From: Martin W. <mar...@xm...> - 2002-01-07 09:48:36
|
[reposted this to -dev, -beta list seems dead more or less] Hi I have not been able to use the ldap support ($g_login_method=LDAP) in mantis. It boils down to this code in core_ldap_api.php: $search_dn = "(&$g_ldap_organisation(uid=$uid)(userpassword=$pass))"; $ds = ldap_connect( "$g_ldap_server" ); if ( $ds ) { $r = ldap_bind( $ds ); # bind to server $sr = ldap_search( $ds, $g_ldap_root_dn, $search_dn ); The userPassword attribute is not normally visible to any user, not even the $uid user. Also, one cannot know how the password is encrypted. The way to do this, afaik, is to simply call ldap_bind ("uid=$uid,$ds", $pass); This will return true or false if authentication succeded or not. Next cut from core_ldap_api.php: $search_dn = "(&$g_ldap_organisation(uid=$uid)(assignedgroup=$group))"; 'assignedgroup' is not standard afaik. I think it is some Microsoft Active Directory attribute but I am not sure. To check groups, you should look inside the group entry and find users, not the oppsite. Any thoughts? I can probably fix this, but I guess Leigh Morresi has the first shot. -- Martin Wickman, X Media Solutions | mailto:mar...@xm... Box 3294, Holmbrogränd 1, S-600 03 Norrköping | http://www.xms.se Tel: +46 (0)11 24 48 49 | Fax: +46 (0)11 24 48 09 |
From: Kenzaburo I. <pre...@30...> - 2002-01-10 01:39:50
|
I'd go ahead and fix this yourself. I have no LDAP experience so I'm just accepting what people send. -Ken >[reposted this to -dev, -beta list seems dead more or less] > > >Hi > >I have not been able to use the ldap support ($g_login_method=LDAP) in >mantis. It boils down to this code in core_ldap_api.php: > > $search_dn = "(&$g_ldap_organisation(uid=$uid)(userpassword=$pass))"; > $ds = ldap_connect( "$g_ldap_server" ); > if ( $ds ) { > $r = ldap_bind( $ds ); # bind to server > $sr = ldap_search( $ds, $g_ldap_root_dn, $search_dn ); > > >The userPassword attribute is not normally visible to any user, not even >the $uid user. Also, one cannot know how the password is encrypted. > >The way to do this, afaik, is to simply call > >ldap_bind ("uid=$uid,$ds", $pass); > >This will return true or false if authentication succeded or not. > > >Next cut from core_ldap_api.php: > >$search_dn = "(&$g_ldap_organisation(uid=$uid)(assignedgroup=$group))"; > > >'assignedgroup' is not standard afaik. I think it is some Microsoft Active >Directory attribute but I am not sure. To check groups, you should look >inside the group entry and find users, not the oppsite. > > >Any thoughts? I can probably fix this, but I guess Leigh Morresi has the >first shot. |