Community Forums

KBPublisher Forums » KBPublisher General discussion

1. gmrstudios
   Member

   I am receiving the following errors when trying to authenticate via LDAP.:

   Error - Not enough parameters returned by remoteDoAuth function and Error Not enough parameters returned by remoteDoAuth function

   When I use the first function shown in remote_authldap.php.txt I get:

   "Login failed! Wrong username and/or password"

   When I use the second function show in remote_authldap.php.txt I get:

   "Error Not enough parameters returned by remoteDoAuth function."

   I would assume the bind is going off without a hitch because it is not returning errors. I have triple checked my settings and everything looks to be in order.

   Any help you could give on solving this would be greatly appreciated.

   Posted 2 years ago #

2. onesign
   Key Master

   "Not enough parameters returned by remoteDoAuth function" means
   what it said, your function should return associative array with keys:

   first_name
   last_name
   email
   username
   password-- as the user types when they login, that is, not encrypted
   remote_user_id -- a unique userID stored in your system, integer
   role_id - (optional)
   priv_id - (optional) privilege for user. If user has a privilege, he will have access to Admin Area

   Please read these articles
   http://www.kbpublisher.com/kb/Using-Remote-Authentication_181.html

   Posted 2 years ago #

3. gmrstudios
   Member

   Does that still apply when working with PHP for Active Directory? Here are the complete contents of my remote_auth.php file.

   
define('KB_AUTH_LOCAL', 2); // returning exiting kb user

   function remoteDoAuth($username, $password) {

   require_once 'custom/adLDAP.php';

   $auth = false;
   oif(empty($username) || empty($password)) {
   oreturn $auth;
   o}

   $username = addslashes($username);
   o$password = addslashes($password);

   //create the AD LDAP connection
   o$adldap = new adLDAP();

   // if found
   oif($adldap->authenticate($username, $password)){
   o$user = 1; // assign a user id, this user id should exists in kb user table
   o}

   return $user;
   }

   
   I am supposed to add additional information to the function?

   I have _account_suffix, _base_dn, and _domain_controllers set correctly in adldap.

   Posted 2 years ago #

4. onesign
   Key Master

   Remote Authentication is a bit tricky, you should understand how it works.

   Adding/refreshing remote user data to KB and authenticate user

   KB_AUTH_TYPE = 1

   On success, the authentication function remoteDoAuth should return an associative array with the following keys:

   first_name
   last_name
   email
   username
   password-- as the user types when they login, that is, not encrypted
   remote_user_id -- a unique userID stored in your system, integer
   role_id - (optional)
   priv_id - (optional) privilege for user. If user has a privilege, he will have access to Admin Area

   Authentication by existing KBPublisher user

   KB_AUTH_TYPE = 2

   On success, the authentication function remoteDoAuth should return the user_id of the user in the KBPublisher USER table or an associative array with keys (user_id, username), for example: array('user_id'=>7, 'username'=>'Test').

   Posted 2 years ago #

5. onesign
   Key Master

   http://www.kbpublisher.com/kb/Different-ways-for-Remote-Authentication_183.html

   Posted 2 years ago #

6. gmrstudios
   Member

   Ok, so after combing over my settings in remote_auth.php, config.inc.php, and adLDAP.php it looks like I am finally getting somewhere. In remote_auth.php when KB_AUTH_TYPE = 1 i get the following error:

   "Error Not enough parameters returned by remoteDoAuth function."

   However, when it is set to KB_AUTH_TYPE = 2 I seem to be authenticating against the LDAP database. The problem is the user is logged in as the admin account and displays the admin username! Regardless of the user that logs in they display the admins login name and have full admin area access

   Does KBPublisher create the user upon login after successful authentication? Or do you create a general user account and assign $user = in remote_auth.php to the general account?

   After two months of trying I am at my wits end! I have purchased a license and love the product but LDAP is necessary for full integration into our company. Does KBPublisher offer paid support?

   Posted 2 years ago #

7. onesign
   Key Master

   Please send us your remoteDoAuth function.

   Posted 2 years ago #

8. gmrstudios
   Member

   Here is the remoteDoAuth function. I would like a new account created upon logon utilizing the sAMAccountName as the username. What fields are required? When I try other remoteDoAuth functions I get other errors.

   function remoteDoAuth($username, $password) {
   orequire_once 'custom/adLDAP.php';

   $auth = false; if(empty($username) || empty($password)) {
   oreturn $auth;
   o}

   nection
   o$adldap = new adLDAP();

   d
   oif($adldap->authenticate($username, $password)){
   o$user = 4; // assign a user id, this user id should exist in kb user table
   o}

   $user;
   }

   Posted 2 years ago #

9. onesign
   Key Master

   "Not enough parameters returned by remoteDoAuth function" means
   what it said, your function should return associative array with keys:

   first_name
   last_name
   email
   username
   password-- as the user types when they login, that is, not encrypted
   remote_user_id -- a unique userID stored in your system, integer
   role_id - (optional)
   priv_id - (optional) privilege for user. If user has a privilege, he will have access to Admin Area

   Please read these articles
   http://www.kbpublisher.com/kb/Using-Remote-Authentication_181.html

   Please see this example
   http://www.kbpublisher.com/kb/download/19/

   Posted 2 years ago #

10. gmrstudios
    Member

    It is almost like I need a combonation of the two. The second method "// Example of using adLDAP - LDAP Authentication with PHP for Active Directory " works just fine. The problem is I would like it to create a unique user based off the AD username upon logon.

