Ldap Auth
10 posts
• Page 1 of 1
Hi!
I found the entries for the Ldap Authentication in the config.ini File, but if I enter our local ldap server nothing is happening after authentication (the webserver not even tries to reach the ldap server) How can I fix that? lg martin
Hi Martin, The LDAP stuff was disabled for the public release.Ê We had been using it for the plantsale auction at the university for the user info instead of storing the user info in the users tables, but in general most people won't have LDAP available so I removed it.Ê Most of the LDAP stuff has just been commented out but it would take a bit of tweaking to get it to work properly with the current setup. -Steve
Hi Steve!
We also use a central ldap server on our university for authentication - can you give me a hint in what files I have to search (at least - does dataface or webauction the ldap thing?) lg
HI Martin, It would likely be a little bit of a different setup.Ê We don't use LDAP for auth, just for accessing user info like email address, name, and phone number.Ê We use CAS for authentication.Ê In order to use LDAP properly for authentication, it will be best to create an LDAP authentication module (none exists right now).Ê You can check out the CAS authentication module for an example of how to write one. The remnants of the LDAP stuff for gathering user info can be found in the include/functions.inc.php file.Ê The getLDAPUserInfo() function. -Steve
Thank you for your help!
I have gone the dirty way and simply commented out some lines in the AuthenticationTool.php and added my Ldap Authentication (and add the user to the users table if not existing) and we all are happy ... lg Martin
Hi Martin, That's great!Ê Please consider distributing this modified module so that others can use it.Ê I'm sure that LDAP authentication would be useful to lots of other people. Best regardsSteve
Or if you don't feel it's ready to distribute, you can send it to me and I can add the finishing touches to make it more "generic". -Steve
Sure - I just changed the function below in Datafaces's AuthenticationTool.php
If you want to make it generic, I would propose you check the auth_type for ldap and put some extra options in the conf.ini: ldap_user_tree or something to specify the search base. lg Martin function checkCredentials(){ $app =& Dataface_Application::getInstance(); if ( !$this->authEnabled ) return true; if ( isset($this->delegate) and method_exists($this->delegate, 'checkCredentials') ){ return $this->delegate->checkCredentials(); } else { // The user is attempting to log in. $creds = $this->getCredentials(); if ( !isset( $creds['UserName'] ) || !isset($creds['Password']) ){ // The user did not submit a username of password for login.. trigger error. //trigger_error("Username or Password Not specified", E_USER_ERROR); return false; } // *************** LDAP CONNECT ********************* $connect = ldap_connect('10.0.0.1'); // *********** Search for the DN of the username and read mail/sn/givenname ************ $read=ldap_search($connect,"ou=Users,dc=fh-stpoelten,dc=ac.at","(uid=".trim(strtolower($creds['UserName'])).")",array("cn","givenname","sn","mail")); $info = ldap_get_entries($connect, $read); // *********** read result *************** $dn=$info[0]['dn']; if (!$dn) { ldap_close($connect); return false; } if(@ldap_bind($connect,$dn,$creds['Password'])) { $erg=mysql_query('Select * from users where username="'.trim(strtolower($creds['UserName'])).'";',$app->db()); if ( !$erg ) trigger_error(mysql_error($app->db()), E_USER_ERROR); if(mysql_num_rows($erg)<1) { $erg=mysql_query('Insert into users(username,password,firstname,lastname,title,department,phone,email,role,prefs_receive_outbid_notifications) Values("'.trim(strtolower($creds['UserName'])).'",null,"'.$info[0]['givenname'][0].'","'.$info[0]['sn'][0].'",null,null,null,"'.$info[0]['mail'][0].'","User",1);',$app->db()); if ( !$erg ) trigger_error(mysql_error($app->db()), E_USER_ERROR); } ldap_close($connect); return true; } else { ldap_close($connect); return false; } /* import('Dataface/Serializer.php'); $serializer =& new Dataface_Serializer($this->usersTable); //$res = mysql_query( $sql = "SELECT `".$this->usernameColumn."` FROM `".$this->usersTable."` WHERE `".$this->usernameColumn."`='".addslashes( $serializer->serialize($this->usernameColumn, $creds['UserName']) )."' AND `".$this->passwordColumn."`=". $serializer->encrypt( $this->passwordColumn, "'".addslashes($serializer->serialize($this->passwordColumn, $creds['Password']))."'" ); $res = mysql_query($sql, $app->db()); if ( !$res ) trigger_error(mysql_error($app->db()), E_USER_ERROR); if ( mysql_num_rows($res) === 0 ){ return false; } @mysql_free_result($res); return true; */ } }
AuthenticationTool.phpHi,
Does the entire code go in to AuthenticationTool.php function checkCredentials(){ $app =& Dataface_Application::getInstance(); if ( !$this->authEnabled ) return true; if ( isset($this->delegate) and method_exists($this->delegate, 'checkCredentials') ){ return $this->delegate->checkCredentials(); } else { // The user is attempting to log in. $creds = $this->getCredentials(); if ( !isset( $creds['UserName'] ) || !isset($creds['Password']) ){ // The user did not submit a username of password for login.. trigger error. //trigger_error("Username or Password Not specified", E_USER_ERROR); return false; } // *************** LDAP CONNECT ********************* $connect = ldap_connect('10.0.0.1'); // *********** Search for the DN of the username and read mail/sn/givenname ************ $read=ldap_search($connect,"ou=Users,dc=fh-stpoelten,dc=ac.at","(uid=".trim(strtolower($creds['UserName'])).")",array("cn","givenname","sn","mail")); $info = ldap_get_entries($connect, $read); // *********** read result *************** $dn=$info[0]['dn']; if (!$dn) { ldap_close($connect); return false; } if(@ldap_bind($connect,$dn,$creds['Password'])) { $erg=mysql_query('Select * from users where username="'.trim(strtolower($creds['UserName'])).'";',$app->db()); if ( !$erg ) trigger_error(mysql_error($app->db()), E_USER_ERROR); if(mysql_num_rows($erg)<1>db()); if ( !$erg ) trigger_error(mysql_error($app->db()), E_USER_ERROR); } ldap_close($connect); return true; } else { ldap_close($connect); return false; } /* import('Dataface/Serializer.php'); $serializer =& new Dataface_Serializer($this->usersTable); //$res = mysql_query( $sql = "SELECT `".$this->usernameColumn."` FROM `".$this->usersTable."` WHERE `".$this->usernameColumn."`='".addslashes( $serializer->serialize($this->usernameColumn, $creds['UserName']) )."' AND `".$this->passwordColumn."`=". $serializer->encrypt( $this->passwordColumn, "'".addslashes($serializer->serialize($this->passwordColumn, $creds['Password']))."'" ); $res = mysql_query($sql, $app->db()); if ( !$res ) trigger_error(mysql_error($app->db()), E_USER_ERROR); if ( mysql_num_rows($res) === 0 ){ return false; } @mysql_free_result($res); return true; */ } }
It would be better to go the module approach mentioned in http://xataface.com/forum/viewtopic.php?t=4475 than to try to modify the Authentication tool.
-Steve
10 posts
• Page 1 of 1
Return to Web Auction Discussion Who is onlineUsers browsing this forum: No registered users and 10 guests |