- Error when making LDAP bridge to live
We hit with error when we changed LDAP bridge to live. What is the meaning of the error? Is there any log that we can look into?
-----------------------------------------------------------------
PHP Notice
Undefined index: objectclass
PHP Warning
Invalid argument supplied for foreach()
------------------------------------------------------------------
Under "LDAP User Setup", there is an "objectclass" attribute listed. However, in our Active Directory, we didn't define this field.
- Make some (not all) users to live via LDAP bridge
Once the LDAP is connected, Matrix listed out all the users in Active Directory. So, whether that's mean all the users in the list can login into Matrix?
We would like to take the advantage of LDAP (to have the login/password as Window), but we only want some (not all) of the LDAP users to access Matrix. How can I do that?
Thanks.
[quote]
- Error when making LDAP bridge to live
We hit with error when we changed LDAP bridge to live. What is the meaning of the error? Is there any log that we can look into?
Under "LDAP User Setup", there is an "objectclass" attribute listed. However, in our Active Directory, we didn't define this field.
[/quote]
The objectclass of a record in LDAP is like the asset type in Matrix. It's not something you define but Matrix will use it to try and figure out which records are users, which are groups and which are unused records like computers and printers (these are commonly stored in AD as well).
I'm not sure what your error is but it doesn't look fatal. Maybe something is configured incorrectly or maybe there is something wrong with the bind account. Is the bridge working otherwise and did it go live?
[quote]
2) Make some (not all) users to live via LDAP bridge
Once the LDAP is connected, Matrix listed out all the users in Active Directory. So, whether that's mean all the users in the list can login into Matrix?
We would like to take the advantage of LDAP (to have the login/password as Window), but we only want some (not all) of the LDAP users to access Matrix. How can I do that?
[/quote]
Anyone that Matrix can see will be able to log into Matrix. So you may need to change the Root DN to something specific, like the DN of a user group under which all your Matrix users live.
You can't selectively make users live in the LDAP directory, but you don't have to give everyone permissions to the system. They might be able to login but they wont have access to do anything else unless you grant access to their LDAP group or you link their account into a Matrix group.
Thanks Greg,
The LDAP bridge does not go live and I got error if try to login.
Therefore, I believe the "Notice/Warning" error is stopping the LDAP login work.
Regards.
Can you try going to the System Config screen and turning on a couple of options under the Error settings. You want to show file name, line numbers and backtraces.
Then make the bridge live again and the errors you display more information (including a backtrace link). If you can start by pasting the error message with the file and line number, we can take a look at what the cause might be. Your Matrix version number would also be good.
Later, we might ask for the backtrace, but it is very big so don't worry about pasting it unless we need it.
Hi Greg,
Here is the error info:-
PHP Notice
File: [SYSTEM_ROOT]/packages/ldap/ldap_bridge/ldap_bridge.inc Line:843
Message: Undefined index: objectclass
PHP Warning
File: [SYSTEM_ROOT]/packages/ldap/ldap_bridge/ldap_bridge.inc Line:843
Message: Invalid argument supplied for foreach()
Kind regards.
[quote]
PHP Notice
File: [SYSTEM_ROOT]/packages/ldap/ldap_bridge/ldap_bridge.inc Line:843
Message: Undefined index: objectclass
PHP Warning
File: [SYSTEM_ROOT]/packages/ldap/ldap_bridge/ldap_bridge.inc Line:843
Message: Invalid argument supplied for foreach()
Kind regards.
[/quote]
This could occur when the LDAP search returns no results.
A search is performed for (objectClass=*) on the Base DN supplied. This is based on the code initially, I haven't tested the functionality just yet. It seems that the code doesn't gracefully return no results in this situation, providing an error message which we should be catching. The "no results" is correct however as it is likely that there is a connection or configuration issue from the LDAP Bridge.
If possible, please compare your group / DN configuration using another LDAP connection tool to verify the connection details.
I use JXplorer with the same DN and it works fine.
Kind regards.
I make the LDAP bridge live without checked the "Cascade Status Change" (that I did before) and it works.
However, when I login there are Warning messages:-
---------------------------------------------------------------------------------------
PHP Notice
File: [SYSTEM_ROOT]/packages/ldap/ldap_bridge/ldap_bridge.inc Line:691
Message: Undefined index: ou
PHP Warning
File: [SYSTEM_ROOT]/core/include/mysource.inc Line: 1904
Message: Cannot modify header information - headers already sent by (output started at [SYSTEM_ROOT]/core/include/general.inc:181)
PHP Warning
File: [SYSTEM_ROOT]/core/include/backend.inc Line: 78
Message: Cannot modify header information - headers already sent by (output started at [SYSTEM_ROOT]/core/include/general.inc:181)
-------------------------------------------------------------------------------------------
And also, we set the LDAP bridge to connect as "User" type. So, is there a way that we can selectively change the user's type into "Backend User"? I know we can linked a LDAP user under "System Administrators" to be a system admin, but cannot figure out how to do it in backend user.
Kind regards.
You can't selectively change the type of LDAP users. If they are backend users, then they are all backend users. The permissions you give them will determine what they can do.