Since I haven't seen one, I decided to write one myself. This is a basic loginshare v4 user authenticator against ad with only PHP 5 (doesn't require ZEND or Ioncube but does require PHP 5!) only works with Active Directory and all required fields that LoginShare requires must be in your AD. This includes Fullname, Email Address, Designation, and Phone #. If not, this will error. Basic Requirements: PHP 5 (Required for the adLDAP.php file) PHP_LDAP Extension installed on server Basic Instructions: 1. Upload both files to your kayako folder on your web server. 2. Edit the adLDAP.php file accordingly with your Active Directory settings. For help, see adldap.sourceforge.net for help on this. 2. Configure User LoginShare to point to the file on the server, ie http://yourdomain.com/kayako/ldap.php. 3. Test The script is basic and I have fully tested it against users I have had problems with in past and no complaints from anybody as of yet. If you need a more advanced version of this, please send me a PM. I am taking donations via PayPal to expand the capabilities including error checking, and non-ad ldap authentication against OpenLDAP and Edirectory, test script, and more. I will have the error checking version and test script available this week to those who have donated and will keep a list of those who have donated and send updates directly. Thanks, Corey
Hi, Thanks for the sharing. I'm just wondering how the LoginShare works? I tested by creating a php file that echo a static xml content: PHP: <?php$str = '<?xml version="1.0" encoding="UTF-8"?><loginshare> <result>1</result> <user> <usergroup>Registered</usergroup> <fullname>MY_USERNAME</fullname> <emails> <email>MY_EMAIL/email> </emails> </user></loginshare>';echo $str;?> Then I put the link to that php file into LoginShare URL field, but when I went to my home page, I still not logged in. After that, I tried to to login normally and got this error message: Do you know why? Plz assist! Thanks,
donlee, Check Kayako's wiki on how loginshare works. Pretty much if it successfully connects via LDAP to AD with the username/password provided, it should return XML code that pulls the Full Name, Title (Designation), Email Address, and Phone #. If it is unsuccessful, it will post XML code that says it couldn't connect. If you are not pulling all information mentioned above, it will give you an error. IE I don't have Title's or Phone #'s entered into my AD, so I had to modify the code to check for that and post something additionally in that case. So if you don't have all of that entered into your AD, you will either need to modify the code provided or as mentioned, send a donation and I will add you to the list of updates that will do the error checking and a testing script. One thing I didn't mention that I did forget about is that I originally did have an error also, but it was with a CURL parameter. I had to change it from true to false I believe. The error did you give the file and line to change if you get the same issue. As for your code below, that won't work at all. LoginShare authenticates against ldap via the script provided and returns the XML code back to LoginShare.
I'm getting error: [Warning]: simplexml_load_string() [function.simplexml-load-string]: Entity: line 2: parser error : Extra content at the end of the document (LoginShare/class.SWIFT_LoginShareStaff.php:115)
Your clue is the above file. You are using it for Staff (people who do the helpdesk tickets, not the ones who submit them). I am sure it should work with it, but I don't know. Not sure why one would need to authenticate against an entire AD for staff because you really would be allowing anybody in your AD to be a staff member then.
I'm getting a very strange issue. Because of the error message I said in previous post: I tried to discover the causing. Per that clue, I found the code that gets xml content from LoginShare URL: PHP: $_xmlResult = $this->DispatchPOST($_SWIFT->Settings->Get('loginshare_userurl'), $_variableContainer); That code is in /__swift/library/LoginShare/class.SWIFT_LoginShareUser.php Then I tried to print out the xml by adding after: PHP: echo $_xmlResult; die; And what I got is: test.php is my script that return xml result, I located it on my Kayako root, and I ensure that I filled up the right URL for LoginShare.
If you are putting the test.php file in the LoginShare URL area, you need to put the full URL, http://yourdomain.com/test.php (include subdirectories). Second as mentioned before, if you haven't changed your test script, you are missing required information. Third, The login share needs to pass the credentials to something for it to return. So if you are just putting the test.php file in the LoginShare URL, it won't work. It can't pass the credentials to the test.php file so it won't work.
