[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kolab-users
Subject:    How to search users though all the domains?
From:       Milan Petrovic <petrovic.milan () gmail ! com>
Date:       2016-01-10 9:21:29
Message-ID: CAPGMBardU1jRV2c5k4LYgqG=y7XoeYGP4BEb5QN1Yzx4pnZLdA () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


I'm integrating Phabricator's authentication to Kolab's LDAP and would like
to have all the domains there to be able to register and login on
Phabricator.

Seeing that Kolab.org actually uses Phabricator now, makes me hope I have a
greater chance of stumbling upon someone who knows how this can be done :)

So, I basically have my rootdomain.local and two additional domains,
seconddomain.local and thirddomain.local, all three with some users who
should be able to access Phabricator.

When I set Phabricator to use only one domain for LDAP autthentication,
everything works like a charm, but I have no way to make it search for
users through other domains, too.

Phabricator allows to specify multiple query filters and I was, among other
things, trying to use "cn=kolab,cn=config" for baseDN with search filter
"(&(objectClass=inetOrgPerson)(mail=${login})(associateddomain=rootdomain.local))"
(with the idea to specify filters for each of the domains), but, although
the dirsrv log shows no error, it also shows no items found:

[10/Jan/2016:10:13:02 +0100] conn=7980 fd=94 slot=94 connection from
IP.ADDRESS to ANOTHER.IP.ADRESS
[10/Jan/2016:10:13:02 +0100] conn=7980 op=0 BIND dn="cn=Directory Manager"
method=128 version=3
[10/Jan/2016:10:13:02 +0100] conn=7980 op=0 RESULT err=0 tag=97 nentries=0
etime=0 dn="cn=directory manager"
[10/Jan/2016:10:13:02 +0100] conn=7980 op=1 SRCH base="cn=kolab,cn=config"
scope=2 filter="(&(objectClass=inetOrgPerson)(mail=milan@rootdomain.local)(associatedDomain=rootdomain.local))"
 attrs=ALL
[10/Jan/2016:10:13:02 +0100] conn=7980 op=1 RESULT err=0 tag=101 nentries=0
etime=0
[10/Jan/2016:10:13:02 +0100] conn=7980 op=2 UNBIND
[10/Jan/2016:10:13:02 +0100] conn=7980 op=2 fd=94 closed - U1

So, does anyone has any idea how to approach multi-domain LDAP
authentication through Phabricator?

Would a setting solve this or the solution is through changing the way
Phabricator does the LDAP authentication in the first place (
https://github.com/phacility/phabricator/blob/master/src/applications/auth/provider/PhabricatorLDAPAuthProvider.php
 )?


Thanks a lot in advance, Milan


[Attachment #5 (text/html)]

<div dir="ltr">I&#39;m integrating Phabricator&#39;s authentication to Kolab&#39;s \
LDAP and would like to have all the domains there to be able to register and login on \
Phabricator.<div><br></div><div>Seeing that Kolab.org actually uses Phabricator now, \
makes me hope I have a greater chance of stumbling upon someone who knows how this \
can be done :)</div><div><br></div><div>So, I basically have my rootdomain.local and \
two additional domains, seconddomain.local and thirddomain.local, all three with some \
users who should be able to access Phabricator.</div><div><br></div><div>When I set \
Phabricator to use only one domain for LDAP autthentication, everything works like a \
charm, but I have no way to make it search for users through other domains, \
too.</div><div><br></div><div>Phabricator allows to specify multiple query filters \
and I was, among other things, trying to use &quot;cn=kolab,cn=config&quot; for \
baseDN with search filter \
&quot;(&amp;(objectClass=inetOrgPerson)(mail=${login})(associateddomain=rootdomain.local))&quot; \
(with the idea to specify filters for each of the domains), but, although the dirsrv \
log shows no error, it also shows no items \
found:</div><div><br></div><div><div>[10/Jan/2016:10:13:02 +0100] conn=7980 fd=94 \
slot=94 connection from IP.ADDRESS to \
ANOTHER.IP.ADRESS</div><div>[10/Jan/2016:10:13:02 +0100] conn=7980 op=0 BIND \
dn=&quot;cn=Directory Manager&quot; method=128 \
version=3</div><div>[10/Jan/2016:10:13:02 +0100] conn=7980 op=0 RESULT err=0 tag=97 \
nentries=0 etime=0 dn=&quot;cn=directory \
manager&quot;</div><div>[10/Jan/2016:10:13:02 +0100] conn=7980 op=1 SRCH \
base=&quot;cn=kolab,cn=config&quot; scope=2 \
filter=&quot;(&amp;(objectClass=inetOrgPerson)(mail=milan@rootdomain.local)(associatedDomain=rootdomain.local))&quot; \
attrs=ALL</div><div>[10/Jan/2016:10:13:02 +0100] conn=7980 op=1 RESULT err=0 tag=101 \
nentries=0 etime=0</div><div>[10/Jan/2016:10:13:02 +0100] conn=7980 op=2 \
UNBIND</div><div>[10/Jan/2016:10:13:02 +0100] conn=7980 op=2 fd=94 closed - \
U1</div></div><div><br></div><div>So, does anyone has any idea how to approach \
multi-domain LDAP authentication through Phabricator?</div><div><br></div><div>Would \
a setting solve this or the solution is through changing the way Phabricator does the \
LDAP authentication in the first place (<a \
href="https://github.com/phacility/phabricator/blob/master/src/applications/auth/provi \
der/PhabricatorLDAPAuthProvider.php">https://github.com/phacility/phabricator/blob/mas \
ter/src/applications/auth/provider/PhabricatorLDAPAuthProvider.php</a>)?</div><div><br></div><div><br></div><div>Thanks \
a lot in advance, Milan</div></div>



_______________________________________________
users mailing list
users@lists.kolab.org
https://lists.kolab.org/mailman/listinfo/users

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic