1. Kayako Download customers: we will continue to develop and support Kayako Download beyond July 2017, alongside the new Kayako for existing customers.

    Find out more.

  2. The forum you are viewing relates to Kayako Classic. If you signed up or upgraded to the new Kayako (after the 4th July 2016), the information in this thread may not apply to you. You can visit the forums for the new Kayako here.

PHP AD LDAP Authenticator v2

Discussion in 'LoginShare' started by Technocrat, Jun 22, 2012.

  1. Technocrat

    Technocrat Established Member

    Ok remove that code. So the problem is either with your URL or the ldap. So copy and paste the url you have for your staff from the loginshare settings into your address bar. Lets confirm you have it setup 100%.
     
  2. So I copied and pasted it and this is what comes up:

    This XML file does not appear to have any style information associated with it. The document tree is shown below.
    <loginshare>
    <result>1</result>
    <staff>
    <team>Staff</team>
    <firstname>Robert</firstname>
    <lastname>Michalowski</lastname>
    <designation/>
    <email>robertm@landmarkgroup.ca</email>
    <mobilenumber>1-000-000-0000</mobilenumber>
    <signature/>
    </staff>
    </loginshare>
     
  3. Technocrat

    Technocrat Established Member

    I know I am sounds crazy, put you copied and pasted the url, so you are 100% that's the result.

    Assuming you did,

    Change KAYAKO_LDAP_TEST back to false.

    Make sure the 3 logging are all true.

    Then delete the log files.

    Then try to login as staff. If it hits the url then you should get a new log file.
     
  4. Looks to have hit, new log file created!

    [11-06-13 - 13:48] KAYAKO_LDAP_TEST: false
    [11-06-13 - 13:48] Could not create new Kayako_LDAP class or authentication failed (@0000 => DC=000,DC=net). Message: -- Success
    [11-06-13 - 13:48] Bad login. Error message sent
    [11-06-13 - 13:48] <loginshare>
    <result>0</result>
    <message>Invalid Username or Password</message>
    </loginshare>

    [11-06-13 - 13:48] <?xml version="1.0" encoding="UTF-8"?>
    <loginshare>
    <result>0</result>
    <message>Invalid Username or Password</message>
    </loginshare>
     
  5. Technocrat

    Technocrat Established Member

    Well, looks like you have a login problem now.
     
  6. Seems odd, as I know the credentials are correct.

    Please we are still getting:

    "Invalid data provided: 1"
     
  7. Looks like we had someone change our DNS of the server and caused the problem. Thanks for lending and hand and being so quick to respond.
     
  8. Technocrat

    Technocrat Established Member

    Darn DNS will do that every time. :)

    Glad you got it worked out.
     
  9. blessendor

    blessendor Member

    LDAP/AD auth wroking OK!
    But can't import Users with import_ad_groups.php.

    After browser shows me list of groups and checking group 'Domain User' - import procedure shows error:

    Uncaught Exception Router: http://myhelpdesk.domain.com/cron/index.php?/core/Default/Index Unable to locate file in ./__swift/library/User/class.SWIFT_UserGroup.php OR ./__swift/apps/core/library/User/class.SWIFT_UserGroup.php OR ./__swift/apps/base/library/User/class.SWIFT_UserGroup.php OR ./__apps/livechat/library/User/class.SWIFT_UserGroup.php in ./__swift/library/Loader/class.SWIFT_Loader.php:854 ================================================================================================================================= #0 /var/www/fusion/__swift/library/Loader/class.SWIFT_Loader.php(1171): SWIFT_Loader::LoadLibraryFile('User:UserGroup', '') #1 /var/www/fusion/import_ad_groups.php(107): SWIFT_Loader::LoadLibrary('User:UserGroup') #2 {main}
     
  10. Technocrat

    Technocrat Established Member

    It appears that since they changed the structure of the newer version of Kayako, it broke this.

    Try this:

    Open the import_ad_groups.php

    Find and delete:
    SWIFT_Loader::LoadLibrary('User:UserGroup');
    SWIFT_Loader::LoadLibrary('Staff:StaffGroup');

    I think the autoloader will do the heavy lifting for us. If not then it will be much harder to correct this, since these files are no longer library files.
     
