opendocman-devel — Developer discussion for OpenDocMan

Re: [Opendocman-devel] PHP 7

[opendocman d. d. <ope...@li...>]

We have not made a decision about php 7 support.

On 6/15/16 10:55 AM, opendocman development discussion wrote:
> Thank you. Will do that. Will the next release work without messages 
> under PHP 7?
>
>
> On 6/14/2016 9:28 PM, opendocman development discussion wrote:
>> You should turn down your error reporting and some of those "warnings" 
>> will go away.
>>
>> On 6/14/16 4:42 PM, opendocman development discussion wrote:
>>> I am getting an error when using OpenDocMan under PHP 7. An image 
>>> with some of the errors is attached. It has to do with the new 
>>> "rules" of "methods not having the same name as constructors".
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
>>> patterns at an interface-level. Reveals which users, apps, and protocols are
>>> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
>>> J-Flow, sFlow and other flows. Make informed decisions using capacity planning
>>> reports.http://pubads.g.doubleclick.net/gampad/clk?id=1444514421&iu=/41014381
>>>
>>>
>>> _______________________________________________
>>> Opendocman-devel mailing list
>>> Ope...@li...
>>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel
>>
>>
>> ------------------------------------------------------------------------------
>> What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
>> patterns at an interface-level. Reveals which users, apps, and protocols are
>> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
>> J-Flow, sFlow and other flows. Make informed decisions using capacity planning
>> reports. http://pubads.g.doubleclick.net/gampad/clk?id=1444514421&iu=/41014381
>>
>>
>> _______________________________________________
>> Opendocman-devel mailing list
>> Ope...@li...
>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel
>
> ------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
> patterns at an interface-level. Reveals which users, apps, and protocols are 
> consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
> J-Flow, sFlow and other flows. Make informed decisions using capacity planning
> reports. http://pubads.g.doubleclick.net/gampad/clk?id=1444514421&iu=/41014381
> _______________________________________________
> Opendocman-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/opendocman-devel

Re: [Opendocman-devel] PHP 7

[opendocman d. d. <ope...@li...>]

Thank you. Will do that. Will the next release work without messages 
under PHP 7?


On 6/14/2016 9:28 PM, opendocman development discussion wrote:
>
> You should turn down your error reporting and some of those "warnings" 
> will go away.
>
> On 6/14/16 4:42 PM, opendocman development discussion wrote:
>> I am getting an error when using OpenDocMan under PHP 7. An image 
>> with some of the errors is attached. It has to do with the new 
>> "rules" of "methods not having the same name as constructors".
>>
>>
>> ------------------------------------------------------------------------------
>> What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
>> patterns at an interface-level. Reveals which users, apps, and protocols are
>> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
>> J-Flow, sFlow and other flows. Make informed decisions using capacity planning
>> reports.http://pubads.g.doubleclick.net/gampad/clk?id=1444514421&iu=/41014381
>>
>>
>> _______________________________________________
>> Opendocman-devel mailing list
>> Ope...@li...
>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel
>
>
>
> ------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
> patterns at an interface-level. Reveals which users, apps, and protocols are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> J-Flow, sFlow and other flows. Make informed decisions using capacity planning
> reports. http://pubads.g.doubleclick.net/gampad/clk?id=1444514421&iu=/41014381
>
>
> _______________________________________________
> Opendocman-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/opendocman-devel

Re: [Opendocman-devel] PHP 7

[opendocman d. d. <ope...@li...>]

You should turn down your error reporting and some of those "warnings"
will go away.

On 6/14/16 4:42 PM, opendocman development discussion wrote:
> I am getting an error when using OpenDocMan under PHP 7. An image with
> some of the errors is attached. It has to do with the new "rules" of
> "methods not having the same name as constructors".
>
>
> ------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
> patterns at an interface-level. Reveals which users, apps, and protocols are 
> consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
> J-Flow, sFlow and other flows. Make informed decisions using capacity planning
> reports. http://pubads.g.doubleclick.net/gampad/clk?id=1444514421&iu=/41014381
>
>
> _______________________________________________
> Opendocman-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/opendocman-devel

[Opendocman-devel] PHP 7

[opendocman d. d. <ope...@li...>]

I am getting an error when using OpenDocMan under PHP 7. An image with 
some of the errors is attached. It has to do with the new "rules" of 
"methods not having the same name as constructors".

[Opendocman-devel] Test2

[opendocman d. d. <ope...@li...>]

Test2

Re: [Opendocman-devel] GEDCOM match

[opendocman d. d. <ope...@li...>]

Sorry list - no idea why this CC'd the list.  Methinks my mailer is very
b0rken!

[Opendocman-devel] GEDCOM match

[opendocman d. d. <ope...@li...>]

Hi There,

I noticed that we have a 4-5 generation possible relationship via gedcom.

Since your profile name is "Marina from Lebanon", this match interested
me since I've been trying to research my Lebanese genealogy.  My
maternal grandfather was from Lebanon, specifically from the village of
Kfarzeina in Zgharta.  His name was Salim Attie.  His parents were
Tadross Attie and Anne Khoury.  Salim was born in 1896 or so, and had a
sister, Essme, who died in 1995 at the age of 105.  He had a couple
brothers who went to (I believe) Argentina as well.  Essme's son Halim
recently died, his sons are still alive in Kfarzeina.

Is there a connection here perhaps?

Thanks!

-John

Re: [Opendocman-devel] Q about how user permissions/info flow...

[opendocman d. d. <ope...@li...>]

Fair enough.  I'm trapped under something heavy at work so it might take
me a few days, but I'll get to it ASAP.

-John

On 04/12/2015 09:55 AM, opendocman development discussion wrote:
> We do have an ImportUsers plug-ing that allows for mass-user creation so 
> that should help with the initial setup.
> 
> Steve
> 
> On 4/12/15 3:22 AM, opendocman development discussion wrote:
>> Yes - I totally agree that that's the thing most are concerned about.  I
>> only mentioned the group/permissions bit because it enables the other
>> thing I think most are concerned about - having to create user accounts
>> for every user in more than one place.  Definitely, just having one set
>> of credentials is an improvement, but I was thinking that sitting at the
>> ODM console making hundreds of users "by hand" when adding ODM to a
>> network is what they're *also* trying to avoid.
>>
>> -John
>>
>> On 04/12/2015 12:37 AM, opendocman development discussion wrote:
>>> It has been my experience that users wanting LDAP are more concerned
>>> about the authentication part, not the group and/or permissions. I had
>>> implemented LDAP years ago (but it got removed and never put back in).
>>> It was just a simple common-authentication service so that users didn't
>>> have to have have an additional password to login to ODM, they just use
>>> their LDAP directory password. Once "authenticated" via LDAP, their ODM
>>> account and permissions settings would be used just like any other user.
>>>
>>> On 4/11/15 6:39 AM, opendocman development discussion wrote:
>>>> Hi Steve,
>>>>
>>>> I'm just about to dig into this, but I had a few thoughts I wanted to
>>>> discuss first:
>>>>
>>>> 1) I get why your thought process makes sense, but I'm certain that
>>>> people who want to use LDAP/AD integration are trying to *avoid* doing
>>>> exactly what you describe; they want LDAP/AD users to be able to log in
>>>> *without* having to create an ODM user.
>>> Most users want to control who has access so just letting any successful
>>> LDAP authentication to be added to the ODM site would be a change from
>>> how it works now.
>>>
>>>> 2) The above opens up a few problems.  One of which is, obviously,
>>>> LDAP/AD does not have suitable attributes in any schema to store *all*
>>>> of the information of an ODM user.  My thoughts about getting around
>>>> this are as follows:
>>>>
>>>> - The most common schema anyone is going to be using for users is
>>>> inetOrgPerson.  AD uses a schema that has pretty much all the same
>>>> attributes as inetOrgPerson as well, by default.
>>>>
>>>> - No LDAP/AD user is going to want to change schemas, or extend the one
>>>> they're using.
>>>>
>>>> - On the most basic level, using the approach I have already taken, we
>>>> can make ODM's departments match what is stored in the LDAP attrib
>>>> "department" in the inetOrgPerson/AD schema.  By doing this, you make an
>>>> admin configure ODM *ONCE*, then users in LDAP/AD can log in and at
>>>> least be a member of the one department with pre-defined rights as the
>>>> admin chooses.  I've also set flags in the config for default
>>>> can_checkin, etc. rights, as the admin sees fit.
>>>>
>>>> - This leaves the problem of potentially "stale" ODM accounts in the DB
>>>> when an LDAP/AD user is deleted, but incorporating a "delete user from
>>>> ODM" protocol into any admin's "employee is leaving" checklist is FAR
>>>> more trivial than CREATING every user first, as on the delete end, it's
>>>> one at a time - and, you'd have to do this anyway, regardless of the
>>>> strategy.
>>> I think you may be over-thinking it a bit from what I originally thought
>>> was needed. The only thing I thought we needed from LDAP was an
>>> authentication. Everything else (department, reviewer, admin, etc.) is
>>> all handled in the app. I don't see how we could move all of that user
>>> data out of the system very easily, nor do I really want to.
>>>
>>> Steve
>>>> If you want to make an admin account or something that's an exception
>>>> rather than rank-and-file user, then you make an ODM account for it.
>>>> That's not a big ask on the admin.
>>>>
>>>> So, to sum up, I see your point, but I don't think implementing it that
>>>> way is really going to help much.  The way I've already done it will
>>>> "just work" with minimal set-up.
>>>>
>>>> Also - just to put it out there - I'm more than happy to do as you've
>>>> suggested, and I'm not trying to be argumentative :)  I just thought I'd
>>>> share my point of view on this, and reading comments from users who want
>>>> this feature, I think it's worth considering.
>>>>
>>>> Let me know what you think,
>>>>
>>>> -John
>>>>
>>>> On 04/06/2015 11:08 PM, opendocman development discussion wrote:
>>>>> So, we would want to have this working where the user must exist in the
>>>>> local system in order to authenticate. So the Admin->Settings section
>>>>> for auth would show "mysql" and "ldap". If "ldap" is chosen, then
>>>>> accounts created would be added with a different email notification sent
>>>>> to them letting them know their account is able to login.
>>>>>
>>>>> When they login, you would first verify their account exists and is
>>>>> active, then auth via ldap. Once authenticated, you would set their
>>>>> session variables as is done now for mysql auth.
>>>>>
>>>>> Steve
>>>>>
>>>>> On 3/31/15 6:38 AM, opendocman development discussion wrote:
>>>>>> OK, so now that I've pushed the LDAP/AD stuff I did, it occurs to me
>>>>>> that it might be a very simple add to just keep the users in LDAP/AD
>>>>>> *entirely*, or select between both modes (that is to say, create an ODM
>>>>>> user from LDAP *or* keep the accounts in LDAP).
>>>>>>
>>>>>> Looking in User_class.php, it seems I could easily branch around the
>>>>>> code to pull a user record from the DB with a conditional "get it from
>>>>>> LDAP" instead.  Before I dive into this too far, would that be all
>>>>>> that's required, or is this info queried in several places?
>>>>>>
>>>>>> It seems easy, in that respect - I've already done all the work to
>>>>>> define attributes, etc. for all user DB fields...
>>>>>>
>>>>>> Any guidance appreciated (you know, so I don't have to read every line
>>>>>> to figure it out myself. ;)
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>> -John
>>>>>>
>>>>>> ------------------------------------------------------------------------------
>>>>>> Dive into the World of Parallel Programming The Go Parallel Website, sponsored
>>>>>> by Intel and developed in partnership with Slashdot Media, is your hub for all
>>>>>> things parallel software development, from weekly thought leadership blogs to
>>>>>> news, videos, case studies, tutorials and more. Take a look and join the
>>>>>> conversation now. http://goparallel.sourceforge.net/
>>>>>> _______________________________________________
>>>>>> Opendocman-devel mailing list
>>>>>> Ope...@li...
>>>>>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel
>>>>> ------------------------------------------------------------------------------
>>>>> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
>>>>> Develop your own process in accordance with the BPMN 2 standard
>>>>> Learn Process modeling best practices with Bonita BPM through live exercises
>>>>> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
>>>>> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
>>>>> _______________________________________________
>>>>> Opendocman-devel mailing list
>>>>> Ope...@li...
>>>>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel
>>>>>
>>>> ------------------------------------------------------------------------------
>>>> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
>>>> Develop your own process in accordance with the BPMN 2 standard
>>>> Learn Process modeling best practices with Bonita BPM through live exercises
>>>> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
>>>> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
>>>> _______________________________________________
>>>> Opendocman-devel mailing list
>>>> Ope...@li...
>>>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel
>>>
>>> ------------------------------------------------------------------------------
>>> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
>>> Develop your own process in accordance with the BPMN 2 standard
>>> Learn Process modeling best practices with Bonita BPM through live exercises
>>> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
>>> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
>>> _______________________________________________
>>> Opendocman-devel mailing list
>>> Ope...@li...
>>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel
>>>
>> ------------------------------------------------------------------------------
>> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
>> Develop your own process in accordance with the BPMN 2 standard
>> Learn Process modeling best practices with Bonita BPM through live exercises
>> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
>> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
>> _______________________________________________
>> Opendocman-devel mailing list
>> Ope...@li...
>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel
> 
> 
> ------------------------------------------------------------------------------
> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
> Develop your own process in accordance with the BPMN 2 standard
> Learn Process modeling best practices with Bonita BPM through live exercises
> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
> _______________________________________________
> Opendocman-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/opendocman-devel
> 

Re: [Opendocman-devel] Q about how user permissions/info flow...

[opendocman d. d. <ope...@li...>]

We do have an ImportUsers plug-ing that allows for mass-user creation so 
that should help with the initial setup.

