A place for users and developers of the Xataface to discuss and receive support.
by Jean » Tue May 20, 2008 5:08 am
Hi Steve,
Is there a LDAP authentification module for Xataface ?
Thank you
Jean
-
Jean
-
- Posts: 259
- Joined: Wed Nov 07, 2007 1:30 am
- Location: Pau, France
by shannah » Tue May 20, 2008 10:12 am
Hi Jean,
I have just uploaded an LDAP module at
http://weblite.ca/svn/dataface/modules/Auth/ldap/trunk/
Note that I have only ever used this module on our single server so it may require tweaking to work for other servers. Let me know how it goes.
Best regards
Steve
-
shannah
-
- Posts: 4457
- Joined: Wed Dec 31, 1969 5:00 pm
by Jean » Tue May 20, 2008 11:53 pm
OK Thank you Steve.
-
Jean
-
- Posts: 259
- Joined: Wed Nov 07, 2007 1:30 am
- Location: Pau, France
by Jean » Wed May 21, 2008 2:14 am
Steve,
I use the module, it is fine except I have several variables that are not taken into account
ldap_basedn= "DC=intranet"
I have given the same value to ldap_base
ldap_rootdn=administrateur@intranet
ldap_pass =****
ldap_condition = "&(objectClass=user)(objectCategory=person))"
ldap_login = samaccountname
So my connection fails.
Have you any suggestion for modifications in ldap.php to adapt it to this case ?
Jean
-
Jean
-
- Posts: 259
- Joined: Wed Nov 07, 2007 1:30 am
- Location: Pau, France
by Jean » Wed May 21, 2008 2:45 am
Sorry, the connection succeeds but the search fails on the line
$r = @ldap_search($ds, $creds['UserName']'uid='.$creds['UserName'].', '.$auth->conf['ldap_base'],'objectclass=*' );
-
Jean
-
- Posts: 259
- Joined: Wed Nov 07, 2007 1:30 am
- Location: Pau, France
by shannah » Wed May 21, 2008 6:10 am
The module only accepts 3 parameters:
ldap_base
ldap_port
ldap_host
All of the LDAP parameters should be able to be included in one of these options. LDAP base should include the basedn as well as any search parameters.
You can try something like
ldap_base="DC=internet, objectclass=user, objectcategory=person"
The login/pass information wouldn't be stored in the config file, it would be taken via that login screen.
It this doesn't work for you, let me know. I had to do quite a bit of monkeying around to get everything right for my server. And there are a few things that can be changed.
-Steve
-
shannah
-
- Posts: 4457
- Joined: Wed Dec 31, 1969 5:00 pm
by Jean » Thu May 22, 2008 2:24 am
Hi Steve,
I found my solution. We use LDAP on Active Directory. Here is the code I used
- Code: Select all
function checkCredentials(){ $auth =& Dataface_AuthenticationTool::getInstance(); $app =& Dataface_Application::getInstance(); $creds = $auth->getCredentials(); if ( !isset($auth->conf['ldap_host']) ) $auth->conf['ldap_host'] = 'localhost'; if ( !isset($auth->conf['ldap_port']) ) $auth->conf['ldap_port'] = null; if ( !isset($auth->conf['ldap_base']) ){ trigger_error("Please specify the LDAP basedn in the [_auth] section of the conf.ini file.", E_USER_ERROR); } if ( !function_exists('ldap_connect') ){ trigger_error("Please install the PHP LDAP module in order to user LDAP authentication.", E_USER_ERROR); } $ds = ldap_connect($auth->conf['ldap_host'], $auth->conf['ldap_port']); if ( !$ds ) trigger_error("Failed to connect to LDAP server", E_USER_ERROR); $filter='samaccountname='.$creds['UserName'];
if ( ldap_bind( $ds, $creds['UserName'].'@intranet', $creds['Password']) ){
return true; }
return false; }
Inside the if bind block, I could perform a search to have more informations (mail...) but I don't need to.
Jean
-
Jean
-
- Posts: 259
- Joined: Wed Nov 07, 2007 1:30 am
- Location: Pau, France
by shannah » Thu May 22, 2008 10:33 am
Thanks Jean,
Thanks for posting your changes. I'm going to see if I can get it working with something similar to what you have. (Your version looks "nicer" than mine, as it makes sense that you shouldn't have to do an ldap_search at all).
-Steve
-
shannah
-
- Posts: 4457
- Joined: Wed Dec 31, 1969 5:00 pm
by fantomasdm » Thu Feb 26, 2009 7:07 am
Hi, I try to use it on xataface 1.1.5 but seem to me that isn't work!
I put ldap.php in xataface-1.1.5\modules\Auth\ldap directory
and set config.ini:
auth_type=ldap
users_table="User"
username_column="username"
ldap_host = "12.12.1.1"
ldap_port = "389"
ldap_base = "ou=Dipendenti, dc=prova, dc=it"
for access I have to use account like :prova.it\fantomas.pluto?
is possible to restrict use of application to only a group?
-
fantomasdm
-
- Posts: 114
- Joined: Thu Mar 13, 2008 2:35 pm
by shannah » Thu Feb 26, 2009 8:53 am
LDAP can be a bit of a pain to get working as everyone's server seems to have slightly different settings that need to be set. By "doesn't work" do you mean that you just can't log in. Does it just say "incorrect username or password?".
You may want to look at the changes that Jean made to get it working on his set up and see if this (or a variation of it) will work better for you.
-Steve
-
shannah
-
- Posts: 4457
- Joined: Wed Dec 31, 1969 5:00 pm
by fantomasdm » Tue Mar 03, 2009 6:46 am
Hi I have develop a new module for autetification on ldap with setting a group member.