    Do you have an example of LDAP Authentican with PHP for Active Directory that creates a unique user upon logon?

    When I used the following code I received an error:

    function remoteDoAuth($username, $password) {
    
    orequire_once 'custom/adLDAP.php';
    
    o$auth = false;
    oif(empty($username) || empty($password)) {
    oreturn $auth;
    o}
    
    o$username = addslashes($username);
    o$password = addslashes($password);
    
    o//create the AD LDAP connection
    o$adldap = new adLDAP();
    
    o// if found
    oif($adldap->authenticate($username, $password)){
    o// remote_user_id is a unique id for user in your system (integer)
    o$user['first_name'] = $username;
    o$user['last_name'] = $username;
    o$user['email'] = 'test@test.com';
    o$user['username'] = $username;
    o$user['password'] = $password;
    o$user['remote_user_id'] = $username;
    
    o// assign a priv to user (optional)
    o// it is fully up to you how to determine who is authenticated and what priv to assign
    o$user['priv_id'] = 3;
    
    o// assign a role to user (optional)
    o// it is fully up to you how to determine who is authenticated and what role to assign
    o$user['role_id'] = 1;
    o}
    
    oreturn $user;
    }
    ?>

    Database error!
    1366: Incorrect integer value: 'username' for column 'imported_user_id' at row 1

    We are authenticating against LDAP but it's not creating the user.

    Posted 2 years ago #

11. onesign
    Key Master

    Database error!
    1366: Incorrect integer value: 'username' for column 'imported_user_id' at row 1

    imported_user_id should be integer (number) it should be unique from your system
    not just any number. User data will be updated depends on this value.

    $user['remote_user_id'] = 1;

    Posted 2 years ago #

12. gmrstudios
    Member

    Awesome! That seemed to work. How would you go about pulling the first_name, last_name and email from LDAP and populate the forms? I know this is probably more of an ADLDAP question but I figured I would ask here.

    Posted 2 years ago #

13. guaranteedseo
    Member

    I get same error, is this issue solved ?

    Posted 1 year ago #

14. onesign
    Key Master

    What error you have? "Error Not enough parameters returned by remoteDoAuth function." ?
    See this post please, all explained here.

    Posted 1 year ago #

15. reznix
    Member

    We were able to get remotedoauth to work with adLDAP using the following code. Please keep in mind I'm not a programmer so I can not say if this is the proper way of going about it. This does populate the desired values and we used the employeeid field in AD because it is usually a unique numerical value. It MUST be filled in and cannot be blank before it will work. When we tried the $user['remote_user_id'] = 1, a new user login would overwrite another user or would error out.

    function remoteDoAuth($username, $password) {

    require_once 'custom/adLDAP.php';

    $auth = false;
    oif(empty($username) || empty($password)) {
    oreturn $auth;
    o}

    $username = addslashes($username);
    o$password = addslashes($password);

    //create the AD LDAP connection
    o$adldap = new adLDAP();

    // if found
    oif($adldap->authenticate($username, $password)){
    o// remote_user_id is a unique id for user in your system (integer)

    // get user info
    $userinfo = $adldap->user_info($username, array("sn","givenname","mail","employeeid"));

    ame'] = $userinfo[0]['givenname'][0];
    o$user['last_name'] = $userinfo[0]['sn'][0];
    o$user['email'] = $userinfo[0]['mail'][0];
    o$user['username'] = $username;
    o$user['password'] = $password;
    o$user['remote_user_id'] = $userinfo[0]['employeeid'][0];

    a priv to user (optional)
    o// it is fully up to you how to determine who is authenticated and what priv to

    assign
    o$user['priv_id'] = 3;

    a role to user (optional)
    o// it is fully up to you how to determine who is authenticated and what role to

    assign
    o$user['role_id'] = 1;
    o}

    return $user;
    }
    ?>

    Hope this saves someone else some time and effort.

    Posted 1 year ago #

16. gmrstudios
    Member

    
    

    Posted 1 year ago #

17. gmrstudios
    Member

    Thank you Reznix! I receive the following error whenever I try to logon a second time:

    1062: Duplicate entry '7181504180907210526' for key 'imported_user_id'

    How do you have your KB_AUTH settings defined? It seems as though it is trying to recreate the user upon logon. Any tips? It seems that we are finally getting close to a workable solution for my orginization. Thanks in advance.

    My settings are as follows:

    define('KB_AUTH_AREA', 2);
    define('KB_AUTH_LOCAL', 0);
    define('KB_AUTH_LOCAL_IP', '127.0.0.1-127.0.0.3;208.34.45.1');
    define('KB_AUTH_TYPE', 1); I changed this to "0" and it still produced the same error.
    define('KB_AUTH_REFRESH_TIME', 1); //3600*24*30

    Posted 1 year ago #

18. reznix
    Member

    My settings are

    define('KB_AUTH_AREA', 2);
    define('KB_AUTH_LOCAL', 2);
    define('KB_AUTH_LOCAL_IP', '127.0.0.1-127.0.0.3); - I also added some of our internal IP's to allow the admin login
    define('KB_AUTH_TYPE', 1);
    define('KB_AUTH_REFRESH_TIME', 0); //3600*24*30 - We decided not to update the account info as it is only the name and email fields, which don't change that often. AD Password changes do not seem to be affected.

    The imported_user_id field is in the kbp_user table which you can see in phpmyadmin.

    Posted 1 year ago #

RSS feed for this topic

Reply

You must log in to post.