I guess I should add to make sure you have your adLDAP.php file setup properly. This info can be found at adldap.sourceforge.net. Without proper settings, you will not connect to your Ad.
koltzc, Thanks for your replies, I've just figured the issue out. It was caused by the method DispatchPOST could not reach the real URL of the test file, I filled the full and right URL though. Because I'm currently running Kayako4 on my local machine for developing, so in my hosts file, I'm mapping my domain to my local IP to avoid license checking. So the method could not get content from http://mydomain.com/test.php Then I changed the URL to Kayako Forums - Powered by vBulletin and it works. I'm wondering why need adLDAP.php file, I read over through already but really duno what's its functions. I have a system that includes Joomla, Jira, Vbulletin, aMember & Kayako, now I need to write a script to authenticate user info that the data is got from aMember database, so it's simply written to check if user exists and the password is right.
adLDAP does all the work with connecting to your LDAP. My ldap.php, just retrieves the username/password from Kayako, sends it to adLDAP for verification and retrieval of data that is required in the XML file. Depending on if it is successful is dependent on what XML is sent back to loginshare. You can actually write your own script to authenticate against Joomla or really anything else, but the script you are authenticating against would need to be modified to send back the appropriate info back that Kayako requires.
There isn't a reason why it wouldn't work, but most likely isn't the script itself as it is pretty straight forward. As long as you have adLDAP configured properly and the LoginShare URL correct, it should even work under the staff login area.
I guess you're having the same problem as I ever had, confirm if I'm right by reading my previous post.
I've modified Corey's original scripts to do Staff logins with group AD authentication. I created two groups in the Users container in Active Directory called Kayako-Administrator and Kayako-Staff. The script will check if you are a member of either of those groups and assign you to the relevant group in Kayako. The XML output is as per the API: LoginShare API for staff authentication - V4 Beta - Kayako Wiki The mobilenumber field is mapped to the users mobile number on the Telephones tab in AD. The signature field is mapped to the users "Notes" field also on the Telephones tab in AD.
Hi, Thanks for that, I've gone through the instructions and tried to implement it, i now get the following error when trying to login: "Empty data received for Staff loginshare plugin" I've read the thread through and through and made sure i've edited all the required files/fields but i get this error. Any ideas on what may cause this? Regards, Bevan
Question, If the user has an account in the directory, but not in Kayako, but sent his ticket via e-mail before logging in, would the system create an account for the user based on his credentials in the e-mail and then create another account when he logs in? Basically, will the user end up with two accounts in the long run? Thanks!
To clarify for all: the original script as posted by koltzc will not work for Staff users. It just doesn't return the right XML as specified for LoginShare. To check if you are using this version, look at lines 44 and 52 of the ldap.php script. Koltzc's version has <user> and </user> there - this will only work for regular users, not staff users. If you want a version which does work for both staff and regular users, take a look at Ronan's - this checks the LDAP user group and returns either the staff XML, user XML or the error XML. @touficjohn: As far as I understand it, Resolve would create a user when receiving the email ticket, and send them an email containing the login details. Assuming they later try to login using the same email address, it won't create another account (and if they use the wrong password, they'll get a corresponding error).
I have been trying to get LoginShare to work for some time now, and I think I am just missing a single setting. I have tried just about every combination possible. Would anyone who has gotten this to work, please provide the exact settings needed to get this script working?
I have been able to get this script working after all, but am having an issue when logging in with my account. I can login with a test user account just fine. My account is a domain admin, but another domain admin is able to login fine. The error I receive is: PHP: [Warning]: simplexml_load_string() [function.simplexml-load-string]: Entity: line 1: parser error : xmlParseEntityRef: no name (LoginShare/class.SWIFT_LoginShareUser.php:113)