Steve

On 4/12/15 3:22 AM, opendocman development discussion wrote:
> Yes - I totally agree that that's the thing most are concerned about.  I
> only mentioned the group/permissions bit because it enables the other
> thing I think most are concerned about - having to create user accounts
> for every user in more than one place.  Definitely, just having one set
> of credentials is an improvement, but I was thinking that sitting at the
> ODM console making hundreds of users "by hand" when adding ODM to a
> network is what they're *also* trying to avoid.
>
> -John
>
> On 04/12/2015 12:37 AM, opendocman development discussion wrote:
>> It has been my experience that users wanting LDAP are more concerned
>> about the authentication part, not the group and/or permissions. I had
>> implemented LDAP years ago (but it got removed and never put back in).
>> It was just a simple common-authentication service so that users didn't
>> have to have have an additional password to login to ODM, they just use
>> their LDAP directory password. Once "authenticated" via LDAP, their ODM
>> account and permissions settings would be used just like any other user.
>>
>> On 4/11/15 6:39 AM, opendocman development discussion wrote:
>>> Hi Steve,
>>>
>>> I'm just about to dig into this, but I had a few thoughts I wanted to
>>> discuss first:
>>>
>>> 1) I get why your thought process makes sense, but I'm certain that
>>> people who want to use LDAP/AD integration are trying to *avoid* doing
>>> exactly what you describe; they want LDAP/AD users to be able to log in
>>> *without* having to create an ODM user.
>> Most users want to control who has access so just letting any successful
>> LDAP authentication to be added to the ODM site would be a change from
>> how it works now.
>>
>>> 2) The above opens up a few problems.  One of which is, obviously,
>>> LDAP/AD does not have suitable attributes in any schema to store *all*
>>> of the information of an ODM user.  My thoughts about getting around
>>> this are as follows:
>>>
>>> - The most common schema anyone is going to be using for users is
>>> inetOrgPerson.  AD uses a schema that has pretty much all the same
>>> attributes as inetOrgPerson as well, by default.
>>>
>>> - No LDAP/AD user is going to want to change schemas, or extend the one
>>> they're using.
>>>
>>> - On the most basic level, using the approach I have already taken, we
>>> can make ODM's departments match what is stored in the LDAP attrib
>>> "department" in the inetOrgPerson/AD schema.  By doing this, you make an
>>> admin configure ODM *ONCE*, then users in LDAP/AD can log in and at
>>> least be a member of the one department with pre-defined rights as the
>>> admin chooses.  I've also set flags in the config for default
>>> can_checkin, etc. rights, as the admin sees fit.
>>>
>>> - This leaves the problem of potentially "stale" ODM accounts in the DB
>>> when an LDAP/AD user is deleted, but incorporating a "delete user from
>>> ODM" protocol into any admin's "employee is leaving" checklist is FAR
>>> more trivial than CREATING every user first, as on the delete end, it's
>>> one at a time - and, you'd have to do this anyway, regardless of the
>>> strategy.
>> I think you may be over-thinking it a bit from what I originally thought
>> was needed. The only thing I thought we needed from LDAP was an
>> authentication. Everything else (department, reviewer, admin, etc.) is
>> all handled in the app. I don't see how we could move all of that user
>> data out of the system very easily, nor do I really want to.
>>
>> Steve
>>> If you want to make an admin account or something that's an exception
>>> rather than rank-and-file user, then you make an ODM account for it.
>>> That's not a big ask on the admin.
>>>
>>> So, to sum up, I see your point, but I don't think implementing it that
>>> way is really going to help much.  The way I've already done it will
>>> "just work" with minimal set-up.
>>>
>>> Also - just to put it out there - I'm more than happy to do as you've
>>> suggested, and I'm not trying to be argumentative :)  I just thought I'd
>>> share my point of view on this, and reading comments from users who want
>>> this feature, I think it's worth considering.
>>>
>>> Let me know what you think,
>>>
>>> -John
>>>
>>> On 04/06/2015 11:08 PM, opendocman development discussion wrote:
>>>> So, we would want to have this working where the user must exist in the
>>>> local system in order to authenticate. So the Admin->Settings section
>>>> for auth would show "mysql" and "ldap". If "ldap" is chosen, then
>>>> accounts created would be added with a different email notification sent
>>>> to them letting them know their account is able to login.
>>>>
>>>> When they login, you would first verify their account exists and is
>>>> active, then auth via ldap. Once authenticated, you would set their
>>>> session variables as is done now for mysql auth.
>>>>
>>>> Steve
>>>>
>>>> On 3/31/15 6:38 AM, opendocman development discussion wrote:
>>>>> OK, so now that I've pushed the LDAP/AD stuff I did, it occurs to me
>>>>> that it might be a very simple add to just keep the users in LDAP/AD
>>>>> *entirely*, or select between both modes (that is to say, create an ODM
>>>>> user from LDAP *or* keep the accounts in LDAP).
>>>>>
>>>>> Looking in User_class.php, it seems I could easily branch around the
>>>>> code to pull a user record from the DB with a conditional "get it from
>>>>> LDAP" instead.  Before I dive into this too far, would that be all
>>>>> that's required, or is this info queried in several places?
>>>>>
>>>>> It seems easy, in that respect - I've already done all the work to
>>>>> define attributes, etc. for all user DB fields...
>>>>>
>>>>> Any guidance appreciated (you know, so I don't have to read every line
>>>>> to figure it out myself. ;)
>>>>>
>>>>> Thanks,
>>>>>
>>>>> -John
>>>>>
>>>>> ------------------------------------------------------------------------------
>>>>> Dive into the World of Parallel Programming The Go Parallel Website, sponsored
>>>>> by Intel and developed in partnership with Slashdot Media, is your hub for all
>>>>> things parallel software development, from weekly thought leadership blogs to
>>>>> news, videos, case studies, tutorials and more. Take a look and join the
>>>>> conversation now. http://goparallel.sourceforge.net/
>>>>> _______________________________________________
>>>>> Opendocman-devel mailing list
>>>>> Ope...@li...
>>>>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel
>>>> ------------------------------------------------------------------------------
>>>> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
>>>> Develop your own process in accordance with the BPMN 2 standard
>>>> Learn Process modeling best practices with Bonita BPM through live exercises
>>>> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
>>>> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
>>>> _______________________________________________
>>>> Opendocman-devel mailing list
>>>> Ope...@li...
>>>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel
>>>>
>>> ------------------------------------------------------------------------------
>>> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
>>> Develop your own process in accordance with the BPMN 2 standard
>>> Learn Process modeling best practices with Bonita BPM through live exercises
>>> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
>>> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
>>> _______________________________________________
>>> Opendocman-devel mailing list
>>> Ope...@li...
>>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel
>>
>> ------------------------------------------------------------------------------
>> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
>> Develop your own process in accordance with the BPMN 2 standard
>> Learn Process modeling best practices with Bonita BPM through live exercises
>> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
>> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
>> _______________________________________________
>> Opendocman-devel mailing list
>> Ope...@li...
>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel
>>
> ------------------------------------------------------------------------------
> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
> Develop your own process in accordance with the BPMN 2 standard
> Learn Process modeling best practices with Bonita BPM through live exercises
> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
> _______________________________________________
> Opendocman-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/opendocman-devel

Re: [Opendocman-devel] Q about how user permissions/info flow...

[opendocman d. d. <ope...@li...>]

Yes - I totally agree that that's the thing most are concerned about.  I
only mentioned the group/permissions bit because it enables the other
thing I think most are concerned about - having to create user accounts
for every user in more than one place.  Definitely, just having one set
of credentials is an improvement, but I was thinking that sitting at the
ODM console making hundreds of users "by hand" when adding ODM to a
network is what they're *also* trying to avoid.

-John

On 04/12/2015 12:37 AM, opendocman development discussion wrote:
> It has been my experience that users wanting LDAP are more concerned 
> about the authentication part, not the group and/or permissions. I had 
> implemented LDAP years ago (but it got removed and never put back in). 
> It was just a simple common-authentication service so that users didn't 
> have to have have an additional password to login to ODM, they just use 
> their LDAP directory password. Once "authenticated" via LDAP, their ODM 
> account and permissions settings would be used just like any other user.
> 
> On 4/11/15 6:39 AM, opendocman development discussion wrote:
>> Hi Steve,
>>
>> I'm just about to dig into this, but I had a few thoughts I wanted to
>> discuss first:
>>
>> 1) I get why your thought process makes sense, but I'm certain that
>> people who want to use LDAP/AD integration are trying to *avoid* doing
>> exactly what you describe; they want LDAP/AD users to be able to log in
>> *without* having to create an ODM user.
> Most users want to control who has access so just letting any successful 
> LDAP authentication to be added to the ODM site would be a change from 
> how it works now.
> 
>>
>> 2) The above opens up a few problems.  One of which is, obviously,
>> LDAP/AD does not have suitable attributes in any schema to store *all*
>> of the information of an ODM user.  My thoughts about getting around
>> this are as follows:
>>
>> - The most common schema anyone is going to be using for users is
>> inetOrgPerson.  AD uses a schema that has pretty much all the same
>> attributes as inetOrgPerson as well, by default.
>>
>> - No LDAP/AD user is going to want to change schemas, or extend the one
>> they're using.
>>
>> - On the most basic level, using the approach I have already taken, we
>> can make ODM's departments match what is stored in the LDAP attrib
>> "department" in the inetOrgPerson/AD schema.  By doing this, you make an
>> admin configure ODM *ONCE*, then users in LDAP/AD can log in and at
>> least be a member of the one department with pre-defined rights as the
>> admin chooses.  I've also set flags in the config for default
>> can_checkin, etc. rights, as the admin sees fit.
>>
>> - This leaves the problem of potentially "stale" ODM accounts in the DB
>> when an LDAP/AD user is deleted, but incorporating a "delete user from
>> ODM" protocol into any admin's "employee is leaving" checklist is FAR
>> more trivial than CREATING every user first, as on the delete end, it's
>> one at a time - and, you'd have to do this anyway, regardless of the
>> strategy.
> I think you may be over-thinking it a bit from what I originally thought 
> was needed. The only thing I thought we needed from LDAP was an 
> authentication. Everything else (department, reviewer, admin, etc.) is 
> all handled in the app. I don't see how we could move all of that user 
> data out of the system very easily, nor do I really want to.
> 
> Steve
>>
>> If you want to make an admin account or something that's an exception
>> rather than rank-and-file user, then you make an ODM account for it.
>> That's not a big ask on the admin.
>>
>> So, to sum up, I see your point, but I don't think implementing it that
>> way is really going to help much.  The way I've already done it will
>> "just work" with minimal set-up.
>>
>> Also - just to put it out there - I'm more than happy to do as you've
>> suggested, and I'm not trying to be argumentative :)  I just thought I'd
>> share my point of view on this, and reading comments from users who want
>> this feature, I think it's worth considering.
>>
>> Let me know what you think,
>>
>> -John
>>
>> On 04/06/2015 11:08 PM, opendocman development discussion wrote:
>>> So, we would want to have this working where the user must exist in the
>>> local system in order to authenticate. So the Admin->Settings section
>>> for auth would show "mysql" and "ldap". If "ldap" is chosen, then
>>> accounts created would be added with a different email notification sent
>>> to them letting them know their account is able to login.
>>>
>>> When they login, you would first verify their account exists and is
>>> active, then auth via ldap. Once authenticated, you would set their
>>> session variables as is done now for mysql auth.
>>>
>>> Steve
>>>
>>> On 3/31/15 6:38 AM, opendocman development discussion wrote:
>>>> OK, so now that I've pushed the LDAP/AD stuff I did, it occurs to me
>>>> that it might be a very simple add to just keep the users in LDAP/AD
>>>> *entirely*, or select between both modes (that is to say, create an ODM
>>>> user from LDAP *or* keep the accounts in LDAP).
>>>>
>>>> Looking in User_class.php, it seems I could easily branch around the
>>>> code to pull a user record from the DB with a conditional "get it from
>>>> LDAP" instead.  Before I dive into this too far, would that be all
>>>> that's required, or is this info queried in several places?
>>>>
>>>> It seems easy, in that respect - I've already done all the work to
>>>> define attributes, etc. for all user DB fields...
>>>>
>>>> Any guidance appreciated (you know, so I don't have to read every line
>>>> to figure it out myself. ;)
>>>>
>>>> Thanks,
>>>>
>>>> -John
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Dive into the World of Parallel Programming The Go Parallel Website, sponsored
>>>> by Intel and developed in partnership with Slashdot Media, is your hub for all
>>>> things parallel software development, from weekly thought leadership blogs to
>>>> news, videos, case studies, tutorials and more. Take a look and join the
>>>> conversation now. http://goparallel.sourceforge.net/
>>>> _______________________________________________
>>>> Opendocman-devel mailing list
>>>> Ope...@li...
>>>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel
>>>
>>> ------------------------------------------------------------------------------
>>> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
>>> Develop your own process in accordance with the BPMN 2 standard
>>> Learn Process modeling best practices with Bonita BPM through live exercises
>>> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
>>> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
>>> _______________________________________________
>>> Opendocman-devel mailing list
>>> Ope...@li...
>>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel
>>>
>> ------------------------------------------------------------------------------
>> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
>> Develop your own process in accordance with the BPMN 2 standard
>> Learn Process modeling best practices with Bonita BPM through live exercises
>> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
>> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
>> _______________________________________________
>> Opendocman-devel mailing list
>> Ope...@li...
>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel
> 
> 
> ------------------------------------------------------------------------------
> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
> Develop your own process in accordance with the BPMN 2 standard
> Learn Process modeling best practices with Bonita BPM through live exercises
> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
> _______________________________________________
> Opendocman-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/opendocman-devel
> 

Re: [Opendocman-devel] Q about how user permissions/info flow...

[opendocman d. d. <ope...@li...>]

It has been my experience that users wanting LDAP are more concerned 
about the authentication part, not the group and/or permissions. I had 
implemented LDAP years ago (but it got removed and never put back in). 
It was just a simple common-authentication service so that users didn't 
have to have have an additional password to login to ODM, they just use 
their LDAP directory password. Once "authenticated" via LDAP, their ODM 
account and permissions settings would be used just like any other user.

On 4/11/15 6:39 AM, opendocman development discussion wrote:
> Hi Steve,
>
> I'm just about to dig into this, but I had a few thoughts I wanted to
> discuss first:
>
> 1) I get why your thought process makes sense, but I'm certain that
> people who want to use LDAP/AD integration are trying to *avoid* doing
> exactly what you describe; they want LDAP/AD users to be able to log in
> *without* having to create an ODM user.
Most users want to control who has access so just letting any successful 
LDAP authentication to be added to the ODM site would be a change from 
how it works now.

>
> 2) The above opens up a few problems.  One of which is, obviously,
> LDAP/AD does not have suitable attributes in any schema to store *all*
> of the information of an ODM user.  My thoughts about getting around
> this are as follows:
>
> - The most common schema anyone is going to be using for users is
> inetOrgPerson.  AD uses a schema that has pretty much all the same
> attributes as inetOrgPerson as well, by default.
>
> - No LDAP/AD user is going to want to change schemas, or extend the one
> they're using.
>
> - On the most basic level, using the approach I have already taken, we
> can make ODM's departments match what is stored in the LDAP attrib
> "department" in the inetOrgPerson/AD schema.  By doing this, you make an
> admin configure ODM *ONCE*, then users in LDAP/AD can log in and at
> least be a member of the one department with pre-defined rights as the
> admin chooses.  I've also set flags in the config for default
> can_checkin, etc. rights, as the admin sees fit.
>
> - This leaves the problem of potentially "stale" ODM accounts in the DB
> when an LDAP/AD user is deleted, but incorporating a "delete user from
> ODM" protocol into any admin's "employee is leaving" checklist is FAR
> more trivial than CREATING every user first, as on the delete end, it's
> one at a time - and, you'd have to do this anyway, regardless of the
> strategy.
I think you may be over-thinking it a bit from what I originally thought 
was needed. The only thing I thought we needed from LDAP was an 
authentication. Everything else (department, reviewer, admin, etc.) is 
all handled in the app. I don't see how we could move all of that user 
data out of the system very easily, nor do I really want to.

