Ldap Auth

by **idefixgallier** » Tue Jun 19, 2007 6:39 am

Hi!

I found the entries for the Ldap Authentication in the config.ini File, but
if I enter our local ldap server nothing is happening after authentication (the webserver
not even tries to reach the ldap server)

How can I fix that?

lg
martin

by **shannah** » Tue Jun 19, 2007 10:28 am

Hi Martin,

The LDAP stuff was disabled for the public release.ÃŠ We had been using it for the plantsale auction at the university for the user info instead of storing the user info in the users tables, but in general most people won't have LDAP available so I removed it.ÃŠ Most of the LDAP stuff has just been commented out but it would take a bit of tweaking to get it to work properly with the current setup.

-Steve

by **idefixgallier** » Wed Jun 20, 2007 1:18 am

Hi Steve!

We also use a central ldap server on our university for authentication - can
you give me a hint in what files I have to search (at least - does dataface or webauction the ldap thing?)

lg

by **shannah** » Wed Jun 20, 2007 1:54 am

HI Martin,

It would likely be a little bit of a different setup.ÃŠ We don't use LDAP for auth, just for accessing user info like email address, name, and phone number.ÃŠ We use CAS for authentication.ÃŠ In order to use LDAP properly for authentication, it will be best to create an LDAP authentication module (none exists right now).ÃŠ You can check out the CAS authentication module for an example of how to write one.

The remnants of the LDAP stuff for gathering user info can be found in the include/functions.inc.php file.ÃŠ The getLDAPUserInfo() function.

-Steve

by **idefixgallier** » Wed Jun 20, 2007 6:51 am

Thank you for your help!

I have gone the dirty way and simply commented out some lines in the AuthenticationTool.php and added my Ldap Authentication (and
add the user to the users table if not existing) and we all are happy ...

lg
Martin

by **shannah** » Wed Jun 20, 2007 4:39 pm

Hi Martin,

That's great!ÃŠ Please consider distributing this modified module so that others can use it.ÃŠ I'm sure that LDAP authentication would be useful to lots of other people.

Best regards
Steve

by **shannah** » Wed Jun 20, 2007 4:40 pm

Or if you don't feel it's ready to distribute, you can send it to me and I can add the finishing touches to make it more "generic".

-Steve

by **idefixgallier** » Thu Jun 21, 2007 5:06 am

Sure - I just changed the function below in Datafaces's AuthenticationTool.php

If you want to make it generic, I would propose you check the auth_type for ldap
and put some extra options in the conf.ini:
ldap_user_tree or something to specify the search base.

lg
Martin

function checkCredentials(){
$app =& Dataface_Application::getInstance();
if ( !$this->authEnabled ) return true;
if ( isset($this->delegate) and method_exists($this->delegate, 'checkCredentials') ){
return $this->delegate->checkCredentials();
} else {
// The user is attempting to log in.
$creds = $this->getCredentials();
if ( !isset( $creds['UserName'] ) || !isset($creds['Password']) ){
// The user did not submit a username of password for login.. trigger error.
//trigger_error("Username or Password Not specified", E_USER_ERROR);
return false;
}

// *************** LDAP CONNECT *********************
$connect = ldap_connect('10.0.0.1');

// *********** Search for the DN of the username and read mail/sn/givenname ************
$read=ldap_search($connect,"ou=Users,dc=fh-stpoelten,dc=ac.at","(uid=".trim(strtolower($creds['UserName'])).")",array("cn","givenname","sn","mail"));
$info = ldap_get_entries($connect, $read);
// *********** read result ***************
$dn=$info[0]['dn'];
if (!$dn)
{
ldap_close($connect);
return false;
}
if(@ldap_bind($connect,$dn,$creds['Password']))
{
$erg=mysql_query('Select * from users where username="'.trim(strtolower($creds['UserName'])).'";',$app->db());
if ( !$erg ) trigger_error(mysql_error($app->db()), E_USER_ERROR);
if(mysql_num_rows($erg)<1)
{
$erg=mysql_query('Insert into users(username,password,firstname,lastname,title,department,phone,email,role,prefs_receive_outbid_notifications) Values("'.trim(strtolower($creds['UserName'])).'",null,"'.$info[0]['givenname'][0].'","'.$info[0]['sn'][0].'",null,null,null,"'.$info[0]['mail'][0].'","User",1);',$app->db());
if ( !$erg ) trigger_error(mysql_error($app->db()), E_USER_ERROR);
}
ldap_close($connect);
return true;
}
else
{
ldap_close($connect);
return false;
}

