Notify user when complete: QJM-49285-732
==================
Current Status
==================
Okay, the code is working again, though there are several improvements that still need to be made. It's checked in as SVN build 441.
To enable the LDAP logins at this time, you will need to edit plugins/cerberusweb.core/classes.php, line 5248-5249. The "login.default" one needs commented out, and the "login.ldap" one needs uncommented.
The code takes the provided information, connects to the <server> on <port>, and binds as <dn> with <password>. The provided sample data are based on the Apache Directory Server sample data. You *will* need to use the full DN at this time. After bind, it searches for any email addresses that user might have, and looks to see if there are any workers with one of those addresses. It will use the first match found. At
this time, you must have the worker and email address defined in the cerb4 database.
==================
Future Updates
==================
We need a primary config area to define which login method to present to the user.
The login plugins need to be able to present configuration screens to the administrator.
The server, port, and default DN style need moved to that configuration area. The goal is to have the ability to define both a prefix and suffix for the DN, so the user can enter "William Bush" and the login plugin will silently translate that to "cn=William Bush,ou=people,o=sevenSeas".
The plugin needs updated to allow (with a config switch) creation of entries in the cerb4 database. This is more useful from a customer / Support Center standpoint than from a Worker standpoint.
I see that this is a milestone #2 issue. Since milestone #1 hasn't been released yet, can you provide an ETA on when this will be completed and released? In reading through the forums, it sounds like there isn't much left to do to complete the work. We are needing the LDAP integration to rollout version 4.
Comment by
Joe Geck [23/Jul/09 01:54 PM]
How is ldap being integrated? Allow for LDAP login for workers? Handle requester email addresses? SC logins? It would be nice for more info on how you plan to set it up.
Thanks
Robert
Just wanted to let you know how important this is to sys admins. I notice the posts from sys admins tend to be in the pleading vein, while developer responses tend to be kind of a shoulder shrug:
Simply querying Active Directory or Fedora Directory Server is number one on my list when evaluating web applications and I though I think Cerberus is the best, I would strongly consider a switch to an admittedly inferior product (that is not the awful Kayako) based on that capability. I hope you can see the utility to enterprise and more advanced small businesses in this feature.
personally, I think it's important for this feature to be able to support LDAP over ssl, or ldaps://
Also in our case, we have users in two different Active Directory domains, both in the same forest. being able to specify a SUBtree search at the root of the forest would make this plugin usable for us, otherwise, it's not so useful.
Adam Johnson,
From what I can tell this is being done inside there plug-in structure so it should be able to support multiple tree's inside multiple directory's but until Jeff publishes the code I wont know for sure.
Thanks
Robert
As of 4.3.1 you can now allow logins to the SC authenticated by any source you want.
The documentation will end up here:
http://wiki.cerb4.com/wiki/Extension:usermeet.login.authenticator
Were is the sample plug-in code?
Thanks
Robert
This issue isn't resolved. No code has been posted yet showing how to use with ldap. I can see that it is doable with the forums example but no actually code to use has been posted.
Thanks
Robert
I was able to cobble together something that worked for the Support Center by ripping out chunks of the LDAP module for version 3.6 and grafting them into what seemed to be appropriate parts of the example extension, but it's nothing clean enough to share, and the server, Base DN, account DN and password all have to be hard coded 'cause I couldn't find documentation or examples I could understand on how to get an extension to expose configuration parameters that could then be stored and called up in the implemenation portion of the extension.
However, if I was able to use the 3.6 code to do as much as I could - I would expect WGM personnel could do so in a clean and configurable way with a minimum of effort, and this bug has a number of votes - I do wonder what's holding them up...
Adam,
Would you mind posting the code. Adding config options is pretty straight forward to me. What I am having issues with is the ldap part of the code.
Thanks
Robert
Here's an example Support Center LDAP authenticator I cobbled together from the LDAP Support Center login from Cerberus 3.6 and the cerb 4 SC login authenticator example in the wiki. It will need some editing, as I hard coded the LDAP configuration parameters, since I couldn't find an example plugin which exposed, stored, and retrieved configuration parameters. I also haven't tested it since I removed references to my company's name - I used "example" as the top level namespace for this copy instead of my company's name for the one I've got working.
Perhaps RMiddle can clean it up, add configurability, and put it in the User Contributed Plugin on the Wiki at:
http://wiki.cerb4.com/wiki/User_Contributed_Plugins
Oh, Ok, I guess by "Here's an example", I mean, "look at the File Attachments at the top of this page for an example"
Adam that is the plan. If you look at the page you linked to you will see 3 of the 4 items there were written by me.
Thanks
Robert
Update thread
http://www.cerb4.com/forums/showthread.php?goto=newpost&t=2775
When LDAP plugin is actaully created.
Thanks
Robert
Improvement
Resolved
Finish re-implementing LDAP authentication (helpdesk + SC logins)
