p=55#comment-884 Hello Mike, I don't know how you organize your posts and groups/roles, but it is as you suspect. In WordPress every user has ONE (1) role and ADI maps the first matching AD group (from left to right) to the corresponding WordPress role. There is no way (as far as I know) to let users have more than one role in WordPress. Hello Mike,
I don’t know how you organize your posts and groups/roles, but it is as you suspect. In WordPress every user has ONE (1) role and ADI maps the first matching AD group (from left to right) to the corresponding WordPress role. There is no way (as far as I know) to let users have more than one role in WordPress.

]]> Von: Mike http://blog.ecw.de/archives/55/comment-page-2#comment-883 Mike Fri, 02 Dec 2011 22:05:21 +0000 http://blog.ecw.de/?p=55#comment-883 If a person is in two groups in active directory and i have content based on groups will a person see the content from both groups or just the first group in order left to right? Thanks Mike If a person is in two groups in active directory and i have content based on groups will a person see the content from both groups or just the first group in order left to right?

Thanks

Mike

]]> Von: cst http://blog.ecw.de/archives/55/comment-page-2#comment-882 cst Mon, 28 Nov 2011 18:13:46 +0000 http://blog.ecw.de/?p=55#comment-882 Do you think you have set the right base_dn? www.olot.local looks very unusual. Have you tried base_dn = dc=olot,dc=local Do you think you have set the right base_dn? http://www.olot.local looks very unusual. Have you tried base_dn = dc=olot,dc=local

]]> Von: cst http://blog.ecw.de/archives/55/comment-page-2#comment-881 cst Mon, 28 Nov 2011 18:08:52 +0000 http://blog.ecw.de/?p=55#comment-881 Hi Nick, if you have an urgent need for this feature, I should implement it soon. I think you're from germany, so let's talk german. Sende mir einfach eine E-Mail an cst@ecw.de und beschreibe mal, wie genau ihr euch die Umsetzung vorstellt, welche Anforderungen ihr habt. Hi Nick,
if you have an urgent need for this feature, I should implement it soon.

I think you’re from germany, so let’s talk german. Sende mir einfach eine E-Mail an cst@ecw.de und beschreibe mal, wie genau ihr euch die Umsetzung vorstellt, welche Anforderungen ihr habt.

]]> Von: nickb http://blog.ecw.de/archives/55/comment-page-2#comment-880 nickb Mon, 28 Nov 2011 16:15:36 +0000 http://blog.ecw.de/?p=55#comment-880 Hi Christoph, do you have any plans to implement the "authenticate against multiple domains"-TODO-Point? This option sounds really great and of course, our government agency really needs that functionaltiy to authenticate users e.g. from domains like domain1.gov and domain2.gov through our wordpress server. Or do you know any other plugins / solutions for that prob.? Thanks in advance and best wishes, nick Hi Christoph,
do you have any plans to implement the “authenticate against multiple domains”-TODO-Point? This option sounds really great and of course, our government agency really needs that functionaltiy to authenticate users e.g. from domains like domain1.gov and domain2.gov through our wordpress server. Or do you know any other plugins / solutions for that prob.?
Thanks in advance and best wishes,
nick

]]> Von: Wil http://blog.ecw.de/archives/55/comment-page-2#comment-879 Wil Tue, 25 Oct 2011 13:06:41 +0000 http://blog.ecw.de/?p=55#comment-879 I have a new install with wordpress 3.2.1 (not multisite) and ADI 1.1.1 and afterI trying some versions of ADI and wordpress I could'nt make it work fine. This is my log in wp 3.2.1 and ADI 1.1.1: openLDAP installed [INFO] method authenticate() called [INFO] ------------------------------------------ PHP version: 5.2.4-2ubuntu5.18 WP version: 3.2.1 ADI version: 1.1.1 OS Info : Linux AJ03WEB 2.6.24-28-virtual #1 SMP Fri Jun 18 13:25:12 UTC 2010 i686 Web Server : apache2handler adLDAP ver.: 3.3.2 Extended (201104081456) ------------------------------------------ [NOTICE] username: johnny [NOTICE] password: **not shown** [INFO] Options for adLDAP connection: - account_suffix: @olot.local - base_dn: dc=www,dc=olot,dc=local - domain_controllers: X.X.X.X - ad_port: 389 - use_tls: 0 - network timeout: 0 [NOTICE] adLDAP object created. [INFO] max_login_attempts: 3 [INFO] users failed logins: 0 [NOTICE] trying account suffix "@olot.local" [ERROR] Authentication failed [WARN] storing failed login for user "johnny" What can I change in ADI? Thanks CST!! I have a new install with wordpress 3.2.1 (not multisite) and ADI 1.1.1 and afterI trying some versions of ADI and wordpress I could’nt make it work fine. This is my log in wp 3.2.1 and ADI 1.1.1:
openLDAP installed
[INFO] method authenticate() called
[INFO] ——————————————
PHP version: 5.2.4-2ubuntu5.18
WP version: 3.2.1
ADI version: 1.1.1
OS Info : Linux AJ03WEB 2.6.24-28-virtual #1 SMP Fri Jun 18 13:25:12 UTC 2010 i686
Web Server : apache2handler
adLDAP ver.: 3.3.2 Extended (201104081456)
——————————————
[NOTICE] username: johnny
[NOTICE] password: **not shown**
[INFO] Options for adLDAP connection:
- account_suffix: @olot.local
- base_dn: dc=www,dc=olot,dc=local
- domain_controllers: X.X.X.X
- ad_port: 389
- use_tls: 0
- network timeout: 0
[NOTICE] adLDAP object created.
[INFO] max_login_attempts: 3
[INFO] users failed logins: 0
[NOTICE] trying account suffix “@olot.local”
[ERROR] Authentication failed
[WARN] storing failed login for user “johnny”

