LDAP

A place for users and developers of the Xataface to discuss and receive support.

LDAP

Postby Jean » Tue May 20, 2008 5:08 am

Hi Steve,
Is there a LDAP authentification module for Xataface ?
Thank you
Jean
Jean
 
Posts: 259
Joined: Wed Nov 07, 2007 1:30 am
Location: Pau, France

Postby shannah » Tue May 20, 2008 10:12 am

Hi Jean,

I have just uploaded an LDAP module at
http://weblite.ca/svn/dataface/modules/Auth/ldap/trunk/

Note that I have only ever used this module on our single server so it may require tweaking to work for other servers. Let me know how it goes.

Best regards

Steve
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm

Postby Jean » Tue May 20, 2008 11:53 pm

OK Thank you Steve.
Jean
 
Posts: 259
Joined: Wed Nov 07, 2007 1:30 am
Location: Pau, France

Postby Jean » Wed May 21, 2008 2:14 am

Steve,
I use the module, it is fine except I have several variables that are not taken into account
ldap_basedn= "DC=intranet"
I have given the same value to ldap_base
ldap_rootdn=administrateur@intranet
ldap_pass =****
ldap_condition = "&(objectClass=user)(objectCategory=person))"
ldap_login = samaccountname
So my connection fails.
Have you any suggestion for modifications in ldap.php to adapt it to this case ?
Jean
Jean
 
Posts: 259
Joined: Wed Nov 07, 2007 1:30 am
Location: Pau, France

Postby Jean » Wed May 21, 2008 2:45 am

Sorry, the connection succeeds but the search fails on the line

$r = @ldap_search($ds, $creds['UserName']'uid='.$creds['UserName'].', '.$auth->conf['ldap_base'],'objectclass=*' );
Jean
 
Posts: 259
Joined: Wed Nov 07, 2007 1:30 am
Location: Pau, France

Postby shannah » Wed May 21, 2008 6:10 am

The module only accepts 3 parameters:
ldap_base
ldap_port
ldap_host

All of the LDAP parameters should be able to be included in one of these options. LDAP base should include the basedn as well as any search parameters.

You can try something like

ldap_base="DC=internet, objectclass=user, objectcategory=person"

The login/pass information wouldn't be stored in the config file, it would be taken via that login screen.

It this doesn't work for you, let me know. I had to do quite a bit of monkeying around to get everything right for my server. And there are a few things that can be changed.

-Steve
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm

Postby Jean » Thu May 22, 2008 2:24 am

Hi Steve,
I found my solution. We use LDAP on Active Directory. Here is the code I used
Code: Select all
   function checkCredentials(){
      $auth =& Dataface_AuthenticationTool::getInstance();
      $app =& Dataface_Application::getInstance();
      
      $creds = $auth->getCredentials();
      if ( !isset($auth->conf['ldap_host']) ) $auth->conf['ldap_host'] = 'localhost';
      if ( !isset($auth->conf['ldap_port']) ) $auth->conf['ldap_port'] = null;
      if ( !isset($auth->conf['ldap_base']) ){
         trigger_error("Please specify the LDAP basedn in the [_auth] section of the conf.ini file.", E_USER_ERROR);
      }
      
      if ( !function_exists('ldap_connect') ){
         trigger_error("Please install the PHP LDAP module in order to user LDAP authentication.", E_USER_ERROR);
      }
      $ds = ldap_connect($auth->conf['ldap_host'], $auth->conf['ldap_port']);   
      if ( !$ds ) trigger_error("Failed to connect to LDAP server", E_USER_ERROR);
      $filter='samaccountname='.$creds['UserName'];


            if ( ldap_bind( $ds, $creds['UserName'].'@intranet', $creds['Password']) ){

               return true;
            }

      
      return false;
   }

Inside the if bind block, I could perform a search to have more informations (mail...) but I don't need to.
Jean
Jean
 
Posts: 259
Joined: Wed Nov 07, 2007 1:30 am
Location: Pau, France

Postby shannah » Thu May 22, 2008 10:33 am

Thanks Jean,

Thanks for posting your changes. I'm going to see if I can get it working with something similar to what you have. (Your version looks "nicer" than mine, as it makes sense that you shouldn't have to do an ldap_search at all).

-Steve
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm

Postby fantomasdm » Thu Feb 26, 2009 7:07 am

Hi, I try to use it on xataface 1.1.5 but seem to me that isn't work!
I put ldap.php in xataface-1.1.5\modules\Auth\ldap directory
and set config.ini:
auth_type=ldap
users_table="User"
username_column="username"
ldap_host = "12.12.1.1"
ldap_port = "389"
ldap_base = "ou=Dipendenti, dc=prova, dc=it"

for access I have to use account like :prova.it\fantomas.pluto?

is possible to restrict use of application to only a group?
fantomasdm
 
Posts: 114
Joined: Thu Mar 13, 2008 2:35 pm

Postby shannah » Thu Feb 26, 2009 8:53 am

LDAP can be a bit of a pain to get working as everyone's server seems to have slightly different settings that need to be set. By "doesn't work" do you mean that you just can't log in. Does it just say "incorrect username or password?".

You may want to look at the changes that Jean made to get it working on his set up and see if this (or a variation of it) will work better for you.

-Steve
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm

Postby fantomasdm » Tue Mar 03, 2009 6:46 am

Hi I have develop a new module for autetification on ldap with setting a group member.