  11. blessendor

    blessendor Member

    AD user groups:
    Domain Users - IMPORTED

    Completed!

    But nothing added to Kayako - user list not changed after importing.

    ldap/log/log.txt

    [12-10-13 - 12:05] ldap_account_suffix: '@domain.com.ua'
    [12-10-13 - 12:05] ldap_base_dn: 'DC=domain,DC=com,DC=ua'
    [12-10-13 - 12:05] ldap_domain_controllers: array (
    0 => 'server1.domain.com.ua',
    )
    [12-10-13 - 12:05] KAYAKO_LDAP_TEST: true
    [12-10-13 - 12:05] Authenticated: true
    [12-10-13 - 12:05] ----------[ Session End ]----------

    [12-10-13 - 12:05] ldap_account_suffix: '@domain.com.ua'
    [12-10-13 - 12:05] ldap_base_dn: 'DC=domain,DC=com,DC=ua'
    [12-10-13 - 12:05] ldap_domain_controllers: array (
    0 => 'server1.domain.com.ua',
    )
    [12-10-13 - 12:05] KAYAKO_LDAP_TEST: true
    [12-10-13 - 12:05] Authenticated: true
    [12-10-13 - 10:05] ----------[ Session End ]----------
     
  12. Technocrat

    Technocrat Established Member

    Did you see a list of staff/users with either imported or failed?
     
  13. Technocrat

    Technocrat Established Member

  14. blessendor

    blessendor Member

    Technocrat,

    thanks.
    I want to try your new edition of script.
    But can't delete all imported groups - I have 5 groups Domain Users.

    Unable to delete 1 user groups
    The following master user groups were not deleted:
    1. Domain Users
     
  15. blessendor

    blessendor Member

    Deleted via phpMyAdmin.
    Also can be deleted via Kayako Admin, but needs change 1 to 0 'ismaster' field in the 'swusergroups' table before.
     
  16. Technocrat

    Technocrat Established Member

    Did you get everything you needed?
     
  17. blessendor

    blessendor Member

    I do not need import any domain groups.
    I want to import user list from Domain Users group - but no luck (vs new version of script also).
    It was needed to disable autocreate users with sending "Wellcome" messages to all users, which few years uses old Kayako 3 - so this is strange to receiving new Wellcome. But not a big problem. I just disable sending letter with autocreate password - which not working with AD auth. Our users not use web to posting tickets - just only mail to IT@.
    BTW, many thanks author of scripting!
     
  18. Luke Pinion

    Luke Pinion Established Member

    Hello!

    I've been testing out your LDAP authenticator and I like how fairly straightforward it is. I am curious, though...is it possible to have the code alter the Fusion staff member's team? As it stands, when we create a user and they log in, it puts them in the team that is mapped to the respective AD group, naturally. But when you remove them from that AD group and put them in a different one, they stay in the same team they were in previously on Fusion.

    For instance, you create a new AD user and put them in "Customer Support". They log in, Fusion creates the staff member, and then puts them in the respective team. Later you move them to the "Tech Support" AD group, but when they log in next, they're still under the Customer Support team.

    Anyway, looking through the log, I can tell that the XML passes the "team," so I'd like to think there's a way...but then again, perhaps it's not available in Kayako's provided API?
     
  19. Technocrat

    Technocrat Established Member

    It's might be possible but it wouldn't be with this mod. The problem is that Kayako only asks if this user is valid, if they are and are not in the system it makes the user, and that's about it. The best thing for it to do would be for Kayako to check everything against the XML each time and correct when needed. But I dont know if they would be willing to make that change.
     
  20. Luke Pinion

    Luke Pinion Established Member

    Thanks, man. After I posted that, I did some research on Kayako's wiki and I realized that the LoginShare API just authenticates and creates new users, but doesn't make any modifications. It really is a shame, though. We'd really like to have a centralized way to manage our internal users (virtually all of our other applications connect to Active Directory) and I don't have the time (nor probably the technical know-how) to use the more complex APIs to do this.
     

Share This Page