Steve
>
> If you want to make an admin account or something that's an exception
> rather than rank-and-file user, then you make an ODM account for it.
> That's not a big ask on the admin.
>
> So, to sum up, I see your point, but I don't think implementing it that
> way is really going to help much.  The way I've already done it will
> "just work" with minimal set-up.
>
> Also - just to put it out there - I'm more than happy to do as you've
> suggested, and I'm not trying to be argumentative :)  I just thought I'd
> share my point of view on this, and reading comments from users who want
> this feature, I think it's worth considering.
>
> Let me know what you think,
>
> -John
>
> On 04/06/2015 11:08 PM, opendocman development discussion wrote:
>> So, we would want to have this working where the user must exist in the
>> local system in order to authenticate. So the Admin->Settings section
>> for auth would show "mysql" and "ldap". If "ldap" is chosen, then
>> accounts created would be added with a different email notification sent
>> to them letting them know their account is able to login.
>>
>> When they login, you would first verify their account exists and is
>> active, then auth via ldap. Once authenticated, you would set their
>> session variables as is done now for mysql auth.
>>
>> Steve
>>
>> On 3/31/15 6:38 AM, opendocman development discussion wrote:
>>> OK, so now that I've pushed the LDAP/AD stuff I did, it occurs to me
>>> that it might be a very simple add to just keep the users in LDAP/AD
>>> *entirely*, or select between both modes (that is to say, create an ODM
>>> user from LDAP *or* keep the accounts in LDAP).
>>>
>>> Looking in User_class.php, it seems I could easily branch around the
>>> code to pull a user record from the DB with a conditional "get it from
>>> LDAP" instead.  Before I dive into this too far, would that be all
>>> that's required, or is this info queried in several places?
>>>
>>> It seems easy, in that respect - I've already done all the work to
>>> define attributes, etc. for all user DB fields...
>>>
>>> Any guidance appreciated (you know, so I don't have to read every line
>>> to figure it out myself. ;)
>>>
>>> Thanks,
>>>
>>> -John
>>>
>>> ------------------------------------------------------------------------------
>>> Dive into the World of Parallel Programming The Go Parallel Website, sponsored
>>> by Intel and developed in partnership with Slashdot Media, is your hub for all
>>> things parallel software development, from weekly thought leadership blogs to
>>> news, videos, case studies, tutorials and more. Take a look and join the
>>> conversation now. http://goparallel.sourceforge.net/
>>> _______________________________________________
>>> Opendocman-devel mailing list
>>> Ope...@li...
>>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel
>>
>> ------------------------------------------------------------------------------
>> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
>> Develop your own process in accordance with the BPMN 2 standard
>> Learn Process modeling best practices with Bonita BPM through live exercises
>> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
>> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
>> _______________________________________________
>> Opendocman-devel mailing list
>> Ope...@li...
>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel
>>
> ------------------------------------------------------------------------------
> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
> Develop your own process in accordance with the BPMN 2 standard
> Learn Process modeling best practices with Bonita BPM through live exercises
> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
> _______________________________________________
> Opendocman-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/opendocman-devel

Re: [Opendocman-devel] Q about how user permissions/info flow...

[opendocman d. d. <ope...@li...>]

Hi Steve,

I'm just about to dig into this, but I had a few thoughts I wanted to
discuss first:

1) I get why your thought process makes sense, but I'm certain that
people who want to use LDAP/AD integration are trying to *avoid* doing
exactly what you describe; they want LDAP/AD users to be able to log in
*without* having to create an ODM user.

2) The above opens up a few problems.  One of which is, obviously,
LDAP/AD does not have suitable attributes in any schema to store *all*
of the information of an ODM user.  My thoughts about getting around
this are as follows:

- The most common schema anyone is going to be using for users is
inetOrgPerson.  AD uses a schema that has pretty much all the same
attributes as inetOrgPerson as well, by default.

- No LDAP/AD user is going to want to change schemas, or extend the one
they're using.

- On the most basic level, using the approach I have already taken, we
can make ODM's departments match what is stored in the LDAP attrib
"department" in the inetOrgPerson/AD schema.  By doing this, you make an
admin configure ODM *ONCE*, then users in LDAP/AD can log in and at
least be a member of the one department with pre-defined rights as the
admin chooses.  I've also set flags in the config for default
can_checkin, etc. rights, as the admin sees fit.

- This leaves the problem of potentially "stale" ODM accounts in the DB
when an LDAP/AD user is deleted, but incorporating a "delete user from
ODM" protocol into any admin's "employee is leaving" checklist is FAR
more trivial than CREATING every user first, as on the delete end, it's
one at a time - and, you'd have to do this anyway, regardless of the
strategy.

If you want to make an admin account or something that's an exception
rather than rank-and-file user, then you make an ODM account for it.
That's not a big ask on the admin.

So, to sum up, I see your point, but I don't think implementing it that
way is really going to help much.  The way I've already done it will
"just work" with minimal set-up.

Also - just to put it out there - I'm more than happy to do as you've
suggested, and I'm not trying to be argumentative :)  I just thought I'd
share my point of view on this, and reading comments from users who want
this feature, I think it's worth considering.

Let me know what you think,

-John

On 04/06/2015 11:08 PM, opendocman development discussion wrote:
> So, we would want to have this working where the user must exist in the 
> local system in order to authenticate. So the Admin->Settings section 
> for auth would show "mysql" and "ldap". If "ldap" is chosen, then 
> accounts created would be added with a different email notification sent 
> to them letting them know their account is able to login.
> 
> When they login, you would first verify their account exists and is 
> active, then auth via ldap. Once authenticated, you would set their 
> session variables as is done now for mysql auth.
> 
> Steve
> 
> On 3/31/15 6:38 AM, opendocman development discussion wrote:
>> OK, so now that I've pushed the LDAP/AD stuff I did, it occurs to me
>> that it might be a very simple add to just keep the users in LDAP/AD
>> *entirely*, or select between both modes (that is to say, create an ODM
>> user from LDAP *or* keep the accounts in LDAP).
>>
>> Looking in User_class.php, it seems I could easily branch around the
>> code to pull a user record from the DB with a conditional "get it from
>> LDAP" instead.  Before I dive into this too far, would that be all
>> that's required, or is this info queried in several places?
>>
>> It seems easy, in that respect - I've already done all the work to
>> define attributes, etc. for all user DB fields...
>>
>> Any guidance appreciated (you know, so I don't have to read every line
>> to figure it out myself. ;)
>>
>> Thanks,
>>
>> -John
>>
>> ------------------------------------------------------------------------------
>> Dive into the World of Parallel Programming The Go Parallel Website, sponsored
>> by Intel and developed in partnership with Slashdot Media, is your hub for all
>> things parallel software development, from weekly thought leadership blogs to
>> news, videos, case studies, tutorials and more. Take a look and join the
>> conversation now. http://goparallel.sourceforge.net/
>> _______________________________________________
>> Opendocman-devel mailing list
>> Ope...@li...
>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel
> 
> 
> ------------------------------------------------------------------------------
> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
> Develop your own process in accordance with the BPMN 2 standard
> Learn Process modeling best practices with Bonita BPM through live exercises
> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
> _______________________________________________
> Opendocman-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/opendocman-devel
> 

Re: [Opendocman-devel] Q about how user permissions/info flow...

[opendocman d. d. <ope...@li...>]

Gotcha.  I'll probably be able to get to it later in the week.

-John

Sent from my iPhone

> On Apr 6, 2015, at 11:08 PM, opendocman development discussion <ope...@li...> wrote:
> 
> So, we would want to have this working where the user must exist in the 
> local system in order to authenticate. So the Admin->Settings section 
> for auth would show "mysql" and "ldap". If "ldap" is chosen, then 
> accounts created would be added with a different email notification sent 
> to them letting them know their account is able to login.
> 
> When they login, you would first verify their account exists and is 
> active, then auth via ldap. Once authenticated, you would set their 
> session variables as is done now for mysql auth.
> 
> Steve
> 
>> On 3/31/15 6:38 AM, opendocman development discussion wrote:
>> OK, so now that I've pushed the LDAP/AD stuff I did, it occurs to me
>> that it might be a very simple add to just keep the users in LDAP/AD
>> *entirely*, or select between both modes (that is to say, create an ODM
>> user from LDAP *or* keep the accounts in LDAP).
>> 
>> Looking in User_class.php, it seems I could easily branch around the
>> code to pull a user record from the DB with a conditional "get it from
>> LDAP" instead.  Before I dive into this too far, would that be all
>> that's required, or is this info queried in several places?
>> 
>> It seems easy, in that respect - I've already done all the work to
>> define attributes, etc. for all user DB fields...
>> 
>> Any guidance appreciated (you know, so I don't have to read every line
>> to figure it out myself. ;)
>> 
>> Thanks,
>> 
>> -John
>> 
>> ------------------------------------------------------------------------------
>> Dive into the World of Parallel Programming The Go Parallel Website, sponsored
>> by Intel and developed in partnership with Slashdot Media, is your hub for all
>> things parallel software development, from weekly thought leadership blogs to
>> news, videos, case studies, tutorials and more. Take a look and join the
>> conversation now. http://goparallel.sourceforge.net/
>> _______________________________________________
>> Opendocman-devel mailing list
>> Ope...@li...
>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel
> 
> 
> ------------------------------------------------------------------------------
> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
> Develop your own process in accordance with the BPMN 2 standard
> Learn Process modeling best practices with Bonita BPM through live exercises
> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
> _______________________________________________
> Opendocman-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/opendocman-devel

Re: [Opendocman-devel] Q about how user permissions/info flow...

[opendocman d. d. <ope...@li...>]

So, we would want to have this working where the user must exist in the 
local system in order to authenticate. So the Admin->Settings section 
for auth would show "mysql" and "ldap". If "ldap" is chosen, then 
accounts created would be added with a different email notification sent 
to them letting them know their account is able to login.

When they login, you would first verify their account exists and is 
active, then auth via ldap. Once authenticated, you would set their 
session variables as is done now for mysql auth.

Steve

On 3/31/15 6:38 AM, opendocman development discussion wrote:
> OK, so now that I've pushed the LDAP/AD stuff I did, it occurs to me
> that it might be a very simple add to just keep the users in LDAP/AD
> *entirely*, or select between both modes (that is to say, create an ODM
> user from LDAP *or* keep the accounts in LDAP).
>
> Looking in User_class.php, it seems I could easily branch around the
> code to pull a user record from the DB with a conditional "get it from
> LDAP" instead.  Before I dive into this too far, would that be all
> that's required, or is this info queried in several places?
>
> It seems easy, in that respect - I've already done all the work to
> define attributes, etc. for all user DB fields...
>
> Any guidance appreciated (you know, so I don't have to read every line
> to figure it out myself. ;)
>
> Thanks,
>
> -John
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming The Go Parallel Website, sponsored
> by Intel and developed in partnership with Slashdot Media, is your hub for all
> things parallel software development, from weekly thought leadership blogs to
> news, videos, case studies, tutorials and more. Take a look and join the
> conversation now. http://goparallel.sourceforge.net/
> _______________________________________________
> Opendocman-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/opendocman-devel

[Opendocman-devel] Q about how user permissions/info flow...

[opendocman d. d. <ope...@li...>]

OK, so now that I've pushed the LDAP/AD stuff I did, it occurs to me
that it might be a very simple add to just keep the users in LDAP/AD
*entirely*, or select between both modes (that is to say, create an ODM
user from LDAP *or* keep the accounts in LDAP).

Looking in User_class.php, it seems I could easily branch around the
code to pull a user record from the DB with a conditional "get it from
LDAP" instead.  Before I dive into this too far, would that be all
that's required, or is this info queried in several places?

It seems easy, in that respect - I've already done all the work to
define attributes, etc. for all user DB fields...

Any guidance appreciated (you know, so I don't have to read every line
to figure it out myself. ;)

Thanks,

-John

Re: [Opendocman-devel] I have added LDAP integration

[opendocman d. d. <ope...@li...>]

I have committed/pushed my changes to my fork on github.  It can now add
a user to the DB with all fields filled out from LDAP, if they are
specified and if the search returns a result.  Works great here, would
like some others to try it out.

