LDAP Authentication [SOLVED]
Posted: Fri Mar 12, 2010 7:28 pm
Hi All,
I've checked out this link viewtopic.php?t=4475 but still can't get LDAP authentication to work. In fact, the webserver doesn't even try to contact the LDAP server (In this instance a Windows Domain Controller). Any ideas why? Here's my config.
conf.ini
and I have "ldap.php" file in dataface/modules/Auth/ldap/
I've tried this with the function checkCredentials() section in AuthenticationTool.php commented out as well as being left as standard. Either way, the webserver never even tries to contact the Domain Controller.
Have I missed something obvious?
Cheers
Paul
I've checked out this link viewtopic.php?t=4475 but still can't get LDAP authentication to work. In fact, the webserver doesn't even try to contact the LDAP server (In this instance a Windows Domain Controller). Any ideas why? Here's my config.
conf.ini
- Code: Select all
[_auth]
auth_type= "ldap"
users_table = "Users"
username_column = "UserName"
password_column = "Password"
ldap_host = "1.1.1.1"
ldap_port = "389"
ldap_base = "dc=sub,dc=my,dc=domain"
ldap_group = "Domain Admins"
ldap_suffix = "MY.DOMAIN"
and I have "ldap.php" file in dataface/modules/Auth/ldap/
- Code: Select all
<?php
/**
* Implementation of checkCredentials() hook. This checks the
* credentials to see if the username/password combination are
* correct.
*/
function checkCredentials(){
$auth =& Dataface_AuthenticationTool::getInstance();
$app =& Dataface_Application::getInstance();
$creds = $auth->getCredentials();
if ( !isset($auth->conf['ldap_host']) ) $auth->conf['ldap_host'] = 'localhost';
if ( !isset($auth->conf['ldap_port']) ) $auth->conf['ldap_port'] = null;
if ( !isset($auth->conf['ldap_base']) ){
trigger_error("Please specify the LDAP basedn in the [_auth] section of the conf.ini file.", E_USER_ERROR);
}
if ( !function_exists('ldap_connect') ){
trigger_error("Please install the PHP LDAP module in order to user LDAP authentication.", E_USER_ERROR);
}
//echo "qui";
$ds = ldap_connect($auth->conf['ldap_host'], $auth->conf['ldap_port']);
if ( !$ds ) trigger_error("Failed to connect to LDAP server", E_USER_ERROR);
$good=false;
if ( @ldap_bind( $ds, $creds['UserName'].'@'.$auth->conf['ldap_suffix'], $creds['Password']) )
{
$result = ldap_search($ds, $auth->conf['ldap_base'], '(samaccountname='.$creds['UserName'].')');
//Create result set
$entries = ldap_get_entries($ds, $result);
//Sort and print
//echo "User count: " . $entries["count"] . "<br /><br /><b>Users:</b><br />";
//print_r ($entries);
for ($i=0; $i < $entries["count"]; $i++)
{
//echo "name:".$entries[$i]["displayname"][0]."<br />\n";
//Autoinsert in usertable if user in ldap not exist
foreach ($entries[$i]['memberof'] as &$value)
{
list($attribute) = explode(',', $value);
if ($attribute == "CN=".$auth->conf['ldap_group'])
{
//echo "member:".$attribute."<br />\n";
$good=true;
$sql = "select * from ".$auth->conf['users_table']." where ".$auth->conf['username_column']."='".$creds['UserName']."'";
$res = mysql_query($sql, $app->db()) or
trigger_error("Failed to get username from usertable qry:".$sql." Err:".mysql_query(), E_USER_ERROR);
//insert new user with default role
if (mysql_num_rows($res) < 1 )
{
$sql = "insert into ".$auth->conf['users_table']." (".$auth->conf['username_column'].",ROLE) value ('".$creds['UserName']."','ADMIN')";
$res = mysql_query($sql, $app->db()) or
trigger_error("Failed to insert username into usertable qry:".$sql." Err:".mysql_query(), E_USER_ERROR);
}
break;
}
}
}
ldap_unbind($ds);
}
return $good;
}
?>
I've tried this with the function checkCredentials() section in AuthenticationTool.php commented out as well as being left as standard. Either way, the webserver never even tries to contact the Domain Controller.
Have I missed something obvious?
Cheers
Paul