What can I change in ADI?
Thanks CST!!

]]> Von: Carsten http://blog.ecw.de/archives/55/comment-page-2#comment-874 Carsten Mon, 08 Aug 2011 14:48:41 +0000 http://blog.ecw.de/?p=55#comment-874 Hi Christoph I was not getting my user meta data filled in wordpress. The reason was I was choosing "displayName" as the "Display name", thinking it would co-relate to wordpress' "Display name publicly as". This had the effect that I coukld authenticate, but none of my user meta data was transferred from LDAP/AD to WP. Going back to sAMAccountName did the job, but that now makes ma surname (login name) appear in al posts instead of the full name that I desire. Goal: How can I make the display name within WP automatically be the displayName of Active Directory ? I don't wnat any manual job to be done here. many thanks! Carsten Hi Christoph

I was not getting my user meta data filled in wordpress.
The reason was I was choosing “displayName” as the “Display name”, thinking it would co-relate to wordpress’ “Display name publicly as”.

This had the effect that I coukld authenticate, but none of my user meta data was transferred from LDAP/AD to WP.

Going back to sAMAccountName did the job, but that now makes ma surname (login name) appear in al posts instead of the full name that I desire.

Goal: How can I make the display name within WP automatically be the displayName of Active Directory ? I don’t wnat any manual job to be done here.

many thanks!

Carsten

]]> Von: cst http://blog.ecw.de/archives/55/comment-page-2#comment-873 cst Fri, 05 Aug 2011 09:34:25 +0000 http://blog.ecw.de/?p=55#comment-873 Hi Eduardo, I can reproduce this behavior but this is what I've expected. "It's not a bug, it's a feature." And I don't know any workaround. When you logon from a Windows Workstation the hostname is passed the along with the credentials to AD. But when you use LDAP (like ADI does) there is no LDAP attribute for the hostname to be sent. As a result the AD can not know from where (host) you want to logon. It won't work, even if you enter the hostname of your web server to the list of allowed workstations. Sorry Christoph Hi Eduardo,
I can reproduce this behavior but this is what I’ve expected. “It’s not a bug, it’s a feature.”

And I don’t know any workaround. When you logon from a Windows Workstation the hostname is passed the along with the credentials to AD. But when you use LDAP (like ADI does) there is no LDAP attribute for the hostname to be sent. As a result the AD can not know from where (host) you want to logon. It won’t work, even if you enter the hostname of your web server to the list of allowed workstations.

Sorry
Christoph

]]> Von: Eduardo http://blog.ecw.de/archives/55/comment-page-2#comment-872 Eduardo Thu, 04 Aug 2011 17:17:14 +0000 http://blog.ecw.de/?p=55#comment-872 Hello, We are using 1.1.1 version and we've found a little problem whem de user acount has defined to logon on especified workstation. If the user has defined the workstations to logon, they can't logon on the Active Directory Integration, but if we desactive this option the user can logon succesfully. This option is located on: User Properties >> Accont ?? Logon Workstations. There is some away to work in this type of environment? Hello,

We are using 1.1.1 version and we’ve found a little problem whem de user acount has defined to logon on especified workstation.
If the user has defined the workstations to logon, they can’t logon on the Active Directory Integration, but if we desactive this option the user can logon succesfully.
This option is located on: User Properties >> Accont ?? Logon Workstations.

There is some away to work in this type of environment?

]]>