-John


On 03/26/2015 06:19 PM, opendocman development discussion wrote:
> OK.  Doing it this way will give me a chance to go back and put in more
> error detection and other tidbits anyway.
> 
> -John
> 
> 
> On 03/26/2015 06:14 PM, opendocman development discussion wrote:
>> Thanks John,
>>
>> Its been quiet in here, so it is welcome noise. :)
>>
>> Steve
>>
>> On 3/26/15 2:53 PM, opendocman development discussion wrote:
>>> OK I figured git out.  I made a fork and will submit my cleaned up
>>> code that way. 
>>>
>>> Sorry for the list noise!
>>>
>>> -John
>>>
>>>
>>> On 03/26/2015 02:32 PM, opendocman development discussion wrote:
>>>> Hey John,
>>>>
>>>> I will take a look at this over the weekend. It would be a good idea
>>>> if you were to do this as a Pull Request at GitHub. Are you familiar
>>>> with that process?
>>>>
>>>> Steve
>>>>
>>>> On 3/26/15 11:11 AM, opendocman development discussion wrote:
>>>>> Hi Devs,
>>>>>
>>>>> I just wrote in support for getting user accounts from LDAP.
>>>>> Basically, if this option is enabled, it will check LDAP for the
>>>>> user who is being logged in.  If the username and password match,
>>>>> it'll then check the opendocman database to see if the user already
>>>>> exists there.  If it does, it synchronizes the password field with
>>>>> the LDAP password.  If not, it adds a new user with defaults.  All
>>>>> of this is against version 1.3.2.
>>>>>
>>>>> Anyway, I'm a C programmer, and this is the first thing I've really
>>>>> tried in PHP, so if someone could give it the once over and offer
>>>>> me some suggestions for improvement, that'd be great.
>>>>>
>>>>> Thanks,
>>>>>
>>>>> -John
>>>>>
>>>>> To test this out, you need the following in config.php:
>>>>>
>>>>> -----8<-----
>>>>> $GLOBALS['CONFIG']['ldap_enable'] = TRUE;
>>>>> $GLOBALS['CONFIG']['ldap_host'] = 'my.ldaphost.com';
>>>>> $GLOBALS['CONFIG']['ldap_port'] = '389';
>>>>>
>>>>> $GLOBALS['CONFIG']['base_dn'] = "ou=People,dc=mydomain,dc=com";
>>>>> $GLOBALS['CONFIG']['searchfilter'] = "(&(uid=%uid))";
>>>>> $GLOBALS['CONFIG']['bind_dn'] = "cn=Manager,dc=mydomain,dc=com";
>>>>> $GLOBALS['CONFIG']['bind_pw'] = "managers_password";
>>>>> -----8<-----
>>>>>
>>>>> ...and then patch index.php with this patch:
>>>>>
>>>>> -----8<-----
>>>>> --- index.php    2015-03-26 13:42:01.781054000 -0400
>>>>> +++ index.php-orig    2015-03-26 13:49:07.721054000 -0400
>>>>> @@ -78,15 +78,6 @@
>>>>>      $frmuser = $_POST['frmuser'];
>>>>>      $frmpass = $_POST['frmpass'];
>>>>>
>>>>> -    // JEPH - Check for LDAP users enabled
>>>>> -    if($GLOBALS['CONFIG']['ldap_enable']) {
>>>>> -    require 'ldap-users.inc';
>>>>> -    $ldap_success = ldap_login($frmuser, $frmpass);
>>>>> -    if(!empty($ldap_success)) {
>>>>> -        add_or_modify($frmuser, $frmpass);
>>>>> -    }
>>>>> -    }
>>>>> -
>>>>>      // check login and md5()
>>>>>      // connect and execute query
>>>>>      $query = "
>>>>> @@ -134,11 +125,11 @@
>>>>>
>>>>>      // if row exists - login/pass is correct
>>>>>      if (count($result) == 1)
>>>>> -    {
>>>>> +    {
>>>>>          // register the user's ID
>>>>>          $id = $result[0]['id'];
>>>>> -        $username = $result[0]['username'];
>>>>> -        $password = $result[0]['password'];
>>>>> +        $username = $result['username'];
>>>>> +        $password = $result['password'];
>>>>>
>>>>>          // initiate a session
>>>>>          $_SESSION['uid'] = $id;
>>>>> -----8<-----
>>>>>
>>>>> ...and add my routines to ldap-users.inc (all of this attached) but
>>>>> in case this list strips attachments, test follows:
>>>>>
>>>>> -----8<-----
>>>>> <?php
>>>>>     // ldap-users.inc
>>>>>     //
>>>>>     // Authenticate users against LDAP
>>>>>     // John E.P. Hynes/HyTronix [03/25/2015]
>>>>>     //
>>>>>     // Takes username/password and tries to bind.
>>>>>     // Return user name on success, FALSE on failure.
>>>>>
>>>>> function ldap_login($user, $pass) {
>>>>>     $ldap_host = $GLOBALS['CONFIG']['ldap_host'];
>>>>>     $ldap_port = $GLOBALS['CONFIG']['ldap_port'];
>>>>>     $base_dn = $GLOBALS['CONFIG']['base_dn'];
>>>>>     $searchfilter = $GLOBALS['CONFIG']['searchfilter'];
>>>>>     $bind_dn = $GLOBALS['CONFIG']['bind_dn'];
>>>>>     $bind_pw = $GLOBALS['CONFIG']['bind_pw'];
>>>>>
>>>>>     $ldap_conn = ldap_connect($ldap_host, $ldap_port)
>>>>>         or error_log("ldap_connect() failed.");
>>>>>
>>>>>     ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3);
>>>>>     ldap_set_option($ldap_conn, LDAP_OPT_REFERRALS, 0);
>>>>>
>>>>>     $bind = ldap_bind($ldap_conn, $bind_dn, $bind_pw)
>>>>>         or error_log("ldap_bind() failed.");
>>>>>
>>>>>     $match_count = 1;
>>>>>     $this_filter = str_replace("%uid", $user, $searchfilter,
>>>>> $match_count);
>>>>>     if(empty($this_filter)) {
>>>>>         error_log("Error in searchfilter with str_replace(), got
>>>>> $this_filter");
>>>>>         return FALSE;
>>>>>     }
>>>>>
>>>>>     $attribute = array("uid");
>>>>>     $search_results = @ldap_search($ldap_conn, $base_dn,
>>>>> $this_filter, $attribute, 0, 2);
>>>>>
>>>>>     if (!$search_results) {
>>>>>         error_log("Something went wrong in ldap_search.");
>>>>>     }
>>>>>
>>>>>     if (ldap_count_entries($ldap_conn, $search_results) != 1) {
>>>>>         error_log("ldap_search() returned $search_results in error.");
>>>>>         return FALSE;
>>>>>     }
>>>>>
>>>>>     $user_entry = ldap_first_entry($ldap_conn, $search_results);
>>>>>     $this_dn = ldap_get_dn($ldap_conn, $user_entry);
>>>>>
>>>>>     $user_bind = ldap_bind($ldap_conn, $this_dn, $pass);
>>>>>     if (!$user_bind) {
>>>>>         return FALSE;
>>>>>     }
>>>>>
>>>>>     ldap_close($ldap_conn);
>>>>>
>>>>>     return $user;
>>>>> }
>>>>>
>>>>> function add_or_modify($username, $password) {
>>>>>     // Check to make sure user does not already exist
>>>>>     $pdo = $GLOBALS['pdo'];
>>>>>     $query = "SELECT COUNT(*) FROM
>>>>> {$GLOBALS['CONFIG']['db_prefix']}user WHERE username = '$username'";
>>>>>     if ($count = $pdo->query($query)) {
>>>>>         if ($count->fetchColumn() == 1) {
>>>>>             update_password($username, $password);
>>>>>             return;
>>>>>         } elseif ($count->fetchColumn() == 0) {
>>>>>             create_user($username, $password);
>>>>>             return;
>>>>>         }
>>>>>         else {
>>>>>             error_log("Database error - username not unique.");
>>>>>         }
>>>>>     }
>>>>>
>>>>>     return;
>>>>> }
>>>>>
>>>>> function update_password($username, $password) {
>>>>>     $pdo = $GLOBALS['pdo'];
>>>>>     $query = "UPDATE {$GLOBALS['CONFIG']['db_prefix']}user
>>>>>                 SET password=md5(:password) WHERE username=:username";
>>>>>     $stmt = $pdo->prepare($query);
>>>>>     $stmt->execute(array(':username' => $username, ':password' =>
>>>>> $password));
>>>>>
>>>>>     return;
>>>>> }
>>>>>
>>>>> function create_user($username, $password) {
>>>>>     $pdo = $GLOBALS['pdo'];
>>>>>     $department = 1;
>>>>>     $phonenumber = "000-000-0000";
>>>>>     $email = "";
>>>>>     $lastname = "";
>>>>>     $firstname = "";
>>>>>     $can_add = 0;
>>>>>     $can_checkin = 0;
>>>>>
>>>>>     $query = "INSERT INTO {$GLOBALS['CONFIG']['db_prefix']}user
>>>>>         (username, password, department, phone, Email,last_name,
>>>>> first_name, can_add, can_checkin)
>>>>>         VALUES(
>>>>>             :username,
>>>>>             md5(:password),
>>>>>             :department,
>>>>>             :phonenumber,
>>>>>             :email,
>>>>>             :lastname,
>>>>>             :firstname,
>>>>>             :can_add,
>>>>>             :can_checkin
>>>>>         )";
>>>>>
>>>>>     $stmt = $pdo->prepare($query);
>>>>>     $stmt->execute(array(
>>>>>         ':username' => $username,
>>>>>         ':password' => $password,
>>>>>         ':department' => $department,
>>>>>         ':phonenumber' => $phonenumber,
>>>>>         ':email' => $email,
>>>>>         ':lastname' => $lastname,
>>>>>         ':firstname' => $firstname,
>>>>>         ':can_add' => $can_add,
>>>>>         ':can_checkin' => $can_checkin
>>>>>         ));
>>>>>
>>>>>     $user_id = $pdo->lastInsertId();;
>>>>>     $admin = 0;
>>>>>     $query = "INSERT INTO {$GLOBALS['CONFIG']['db_prefix']}admin
>>>>> (id, admin) VALUES(:user_id, :admin)";
>>>>>     $stmt = $pdo->prepare($query);
>>>>>     $stmt->execute(array(':user_id' => $user_id, ':admin' => $admin));
>>>>>
>>>>>     return;
>>>>> }
>>>>>
>>>>> ?>
>>>>> -----8<-----
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------------------
>>>>> Dive into the World of Parallel Programming The Go Parallel Website, sponsored
>>>>> by Intel and developed in partnership with Slashdot Media, is your hub for all
>>>>> things parallel software development, from weekly thought leadership blogs to
>>>>> news, videos, case studies, tutorials and more. Take a look and join the 
>>>>> conversation now. http://goparallel.sourceforge.net/
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Opendocman-devel mailing list
>>>>> Ope...@li...
>>>>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Dive into the World of Parallel Programming The Go Parallel Website, sponsored
>>>> by Intel and developed in partnership with Slashdot Media, is your hub for all
>>>> things parallel software development, from weekly thought leadership blogs to
>>>> news, videos, case studies, tutorials and more. Take a look and join the 
>>>> conversation now. http://goparallel.sourceforge.net/
>>>>
>>>>
>>>> _______________________________________________
>>>> Opendocman-devel mailing list
>>>> Ope...@li...
>>>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Dive into the World of Parallel Programming The Go Parallel Website, sponsored
>>> by Intel and developed in partnership with Slashdot Media, is your hub for all
>>> things parallel software development, from weekly thought leadership blogs to
>>> news, videos, case studies, tutorials and more. Take a look and join the 
>>> conversation now. http://goparallel.sourceforge.net/
>>>
>>>
>>> _______________________________________________
>>> Opendocman-devel mailing list
>>> Ope...@li...
>>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Dive into the World of Parallel Programming The Go Parallel Website, sponsored
>> by Intel and developed in partnership with Slashdot Media, is your hub for all
>> things parallel software development, from weekly thought leadership blogs to
>> news, videos, case studies, tutorials and more. Take a look and join the 
>> conversation now. http://goparallel.sourceforge.net/
>>
>>
>> _______________________________________________
>> Opendocman-devel mailing list
>> Ope...@li...
>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel
> 
> 
> 
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming The Go Parallel Website, sponsored
> by Intel and developed in partnership with Slashdot Media, is your hub for all
> things parallel software development, from weekly thought leadership blogs to
> news, videos, case studies, tutorials and more. Take a look and join the 
> conversation now. http://goparallel.sourceforge.net/
> 
> 
> 
> _______________________________________________
> Opendocman-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/opendocman-devel
> 

Re: [Opendocman-devel] I have added LDAP integration

[opendocman d. d. <ope...@li...>]

Hey Steve -

Just wanted to let you know that I ended up having a chance to work on
this quite a bit this weekend.  I'll be making another commit soon with
the code to try to fully populate the database from LDAP.