/* import('Dataface/Serializer.php');
$serializer =& new Dataface_Serializer($this->usersTable);
//$res = mysql_query(
$sql = "SELECT `".$this->usernameColumn."` FROM `".$this->usersTable."`
WHERE `".$this->usernameColumn."`='".addslashes(
$serializer->serialize($this->usernameColumn, $creds['UserName'])
)."'
AND `".$this->passwordColumn."`=".
$serializer->encrypt(
$this->passwordColumn,
"'".addslashes($serializer->serialize($this->passwordColumn, $creds['Password']))."'"
);
$res = mysql_query($sql, $app->db());
if ( !$res ) trigger_error(mysql_error($app->db()), E_USER_ERROR);

if ( mysql_num_rows($res) === 0 ){
return false;
}
@mysql_free_result($res);
return true; */
}

}

by **ikramahamed82** » Wed Mar 04, 2009 6:59 am

Hi,

Does the entire code go in to AuthenticationTool.php

function checkCredentials(){
$app =& Dataface_Application::getInstance();
if ( !$this->authEnabled ) return true;
if ( isset($this->delegate) and method_exists($this->delegate, 'checkCredentials') ){
return $this->delegate->checkCredentials();
} else {
// The user is attempting to log in.
$creds = $this->getCredentials();
if ( !isset( $creds['UserName'] ) || !isset($creds['Password']) ){
// The user did not submit a username of password for login.. trigger error.
//trigger_error("Username or Password Not specified", E_USER_ERROR);
return false;
}

// *************** LDAP CONNECT *********************
$connect = ldap_connect('10.0.0.1');

// *********** Search for the DN of the username and read mail/sn/givenname ************
$read=ldap_search($connect,"ou=Users,dc=fh-stpoelten,dc=ac.at","(uid=".trim(strtolower($creds['UserName'])).")",array("cn","givenname","sn","mail"));
$info = ldap_get_entries($connect, $read);
// *********** read result ***************
$dn=$info[0]['dn'];
if (!$dn)
{
ldap_close($connect);
return false;
}
if(@ldap_bind($connect,$dn,$creds['Password']))
{
$erg=mysql_query('Select * from users where username="'.trim(strtolower($creds['UserName'])).'";',$app->db());
if ( !$erg ) trigger_error(mysql_error($app->db()), E_USER_ERROR);
if(mysql_num_rows($erg)<1>db());
if ( !$erg ) trigger_error(mysql_error($app->db()), E_USER_ERROR);
}
ldap_close($connect);
return true;
}
else
{
ldap_close($connect);
return false;
}

/* import('Dataface/Serializer.php');
$serializer =& new Dataface_Serializer($this->usersTable);
//$res = mysql_query(
$sql = "SELECT `".$this->usernameColumn."` FROM `".$this->usersTable."`
WHERE `".$this->usernameColumn."`='".addslashes(
$serializer->serialize($this->usernameColumn, $creds['UserName'])
)."'
AND `".$this->passwordColumn."`=".
$serializer->encrypt(
$this->passwordColumn,
"'".addslashes($serializer->serialize($this->passwordColumn, $creds['Password']))."'"
);
$res = mysql_query($sql, $app->db());
if ( !$res ) trigger_error(mysql_error($app->db()), E_USER_ERROR);

if ( mysql_num_rows($res) === 0 ){
return false;
}
@mysql_free_result($res);
return true; */
}

}

by **shannah** » Thu Mar 05, 2009 9:38 am

It would be better to go the module approach mentioned in http://xataface.com/forum/viewtopic.php?t=4475 than to try to modify the Authentication tool.

-Steve

Ldap Auth

AuthenticationTool.php

Who is online