logo
Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error

Options
Go to last post Go to first unread
CPBOURG  
#1 Posted : Monday, September 17, 2018 8:19:50 AM(UTC)
CPBOURG

Rank: Member

Groups: Registered
Joined: 9/13/2018(UTC)
Posts: 29
Belgium
Location: Ottignies

Was thanked: 1 time(s) in 1 post(s)
Hello,

I have been struggling with the LDAP authentication, but could find a way to make it work...

Can someone provide me with some example of how to configure it?

Thanks!
Thomas
epf  
#2 Posted : Monday, September 17, 2018 9:41:26 AM(UTC)
epf

Rank: Administration

Groups: Administrators
Joined: 12/20/2013(UTC)
Posts: 653
Switzerland

Thanks: 9 times
Was thanked: 111 time(s) in 108 post(s)
LDAP authentication is configured using:
Server Manager->Configuration->Configure Web Security...

Then select the Security Provider 'LDAP Authentication'

First edit the parameters to be relevant with your implementation (Port, Server Name, etc.)

If it still not work, edit the 'Custom Security Script' to understand what is going on (may depend on your server and infrastructure).

Good luck.
CPBOURG  
#3 Posted : Monday, September 17, 2018 11:15:06 AM(UTC)
CPBOURG

Rank: Member

Groups: Registered
Joined: 9/13/2018(UTC)
Posts: 29
Belgium
Location: Ottignies

Was thanked: 1 time(s) in 1 post(s)
Thanks, I tried that, but in our configuration, it didn't work.

When comparing to other tools communicating with LDAP, I have a few more parameters:

- LDAP version (LDAPv3 for us);
- Connection filter;
- BaseDN (to specify the Organisational Unit);
- DN account (which is a 'read' profile to send a request to the AD);
- Identification field in AD (to match with the login entered);

Is it possible to specify those ones in the connection script?

Thanks!
Thomas
epf  
#4 Posted : Monday, September 17, 2018 11:44:40 AM(UTC)
epf

Rank: Administration

Groups: Administrators
Joined: 12/20/2013(UTC)
Posts: 653
Switzerland

Thanks: 9 times
Was thanked: 111 time(s) in 108 post(s)
Sorry we have no experience for advanced LDAP configuration,
You have to check MSDN for "LdapConnection", then change the code in the "Custom Security Script" after:
Code:
var ldapConnection = new LdapConnection(new LdapDirectoryIdentifier(user.Security.GetValue("ldap_server"), user.Security.GetNumericValue("ldap_port"), false, false));

CPBOURG  
#5 Posted : Wednesday, January 9, 2019 5:04:58 PM(UTC)
CPBOURG

Rank: Member

Groups: Registered
Joined: 9/13/2018(UTC)
Posts: 29
Belgium
Location: Ottignies

Was thanked: 1 time(s) in 1 post(s)
Hi there,

I finally managed to find some time to finalize the razor script to get the LDAP authentication working with Seal Report :

It works as a two step authentication:
1. The windows credentials authentication to the LDAP server (works with username, or username@domain, not case sensitive);
2. Get the group to which the user belongs from an excel sheet (couldn't find if a user could be member of many groups).

The excel sheet is called sealreport_groups.xls, and is stored in c:\SealReport folder. It contains two columns (on the first line) : Username and Group.

Possible Improvements:
- Handle many groups for one user;
- Add LDAPS connection;
- Store the groups in the Active Directory instead of the Excel sheet;
- ...

Enjoy !
Thomas



@using Seal.Model;
@using System.Net;
@using System.Data
@using System.Data.OleDb
@using Seal.Helpers
@using System.DirectoryServices;
@{
SecurityUser user = Model;
user.Name = user.WebUserName; //Display name for the log file
bool blConnected = false;


// first validate the access of the user in the LDAP
try

{
// Get the connection
DirectoryEntry Ldap = new DirectoryEntry("LDAP://yourserver", user.WebUserName, user.WebPassword);

object nativeObject = Ldap.NativeObject;
blConnected = true;

}

catch(DirectoryServicesCOMException Ex)
{

//Console.WriteLine(Ex.Message);
user.Error = Ex.Message;
}

if (blConnected == true) {

// If the connection is successfull, get the user group in the excel sheet
string connectionString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\\SealReport\\sealreport_groups.xls;Extended Properties='Excel 8.0;HDR=Yes;IMEX=1';";
OleDbConnection connection = new OleDbConnection(connectionString);
connection.Open();

OleDbCommand command = new OleDbCommand(string.Format("select Group from [Sheet1$] where Username={0}", Helper.QuoteSingle(user.WebUserName)), connection);

object group = command.ExecuteScalar();
if (group != null && group != DBNull.Value)
{
user.AddSecurityGroup((string)group);
}
else
{
user.Error = "No reporting group assigned to this user";
}
}
else {
user.Error = "Please check your user / password";
}
}

Edited by user Wednesday, January 9, 2019 5:13:28 PM(UTC)  | Reason: Not specified

thanks 1 user thanked CPBOURG for this useful post.
epf on 1/10/2019(UTC)
epf  
#6 Posted : Thursday, January 10, 2019 7:37:36 AM(UTC)
epf

Rank: Administration

Groups: Administrators
Joined: 12/20/2013(UTC)
Posts: 653
Switzerland

Thanks: 9 times
Was thanked: 111 time(s) in 108 post(s)
Thank you for sharing your experience.
What we do often is to load the Excel sheet into a table in your database using a Task (there are sample to load a table from an Excel Sheet), then you query the database (with potential other information) directly.

Otherwise it is better also to use the groups defined in the AD when possible....
Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.