Code: Select all
   function checkCredentials(){
       
     $auth =& Dataface_AuthenticationTool::getInstance();
      $app =& Dataface_Application::getInstance();
     
      $creds = $auth->getCredentials();
      if ( !isset($auth->conf['ldap_host']) ) $auth->conf['ldap_host'] = 'localhost';
      if ( !isset($auth->conf['ldap_port']) ) $auth->conf['ldap_port'] = null;
      if ( !isset($auth->conf['ldap_base']) ){
         trigger_error("Please specify the LDAP basedn in the [_auth] section of the conf.ini file.", E_USER_ERROR);
      }
     
      if ( !function_exists('ldap_connect') ){
         trigger_error("Please install the PHP LDAP module in order to user LDAP authentication.", E_USER_ERROR);
      }
     //echo "qui";
      $ds = ldap_connect($auth->conf['ldap_host'], $auth->conf['ldap_port']);   
      if ( !$ds ) trigger_error("Failed to connect to LDAP server", E_USER_ERROR);
     
    
    
     $good=false;
    
     if ( @ldap_bind( $ds, $creds['UserName'].'@'.$auth->conf['ldap_prefix'], $creds['Password']) )
     {
      $result = ldap_search($ds, $auth->conf['ldap_base'], '(samaccountname='.$creds['UserName'].')');
       
      //Create result set
      $entries = ldap_get_entries($ds, $result);

      //Sort and print
      //echo "User count: " . $entries["count"] . "<br /><br /><b>Users:</b><br />";
      //print_r ($entries);   
      for ($i=0; $i < $entries["count"]; $i++)
      {
         //echo "name:".$entries[$i]["displayname"][0]."<br />\n";

         foreach ($entries[$i]['memberof'] as &$value)
         {
            list($attribute) = explode(',', $value);
            if ($attribute == "CN=".$auth->conf['ldap_group'])
               $good=true;
            //echo "member:".$attribute."<br />\n";
         }
      }
      ldap_unbind($ds);
      
     }
    
     return $good;
    
}   



and use in config.ini thi parameter:

Code: Select all
ldap_host = "10.10.10.10"
ldap_port = "389"
ldap_base = "ou=Dipendenti, dc=prova, dc=it"
ldap_prefix =  "inmi.it"
ldap_group = "GRPInternet"



now I whant to add a user in my usertable, whe it is not present here!
I have to use sql insert or there is a shortcut?

Very sorry for my English!!!
fantomasdm
 
Posts: 114
Joined: Thu Mar 13, 2008 2:35 pm

Postby shannah » Tue Mar 03, 2009 8:34 am

I have to use sql insert or there is a shortcut?


SQL should work fine.
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm

Postby fantomasdm » Wed Mar 04, 2009 1:36 am

HI this is my last vertion of ldap auth module, if user in ldap don't exist in usertable, I add it!!
Code: Select all
   function checkCredentials(){
       
     $auth =& Dataface_AuthenticationTool::getInstance();
      $app =& Dataface_Application::getInstance();
     
      $creds = $auth->getCredentials();
      if ( !isset($auth->conf['ldap_host']) ) $auth->conf['ldap_host'] = 'localhost';
      if ( !isset($auth->conf['ldap_port']) ) $auth->conf['ldap_port'] = null;
      if ( !isset($auth->conf['ldap_base']) ){
         trigger_error("Please specify the LDAP basedn in the [_auth] section of the conf.ini file.", E_USER_ERROR);
      }
     
      if ( !function_exists('ldap_connect') ){
         trigger_error("Please install the PHP LDAP module in order to user LDAP authentication.", E_USER_ERROR);
      }
     //echo "qui";
      $ds = ldap_connect($auth->conf['ldap_host'], $auth->conf['ldap_port']);   
      if ( !$ds ) trigger_error("Failed to connect to LDAP server", E_USER_ERROR);
     
    
    
     $good=false;
    
     if ( @ldap_bind( $ds, $creds['UserName'].'@'.$auth->conf['ldap_prefix'], $creds['Password']) )
     {
      $result = ldap_search($ds, $auth->conf['ldap_base'], '(samaccountname='.$creds['UserName'].')');
       
      //Create result set
      $entries = ldap_get_entries($ds, $result);

      //Sort and print
      //echo "User count: " . $entries["count"] . "<br /><br /><b>Users:</b><br />";
      //print_r ($entries);   
      for ($i=0; $i < $entries["count"]; $i++)
      {
         //echo "name:".$entries[$i]["displayname"][0]."<br />\n";

         //Autoinsert in usertable if user in ldap not exist
         foreach ($entries[$i]['memberof'] as &$value)
         {
            list($attribute) = explode(',', $value);
            if ($attribute == "CN=".$auth->conf['ldap_group'])
            {
               //echo "member:".$attribute."<br />\n";
               $good=true;
               
               $sql = "select * from ".$auth->conf['users_table']." where ".$auth->conf['username_column']."='".$creds['UserName']."'";
               $res = mysql_query($sql, $app->db()) or
               trigger_error("Failed to get username from usertable qry:".$sql." Err:".mysql_query(), E_USER_ERROR);
               //insert new user with default role
               if (mysql_num_rows($res)  < 1 )
               {
                  $sql = "insert into ".$auth->conf['users_table']." (".$auth->conf['username_column'].",ROLE) value ('".$creds['UserName']."','ADMIN')";
                  $res = mysql_query($sql, $app->db()) or
                  trigger_error("Failed to insert username into  usertable qry:".$sql." Err:".mysql_query(), E_USER_ERROR);
               }
               
               break;
            }
            
         }
      }
      ldap_unbind($ds);
      
     }
    
     return $good;
    
}    


Default role in mycase is ADMIN....
fantomasdm
 
Posts: 114
Joined: Thu Mar 13, 2008 2:35 pm


Return to Xataface Users

Who is online

Users browsing this forum: No registered users and 23 guests

cron
Powered by Dataface
© 2005-2007 Steve Hannah All rights reserved