Thanks for this contribution, @shemgp! I’ll try to schedule some time to check it out. It would be nice to get it reviewed and linked in the Plugin Gallery.
Hello, thanks for your contribution. You already tested it? Could you explain how to configure the plugin? I added it but I do not see any option that allows its configuration…
thanks
Hello,
Yes, it’s being used in a live site right now.
You can configure it in the global “site settings”: Administration->Site Settings->Plugins, then look for “LDAP Authentication Plugin”. Once you enable it, a settings link will show up in the plugin options (click the triangle next to the plugin name to see the options).
All the best,
Shem Pasamba
Ups, it seems that something does not work well in my OJS installation because I add it, I activate it but when I hit the arrow I only get the Delete and Update options. Why will it be?
I’m using OJS 3.1.2 and you?
Regards
Because it is a sitewide plugin, in 3.1.2 you will only see the ability to edit the settings in the site’s plugin management.
Awkwardly, if you have only a single journal on your site, the site’s settings are hidden by default. If this is your situation, as a workaround, you could temporarily add a second non-public journal to your site (you don’t need to configure it at all).
More info is here (from the plugin this was based on):
1 Like
I think that creating a fictitious journal should not be the right solution, but I still tried it and I was not lucky either. Although the system tells me that the plugin has been activated, the checkbox is not checked and, of course, I do not get the configuration option.
Any ideas?
ctgraham, have you tried it too?
Yes, creating the dummy journal is not a long-term solution, but it should give you access in the near term.
Note that once you create the dummy journal, you will not use the path of Settings → Website → Plugins, but rather Administration → Site Settings → Plugins to activate and configure this plugin (because it is a site-level plugin).
Using Current version: 3.1.2.0 (April 23, 2019 - 10:26 AM) here. Perhaps you’re in the website plugin setting page?
You should see something like this (note the url):
All the best,
Shem Pasamba
I already got the Settings option, but it only comes out if I have a dummy journal, but I can not leave that journal although I do not publish it … There is no possibility that the plugin works with just one journal on the site?
Could you explain to me each parameter in the settings form?
Until we fix the bug which prevents editing the settings in a single journal context, you can add a dummy journal and then delete or hide the journal after configuring the plugin in the site context. The plugin settings will still be effective after the dummy journal is deleted, or while the dummy journal is marked as “not publicly displayed”.
It would be good to add some further description of the settings within the settings form, especially for the “LDAP filter”, which contains a bit of magic:
- LDAP Url: the URI for the LDAP server, which must support secure connections. E.g.:
ldaps://myad.univ.tld - LDAP Search Path: the base DN for the LDAP search. User objects must exist under this base DN. E.g.:
ou=Users,dc=myad,dc=univ,dc=tld - LDAP Filter: A valid LDAP filter condition, including the special replacement string “%USER%”, which will be replaced with the entered username. E.g.
(&(cn=%USER%)(|(memberOf=cn=OJSUsers,ou=Users,dc=myad,dc=univ,dc=tld)(eduPersonEntitlement=urn:mace:univ.tld:affiliate:faculty))) - Bind User: (optional) User account for non-anonymous LDAP bind. E.g.
myresource@univ.tld - Bind Password: (optional) User password for non-anonymous LDAP bind. E.g.
7izo0q4R]CXP6Kp - Self Service URL: URL to which to direct requests for password resets, etc., since these won’t be handled in OJS. E.g.
https://accounts.univ.tld
1 Like
ok, I already created the dummy journal as ctgraham advised me and I could configure the plugin, but when I try to authenticate with my user I get the following error:
DB Error: ERROR: el valor null para la columna «email» viola la restricción not null DETAIL: La fila que falla contiene (1, yusmelvis, $2y$10$QebloH73PDr.WOZXnI0msuSLPCE3A687f.2IazxxbuGmuEI8vquhW, null, , , , null, , , null, null, 2019-05-09 20:34:11, null, 2019-07-03 12:35:15, 0, null, null, 0, null, 1).
The plugin expects to pull an email address from the LDAP attribute “mail” into the OJS email field. In your LDAP server for your user, this “mail” attribute is blank, causing this error.
Do you restrict the exposure of the “mail” attribute in your LDAP server, or do you intentionally not populate it. or do you store the email address elsewhere?
no, it’s not the case at all, the LDAP server in which I’m trying to authenticate has the email address, it does not save it elsewhere
Any other ideas of what I can do?
I am drafting a couple of pull requests to address the concerns raised here about enabling the plugin in a single-journal context and about clarity on how to fill out the settings form.
@yusmelvis, do you have any experience with debugging PHP? I think the next step to understanding why your email address is null would be diving into the code. We’ll want to see more details about the LDAP response generated from this query:
Hey guys,
look at this error when I clicked in the configuration button of LDAP after activation.
Someone can help?
What specific version of OJS are you using? Do you see any relevant messages in your PHP error log?
Using version: 3.1.1-4
I don’t know much about PHP, but i see something strange ther.
PHP Fatal error: Call to undefined method LDAPAuthPlugin::getTemplateResource() in /var/www/html/plugins/generic/ldap/LDAPSettingsForm.inc.php on line 37
And another thing strange the name of plugin showed different to me when I went activate, see below.
Thank you for your prompt reply!
Regarding fatal error, this plugin only supports OJS 3.1.2 or better.
1 Like
When I try to configure the ldap plugin for version 3.1.2.1, it’s not allowing me to leave the bind user and bind password fields empty. Shouldn’t these be optional?