How to search users though all the domains?

Milan Petrovic petrovic.milan at gmail.com
Sun Jan 10 10:21:29 CET 2016 

I'm integrating Phabricator's authentication to Kolab's LDAP and would like
to have all the domains there to be able to register and login on
Phabricator.

Seeing that Kolab.org actually uses Phabricator now, makes me hope I have a
greater chance of stumbling upon someone who knows how this can be done :)

So, I basically have my rootdomain.local and two additional domains,
seconddomain.local and thirddomain.local, all three with some users who
should be able to access Phabricator.

When I set Phabricator to use only one domain for LDAP autthentication,
everything works like a charm, but I have no way to make it search for
users through other domains, too.

Phabricator allows to specify multiple query filters and I was, among other
things, trying to use "cn=kolab,cn=config" for baseDN with search filter
"(&(objectClass=inetOrgPerson)(mail=${login})(associateddomain=rootdomain.local))"
(with the idea to specify filters for each of the domains), but, although
the dirsrv log shows no error, it also shows no items found:

[10/Jan/2016:10:13:02 +0100] conn=7980 fd=94 slot=94 connection from
IP.ADDRESS to ANOTHER.IP.ADRESS
[10/Jan/2016:10:13:02 +0100] conn=7980 op=0 BIND dn="cn=Directory Manager"
method=128 version=3
[10/Jan/2016:10:13:02 +0100] conn=7980 op=0 RESULT err=0 tag=97 nentries=0
etime=0 dn="cn=directory manager"
[10/Jan/2016:10:13:02 +0100] conn=7980 op=1 SRCH base="cn=kolab,cn=config"
scope=2 filter="(&(objectClass=inetOrgPerson)(mail=milan at rootdomain.local)(associatedDomain=rootdomain.local))"
attrs=ALL
[10/Jan/2016:10:13:02 +0100] conn=7980 op=1 RESULT err=0 tag=101 nentries=0
etime=0
[10/Jan/2016:10:13:02 +0100] conn=7980 op=2 UNBIND
[10/Jan/2016:10:13:02 +0100] conn=7980 op=2 fd=94 closed - U1

So, does anyone has any idea how to approach multi-domain LDAP
authentication through Phabricator?

Would a setting solve this or the solution is through changing the way
Phabricator does the LDAP authentication in the first place (
https://github.com/phacility/phabricator/blob/master/src/applications/auth/provider/PhabricatorLDAPAuthProvider.php
)?


Thanks a lot in advance, Milan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kolab.org/pipermail/users/attachments/20160110/07e7bb1d/attachment.html>

More information about the users mailing list