integrate ldapdao-module into lizmap application

[quelo1972]

I followed the instructions to integrate ldapdao-module into lizmap application but I'm not able to correctly configure ldap authentication with my Active directory infrastructure.

I tested the searchuserfilter with che ldapsearch command line
ldapsearch -x -b "dc=comune,dc=spoleto,dc=local" -D "[email protected]" -h comune.spoleto.local -W '(sAMAccountName=lizmap)'

when I try to authenticate myself with an active directory users I have Always login error and in the lizmap error log i have the following error:

2018-01-21 22:29:18 192.168.23.171 warning 2018-01-21 22:29:18 [2] ldap_search(): Search: Operations error /opt/www/lizmap/lizmap/lizmap-modules/ldapdao/plugins/auth/ldapdao/ldapdao.auth.php 253

Is there anyone can help me to correctly configure Active directory authentication for the app lizmap?

This is my authldap.coord.ini.php

driver = "ldapdao"
session_name = "JELIX_USER"
secure_with_ip = 0
timeout = 0
auth_required = off
on_error = 2
error_message = "jauth~autherror.notlogged"
on_error_action = "jauth~login:form"
bad_ip_action = "jauth~login:out"
on_error_sleep = 0
after_login = "jauth~login:form"
after_logout = "jauth~login:form"
enable_after_login_override = on
enable_after_logout_override = on
persistant_enable=on
persistant_cookie_name=jelixAuthentificationCookie
persistant_duration = 1
password_hash_method = 1
password_hash_options =

[ldapdao]
compatiblewithdb = on
dao = "jauthdb~jelixuser"
profile = "jauth"
ldapprofile = "pgldap"
password_crypt_function = sha1
form = "jauthdb_admin~jelixuser"
uploadsDirectory= ""
jelixAdminLogin="admin"
searchUserBaseDN="dc=comune,dc=spoleto,dc=local"
searchUserFilter="(sAMAccountName=%%LOGIN%%)"
bindUserDN="$dn"
searchAttributes="sAMAccountName:login,givenName:firstname,sn:lastname,mail:email,distinguishedName,name,dn:"
searchGroupFilter=
searchGroupProperty="cn"
searchGroupBaseDN=""

This is my localconfig.ini.php

[modules]
lizmap.installparam=demo
ldapdao.access=1
jacl2.access=1
jauth.access=2
jauthdb.access=1

[coordplugin_auth]
persistant_crypt_key=SrOBqLC39v0d1Tg2bR19MseLEpTuaN

[coordplugins]
lizmap=lizmapConfig.ini.php
auth="authldap.coord.ini.php"

This is my profile.ini.php

[jdb]
default=jauth
jacl2_profile=jauth

[jdb:jauth]
driver=sqlite3
database="var:db/jauth.db"

[jdb:lizlog]
driver=sqlite3
database="var:db/logs.db"

[jcache]
default=myapp

[jcache:myapp]
enabled=1
driver=file
ttl=0
cache_dir=
file_locking=1
directory_level=0
directory_umask=
file_name_prefix=
cache_file_umask=

[jcache:qgisprojects]
enabled=1
driver=file
ttl=0

[jdb:pgldapdao]
driver = "pgsql"
database = "lizmap"
host = "localhost"
port = "5678"
user = "lizmap"
password = "L1zmAp"
persistent = "on"
force_encoding = on
timeout = "10"
single_transaction = "on"

[ldap:pgldap]
hostname=comune.spoleto.local
port=389
adminUserDn="CN=lizmap binduser,CN=Users,DC=comune,DC=spoleto,DC=local"
adminPassword="**********"

[quelo1972]

Another problem is:
if I change profile = pgldapdao in the [ldapdao] section of authldap.coord.ini.php file and try to authenticate myself as "admin" user, I have "error 500" in the browser.

[quelo1972]

I've posted this problem also into the link below:
3liz/lizmap-web-client#637

[laurentj]

Hi, I did some search, and it seems this error appears when a search is done anonymously. And this is the case here. So I did some changes. Please retrieve the latest ldapdao.auth.php file and replace the old one in the module you installed, and tell me if it works.

[laurentj]

Confirmation has been made that it works.