On 03/26/2015 06:19 PM, opendocman development discussion wrote:
> OK.  Doing it this way will give me a chance to go back and put in more
> error detection and other tidbits anyway.
> 
> -John
> 
> 
> On 03/26/2015 06:14 PM, opendocman development discussion wrote:
>> Thanks John,
>>
>> Its been quiet in here, so it is welcome noise. :)
>>
>> Steve
>>
>> On 3/26/15 2:53 PM, opendocman development discussion wrote:
>>> OK I figured git out.  I made a fork and will submit my cleaned up
>>> code that way. 
>>>
>>> Sorry for the list noise!
>>>
>>> -John
>>>
>>>
>>> On 03/26/2015 02:32 PM, opendocman development discussion wrote:
>>>> Hey John,
>>>>
>>>> I will take a look at this over the weekend. It would be a good idea
>>>> if you were to do this as a Pull Request at GitHub. Are you familiar
>>>> with that process?
>>>>
>>>> Steve
>>>>
>>>> On 3/26/15 11:11 AM, opendocman development discussion wrote:
>>>>> Hi Devs,
>>>>>
>>>>> I just wrote in support for getting user accounts from LDAP.
>>>>> Basically, if this option is enabled, it will check LDAP for the
>>>>> user who is being logged in.  If the username and password match,
>>>>> it'll then check the opendocman database to see if the user already
>>>>> exists there.  If it does, it synchronizes the password field with
>>>>> the LDAP password.  If not, it adds a new user with defaults.  All
>>>>> of this is against version 1.3.2.
>>>>>
>>>>> Anyway, I'm a C programmer, and this is the first thing I've really
>>>>> tried in PHP, so if someone could give it the once over and offer
>>>>> me some suggestions for improvement, that'd be great.
>>>>>
>>>>> Thanks,
>>>>>
>>>>> -John
>>>>>
>>>>> To test this out, you need the following in config.php:
>>>>>
>>>>> -----8<-----
>>>>> $GLOBALS['CONFIG']['ldap_enable'] = TRUE;
>>>>> $GLOBALS['CONFIG']['ldap_host'] = 'my.ldaphost.com';
>>>>> $GLOBALS['CONFIG']['ldap_port'] = '389';
>>>>>
>>>>> $GLOBALS['CONFIG']['base_dn'] = "ou=People,dc=mydomain,dc=com";
>>>>> $GLOBALS['CONFIG']['searchfilter'] = "(&(uid=%uid))";
>>>>> $GLOBALS['CONFIG']['bind_dn'] = "cn=Manager,dc=mydomain,dc=com";
>>>>> $GLOBALS['CONFIG']['bind_pw'] = "managers_password";
>>>>> -----8<-----
>>>>>
>>>>> ...and then patch index.php with this patch:
>>>>>
>>>>> -----8<-----
>>>>> --- index.php    2015-03-26 13:42:01.781054000 -0400
>>>>> +++ index.php-orig    2015-03-26 13:49:07.721054000 -0400
>>>>> @@ -78,15 +78,6 @@
>>>>>      $frmuser = $_POST['frmuser'];
>>>>>      $frmpass = $_POST['frmpass'];
>>>>>
>>>>> -    // JEPH - Check for LDAP users enabled
>>>>> -    if($GLOBALS['CONFIG']['ldap_enable']) {
>>>>> -    require 'ldap-users.inc';
>>>>> -    $ldap_success = ldap_login($frmuser, $frmpass);
>>>>> -    if(!empty($ldap_success)) {
>>>>> -        add_or_modify($frmuser, $frmpass);
>>>>> -    }
>>>>> -    }
>>>>> -
>>>>>      // check login and md5()
>>>>>      // connect and execute query
>>>>>      $query = "
>>>>> @@ -134,11 +125,11 @@
>>>>>
>>>>>      // if row exists - login/pass is correct
>>>>>      if (count($result) == 1)
>>>>> -    {
>>>>> +    {
>>>>>          // register the user's ID
>>>>>          $id = $result[0]['id'];
>>>>> -        $username = $result[0]['username'];
>>>>> -        $password = $result[0]['password'];
>>>>> +        $username = $result['username'];
>>>>> +        $password = $result['password'];
>>>>>
>>>>>          // initiate a session
>>>>>          $_SESSION['uid'] = $id;
>>>>> -----8<-----
>>>>>
>>>>> ...and add my routines to ldap-users.inc (all of this attached) but
>>>>> in case this list strips attachments, test follows:
>>>>>
>>>>> -----8<-----
>>>>> <?php
>>>>>     // ldap-users.inc
>>>>>     //
>>>>>     // Authenticate users against LDAP
>>>>>     // John E.P. Hynes/HyTronix [03/25/2015]
>>>>>     //
>>>>>     // Takes username/password and tries to bind.
>>>>>     // Return user name on success, FALSE on failure.
>>>>>
>>>>> function ldap_login($user, $pass) {
>>>>>     $ldap_host = $GLOBALS['CONFIG']['ldap_host'];
>>>>>     $ldap_port = $GLOBALS['CONFIG']['ldap_port'];
>>>>>     $base_dn = $GLOBALS['CONFIG']['base_dn'];
>>>>>     $searchfilter = $GLOBALS['CONFIG']['searchfilter'];
>>>>>     $bind_dn = $GLOBALS['CONFIG']['bind_dn'];
>>>>>     $bind_pw = $GLOBALS['CONFIG']['bind_pw'];
>>>>>
>>>>>     $ldap_conn = ldap_connect($ldap_host, $ldap_port)
>>>>>         or error_log("ldap_connect() failed.");
>>>>>
>>>>>     ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3);
>>>>>     ldap_set_option($ldap_conn, LDAP_OPT_REFERRALS, 0);
>>>>>
>>>>>     $bind = ldap_bind($ldap_conn, $bind_dn, $bind_pw)
>>>>>         or error_log("ldap_bind() failed.");
>>>>>
>>>>>     $match_count = 1;
>>>>>     $this_filter = str_replace("%uid", $user, $searchfilter,
>>>>> $match_count);
>>>>>     if(empty($this_filter)) {
>>>>>         error_log("Error in searchfilter with str_replace(), got
>>>>> $this_filter");
>>>>>         return FALSE;
>>>>>     }
>>>>>
>>>>>     $attribute = array("uid");
>>>>>     $search_results = @ldap_search($ldap_conn, $base_dn,
>>>>> $this_filter, $attribute, 0, 2);
>>>>>
>>>>>     if (!$search_results) {
>>>>>         error_log("Something went wrong in ldap_search.");
>>>>>     }
>>>>>
>>>>>     if (ldap_count_entries($ldap_conn, $search_results) != 1) {
>>>>>         error_log("ldap_search() returned $search_results in error.");
>>>>>         return FALSE;
>>>>>     }
>>>>>
>>>>>     $user_entry = ldap_first_entry($ldap_conn, $search_results);
>>>>>     $this_dn = ldap_get_dn($ldap_conn, $user_entry);
>>>>>
>>>>>     $user_bind = ldap_bind($ldap_conn, $this_dn, $pass);
>>>>>     if (!$user_bind) {
>>>>>         return FALSE;
>>>>>     }
>>>>>
>>>>>     ldap_close($ldap_conn);
>>>>>
>>>>>     return $user;
>>>>> }
>>>>>
>>>>> function add_or_modify($username, $password) {
>>>>>     // Check to make sure user does not already exist
>>>>>     $pdo = $GLOBALS['pdo'];
>>>>>     $query = "SELECT COUNT(*) FROM
>>>>> {$GLOBALS['CONFIG']['db_prefix']}user WHERE username = '$username'";
>>>>>     if ($count = $pdo->query($query)) {
>>>>>         if ($count->fetchColumn() == 1) {
>>>>>             update_password($username, $password);
>>>>>             return;
>>>>>         } elseif ($count->fetchColumn() == 0) {
>>>>>             create_user($username, $password);
>>>>>             return;
>>>>>         }
>>>>>         else {
>>>>>             error_log("Database error - username not unique.");
>>>>>         }
>>>>>     }
>>>>>
>>>>>     return;
>>>>> }
>>>>>
>>>>> function update_password($username, $password) {
>>>>>     $pdo = $GLOBALS['pdo'];
>>>>>     $query = "UPDATE {$GLOBALS['CONFIG']['db_prefix']}user
>>>>>                 SET password=md5(:password) WHERE username=:username";
>>>>>     $stmt = $pdo->prepare($query);
>>>>>     $stmt->execute(array(':username' => $username, ':password' =>
>>>>> $password));
>>>>>
>>>>>     return;
>>>>> }
>>>>>
>>>>> function create_user($username, $password) {
>>>>>     $pdo = $GLOBALS['pdo'];
>>>>>     $department = 1;
>>>>>     $phonenumber = "000-000-0000";
>>>>>     $email = "";
>>>>>     $lastname = "";
>>>>>     $firstname = "";
>>>>>     $can_add = 0;
>>>>>     $can_checkin = 0;
>>>>>
>>>>>     $query = "INSERT INTO {$GLOBALS['CONFIG']['db_prefix']}user
>>>>>         (username, password, department, phone, Email,last_name,
>>>>> first_name, can_add, can_checkin)
>>>>>         VALUES(
>>>>>             :username,
>>>>>             md5(:password),
>>>>>             :department,
>>>>>             :phonenumber,
>>>>>             :email,
>>>>>             :lastname,
>>>>>             :firstname,
>>>>>             :can_add,
>>>>>             :can_checkin
>>>>>         )";
>>>>>
>>>>>     $stmt = $pdo->prepare($query);
>>>>>     $stmt->execute(array(
>>>>>         ':username' => $username,
>>>>>         ':password' => $password,
>>>>>         ':department' => $department,
>>>>>         ':phonenumber' => $phonenumber,
>>>>>         ':email' => $email,
>>>>>         ':lastname' => $lastname,
>>>>>         ':firstname' => $firstname,
>>>>>         ':can_add' => $can_add,
>>>>>         ':can_checkin' => $can_checkin
>>>>>         ));
>>>>>
>>>>>     $user_id = $pdo->lastInsertId();;
>>>>>     $admin = 0;
>>>>>     $query = "INSERT INTO {$GLOBALS['CONFIG']['db_prefix']}admin
>>>>> (id, admin) VALUES(:user_id, :admin)";
>>>>>     $stmt = $pdo->prepare($query);
>>>>>     $stmt->execute(array(':user_id' => $user_id, ':admin' => $admin));
>>>>>
>>>>>     return;
>>>>> }
>>>>>
>>>>> ?>
>>>>> -----8<-----
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------------------
>>>>> Dive into the World of Parallel Programming The Go Parallel Website, sponsored
>>>>> by Intel and developed in partnership with Slashdot Media, is your hub for all
>>>>> things parallel software development, from weekly thought leadership blogs to
>>>>> news, videos, case studies, tutorials and more. Take a look and join the 
>>>>> conversation now. http://goparallel.sourceforge.net/
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Opendocman-devel mailing list
>>>>> Ope...@li...
>>>>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Dive into the World of Parallel Programming The Go Parallel Website, sponsored
>>>> by Intel and developed in partnership with Slashdot Media, is your hub for all
>>>> things parallel software development, from weekly thought leadership blogs to
>>>> news, videos, case studies, tutorials and more. Take a look and join the 
>>>> conversation now. http://goparallel.sourceforge.net/
>>>>
>>>>
>>>> _______________________________________________
>>>> Opendocman-devel mailing list
>>>> Ope...@li...
>>>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Dive into the World of Parallel Programming The Go Parallel Website, sponsored
>>> by Intel and developed in partnership with Slashdot Media, is your hub for all
>>> things parallel software development, from weekly thought leadership blogs to
>>> news, videos, case studies, tutorials and more. Take a look and join the 
>>> conversation now. http://goparallel.sourceforge.net/
>>>
>>>
>>> _______________________________________________
>>> Opendocman-devel mailing list
>>> Ope...@li...
>>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Dive into the World of Parallel Programming The Go Parallel Website, sponsored
>> by Intel and developed in partnership with Slashdot Media, is your hub for all
>> things parallel software development, from weekly thought leadership blogs to
>> news, videos, case studies, tutorials and more. Take a look and join the 
>> conversation now. http://goparallel.sourceforge.net/
>>
>>
>> _______________________________________________
>> Opendocman-devel mailing list
>> Ope...@li...
>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel
> 
> 
> 
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming The Go Parallel Website, sponsored
> by Intel and developed in partnership with Slashdot Media, is your hub for all
> things parallel software development, from weekly thought leadership blogs to
> news, videos, case studies, tutorials and more. Take a look and join the 
> conversation now. http://goparallel.sourceforge.net/
> 
> 
> 
> _______________________________________________
> Opendocman-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/opendocman-devel
> 

Re: [Opendocman-devel] I have added LDAP integration

[opendocman d. d. <ope...@li...>]

OK.  Doing it this way will give me a chance to go back and put in more 
error detection and other tidbits anyway.

-John


On 03/26/2015 06:14 PM, opendocman development discussion wrote:
> Thanks John,
>
> Its been quiet in here, so it is welcome noise. :)
>
> Steve
>
> On 3/26/15 2:53 PM, opendocman development discussion wrote:
>> OK I figured git out.  I made a fork and will submit my cleaned up 
>> code that way.
>>
>> Sorry for the list noise!
>>
>> -John
>>
>>
>> On 03/26/2015 02:32 PM, opendocman development discussion wrote:
>>> Hey John,
>>>
>>> I will take a look at this over the weekend. It would be a good idea 
>>> if you were to do this as a Pull Request at GitHub. Are you familiar 
>>> with that process?
>>>
>>> Steve
>>>
>>> On 3/26/15 11:11 AM, opendocman development discussion wrote:
>>>> Hi Devs,
>>>>
>>>> I just wrote in support for getting user accounts from LDAP. 
>>>> Basically, if this option is enabled, it will check LDAP for the 
>>>> user who is being logged in.  If the username and password match, 
>>>> it'll then check the opendocman database to see if the user already 
>>>> exists there.  If it does, it synchronizes the password field with 
>>>> the LDAP password.  If not, it adds a new user with defaults.  All 
>>>> of this is against version 1.3.2.
>>>>
>>>> Anyway, I'm a C programmer, and this is the first thing I've really 
>>>> tried in PHP, so if someone could give it the once over and offer 
>>>> me some suggestions for improvement, that'd be great.
>>>>
>>>> Thanks,
>>>>
>>>> -John
>>>>
>>>> To test this out, you need the following in config.php:
>>>>
>>>> -----8<-----
>>>> $GLOBALS['CONFIG']['ldap_enable'] = TRUE;
>>>> $GLOBALS['CONFIG']['ldap_host'] = 'my.ldaphost.com';
>>>> $GLOBALS['CONFIG']['ldap_port'] = '389';
>>>>
>>>> $GLOBALS['CONFIG']['base_dn'] = "ou=People,dc=mydomain,dc=com";
>>>> $GLOBALS['CONFIG']['searchfilter'] = "(&(uid=%uid))";
>>>> $GLOBALS['CONFIG']['bind_dn'] = "cn=Manager,dc=mydomain,dc=com";
>>>> $GLOBALS['CONFIG']['bind_pw'] = "managers_password";
>>>> -----8<-----
>>>>
>>>> ...and then patch index.php with this patch:
>>>>
>>>> -----8<-----
>>>> --- index.php    2015-03-26 13:42:01.781054000 -0400
>>>> +++ index.php-orig    2015-03-26 13:49:07.721054000 -0400
>>>> @@ -78,15 +78,6 @@
>>>>      $frmuser = $_POST['frmuser'];
>>>>      $frmpass = $_POST['frmpass'];
>>>>
>>>> -    // JEPH - Check for LDAP users enabled
>>>> -    if($GLOBALS['CONFIG']['ldap_enable']) {
>>>> -    require 'ldap-users.inc';
>>>> -    $ldap_success = ldap_login($frmuser, $frmpass);
>>>> -    if(!empty($ldap_success)) {
>>>> -        add_or_modify($frmuser, $frmpass);
>>>> -    }
>>>> -    }
>>>> -
>>>>      // check login and md5()
>>>>      // connect and execute query
>>>>      $query = "
>>>> @@ -134,11 +125,11 @@
>>>>
>>>>      // if row exists - login/pass is correct
>>>>      if (count($result) == 1)
>>>> -    {
>>>> +    {
>>>>          // register the user's ID
>>>>          $id = $result[0]['id'];
>>>> -        $username = $result[0]['username'];
>>>> -        $password = $result[0]['password'];
>>>> +        $username = $result['username'];
>>>> +        $password = $result['password'];
>>>>
>>>>          // initiate a session
>>>>          $_SESSION['uid'] = $id;
>>>> -----8<-----
>>>>
>>>> ...and add my routines to ldap-users.inc (all of this attached) but 
>>>> in case this list strips attachments, test follows:
>>>>
>>>> -----8<-----
>>>> <?php
>>>>     // ldap-users.inc
>>>>     //
>>>>     // Authenticate users against LDAP
>>>>     // John E.P. Hynes/HyTronix [03/25/2015]
>>>>     //
>>>>     // Takes username/password and tries to bind.
>>>>     // Return user name on success, FALSE on failure.
>>>>
>>>> function ldap_login($user, $pass) {
>>>>     $ldap_host = $GLOBALS['CONFIG']['ldap_host'];
>>>>     $ldap_port = $GLOBALS['CONFIG']['ldap_port'];
>>>>     $base_dn = $GLOBALS['CONFIG']['base_dn'];
>>>>     $searchfilter = $GLOBALS['CONFIG']['searchfilter'];
>>>>     $bind_dn = $GLOBALS['CONFIG']['bind_dn'];
>>>>     $bind_pw = $GLOBALS['CONFIG']['bind_pw'];
>>>>
>>>>     $ldap_conn = ldap_connect($ldap_host, $ldap_port)
>>>>         or error_log("ldap_connect() failed.");
>>>>
>>>>     ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3);
>>>>     ldap_set_option($ldap_conn, LDAP_OPT_REFERRALS, 0);
>>>>
>>>>     $bind = ldap_bind($ldap_conn, $bind_dn, $bind_pw)
>>>>         or error_log("ldap_bind() failed.");
>>>>
>>>>     $match_count = 1;
>>>>     $this_filter = str_replace("%uid", $user, $searchfilter, 
>>>> $match_count);
>>>>     if(empty($this_filter)) {
>>>>         error_log("Error in searchfilter with str_replace(), got 
>>>> $this_filter");
>>>>         return FALSE;
>>>>     }
>>>>
>>>>     $attribute = array("uid");
>>>>     $search_results = @ldap_search($ldap_conn, $base_dn, 
>>>> $this_filter, $attribute, 0, 2);
>>>>
>>>>     if (!$search_results) {
>>>>         error_log("Something went wrong in ldap_search.");
>>>>     }
>>>>
>>>>     if (ldap_count_entries($ldap_conn, $search_results) != 1) {
>>>>         error_log("ldap_search() returned $search_results in error.");
>>>>         return FALSE;
>>>>     }
>>>>
>>>>     $user_entry = ldap_first_entry($ldap_conn, $search_results);
>>>>     $this_dn = ldap_get_dn($ldap_conn, $user_entry);
>>>>
>>>>     $user_bind = ldap_bind($ldap_conn, $this_dn, $pass);
>>>>     if (!$user_bind) {
>>>>         return FALSE;
>>>>     }
>>>>
>>>>     ldap_close($ldap_conn);
>>>>
>>>>     return $user;
>>>> }
>>>>
>>>> function add_or_modify($username, $password) {
>>>>     // Check to make sure user does not already exist
>>>>     $pdo = $GLOBALS['pdo'];
>>>>     $query = "SELECT COUNT(*) FROM 
>>>> {$GLOBALS['CONFIG']['db_prefix']}user WHERE username = '$username'";
>>>>     if ($count = $pdo->query($query)) {
>>>>         if ($count->fetchColumn() == 1) {
>>>>             update_password($username, $password);
>>>>             return;
>>>>         } elseif ($count->fetchColumn() == 0) {
>>>>             create_user($username, $password);
>>>>             return;
>>>>         }
>>>>         else {
>>>>             error_log("Database error - username not unique.");
>>>>         }
>>>>     }
>>>>
>>>>     return;
>>>> }
>>>>
>>>> function update_password($username, $password) {
>>>>     $pdo = $GLOBALS['pdo'];
>>>>     $query = "UPDATE {$GLOBALS['CONFIG']['db_prefix']}user
>>>>                 SET password=md5(:password) WHERE username=:username";
>>>>     $stmt = $pdo->prepare($query);
>>>>     $stmt->execute(array(':username' => $username, ':password' => 
>>>> $password));
>>>>
>>>>     return;
>>>> }
>>>>
>>>> function create_user($username, $password) {
>>>>     $pdo = $GLOBALS['pdo'];
>>>>     $department = 1;
>>>>     $phonenumber = "000-000-0000";
>>>>     $email = "";
>>>>     $lastname = "";
>>>>     $firstname = "";
>>>>     $can_add = 0;
>>>>     $can_checkin = 0;
>>>>
>>>>     $query = "INSERT INTO {$GLOBALS['CONFIG']['db_prefix']}user
>>>>         (username, password, department, phone, Email,last_name, 
>>>> first_name, can_add, can_checkin)
>>>>         VALUES(
>>>>             :username,
>>>>             md5(:password),
>>>>             :department,
>>>>             :phonenumber,
>>>>             :email,
>>>>             :lastname,
>>>>             :firstname,
>>>>             :can_add,
>>>>             :can_checkin
>>>>         )";
>>>>
>>>>     $stmt = $pdo->prepare($query);
>>>>     $stmt->execute(array(
>>>>         ':username' => $username,
>>>>         ':password' => $password,
>>>>         ':department' => $department,
>>>>         ':phonenumber' => $phonenumber,
>>>>         ':email' => $email,
>>>>         ':lastname' => $lastname,
>>>>         ':firstname' => $firstname,
>>>>         ':can_add' => $can_add,
>>>>         ':can_checkin' => $can_checkin
>>>>         ));
>>>>
>>>>     $user_id = $pdo->lastInsertId();;
>>>>     $admin = 0;
>>>>     $query = "INSERT INTO {$GLOBALS['CONFIG']['db_prefix']}admin 
>>>> (id, admin) VALUES(:user_id, :admin)";
>>>>     $stmt = $pdo->prepare($query);
>>>>     $stmt->execute(array(':user_id' => $user_id, ':admin' => $admin));
>>>>
>>>>     return;
>>>> }
>>>>
>>>> ?>
>>>> -----8<-----
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Dive into the World of Parallel Programming The Go Parallel Website, sponsored
>>>> by Intel and developed in partnership with Slashdot Media, is your hub for all
>>>> things parallel software development, from weekly thought leadership blogs to
>>>> news, videos, case studies, tutorials and more. Take a look and join the
>>>> conversation now.http://goparallel.sourceforge.net/
>>>>
>>>>
>>>> _______________________________________________
>>>> Opendocman-devel mailing list
>>>> Ope...@li...
>>>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Dive into the World of Parallel Programming The Go Parallel Website, sponsored
>>> by Intel and developed in partnership with Slashdot Media, is your hub for all
>>> things parallel software development, from weekly thought leadership blogs to
>>> news, videos, case studies, tutorials and more. Take a look and join the
>>> conversation now.http://goparallel.sourceforge.net/
>>>
>>>
>>> _______________________________________________
>>> Opendocman-devel mailing list
>>> Ope...@li...
>>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Dive into the World of Parallel Programming The Go Parallel Website, sponsored
>> by Intel and developed in partnership with Slashdot Media, is your hub for all
>> things parallel software development, from weekly thought leadership blogs to
>> news, videos, case studies, tutorials and more. Take a look and join the
>> conversation now.http://goparallel.sourceforge.net/
>>
>>
>> _______________________________________________
>> Opendocman-devel mailing list
>> Ope...@li...
>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel
>
>
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming The Go Parallel Website, sponsored
> by Intel and developed in partnership with Slashdot Media, is your hub for all
> things parallel software development, from weekly thought leadership blogs to
> news, videos, case studies, tutorials and more. Take a look and join the
> conversation now. http://goparallel.sourceforge.net/
>
>
> _______________________________________________
> Opendocman-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/opendocman-devel

