I have ldap configured … I think! … The ldap bridges are reading and presenting details of users so it at least can access and read the information.
I tried to set permissions on a specific page of the site to allow a specific ldap authenticated user … but they still cannot access …
can you tell me what obvious mistakes I am making …?
Does the LDAP user actually log in with their username and password in Matrix (ie. the login box says "Currently logged in as: user")? I ask because you mention single sign-on in the topic heading but I'm not sure what single sign-on you've configured.
The other common problem is that the page is under construction but the user only has read access, so the page needs to be live.
[quote]I have ldap configured … I think! … The ldap bridges are reading and presenting details of users so it at least can access and read the information.
I tried to set permissions on a specific page of the site to allow a specific ldap authenticated user … but they still cannot access …
can you tell me what obvious mistakes I am making …?
[right][post=“11017”]<{POST_SNAPBACK}>[/post][/right][/quote]
-----------------------------
Yes the user has attempted to load a page via a link in an email. The page has public read denied. The user is presented with login box. The user attempts access with their ldap authenticated username and password. But this is not recognised.
I have also ensured that the detail screens for the LDAP “nodes” are Live and NOT “Under Construction” this applies all the way down to group.
-----------------------------
Have I got the wrong end of the stick here? … looking at the permissions on the restricted page … it shows only specifc accounts (matrix cms admin and one ldap authenticated user) who have read permissions.
Should there be some installation level configuration to be applied? My system can query and read the ldap information, is there some other mechanism to trigger so that the matrix system can process authenticated response signals?
Would appreciate any help you can throw my way …
Is the LDAP Bridge sitting under the LDAP Authentication node in the System Management section of your asset map? If not, Matrix will not use the bridge for authentication purposes.
[quote]Is the LDAP Bridge sitting under the LDAP Authentication node in the System Management section of your asset map? If not, Matrix will not use the bridge for authentication purposes.
[right][post=“11030”]<{POST_SNAPBACK}>[/post][/right][/quote]
It is under
System Management > Authentication Systems > LDAP Authentication
So the problem is that the username and password are not accepted as valid?
[quote]So the problem is that the username and password are not accepted as valid?
[right][post=“11049”]<{POST_SNAPBACK}>[/post][/right][/quote]
Yes … I have locked down all read access to a page except for one specific ldap authenticated user … but when they login … authentication fails as if it is being handled by the local CMS system … it might be that the login details are not being passed over the bridge for ldap authentication, but I dont know.
There is also an occurrence that happens intermittently …
When I view the permissions on the locked down asset/page … the ldap validated account in Read permissions block changes to red font … “Unknown asset (id: # …etc)”.
When I access the bridge, it cannot be expanded (clearly a lost connection).
I am not sure that this is related as the bridge exists and the server can be queried when the user tries to login and fails.
[quote]When I view the permissions on the locked down asset/page … the ldap validated account in Read permissions block changes to red font … “Unknown asset (id: # …etc)”.
When I access the bridge, it cannot be expanded (clearly a lost connection).
[right][post=“11050”]<{POST_SNAPBACK}>[/post][/right][/quote]
This suggests that your LDAP server is blocking connections from Matrix. You should speak to your network admins to determine whether the LDAP server is firewalled or has a security policy that prevents logins from the Matrix server.
[quote]This suggests that your LDAP server is blocking connections from Matrix. You should speak to your network admins to determine whether the LDAP server is firewalled or has a security policy that prevents logins from the Matrix server.
[right][post=“11054”]<{POST_SNAPBACK}>[/post][/right][/quote]
Thanks for your feedback Avi, I am awaiting a response from our network people on this. The occurrence is arbitrary so I am not hopeful that this is it.
[quote]Thanks for your feedback Avi, I am awaiting a response from our network people on this. The occurrence is arbitrary so I am not hopeful that this is it.
[right][post=“11114”]<{POST_SNAPBACK}>[/post][/right][/quote]
New development on the LDAP issue, one of my colleagues has noted that trying to authenticate access, matrix users userid=“name” whereas as our system uses cn=“name” for common name.
Has anyone else come up with this anomaly and if so is there a simple solution?
On the Attributes screen of the LDAP Bridge, you tell Matrix what to use for each attribute. You need to ensure that the configuration of your bridge is correct. I would suggest giving Squiz Support a call so that one of our LDAP specialists can take a look at your setup.
[quote]On the Attributes screen of the LDAP Bridge, you tell Matrix what to use for each attribute. You need to ensure that the configuration of your bridge is correct. I would suggest giving Squiz Support a call so that one of our LDAP specialists can take a look at your setup.
[right][post=“11142”]<{POST_SNAPBACK}>[/post][/right][/quote]
Thanks Avi … another slant on Occams Razor 