- Code: Select all
function checkCredentials(){ $auth =& Dataface_AuthenticationTool::getInstance(); $app =& Dataface_Application::getInstance(); $creds = $auth->getCredentials(); if ( !isset($auth->conf['ldap_host']) ) $auth->conf['ldap_host'] = 'localhost'; if ( !isset($auth->conf['ldap_port']) ) $auth->conf['ldap_port'] = null; if ( !isset($auth->conf['ldap_base']) ){ trigger_error("Please specify the LDAP basedn in the [_auth] section of the conf.ini file.", E_USER_ERROR); } if ( !function_exists('ldap_connect') ){ trigger_error("Please install the PHP LDAP module in order to user LDAP authentication.", E_USER_ERROR); } //echo "qui"; $ds = ldap_connect($auth->conf['ldap_host'], $auth->conf['ldap_port']); if ( !$ds ) trigger_error("Failed to connect to LDAP server", E_USER_ERROR); $good=false; if ( @ldap_bind( $ds, $creds['UserName'].'@'.$auth->conf['ldap_prefix'], $creds['Password']) ) { $result = ldap_search($ds, $auth->conf['ldap_base'], '(samaccountname='.$creds['UserName'].')'); //Create result set $entries = ldap_get_entries($ds, $result);
//Sort and print //echo "User count: " . $entries["count"] . "<br /><br /><b>Users:</b><br />"; //print_r ($entries); for ($i=0; $i < $entries["count"]; $i++) { //echo "name:".$entries[$i]["displayname"][0]."<br />\n";
foreach ($entries[$i]['memberof'] as &$value) { list($attribute) = explode(',', $value); if ($attribute == "CN=".$auth->conf['ldap_group']) $good=true; //echo "member:".$attribute."<br />\n"; } } ldap_unbind($ds); } return $good; }
and use in config.ini thi parameter: - Code: Select all
ldap_host = "10.10.10.10" ldap_port = "389" ldap_base = "ou=Dipendenti, dc=prova, dc=it" ldap_prefix = "inmi.it" ldap_group = "GRPInternet"
now I whant to add a user in my usertable, whe it is not present here!
I have to use sql insert or there is a shortcut?
Very sorry for my English!!!
-
fantomasdm
-
- Posts: 114
- Joined: Thu Mar 13, 2008 2:35 pm
by shannah » Tue Mar 03, 2009 8:34 am
I have to use sql insert or there is a shortcut?
SQL should work fine.
-
shannah
-
- Posts: 4457
- Joined: Wed Dec 31, 1969 5:00 pm
by fantomasdm » Wed Mar 04, 2009 1:36 am
HI this is my last vertion of ldap auth module, if user in ldap don't exist in usertable, I add it!!
- Code: Select all
function checkCredentials(){ $auth =& Dataface_AuthenticationTool::getInstance(); $app =& Dataface_Application::getInstance(); $creds = $auth->getCredentials(); if ( !isset($auth->conf['ldap_host']) ) $auth->conf['ldap_host'] = 'localhost'; if ( !isset($auth->conf['ldap_port']) ) $auth->conf['ldap_port'] = null; if ( !isset($auth->conf['ldap_base']) ){ trigger_error("Please specify the LDAP basedn in the [_auth] section of the conf.ini file.", E_USER_ERROR); } if ( !function_exists('ldap_connect') ){ trigger_error("Please install the PHP LDAP module in order to user LDAP authentication.", E_USER_ERROR); } //echo "qui"; $ds = ldap_connect($auth->conf['ldap_host'], $auth->conf['ldap_port']); if ( !$ds ) trigger_error("Failed to connect to LDAP server", E_USER_ERROR); $good=false; if ( @ldap_bind( $ds, $creds['UserName'].'@'.$auth->conf['ldap_prefix'], $creds['Password']) ) { $result = ldap_search($ds, $auth->conf['ldap_base'], '(samaccountname='.$creds['UserName'].')'); //Create result set $entries = ldap_get_entries($ds, $result);
//Sort and print //echo "User count: " . $entries["count"] . "<br /><br /><b>Users:</b><br />"; //print_r ($entries); for ($i=0; $i < $entries["count"]; $i++) { //echo "name:".$entries[$i]["displayname"][0]."<br />\n";
//Autoinsert in usertable if user in ldap not exist foreach ($entries[$i]['memberof'] as &$value) { list($attribute) = explode(',', $value); if ($attribute == "CN=".$auth->conf['ldap_group']) { //echo "member:".$attribute."<br />\n"; $good=true; $sql = "select * from ".$auth->conf['users_table']." where ".$auth->conf['username_column']."='".$creds['UserName']."'"; $res = mysql_query($sql, $app->db()) or trigger_error("Failed to get username from usertable qry:".$sql." Err:".mysql_query(), E_USER_ERROR); //insert new user with default role if (mysql_num_rows($res) < 1 ) { $sql = "insert into ".$auth->conf['users_table']." (".$auth->conf['username_column'].",ROLE) value ('".$creds['UserName']."','ADMIN')"; $res = mysql_query($sql, $app->db()) or trigger_error("Failed to insert username into usertable qry:".$sql." Err:".mysql_query(), E_USER_ERROR); } break; } } } ldap_unbind($ds); } return $good; }
Default role in mycase is ADMIN....
-
fantomasdm
-
- Posts: 114
- Joined: Thu Mar 13, 2008 2:35 pm
Return to Xataface Users
Who is online
Users browsing this forum: No registered users and 28 guests
|