I'm using the function AuthHelper, which is used to test ldap access (cf sep.inc.adldap_sample.php in the sample folder)
In my case : SSO requires to create "Domain\Username" accounts but ldap authentication is only done with Username
So in function AuthHelper($username, $password, array& $groups)
Instead of using : $adldap->authenticate($username, $password)
$adldap = new adLDAP($options);
Hope it may help you.
thanks for your hint.
Your solution is only working if you still keep the users without domain prefix in Jedox, right?
So for example your System-db dimension #_USER_ contains "UserA" as well as "domain\UserA".
In our environment I'm trying to exchange the "UserA" to "domain\UserA" in #_User_ because I only want to keep every user once.
No need to create users twice, I just create "domain\UserA" and modify the function AuthHelper as explained: I split "domain\UserA" to get "UserA" and perform the AD authentication.
Macht es gut.
I tried the same thing, but without success. I also use the sample script for LDAP.
Could you pls post your config in palo.ini regarding SSO and LDAP authentification?
Thanks and regards,
I got it.
The problem was the workerlogin information attribute in palo.ini.
By uncommenting this line, LDAP works fine.
The only thing I cant solve:
I would like the user to enter only the username (without domain\ prefix) when using LDAP authentication.
Good news. regarding domains, your idea seems difficult to implement because I have the feeling that public function OnUserAuthenticate($username, $password) only offer you the ability to pass parameter by value and not by address
Can you please provide your custom php file code that you used ??