Xataface Forums

Put a face on your database
http://xataface.com/forum/

LDAP

http://xataface.com/forum/viewtopic.php?f=4&t=4475

Page 1 of 1

LDAP

PostPosted: Tue May 20, 2008 5:08 am
by Jean
Hi Steve,
Is there a LDAP authentification module for Xataface ?
Thank you
Jean

PostPosted: Tue May 20, 2008 10:12 am
by shannah
Hi Jean,

I have just uploaded an LDAP module at
http://weblite.ca/svn/dataface/modules/Auth/ldap/trunk/

Note that I have only ever used this module on our single server so it may require tweaking to work for other servers. Let me know how it goes.

Best regards

Steve

PostPosted: Tue May 20, 2008 11:53 pm
by Jean
OK Thank you Steve.

PostPosted: Wed May 21, 2008 2:14 am
by Jean
Steve,
I use the module, it is fine except I have several variables that are not taken into account
ldap_basedn= "DC=intranet"
I have given the same value to ldap_base
ldap_rootdn=administrateur@intranet
ldap_pass =****
ldap_condition = "&(objectClass=user)(objectCategory=person))"
ldap_login = samaccountname
So my connection fails.
Have you any suggestion for modifications in ldap.php to adapt it to this case ?
Jean

PostPosted: Wed May 21, 2008 2:45 am
by Jean
Sorry, the connection succeeds but the search fails on the line

$r = @ldap_search($ds, $creds['UserName']'uid='.$creds['UserName'].', '.$auth->conf['ldap_base'],'objectclass=*' );

PostPosted: Wed May 21, 2008 6:10 am
by shannah
The module only accepts 3 parameters:
ldap_base
ldap_port
ldap_host

All of the LDAP parameters should be able to be included in one of these options. LDAP base should include the basedn as well as any search parameters.

You can try something like

ldap_base="DC=internet, objectclass=user, objectcategory=person"

The login/pass information wouldn't be stored in the config file, it would be taken via that login screen.

It this doesn't work for you, let me know. I had to do quite a bit of monkeying around to get everything right for my server. And there are a few things that can be changed.

-Steve

PostPosted: Thu May 22, 2008 2:24 am
by Jean
Hi Steve,
I found my solution. We use LDAP on Active Directory. Here is the code I used
Code: Select all
   function checkCredentials(){
      $auth =& Dataface_AuthenticationTool::getInstance();
      $app =& Dataface_Application::getInstance();
      
      $creds = $auth->getCredentials();
      if ( !isset($auth->conf['ldap_host']) ) $auth->conf['ldap_host'] = 'localhost';
      if ( !isset($auth->conf['ldap_port']) ) $auth->conf['ldap_port'] = null;
      if ( !isset($auth->conf['ldap_base']) ){
         trigger_error("Please specify the LDAP basedn in the [_auth] section of the conf.ini file.", E_USER_ERROR);
      }
      
      if ( !function_exists('ldap_connect') ){
         trigger_error("Please install the PHP LDAP module in order to user LDAP authentication.", E_USER_ERROR);
      }
      $ds = ldap_connect($auth->conf['ldap_host'], $auth->conf['ldap_port']);   
      if ( !$ds ) trigger_error("Failed to connect to LDAP server", E_USER_ERROR);
      $filter='samaccountname='.$creds['UserName'];


            if ( ldap_bind( $ds, $creds['UserName'].'@intranet', $creds['Password']) ){

               return true;
            }

      
      return false;
   }

Inside the if bind block, I could perform a search to have more informations (mail...) but I don't need to.
Jean

PostPosted: Thu May 22, 2008 10:33 am
by shannah
Thanks Jean,

Thanks for posting your changes. I'm going to see if I can get it working with something similar to what you have. (Your version looks "nicer" than mine, as it makes sense that you shouldn't have to do an ldap_search at all).

-Steve

PostPosted: Thu Feb 26, 2009 7:07 am
by fantomasdm
Hi, I try to use it on xataface 1.1.5 but seem to me that isn't work!
I put ldap.php in xataface-1.1.5\modules\Auth\ldap directory
and set config.ini:
auth_type=ldap
users_table="User"
username_column="username"
ldap_host = "12.12.1.1"
ldap_port = "389"
ldap_base = "ou=Dipendenti, dc=prova, dc=it"

for access I have to use account like :prova.it\fantomas.pluto?

is possible to restrict use of application to only a group?

PostPosted: Thu Feb 26, 2009 8:53 am
by shannah
LDAP can be a bit of a pain to get working as everyone's server seems to have slightly different settings that need to be set. By "doesn't work" do you mean that you just can't log in. Does it just say "incorrect username or password?".

You may want to look at the changes that Jean made to get it working on his set up and see if this (or a variation of it) will work better for you.

-Steve

PostPosted: Tue Mar 03, 2009 6:46 am
by fantomasdm
Hi I have develop a new module for autetification on ldap with setting a group member.

