Delicious      Technorati      Blinklist      Furl      Reddit

TimeTrex Time and Attendance

TimeTrex Time and Attendance


* FAQ    * Search
* Login   * Register

All times are UTC - 8 hours [ DST ]




Post new topic Reply to topic  [ 3 posts ] 
Author Message
PostPosted: Tue Jul 12, 2016 5:53 pm 
Offline

Joined: Tue Jul 12, 2016 5:24 pm
Posts: 2
When using LDAP for logins, TimeTrex requires the "Bind Attribute" parameter to be set (this should ALWAYS be the user's Distinguished Name, or at least Relative Distinguished Name if the "Base DN" parameter is set, rather than any oddball attribute; the user's CN attribute is the standard RDN to bind to in the majority of - but not all - installations) or the passed DN becomes "username,<base dn>" (for instance: "username,ou=people,dc=example,dc=com")

Normal LDAP configuration and behaviour only ever requires a search filter and then binds using the user's LDAP Distinguished Name and then authenticates using the user's DN rather than some configured attribute. Sometimes it is common to use the LDAP DN for login to web applications, but this is by far not how every installation handles things. Often LDAP configurations use a different attribute as the username and stay away from what would be the user's RDN.

Also, the "User Filter" parameter should ALWAYS use proper LDAP filter syntax and variables delimiting which parameter is which, for instance: "(&(objectClass=*)(uid=$1)(is_timetrex_user=1))" where "$1" is automatically translated to the username supplied at the login screen when authenticating.

An example of a properly written LDAP module written in PHP (for Codiad in this case) can be found at https://github.com/QMXTech/Codiad-LDAPE ... r/ldap.php .

I may personally rewrite TTLDAP to use proper LDAP behaviour if nobody gets to it before I do.


Top
 Profile  
 
PostPosted: Wed Jul 13, 2016 4:33 pm 
Offline

Joined: Tue Jul 12, 2016 5:24 pm
Posts: 2
Quote:
and then binds using the user's LDAP Distinguished Name and then authenticates using the user's DN


Excuse this silly redundancy, I typed this from my phone... It should say "...and then binds or authenticates using the user's LDAP Distinguished Name (depending on whether the bind DN and password are set in the configuration, of course)"


Top
 Profile  
 
PostPosted: Fri Nov 04, 2016 6:31 pm 
Offline

Joined: Tue Nov 01, 2016 10:57 am
Posts: 4
I agree with this poster, You are not using best practice when it comes to this issue. Is there a remedy in the works?


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC - 8 hours [ DST ]


Who is online

Users browsing this forum: RogerBot (MOZ) and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron


Time and Attendance




Powered by phpBB® Forum Software © phpBB Group