Well, since I've gone and messed up my database, I've re-installed the
entire system. While I am at it, or since my db hasn't really grown and is
still young, I would like to know if the LDAP/AD patches are ready yet so
that I can re-install again with that.
Thanks,
.vp
>From: "Clayton Dukes" <cdukes@xxxxxxxxx>
>No in it's current implementation...sorry :-)
>
>
>On 7/30/07, Vadim Pushkin <wiskbroom@xxxxxxxxxxx> wrote:
> >
> > Greetings Thomas;
> >
> > Would there be any way to limit the hosts that a users is able to view
> > logs
> > from?
> >
> > In my environment I do not want to let the Mail Admins see the logs from
> > the
> > firewalls, and vice-versa.
> >
> > Thank you,
> >
> > .vp
> >
> >
> > >From: "Thomas Cort" <linuxgeek@xxxxxxxxx>
> >
> > >Here's a status update on the LDAP/AD login stuff I've been working on
> > >for php-syslog-ng....
> > >
> > >I've posted a work in progress patch that I'll update as I finish
> > >things up. Please don't merge it just yet, I need to finish the
> > >configuration page and get some user feedback. More details below. The
> > >URL is:
> > >
> > >http://tomcort.com/patches/php-syslog-ng-2.9.3c-tcort.patch
> > >
> > >I made some changes to the LDAP/AD code I'd written to allow you to
> > >define multiple authentication servers if you want. For example, you
> > >could have user 'foo' authenticate against server 'ldap00' and user
> > >'bar' could authenticate against 'ldap01'. As a result, I didn't have
> > >quite enough time to finish the configuration page. I thought I'd post
> > >the patch to show that some progress is being made and that it really
> > >isn't vaporware.
> > >
> > >My patch requires some database changes. An update script is available
> > >here:
> > >
> > >http://tomcort.com/patches/php-syslog-ng-2.9.3c-tcort.sql
> > >
> > >Since the configuration page isn't done yet, you'll need to manually
> > >set things up in the database if you want to do any testing with my
> > >patch. The configuration file (config.php) also needs to be updated.
> > >I've tested the code successfully with IBM Tivoli Directory Server on
> > >AIX 5.3 and Active Directory running on Win2k (I think). Here are the
> > >instructions...
> > >
> > >config.php changes
> > >=================
> > >add these 4 lines:
> > >
> > >define('AUTHSERVERSTABLENAME', 'auth_servers');
> > >define('USERSAUTHSERVERSTABLENAME', 'users_auth_servers');
> > >define('AUTHTYPESTABLENAME', 'auth_types');
> > >define('USERSAUTHTYPESTABLENAME', 'users_auth_types');
> > >
> > >Database changes
> > >================
> > >Run the SQL linked to above.
> > >
> > >For an active directory user
> > >=======================
> > >Setup the server...
> > >INSERT INTO auth_servers (host,binddn,user,passwd) VALUES
> > >('DOMAIN_CONTROLLER_HOSTNAME_HERE','WINDOWS_DOMAIN_NAME_HERE','','');
> > >
> > >Look up the user's id from the 'users' table and the server's id from
> > >the auth_servers table...
> > >SELECT id FROM users WHERE username = 'INSERT_USERNAME_HERE';
> > >SELECT id FROM auth_servers WHERE host =
> > >'DOMAIN_CONTROLLER_HOSTNAME_HERE' and binddn =
> > >'WINDOWS_DOMAIN_NAME_HERE';
> > >
> > >Set the user's server
> > >INSERT INTO users_auth_servers (userid, serverid) VALUES
> > >('USERID_FROM_ABOVE', 'SERVERID_FROM_ABOVE');
> > >
> > >Look up the user's id and the "AD" auth type id...
> > >SELECT id FROM users WHERE username = 'INSERT_USERNAME_HERE';
> > >SELECT id FROM auth_types WHERE method = "AD";
> > >
> > >Set the user's authentication type
> > >INSERT INTO users_auth_types (userid,typeid) VALUES
> > >('USERID_FROM_ABOVE', 'TYPEID_FROM_ABOVE');
> > >
> > >For an ldap user
> > >==============
> > >
> > >Setup the server...
> > >INSERT INTO auth_servers (host,binddn,user,passwd) VALUES
> > >('LDAP_SERVER_HOSTNAME_HERE','BINDDN_HERE','LDAP_USER','LDAP_PASS');
> > >
> > >Look up the user's id from the 'users' table and the server's id from
> > >the auth_servers table...
> > >SELECT id FROM users WHERE username = 'INSERT_USERNAME_HERE';
> > >SELECT id FROM auth_servers WHERE host = 'LDAP_SERVER_HOSTNAME_HERE'
> > >and binddn = 'BINDDN_HERE';
> > >
> > >Set the user's server
> > >INSERT INTO users_auth_servers (userid, serverid) VALUES
> > >('USERID_FROM_ABOVE', 'SERVERID_FROM_ABOVE');
> > >
> > >Look up the user's id and the "AD" auth type id...
> > >SELECT id FROM users WHERE username = 'INSERT_USERNAME_HERE';
> > >SELECT id FROM auth_types WHERE method = "LDAP";
> > >
> > >Set the user's authentication type
> > >INSERT INTO users_auth_types (userid,typeid) VALUES
> > >('USERID_FROM_ABOVE', 'TYPEID_FROM_ABOVE');
> > >
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
|
