MeetMe and LDAP
Submitted by txag1995 on Sat, 12/22/2007 - 6:34pm.
Well we've gone live with our new trixbox installation and things are going quite smoothly. We've got a T1 coming into our Redfone PhoneBridge dual, a Dell PE1950, and about 75 extensions -- mostly Aastra 5xi, some Polycom IP4000, and Linksys SPA3000 ATA).
Today I started working with meetme.
As I looked through the README file in /var/www/html/web-meetme, I noticed that it supports Active Directory integration. This would be great for us. One less username/pass for our users to remember! I made the necessary changes to /var/www/html/web-meetme/lib/defines and /var/www/html/web-meetme/lib/adLDAP, but get the following message when I try to login on the Web-MeetMe page.
Fatal error: Call to undefined function ldap_connect() in /var/www/html/web-meetme/lib/adLDAP.php on line 110
I think this is because the trixbox install doesn't include the ldap module for php. Any chance of getting that in a future release?
 
Easy fix
Sun, 12/23/2007 - 8:36am
This turned out to be an easy fix. I couldn't find a pre-packaged RPM for RHEL or CentOS directly, but this one for Startcom Linux (based on RHEL) worked fine.
ftp://ftp.pbone.net/mirror/www.startcom.org/ML-6.0.6/os/i386/Star...
 
this looks like good wiki
Sun, 12/23/2007 - 9:46pm
one other thing - did you
Sun, 12/23/2007 - 9:48pm
one other thing - did you enable the CentOS repositories and check in the package manager for the ldap module?
 
easier fix
Mon, 02/04/2008 - 4:21pm
yum install php-ldap
 
Notes for beginners
Tue, 06/24/2008 - 1:50pm
I know you can hunt down this information elsewhere, but seeing that it is right on the wiki, I'd figure I'd just throw some explanations here.
You need to enter in the Fully Qualified Domain Name everywhere it talks about domains in the adLDAP file.
So, lets say we're working with a domain called SALES which is a sub-domain of Corp.com. The FQDN is "sales.corp.com".
Therefore the adLDAP settings would look like this:
var $_account_suffix="@sales.corp.com";
var $_base_dn = "DC=sales,DC=corp,DC=com";
var $_domain_controllers = array ("domainserver.sales.corp.com");
...........................................................^^^Try the Domain Controller's IP here if the FQDN of the server doesn't work.
One level domain (like just corp.com) would be DC=corp,DC=com, that's it.
I did not need to set the username parameter below, so comment them out first to see if it will work without them. You may need to reboot after commenting them out.
// var $_ad_username="username";
// var $_ad_password="password";
Otherwise, if you do need to specify a username and password, you enter in the username by itself, you should not need to add the domain (i.e. sales\username or username@sales.corp.com). If it doesn't work, try it with the domain in there too.
To run "yum install php-ldap" you need to connect to your TrixBox using SSH logging in the with the regular root username and password . Reboot your machine after running the command.
 
hm
i am not able to use
Tue, 09/16/2008 - 5:12am
hm
i am not able to use LDAP.
On the bindRequest i get i bindResonse invalidDNSyntax.
that is my config: (/var/www/html/web-meetme/lib/adLDAP.php)
var $_base_dn = "DC=vodecc,DC=com";
var $_domain_controllers = array ("webmail.vodecc.com");
I need help!
best regards Timmi
 
one more tip..
Thu, 12/04/2008 - 6:10pm
If you get things working via CLI php (ie, dump a simple ldap_connect() and ldap_bind() into a test file and run it, see the ldap_bind page on php.net for an example) but it still fails with "undefined function ldap_connect()" on the web, try apachectl restart. Apache might need to pick up on some of the changes made, specially if php_ldap was installed since last restart.
I got this working for my openldap directory quite simply:
create a new php class in lib/ called openLDAP.php from this diff against adLDAP.php:
71c71
< class adLDAP {
---
> class openLDAP {
76,77c76,78
< var $_account_suffix="@mydcomain.local";
< var $_base_dn = "DC=mydomain,DC=local";
---
> // this is basically the userBaseDn
> var $_account_suffix="ou=people,dc=example,dc=com";
> var $_base_dn = "DC=example,DC=com";
79c80
< // An array of domain controllers. Specify multiple controllers if you
---
> // An array of ldap server URIs. Specify multiple controllers if you
81c82
< var $_domain_controllers = array ("dc01.mydomain.local");
---
> var $_domain_controllers = array ("ldaps://ldap1.example.com","ldap://ldap2.example.com");
91c92
< var $_real_primarygroup=true;
---
> var $_real_primarygroup=false;
96c97
< var $_recursive_groups=true;
---
> var $_recursive_groups=false;
108c109
< function adLDAP(){
---
> function openLDAP(){
133c134
< $this->_user_dn=$username.$this->_account_suffix;
---
> $this->_user_dn="cn=".$username.",".$this->_account_suffix;
and change the functions.php to include a switch for openLDAP:
case "openLDAP":
$ldap = new openLDAP();
if ($ldap -> authenticate($user,$password)){
$expires = time() + AUTH_TIMEOUT*3600;
$_SESSION['userid']=$user;
$_SESSION['auth']="true";
$_SESSION['privilege']="User";
$_SESSION['lifetime']=$expires;
if (true){ // ($ldap -> can_conference($user)){
$_SESSION['privilege']="Admin";
}
}
break;
and then define the AUTH_TYPE as openLDAP in defines.php
Note that the if(true){ bit makes ANYONE that can login via the openLDAP php functions (anyone in the dn set as user_suffix) an admin . The commented out bit is a simple function I created in openLDAP.php replacing the is_ingroup() check (that function and some others also need major changes to work, I can post my diff if requested), so that it checks a custom schema boolean attribute I created called canConference instead of group membership attributes.
 
Member Since:
2007-04-07