Re: [Opendocman-devel] I have added LDAP integration

[opendocman d. d. <ope...@li...>]

Thanks John,

Its been quiet in here, so it is welcome noise. :)

Steve

On 3/26/15 2:53 PM, opendocman development discussion wrote:
> OK I figured git out.  I made a fork and will submit my cleaned up 
> code that way.
>
> Sorry for the list noise!
>
> -John
>
>
> On 03/26/2015 02:32 PM, opendocman development discussion wrote:
>> Hey John,
>>
>> I will take a look at this over the weekend. It would be a good idea 
>> if you were to do this as a Pull Request at GitHub. Are you familiar 
>> with that process?
>>
>> Steve
>>
>> On 3/26/15 11:11 AM, opendocman development discussion wrote:
>>> Hi Devs,
>>>
>>> I just wrote in support for getting user accounts from LDAP. 
>>> Basically, if this option is enabled, it will check LDAP for the 
>>> user who is being logged in.  If the username and password match, 
>>> it'll then check the opendocman database to see if the user already 
>>> exists there.  If it does, it synchronizes the password field with 
>>> the LDAP password.  If not, it adds a new user with defaults.  All 
>>> of this is against version 1.3.2.
>>>
>>> Anyway, I'm a C programmer, and this is the first thing I've really 
>>> tried in PHP, so if someone could give it the once over and offer me 
>>> some suggestions for improvement, that'd be great.
>>>
>>> Thanks,
>>>
>>> -John
>>>
>>> To test this out, you need the following in config.php:
>>>
>>> -----8<-----
>>> $GLOBALS['CONFIG']['ldap_enable'] = TRUE;
>>> $GLOBALS['CONFIG']['ldap_host'] = 'my.ldaphost.com';
>>> $GLOBALS['CONFIG']['ldap_port'] = '389';
>>>
>>> $GLOBALS['CONFIG']['base_dn'] = "ou=People,dc=mydomain,dc=com";
>>> $GLOBALS['CONFIG']['searchfilter'] = "(&(uid=%uid))";
>>> $GLOBALS['CONFIG']['bind_dn'] = "cn=Manager,dc=mydomain,dc=com";
>>> $GLOBALS['CONFIG']['bind_pw'] = "managers_password";
>>> -----8<-----
>>>
>>> ...and then patch index.php with this patch:
>>>
>>> -----8<-----
>>> --- index.php    2015-03-26 13:42:01.781054000 -0400
>>> +++ index.php-orig    2015-03-26 13:49:07.721054000 -0400
>>> @@ -78,15 +78,6 @@
>>>      $frmuser = $_POST['frmuser'];
>>>      $frmpass = $_POST['frmpass'];
>>>
>>> -    // JEPH - Check for LDAP users enabled
>>> -    if($GLOBALS['CONFIG']['ldap_enable']) {
>>> -    require 'ldap-users.inc';
>>> -    $ldap_success = ldap_login($frmuser, $frmpass);
>>> -    if(!empty($ldap_success)) {
>>> -        add_or_modify($frmuser, $frmpass);
>>> -    }
>>> -    }
>>> -
>>>      // check login and md5()
>>>      // connect and execute query
>>>      $query = "
>>> @@ -134,11 +125,11 @@
>>>
>>>      // if row exists - login/pass is correct
>>>      if (count($result) == 1)
>>> -    {
>>> +    {
>>>          // register the user's ID
>>>          $id = $result[0]['id'];
>>> -        $username = $result[0]['username'];
>>> -        $password = $result[0]['password'];
>>> +        $username = $result['username'];
>>> +        $password = $result['password'];
>>>
>>>          // initiate a session
>>>          $_SESSION['uid'] = $id;
>>> -----8<-----
>>>
>>> ...and add my routines to ldap-users.inc (all of this attached) but 
>>> in case this list strips attachments, test follows:
>>>
>>> -----8<-----
>>> <?php
>>>     // ldap-users.inc
>>>     //
>>>     // Authenticate users against LDAP
>>>     // John E.P. Hynes/HyTronix [03/25/2015]
>>>     //
>>>     // Takes username/password and tries to bind.
>>>     // Return user name on success, FALSE on failure.
>>>
>>> function ldap_login($user, $pass) {
>>>     $ldap_host = $GLOBALS['CONFIG']['ldap_host'];
>>>     $ldap_port = $GLOBALS['CONFIG']['ldap_port'];
>>>     $base_dn = $GLOBALS['CONFIG']['base_dn'];
>>>     $searchfilter = $GLOBALS['CONFIG']['searchfilter'];
>>>     $bind_dn = $GLOBALS['CONFIG']['bind_dn'];
>>>     $bind_pw = $GLOBALS['CONFIG']['bind_pw'];
>>>
>>>     $ldap_conn = ldap_connect($ldap_host, $ldap_port)
>>>         or error_log("ldap_connect() failed.");
>>>
>>>     ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3);
>>>     ldap_set_option($ldap_conn, LDAP_OPT_REFERRALS, 0);
>>>
>>>     $bind = ldap_bind($ldap_conn, $bind_dn, $bind_pw)
>>>         or error_log("ldap_bind() failed.");
>>>
>>>     $match_count = 1;
>>>     $this_filter = str_replace("%uid", $user, $searchfilter, 
>>> $match_count);
>>>     if(empty($this_filter)) {
>>>         error_log("Error in searchfilter with str_replace(), got 
>>> $this_filter");
>>>         return FALSE;
>>>     }
>>>
>>>     $attribute = array("uid");
>>>     $search_results = @ldap_search($ldap_conn, $base_dn, 
>>> $this_filter, $attribute, 0, 2);
>>>
>>>     if (!$search_results) {
>>>         error_log("Something went wrong in ldap_search.");
>>>     }
>>>
>>>     if (ldap_count_entries($ldap_conn, $search_results) != 1) {
>>>         error_log("ldap_search() returned $search_results in error.");
>>>         return FALSE;
>>>     }
>>>
>>>     $user_entry = ldap_first_entry($ldap_conn, $search_results);
>>>     $this_dn = ldap_get_dn($ldap_conn, $user_entry);
>>>
>>>     $user_bind = ldap_bind($ldap_conn, $this_dn, $pass);
>>>     if (!$user_bind) {
>>>         return FALSE;
>>>     }
>>>
>>>     ldap_close($ldap_conn);
>>>
>>>     return $user;
>>> }
>>>
>>> function add_or_modify($username, $password) {
>>>     // Check to make sure user does not already exist
>>>     $pdo = $GLOBALS['pdo'];
>>>     $query = "SELECT COUNT(*) FROM 
>>> {$GLOBALS['CONFIG']['db_prefix']}user WHERE username = '$username'";
>>>     if ($count = $pdo->query($query)) {
>>>         if ($count->fetchColumn() == 1) {
>>>             update_password($username, $password);
>>>             return;
>>>         } elseif ($count->fetchColumn() == 0) {
>>>             create_user($username, $password);
>>>             return;
>>>         }
>>>         else {
>>>             error_log("Database error - username not unique.");
>>>         }
>>>     }
>>>
>>>     return;
>>> }
>>>
>>> function update_password($username, $password) {
>>>     $pdo = $GLOBALS['pdo'];
>>>     $query = "UPDATE {$GLOBALS['CONFIG']['db_prefix']}user
>>>                 SET password=md5(:password) WHERE username=:username";
>>>     $stmt = $pdo->prepare($query);
>>>     $stmt->execute(array(':username' => $username, ':password' => 
>>> $password));
>>>
>>>     return;
>>> }
>>>
>>> function create_user($username, $password) {
>>>     $pdo = $GLOBALS['pdo'];
>>>     $department = 1;
>>>     $phonenumber = "000-000-0000";
>>>     $email = "";
>>>     $lastname = "";
>>>     $firstname = "";
>>>     $can_add = 0;
>>>     $can_checkin = 0;
>>>
>>>     $query = "INSERT INTO {$GLOBALS['CONFIG']['db_prefix']}user
>>>         (username, password, department, phone, Email,last_name, 
>>> first_name, can_add, can_checkin)
>>>         VALUES(
>>>             :username,
>>>             md5(:password),
>>>             :department,
>>>             :phonenumber,
>>>             :email,
>>>             :lastname,
>>>             :firstname,
>>>             :can_add,
>>>             :can_checkin
>>>         )";
>>>
>>>     $stmt = $pdo->prepare($query);
>>>     $stmt->execute(array(
>>>         ':username' => $username,
>>>         ':password' => $password,
>>>         ':department' => $department,
>>>         ':phonenumber' => $phonenumber,
>>>         ':email' => $email,
>>>         ':lastname' => $lastname,
>>>         ':firstname' => $firstname,
>>>         ':can_add' => $can_add,
>>>         ':can_checkin' => $can_checkin
>>>         ));
>>>
>>>     $user_id = $pdo->lastInsertId();;
>>>     $admin = 0;
>>>     $query = "INSERT INTO {$GLOBALS['CONFIG']['db_prefix']}admin 
>>> (id, admin) VALUES(:user_id, :admin)";
>>>     $stmt = $pdo->prepare($query);
>>>     $stmt->execute(array(':user_id' => $user_id, ':admin' => $admin));
>>>
>>>     return;
>>> }
>>>
>>> ?>
>>> -----8<-----
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Dive into the World of Parallel Programming The Go Parallel Website, sponsored
>>> by Intel and developed in partnership with Slashdot Media, is your hub for all
>>> things parallel software development, from weekly thought leadership blogs to
>>> news, videos, case studies, tutorials and more. Take a look and join the
>>> conversation now.http://goparallel.sourceforge.net/
>>>
>>>
>>> _______________________________________________
>>> Opendocman-devel mailing list
>>> Ope...@li...
>>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Dive into the World of Parallel Programming The Go Parallel Website, sponsored
>> by Intel and developed in partnership with Slashdot Media, is your hub for all
>> things parallel software development, from weekly thought leadership blogs to
>> news, videos, case studies, tutorials and more. Take a look and join the
>> conversation now.http://goparallel.sourceforge.net/
>>
>>
>> _______________________________________________
>> Opendocman-devel mailing list
>> Ope...@li...
>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel
>
>
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming The Go Parallel Website, sponsored
> by Intel and developed in partnership with Slashdot Media, is your hub for all
> things parallel software development, from weekly thought leadership blogs to
> news, videos, case studies, tutorials and more. Take a look and join the
> conversation now. http://goparallel.sourceforge.net/
>
>
> _______________________________________________
> Opendocman-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/opendocman-devel

Re: [Opendocman-devel] I have added LDAP integration

[opendocman d. d. <ope...@li...>]

OK I figured git out.  I made a fork and will submit my cleaned up code 
that way.

Sorry for the list noise!

