Unable to get AuthProc to remap attributes

[Ben Plessinger]

I am trying to setup ldap authentication and am unable to get the AuthProc to remap the attibutes to what I need them to be.
I am testing against the free ldap.forumsys.com ldap server (http://www.forumsys.com/en/tutorials/integration-how-to/ldap/online-ldap-test-server/) for this example, it gets information back but does not seem to do the authproc,  any advice?

<?php
$config = array(
  'ldap-forumsys' => array(
    'ldap:LDAP',
    /*
     * testing username and pass:
     * Username: tesla
     * Password: password
     */
   
    /* The hostname of the LDAP server. */
    'hostname' => 'ldap.forumsys.com',

    /* Whether SSL/TLS should be used when contacting the LDAP server. */
    'enable_tls' => FALSE,

    /*
    * Which attributes should be retrieved from the LDAP server.
    * This can be an array of attribute names, or NULL, in which case
    * all attributes are fetched.
    */
    'attributes' => NULL,

    /*
    * The pattern which should be used to create the user's DN given the username.
    * %username% in this pattern will be replaced with the user's username.
    *
    * This option is not used if the search.enable option is set to TRUE.
    */
    'dnpattern' => 'uid=%username%,dc=example,dc=com',

    /*
    * As an alternative to specifying a pattern for the users DN, it is possible to
    * search for the username in a set of attributes. This is enabled by this option.
    */
    'search.enable' => FALSE,

    /*
    * The DN which will be used as a base for the search.
    * This can be a single string, in which case only that DN is searched, or an
    * array of strings, in which case they will be searched in the order given.
    */
    'search.base' => 'dc=example,dc=com',

    /*
    * The attribute(s) the username should match against.
    *
    * This is an array with one or more attribute names. Any of the attributes in
    * the array may match the value the username.
    */
    'search.attributes' => array('uid', 'mail'),

    /*
    * The username & password where SimpleSAMLphp should bind to before searching. If
    * this is left NULL, no bind will be performed before searching.
    */
    'search.username' => NULL,
    'search.password' => NULL,
    'authproc' => array(
      40 => array(
        'class' => 'core:AttributeMap',
        'attributes' => array(
          'mail' => 'email_address',
          'cn' => 'first_name',
          'sn' => 'last_name',
          'homeDirectory' => 'field_of_science',
          'uid' => 'username'
        )
      )
    )
  ),
  'admin' => array(
    // The default is to use core:AdminPassword, but it can be replaced with
    // any authentication source.
    'core:AdminPassword',
  ),
);

[Jaime Perez Crespo]

Hi Ben,

Authproc filters are not executed when testing an authentication source, only when actually performing authentication.

--
Jaime Pérez
UNINETT / Feide

jaime...@uninett.no
jaime...@protonmail.com
9A08 EA20 E062 70B4 616B 43E3 562A FE3A 6293 62C2

"Two roads diverged in a wood, and I, I took the one less traveled by, and that has made all the difference."
- Robert Frost

[Ben Plessinger]

When I mentioned testing the auth source, I did mean the actual authentication that happens after using /simplesaml/module.php/core/authenticate.php

Which does work and they do fire.

I resolved my issue as well.

I was setting up just authsources.php  I needed to set up an IDP as well .

Thank You,
Ben