1

I am using the bhLDAP plugin with the symfony framework.

I am making an LDAP query on user login which will return specific results, then using those results to assign user privileges to sfGuargAuth.

I can pull a query from one specific group, but none of the others. All other queries return an empty query.

Are there security permissions that need to be addressed on the LDAP side?

This is the function I am using to call the query:

  //grab LDAP info to store into new user table
  public static function user_values($username) {

      $entries = self::getLDAP()->user_values($username);
      return $entries;  
  }

I can provide further code if needed. I am not really sure what to provide as I am out of my wheelhouse on LDAP.

4

1 に答える 1

1

While it depends which LDAP backend you are using, in terms of the mechanics of assigning the rights, all of them have a similar basic notion of permissions.

The bind DN, the user you connect with to LDAP, must have sufficient rights to see the objects you are querying about.

Usually the account will need READ permissions to the various objects, and depending on how inheritance works in your backend LDAP server you may need to grant it more often than you would like.

于 2012-09-03T01:12:41.733 に答える