-John


On 03/26/2015 02:32 PM, opendocman development discussion wrote:
> Hey John,
>
> I will take a look at this over the weekend. It would be a good idea 
> if you were to do this as a Pull Request at GitHub. Are you familiar 
> with that process?
>
> Steve
>
> On 3/26/15 11:11 AM, opendocman development discussion wrote:
>> Hi Devs,
>>
>> I just wrote in support for getting user accounts from LDAP. 
>> Basically, if this option is enabled, it will check LDAP for the user 
>> who is being logged in.  If the username and password match, it'll 
>> then check the opendocman database to see if the user already exists 
>> there.  If it does, it synchronizes the password field with the LDAP 
>> password.  If not, it adds a new user with defaults.  All of this is 
>> against version 1.3.2.
>>
>> Anyway, I'm a C programmer, and this is the first thing I've really 
>> tried in PHP, so if someone could give it the once over and offer me 
>> some suggestions for improvement, that'd be great.
>>
>> Thanks,
>>
>> -John
>>
>> To test this out, you need the following in config.php:
>>
>> -----8<-----
>> $GLOBALS['CONFIG']['ldap_enable'] = TRUE;
>> $GLOBALS['CONFIG']['ldap_host'] = 'my.ldaphost.com';
>> $GLOBALS['CONFIG']['ldap_port'] = '389';
>>
>> $GLOBALS['CONFIG']['base_dn'] = "ou=People,dc=mydomain,dc=com";
>> $GLOBALS['CONFIG']['searchfilter'] = "(&(uid=%uid))";
>> $GLOBALS['CONFIG']['bind_dn'] = "cn=Manager,dc=mydomain,dc=com";
>> $GLOBALS['CONFIG']['bind_pw'] = "managers_password";
>> -----8<-----
>>
>> ...and then patch index.php with this patch:
>>
>> -----8<-----
>> --- index.php    2015-03-26 13:42:01.781054000 -0400
>> +++ index.php-orig    2015-03-26 13:49:07.721054000 -0400
>> @@ -78,15 +78,6 @@
>>      $frmuser = $_POST['frmuser'];
>>      $frmpass = $_POST['frmpass'];
>>
>> -    // JEPH - Check for LDAP users enabled
>> -    if($GLOBALS['CONFIG']['ldap_enable']) {
>> -    require 'ldap-users.inc';
>> -    $ldap_success = ldap_login($frmuser, $frmpass);
>> -    if(!empty($ldap_success)) {
>> -        add_or_modify($frmuser, $frmpass);
>> -    }
>> -    }
>> -
>>      // check login and md5()
>>      // connect and execute query
>>      $query = "
>> @@ -134,11 +125,11 @@
>>
>>      // if row exists - login/pass is correct
>>      if (count($result) == 1)
>> -    {
>> +    {
>>          // register the user's ID
>>          $id = $result[0]['id'];
>> -        $username = $result[0]['username'];
>> -        $password = $result[0]['password'];
>> +        $username = $result['username'];
>> +        $password = $result['password'];
>>
>>          // initiate a session
>>          $_SESSION['uid'] = $id;
>> -----8<-----
>>
>> ...and add my routines to ldap-users.inc (all of this attached) but 
>> in case this list strips attachments, test follows:
>>
>> -----8<-----
>> <?php
>>     // ldap-users.inc
>>     //
>>     // Authenticate users against LDAP
>>     // John E.P. Hynes/HyTronix [03/25/2015]
>>     //
>>     // Takes username/password and tries to bind.
>>     // Return user name on success, FALSE on failure.
>>
>> function ldap_login($user, $pass) {
>>     $ldap_host = $GLOBALS['CONFIG']['ldap_host'];
>>     $ldap_port = $GLOBALS['CONFIG']['ldap_port'];
>>     $base_dn = $GLOBALS['CONFIG']['base_dn'];
>>     $searchfilter = $GLOBALS['CONFIG']['searchfilter'];
>>     $bind_dn = $GLOBALS['CONFIG']['bind_dn'];
>>     $bind_pw = $GLOBALS['CONFIG']['bind_pw'];
>>
>>     $ldap_conn = ldap_connect($ldap_host, $ldap_port)
>>         or error_log("ldap_connect() failed.");
>>
>>     ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3);
>>     ldap_set_option($ldap_conn, LDAP_OPT_REFERRALS, 0);
>>
>>     $bind = ldap_bind($ldap_conn, $bind_dn, $bind_pw)
>>         or error_log("ldap_bind() failed.");
>>
>>     $match_count = 1;
>>     $this_filter = str_replace("%uid", $user, $searchfilter, 
>> $match_count);
>>     if(empty($this_filter)) {
>>         error_log("Error in searchfilter with str_replace(), got 
>> $this_filter");
>>         return FALSE;
>>     }
>>
>>     $attribute = array("uid");
>>     $search_results = @ldap_search($ldap_conn, $base_dn, 
>> $this_filter, $attribute, 0, 2);
>>
>>     if (!$search_results) {
>>         error_log("Something went wrong in ldap_search.");
>>     }
>>
>>     if (ldap_count_entries($ldap_conn, $search_results) != 1) {
>>         error_log("ldap_search() returned $search_results in error.");
>>         return FALSE;
>>     }
>>
>>     $user_entry = ldap_first_entry($ldap_conn, $search_results);
>>     $this_dn = ldap_get_dn($ldap_conn, $user_entry);
>>
>>     $user_bind = ldap_bind($ldap_conn, $this_dn, $pass);
>>     if (!$user_bind) {
>>         return FALSE;
>>     }
>>
>>     ldap_close($ldap_conn);
>>
>>     return $user;
>> }
>>
>> function add_or_modify($username, $password) {
>>     // Check to make sure user does not already exist
>>     $pdo = $GLOBALS['pdo'];
>>     $query = "SELECT COUNT(*) FROM 
>> {$GLOBALS['CONFIG']['db_prefix']}user WHERE username = '$username'";
>>     if ($count = $pdo->query($query)) {
>>         if ($count->fetchColumn() == 1) {
>>             update_password($username, $password);
>>             return;
>>         } elseif ($count->fetchColumn() == 0) {
>>             create_user($username, $password);
>>             return;
>>         }
>>         else {
>>             error_log("Database error - username not unique.");
>>         }
>>     }
>>
>>     return;
>> }
>>
>> function update_password($username, $password) {
>>     $pdo = $GLOBALS['pdo'];
>>     $query = "UPDATE {$GLOBALS['CONFIG']['db_prefix']}user
>>                 SET password=md5(:password) WHERE username=:username";
>>     $stmt = $pdo->prepare($query);
>>     $stmt->execute(array(':username' => $username, ':password' => 
>> $password));
>>
>>     return;
>> }
>>
>> function create_user($username, $password) {
>>     $pdo = $GLOBALS['pdo'];
>>     $department = 1;
>>     $phonenumber = "000-000-0000";
>>     $email = "";
>>     $lastname = "";
>>     $firstname = "";
>>     $can_add = 0;
>>     $can_checkin = 0;
>>
>>     $query = "INSERT INTO {$GLOBALS['CONFIG']['db_prefix']}user
>>         (username, password, department, phone, Email,last_name, 
>> first_name, can_add, can_checkin)
>>         VALUES(
>>             :username,
>>             md5(:password),
>>             :department,
>>             :phonenumber,
>>             :email,
>>             :lastname,
>>             :firstname,
>>             :can_add,
>>             :can_checkin
>>         )";
>>
>>     $stmt = $pdo->prepare($query);
>>     $stmt->execute(array(
>>         ':username' => $username,
>>         ':password' => $password,
>>         ':department' => $department,
>>         ':phonenumber' => $phonenumber,
>>         ':email' => $email,
>>         ':lastname' => $lastname,
>>         ':firstname' => $firstname,
>>         ':can_add' => $can_add,
>>         ':can_checkin' => $can_checkin
>>         ));
>>
>>     $user_id = $pdo->lastInsertId();;
>>     $admin = 0;
>>     $query = "INSERT INTO {$GLOBALS['CONFIG']['db_prefix']}admin (id, 
>> admin) VALUES(:user_id, :admin)";
>>     $stmt = $pdo->prepare($query);
>>     $stmt->execute(array(':user_id' => $user_id, ':admin' => $admin));
>>
>>     return;
>> }
>>
>> ?>
>> -----8<-----
>>
>>
>> ------------------------------------------------------------------------------
>> Dive into the World of Parallel Programming The Go Parallel Website, sponsored
>> by Intel and developed in partnership with Slashdot Media, is your hub for all
>> things parallel software development, from weekly thought leadership blogs to
>> news, videos, case studies, tutorials and more. Take a look and join the
>> conversation now.http://goparallel.sourceforge.net/
>>
>>
>> _______________________________________________
>> Opendocman-devel mailing list
>> Ope...@li...
>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel
>
>
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming The Go Parallel Website, sponsored
> by Intel and developed in partnership with Slashdot Media, is your hub for all
> things parallel software development, from weekly thought leadership blogs to
> news, videos, case studies, tutorials and more. Take a look and join the
> conversation now. http://goparallel.sourceforge.net/
>
>
> _______________________________________________
> Opendocman-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/opendocman-devel

Re: [Opendocman-devel] I have added LDAP integration

[opendocman d. d. <ope...@li...>]

No I'm not but I'll start reading the manual tonight.

I've only confirmed it works so far, no extensive testing.  I should 
probably add more defaults in the config too.

Anyway, I'll hold off until you've had a chance to tell me if I'm going 
in the wrong direction or not.

-John

On 03/26/2015 02:32 PM, opendocman development discussion wrote:
> Hey John,
>
> I will take a look at this over the weekend. It would be a good idea 
> if you were to do this as a Pull Request at GitHub. Are you familiar 
> with that process?
>
> Steve
>
> On 3/26/15 11:11 AM, opendocman development discussion wrote:
>> Hi Devs,
>>
>> I just wrote in support for getting user accounts from LDAP. 
>> Basically, if this option is enabled, it will check LDAP for the user 
>> who is being logged in.  If the username and password match, it'll 
>> then check the opendocman database to see if the user already exists 
>> there.  If it does, it synchronizes the password field with the LDAP 
>> password.  If not, it adds a new user with defaults.  All of this is 
>> against version 1.3.2.
>>
>> Anyway, I'm a C programmer, and this is the first thing I've really 
>> tried in PHP, so if someone could give it the once over and offer me 
>> some suggestions for improvement, that'd be great.
>>
>> Thanks,
>>
>> -John
>>
>> To test this out, you need the following in config.php:
>>
>> -----8<-----
>> $GLOBALS['CONFIG']['ldap_enable'] = TRUE;
>> $GLOBALS['CONFIG']['ldap_host'] = 'my.ldaphost.com';
>> $GLOBALS['CONFIG']['ldap_port'] = '389';
>>
>> $GLOBALS['CONFIG']['base_dn'] = "ou=People,dc=mydomain,dc=com";
>> $GLOBALS['CONFIG']['searchfilter'] = "(&(uid=%uid))";
>> $GLOBALS['CONFIG']['bind_dn'] = "cn=Manager,dc=mydomain,dc=com";
>> $GLOBALS['CONFIG']['bind_pw'] = "managers_password";
>> -----8<-----
>>
>> ...and then patch index.php with this patch:
>>
>> -----8<-----
>> --- index.php    2015-03-26 13:42:01.781054000 -0400
>> +++ index.php-orig    2015-03-26 13:49:07.721054000 -0400
>> @@ -78,15 +78,6 @@
>>      $frmuser = $_POST['frmuser'];
>>      $frmpass = $_POST['frmpass'];
>>
>> -    // JEPH - Check for LDAP users enabled
>> -    if($GLOBALS['CONFIG']['ldap_enable']) {
>> -    require 'ldap-users.inc';
>> -    $ldap_success = ldap_login($frmuser, $frmpass);
>> -    if(!empty($ldap_success)) {
>> -        add_or_modify($frmuser, $frmpass);
>> -    }
>> -    }
>> -
>>      // check login and md5()
>>      // connect and execute query
>>      $query = "
>> @@ -134,11 +125,11 @@
>>
>>      // if row exists - login/pass is correct
>>      if (count($result) == 1)
>> -    {
>> +    {
>>          // register the user's ID
>>          $id = $result[0]['id'];
>> -        $username = $result[0]['username'];
>> -        $password = $result[0]['password'];
>> +        $username = $result['username'];
>> +        $password = $result['password'];
>>
>>          // initiate a session
>>          $_SESSION['uid'] = $id;
>> -----8<-----
>>
>> ...and add my routines to ldap-users.inc (all of this attached) but 
>> in case this list strips attachments, test follows:
>>
>> -----8<-----
>> <?php
>>     // ldap-users.inc
>>     //
>>     // Authenticate users against LDAP
>>     // John E.P. Hynes/HyTronix [03/25/2015]
>>     //
>>     // Takes username/password and tries to bind.
>>     // Return user name on success, FALSE on failure.
>>
>> function ldap_login($user, $pass) {
>>     $ldap_host = $GLOBALS['CONFIG']['ldap_host'];
>>     $ldap_port = $GLOBALS['CONFIG']['ldap_port'];
>>     $base_dn = $GLOBALS['CONFIG']['base_dn'];
>>     $searchfilter = $GLOBALS['CONFIG']['searchfilter'];
>>     $bind_dn = $GLOBALS['CONFIG']['bind_dn'];
>>     $bind_pw = $GLOBALS['CONFIG']['bind_pw'];
>>
>>     $ldap_conn = ldap_connect($ldap_host, $ldap_port)
>>         or error_log("ldap_connect() failed.");
>>
>>     ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3);
>>     ldap_set_option($ldap_conn, LDAP_OPT_REFERRALS, 0);
>>
>>     $bind = ldap_bind($ldap_conn, $bind_dn, $bind_pw)
>>         or error_log("ldap_bind() failed.");
>>
>>     $match_count = 1;
>>     $this_filter = str_replace("%uid", $user, $searchfilter, 
>> $match_count);
>>     if(empty($this_filter)) {
>>         error_log("Error in searchfilter with str_replace(), got 
>> $this_filter");
>>         return FALSE;
>>     }
>>
>>     $attribute = array("uid");
>>     $search_results = @ldap_search($ldap_conn, $base_dn, 
>> $this_filter, $attribute, 0, 2);
>>
>>     if (!$search_results) {
>>         error_log("Something went wrong in ldap_search.");
>>     }
>>
>>     if (ldap_count_entries($ldap_conn, $search_results) != 1) {
>>         error_log("ldap_search() returned $search_results in error.");
>>         return FALSE;
>>     }
>>
>>     $user_entry = ldap_first_entry($ldap_conn, $search_results);
>>     $this_dn = ldap_get_dn($ldap_conn, $user_entry);
>>
>>     $user_bind = ldap_bind($ldap_conn, $this_dn, $pass);
>>     if (!$user_bind) {
>>         return FALSE;
>>     }
>>
>>     ldap_close($ldap_conn);
>>
>>     return $user;
>> }
>>
>> function add_or_modify($username, $password) {
>>     // Check to make sure user does not already exist
>>     $pdo = $GLOBALS['pdo'];
>>     $query = "SELECT COUNT(*) FROM 
>> {$GLOBALS['CONFIG']['db_prefix']}user WHERE username = '$username'";
>>     if ($count = $pdo->query($query)) {
>>         if ($count->fetchColumn() == 1) {
>>             update_password($username, $password);
>>             return;
>>         } elseif ($count->fetchColumn() == 0) {
>>             create_user($username, $password);
>>             return;
>>         }
>>         else {
>>             error_log("Database error - username not unique.");
>>         }
>>     }
>>
>>     return;
>> }
>>
>> function update_password($username, $password) {
>>     $pdo = $GLOBALS['pdo'];
>>     $query = "UPDATE {$GLOBALS['CONFIG']['db_prefix']}user
>>                 SET password=md5(:password) WHERE username=:username";
>>     $stmt = $pdo->prepare($query);
>>     $stmt->execute(array(':username' => $username, ':password' => 
>> $password));
>>
>>     return;
>> }
>>
>> function create_user($username, $password) {
>>     $pdo = $GLOBALS['pdo'];
>>     $department = 1;
>>     $phonenumber = "000-000-0000";
>>     $email = "";
>>     $lastname = "";
>>     $firstname = "";
>>     $can_add = 0;
>>     $can_checkin = 0;
>>
>>     $query = "INSERT INTO {$GLOBALS['CONFIG']['db_prefix']}user
>>         (username, password, department, phone, Email,last_name, 
>> first_name, can_add, can_checkin)
>>         VALUES(
>>             :username,
>>             md5(:password),
>>             :department,
>>             :phonenumber,
>>             :email,
>>             :lastname,
>>             :firstname,
>>             :can_add,
>>             :can_checkin
>>         )";
>>
>>     $stmt = $pdo->prepare($query);
>>     $stmt->execute(array(
>>         ':username' => $username,
>>         ':password' => $password,
>>         ':department' => $department,
>>         ':phonenumber' => $phonenumber,
>>         ':email' => $email,
>>         ':lastname' => $lastname,
>>         ':firstname' => $firstname,
>>         ':can_add' => $can_add,
>>         ':can_checkin' => $can_checkin
>>         ));
>>
>>     $user_id = $pdo->lastInsertId();;
>>     $admin = 0;
>>     $query = "INSERT INTO {$GLOBALS['CONFIG']['db_prefix']}admin (id, 
>> admin) VALUES(:user_id, :admin)";
>>     $stmt = $pdo->prepare($query);
>>     $stmt->execute(array(':user_id' => $user_id, ':admin' => $admin));
>>
>>     return;
>> }
>>
>> ?>
>> -----8<-----
>>
>>
>> ------------------------------------------------------------------------------
>> Dive into the World of Parallel Programming The Go Parallel Website, sponsored
>> by Intel and developed in partnership with Slashdot Media, is your hub for all
>> things parallel software development, from weekly thought leadership blogs to
>> news, videos, case studies, tutorials and more. Take a look and join the
>> conversation now.http://goparallel.sourceforge.net/
>>
>>
>> _______________________________________________
>> Opendocman-devel mailing list
>> Ope...@li...
>> https://lists.sourceforge.net/lists/listinfo/opendocman-devel
>
>
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming The Go Parallel Website, sponsored
> by Intel and developed in partnership with Slashdot Media, is your hub for all
> things parallel software development, from weekly thought leadership blogs to
> news, videos, case studies, tutorials and more. Take a look and join the
> conversation now. http://goparallel.sourceforge.net/
>
>
> _______________________________________________
> Opendocman-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/opendocman-devel