Code: Select all
   function checkCredentials(){
       
     $auth =& Dataface_AuthenticationTool::getInstance();
      $app =& Dataface_Application::getInstance();
     
      $creds = $auth->getCredentials();
      if ( !isset($auth->conf['ldap_host']) ) $auth->conf['ldap_host'] = 'localhost';
      if ( !isset($auth->conf['ldap_port']) ) $auth->conf['ldap_port'] = null;
      if ( !isset($auth->conf['ldap_base']) ){
         trigger_error("Please specify the LDAP basedn in the [_auth] section of the conf.ini file.", E_USER_ERROR);
      }
     
      if ( !function_exists('ldap_connect') ){
         trigger_error("Please install the PHP LDAP module in order to user LDAP authentication.", E_USER_ERROR);
      }
     //echo "qui";
      $ds = ldap_connect($auth->conf['ldap_host'], $auth->conf['ldap_port']);   
      if ( !$ds ) trigger_error("Failed to connect to LDAP server", E_USER_ERROR);
     
    
    
     $good=false;
    
     if ( @ldap_bind( $ds, $creds['UserName'].'@'.$auth->conf['ldap_prefix'], $creds['Password']) )
     {
      $result = ldap_search($ds, $auth->conf['ldap_base'], '(samaccountname='.$creds['UserName'].')');
       
      //Create result set
      $entries = ldap_get_entries($ds, $result);

      //Sort and print
      //echo "User count: " . $entries["count"] . "<br /><br /><b>Users:</b><br />";
      //print_r ($entries);   
      for ($i=0; $i < $entries["count"]; $i++)
      {
         //echo "name:".$entries[$i]["displayname"][0]."<br />\n";

         foreach ($entries[$i]['memberof'] as &$value)
         {
            list($attribute) = explode(',', $value);
            if ($attribute == "CN=".$auth->conf['ldap_group'])
               $good=true;
            //echo "member:".$attribute."<br />\n";
         }
      }
      ldap_unbind($ds);
      
     }
    
     return $good;
    
}   



and use in config.ini thi parameter:

Code: Select all
ldap_host = "10.10.10.10"
ldap_port = "389"
ldap_base = "ou=Dipendenti, dc=prova, dc=it"
ldap_prefix =  "inmi.it"
ldap_group = "GRPInternet"



now I whant to add a user in my usertable, whe it is not present here!
I have to use sql insert or there is a shortcut?

Very sorry for my English!!!

PostPosted: Tue Mar 03, 2009 8:34 am
by shannah
I have to use sql insert or there is a shortcut?


SQL should work fine.

PostPosted: Wed Mar 04, 2009 1:36 am
by fantomasdm
HI this is my last vertion of ldap auth module, if user in ldap don't exist in usertable, I add it!!
Code: Select all
   function checkCredentials(){
       
     $auth =& Dataface_AuthenticationTool::getInstance();
      $app =& Dataface_Application::getInstance();
     
      $creds = $auth->getCredentials();
      if ( !isset($auth->conf['ldap_host']) ) $auth->conf['ldap_host'] = 'localhost';
      if ( !isset($auth->conf['ldap_port']) ) $auth->conf['ldap_port'] = null;
      if ( !isset($auth->conf['ldap_base']) ){
         trigger_error("Please specify the LDAP basedn in the [_auth] section of the conf.ini file.", E_USER_ERROR);
      }
     
      if ( !function_exists('ldap_connect') ){
         trigger_error("Please install the PHP LDAP module in order to user LDAP authentication.", E_USER_ERROR);
      }
     //echo "qui";
      $ds = ldap_connect($auth->conf['ldap_host'], $auth->conf['ldap_port']);   
      if ( !$ds ) trigger_error("Failed to connect to LDAP server", E_USER_ERROR);
     
    
    
     $good=false;
    
     if ( @ldap_bind( $ds, $creds['UserName'].'@'.$auth->conf['ldap_prefix'], $creds['Password']) )
     {
      $result = ldap_search($ds, $auth->conf['ldap_base'], '(samaccountname='.$creds['UserName'].')');
       
      //Create result set
      $entries = ldap_get_entries($ds, $result);

      //Sort and print
      //echo "User count: " . $entries["count"] . "<br /><br /><b>Users:</b><br />";
      //print_r ($entries);   
      for ($i=0; $i < $entries["count"]; $i++)
      {
         //echo "name:".$entries[$i]["displayname"][0]."<br />\n";

         //Autoinsert in usertable if user in ldap not exist
         foreach ($entries[$i]['memberof'] as &$value)
         {
            list($attribute) = explode(',', $value);
            if ($attribute == "CN=".$auth->conf['ldap_group'])
            {
               //echo "member:".$attribute."<br />\n";
               $good=true;
               
               $sql = "select * from ".$auth->conf['users_table']." where ".$auth->conf['username_column']."='".$creds['UserName']."'";
               $res = mysql_query($sql, $app->db()) or
               trigger_error("Failed to get username from usertable qry:".$sql." Err:".mysql_query(), E_USER_ERROR);
               //insert new user with default role
               if (mysql_num_rows($res)  < 1 )
               {
                  $sql = "insert into ".$auth->conf['users_table']." (".$auth->conf['username_column'].",ROLE) value ('".$creds['UserName']."','ADMIN')";
                  $res = mysql_query($sql, $app->db()) or
                  trigger_error("Failed to insert username into  usertable qry:".$sql." Err:".mysql_query(), E_USER_ERROR);
               }
               
               break;
            }
            
         }
      }
      ldap_unbind($ds);
      
     }
    
     return $good;
    
}    


Default role in mycase is ADMIN....
All times are UTC - 7 hours
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/