SiT! Bugs - SiT!
View Issue Details
0000634SiT!authenticationpublic2009-04-07 12:142011-03-27 17:19
Tomse 
paulh 
normalfeatureN/A
resolvedfixed 
3.45 
3.90beta1Current GIT 
0000634: LDAP setup - Feature request
When setting up LDAP, alot of different choices is available, and alot of error sources can occur.

A suggestion to how to eliminate most user created errors because of wrong syntax:

Having made the initial username/password/hostname-ip for binding to the LDAP tree.
(you should here be able to save and make a connection test)

en "explorer" comes up and the user selects which groups are needed for use to SiT.
By doing this SiT is premade to fx use "cn=" for Active Directory built-in containers where normally they should be "ou=".

Another possibility would be to seach the whole tree for groups and then be able to select them in pulldown menus, but this can be a pain in large corporative networks.

No tags attached.
Issue History
2009-04-07 12:14TomseNew Issue
2009-06-16 18:56paulhStatusnew => assigned
2009-06-16 18:56paulhAssigned To => paulh
2009-07-12 15:35paulhNote Added: 0001303
2009-07-22 11:37TomseNote Added: 0001368
2009-07-22 12:05paulhNote Added: 0001369
2009-08-13 16:39TomseNote Added: 0001523
2009-08-13 19:06paulhNote Added: 0001524
2009-08-13 19:06paulhTarget Version => 3.60
2009-08-21 14:36kieranTarget Version3.60 => 4.0
2010-02-27 19:44paulhNote Added: 0002528
2011-02-10 20:09paulhNote Added: 0003570
2011-02-14 13:21ivanTarget Version4.0 => 3.90beta1
2011-03-27 17:19paulhNote Added: 0003690
2011-03-27 17:19paulhStatusassigned => resolved
2011-03-27 17:19paulhResolutionopen => fixed
2011-03-27 17:19paulhFixed in Version => Current GIT

Notes
(0001303)
paulh   
2009-07-12 15:35   
Alot of the config options have now been removed though you still have to manually enter the full DN of groups etc, I agree that having a browser for this would be very useful, just not sure how to implement
(0001368)
Tomse   
2009-07-22 11:37   
A browser could also be very slow on an AD that has alot of objects.

Perhaps this could be implemented in 4.x.

If we document, setting up the LDAP for 3.x, well enough. people might be content with this until then. ?
(0001369)
paulh   
2009-07-22 12:05   
The problem we have with AD is that by default you can't list more than 1000 objects in a search and the native PHP ldap doesn't seem to support paging.

The main problem here is implementing the browser as its quite a large piece of work, though given that you've managed to enter the full DN of the admin its probably not a major issue to reenter this for groups (copy/paste), we could always add a validator for the group
(0001523)
Tomse   
2009-08-13 16:39   
A validation of all settings is a good idea..

this could perhaps be added for 3.60 ?
(0001524)
paulh   
2009-08-13 19:06   
Will try and add a validator for 3.60
(0002528)
paulh   
2010-02-27 19:44   
Validation added to 4.0 (http://gitorious.org/sit/sit/commit/7fe7142eee007fcc6279180431c70213687e298f [^]) we check groups, base and user details
(0003570)
paulh   
2011-02-10 20:09   
ldap browser merged in to git today
(0003690)
paulh   
2011-03-27 17:19   
git 3b7a9c3 completes