Re: [Opendocman-devel] I have added LDAP integration

[opendocman d. d. <ope...@li...>]

Hey John,

I will take a look at this over the weekend. It would be a good idea if 
you were to do this as a Pull Request at GitHub. Are you familiar with 
that process?

Steve

On 3/26/15 11:11 AM, opendocman development discussion wrote:
> Hi Devs,
>
> I just wrote in support for getting user accounts from LDAP. 
> Basically, if this option is enabled, it will check LDAP for the user 
> who is being logged in.  If the username and password match, it'll 
> then check the opendocman database to see if the user already exists 
> there.  If it does, it synchronizes the password field with the LDAP 
> password.  If not, it adds a new user with defaults.  All of this is 
> against version 1.3.2.
>
> Anyway, I'm a C programmer, and this is the first thing I've really 
> tried in PHP, so if someone could give it the once over and offer me 
> some suggestions for improvement, that'd be great.
>
> Thanks,
>
> -John
>
> To test this out, you need the following in config.php:
>
> -----8<-----
> $GLOBALS['CONFIG']['ldap_enable'] = TRUE;
> $GLOBALS['CONFIG']['ldap_host'] = 'my.ldaphost.com';
> $GLOBALS['CONFIG']['ldap_port'] = '389';
>
> $GLOBALS['CONFIG']['base_dn'] = "ou=People,dc=mydomain,dc=com";
> $GLOBALS['CONFIG']['searchfilter'] = "(&(uid=%uid))";
> $GLOBALS['CONFIG']['bind_dn'] = "cn=Manager,dc=mydomain,dc=com";
> $GLOBALS['CONFIG']['bind_pw'] = "managers_password";
> -----8<-----
>
> ...and then patch index.php with this patch:
>
> -----8<-----
> --- index.php    2015-03-26 13:42:01.781054000 -0400
> +++ index.php-orig    2015-03-26 13:49:07.721054000 -0400
> @@ -78,15 +78,6 @@
>      $frmuser = $_POST['frmuser'];
>      $frmpass = $_POST['frmpass'];
>
> -    // JEPH - Check for LDAP users enabled
> -    if($GLOBALS['CONFIG']['ldap_enable']) {
> -    require 'ldap-users.inc';
> -    $ldap_success = ldap_login($frmuser, $frmpass);
> -    if(!empty($ldap_success)) {
> -        add_or_modify($frmuser, $frmpass);
> -    }
> -    }
> -
>      // check login and md5()
>      // connect and execute query
>      $query = "
> @@ -134,11 +125,11 @@
>
>      // if row exists - login/pass is correct
>      if (count($result) == 1)
> -    {
> +    {
>          // register the user's ID
>          $id = $result[0]['id'];
> -        $username = $result[0]['username'];
> -        $password = $result[0]['password'];
> +        $username = $result['username'];
> +        $password = $result['password'];
>
>          // initiate a session
>          $_SESSION['uid'] = $id;
> -----8<-----
>
> ...and add my routines to ldap-users.inc (all of this attached) but in 
> case this list strips attachments, test follows:
>
> -----8<-----
> <?php
>     // ldap-users.inc
>     //
>     // Authenticate users against LDAP
>     // John E.P. Hynes/HyTronix [03/25/2015]
>     //
>     // Takes username/password and tries to bind.
>     // Return user name on success, FALSE on failure.
>
> function ldap_login($user, $pass) {
>     $ldap_host = $GLOBALS['CONFIG']['ldap_host'];
>     $ldap_port = $GLOBALS['CONFIG']['ldap_port'];
>     $base_dn = $GLOBALS['CONFIG']['base_dn'];
>     $searchfilter = $GLOBALS['CONFIG']['searchfilter'];
>     $bind_dn = $GLOBALS['CONFIG']['bind_dn'];
>     $bind_pw = $GLOBALS['CONFIG']['bind_pw'];
>
>     $ldap_conn = ldap_connect($ldap_host, $ldap_port)
>         or error_log("ldap_connect() failed.");
>
>     ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3);
>     ldap_set_option($ldap_conn, LDAP_OPT_REFERRALS, 0);
>
>     $bind = ldap_bind($ldap_conn, $bind_dn, $bind_pw)
>         or error_log("ldap_bind() failed.");
>
>     $match_count = 1;
>     $this_filter = str_replace("%uid", $user, $searchfilter, 
> $match_count);
>     if(empty($this_filter)) {
>         error_log("Error in searchfilter with str_replace(), got 
> $this_filter");
>         return FALSE;
>     }
>
>     $attribute = array("uid");
>     $search_results = @ldap_search($ldap_conn, $base_dn, $this_filter, 
> $attribute, 0, 2);
>
>     if (!$search_results) {
>         error_log("Something went wrong in ldap_search.");
>     }
>
>     if (ldap_count_entries($ldap_conn, $search_results) != 1) {
>         error_log("ldap_search() returned $search_results in error.");
>         return FALSE;
>     }
>
>     $user_entry = ldap_first_entry($ldap_conn, $search_results);
>     $this_dn = ldap_get_dn($ldap_conn, $user_entry);
>
>     $user_bind = ldap_bind($ldap_conn, $this_dn, $pass);
>     if (!$user_bind) {
>         return FALSE;
>     }
>
>     ldap_close($ldap_conn);
>
>     return $user;
> }
>
> function add_or_modify($username, $password) {
>     // Check to make sure user does not already exist
>     $pdo = $GLOBALS['pdo'];
>     $query = "SELECT COUNT(*) FROM 
> {$GLOBALS['CONFIG']['db_prefix']}user WHERE username = '$username'";
>     if ($count = $pdo->query($query)) {
>         if ($count->fetchColumn() == 1) {
>             update_password($username, $password);
>             return;
>         } elseif ($count->fetchColumn() == 0) {
>             create_user($username, $password);
>             return;
>         }
>         else {
>             error_log("Database error - username not unique.");
>         }
>     }
>
>     return;
> }
>
> function update_password($username, $password) {
>     $pdo = $GLOBALS['pdo'];
>     $query = "UPDATE {$GLOBALS['CONFIG']['db_prefix']}user
>                 SET password=md5(:password) WHERE username=:username";
>     $stmt = $pdo->prepare($query);
>     $stmt->execute(array(':username' => $username, ':password' => 
> $password));
>
>     return;
> }
>
> function create_user($username, $password) {
>     $pdo = $GLOBALS['pdo'];
>     $department = 1;
>     $phonenumber = "000-000-0000";
>     $email = "";
>     $lastname = "";
>     $firstname = "";
>     $can_add = 0;
>     $can_checkin = 0;
>
>     $query = "INSERT INTO {$GLOBALS['CONFIG']['db_prefix']}user
>         (username, password, department, phone, Email,last_name, 
> first_name, can_add, can_checkin)
>         VALUES(
>             :username,
>             md5(:password),
>             :department,
>             :phonenumber,
>             :email,
>             :lastname,
>             :firstname,
>             :can_add,
>             :can_checkin
>         )";
>
>     $stmt = $pdo->prepare($query);
>     $stmt->execute(array(
>         ':username' => $username,
>         ':password' => $password,
>         ':department' => $department,
>         ':phonenumber' => $phonenumber,
>         ':email' => $email,
>         ':lastname' => $lastname,
>         ':firstname' => $firstname,
>         ':can_add' => $can_add,
>         ':can_checkin' => $can_checkin
>         ));
>
>     $user_id = $pdo->lastInsertId();;
>     $admin = 0;
>     $query = "INSERT INTO {$GLOBALS['CONFIG']['db_prefix']}admin (id, 
> admin) VALUES(:user_id, :admin)";
>     $stmt = $pdo->prepare($query);
>     $stmt->execute(array(':user_id' => $user_id, ':admin' => $admin));
>
>     return;
> }
>
> ?>
> -----8<-----
>
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming The Go Parallel Website, sponsored
> by Intel and developed in partnership with Slashdot Media, is your hub for all
> things parallel software development, from weekly thought leadership blogs to
> news, videos, case studies, tutorials and more. Take a look and join the
> conversation now. http://goparallel.sourceforge.net/
>
>
> _______________________________________________
> Opendocman-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/opendocman-devel

[Opendocman-devel] I have added LDAP integration

[opendocman d. d. <ope...@li...>]

Hi Devs,

I just wrote in support for getting user accounts from LDAP. Basically, 
if this option is enabled, it will check LDAP for the user who is being 
logged in.  If the username and password match, it'll then check the 
opendocman database to see if the user already exists there.  If it 
does, it synchronizes the password field with the LDAP password.  If 
not, it adds a new user with defaults.  All of this is against version 
1.3.2.

Anyway, I'm a C programmer, and this is the first thing I've really 
tried in PHP, so if someone could give it the once over and offer me 
some suggestions for improvement, that'd be great.

Thanks,

-John

To test this out, you need the following in config.php:

-----8<-----
$GLOBALS['CONFIG']['ldap_enable'] = TRUE;
$GLOBALS['CONFIG']['ldap_host'] = 'my.ldaphost.com';
$GLOBALS['CONFIG']['ldap_port'] = '389';

$GLOBALS['CONFIG']['base_dn'] = "ou=People,dc=mydomain,dc=com";
$GLOBALS['CONFIG']['searchfilter'] = "(&(uid=%uid))";
$GLOBALS['CONFIG']['bind_dn'] = "cn=Manager,dc=mydomain,dc=com";
$GLOBALS['CONFIG']['bind_pw'] = "managers_password";
-----8<-----

...and then patch index.php with this patch:

-----8<-----
--- index.php    2015-03-26 13:42:01.781054000 -0400
+++ index.php-orig    2015-03-26 13:49:07.721054000 -0400
@@ -78,15 +78,6 @@
      $frmuser = $_POST['frmuser'];
      $frmpass = $_POST['frmpass'];

-    // JEPH - Check for LDAP users enabled
-    if($GLOBALS['CONFIG']['ldap_enable']) {
-    require 'ldap-users.inc';
-    $ldap_success = ldap_login($frmuser, $frmpass);
-    if(!empty($ldap_success)) {
-        add_or_modify($frmuser, $frmpass);
-    }
-    }
-
      // check login and md5()
      // connect and execute query
      $query = "
@@ -134,11 +125,11 @@

      // if row exists - login/pass is correct
      if (count($result) == 1)
-    {
+    {
          // register the user's ID
          $id = $result[0]['id'];
-        $username = $result[0]['username'];
-        $password = $result[0]['password'];
+        $username = $result['username'];
+        $password = $result['password'];

          // initiate a session
          $_SESSION['uid'] = $id;
-----8<-----

...and add my routines to ldap-users.inc (all of this attached) but in 
case this list strips attachments, test follows:

-----8<-----
<?php
     // ldap-users.inc
     //
     // Authenticate users against LDAP
     // John E.P. Hynes/HyTronix [03/25/2015]
     //
     // Takes username/password and tries to bind.
     // Return user name on success, FALSE on failure.

function ldap_login($user, $pass) {
     $ldap_host = $GLOBALS['CONFIG']['ldap_host'];
     $ldap_port = $GLOBALS['CONFIG']['ldap_port'];
     $base_dn = $GLOBALS['CONFIG']['base_dn'];
     $searchfilter = $GLOBALS['CONFIG']['searchfilter'];
     $bind_dn = $GLOBALS['CONFIG']['bind_dn'];
     $bind_pw = $GLOBALS['CONFIG']['bind_pw'];

     $ldap_conn = ldap_connect($ldap_host, $ldap_port)
         or error_log("ldap_connect() failed.");

     ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3);
     ldap_set_option($ldap_conn, LDAP_OPT_REFERRALS, 0);

     $bind = ldap_bind($ldap_conn, $bind_dn, $bind_pw)
         or error_log("ldap_bind() failed.");

     $match_count = 1;
     $this_filter = str_replace("%uid", $user, $searchfilter, $match_count);
     if(empty($this_filter)) {
         error_log("Error in searchfilter with str_replace(), got 
$this_filter");
         return FALSE;
     }

     $attribute = array("uid");
     $search_results = @ldap_search($ldap_conn, $base_dn, $this_filter, 
$attribute, 0, 2);

     if (!$search_results) {
         error_log("Something went wrong in ldap_search.");
     }

     if (ldap_count_entries($ldap_conn, $search_results) != 1) {
         error_log("ldap_search() returned $search_results in error.");
         return FALSE;
     }

     $user_entry = ldap_first_entry($ldap_conn, $search_results);
     $this_dn = ldap_get_dn($ldap_conn, $user_entry);

     $user_bind = ldap_bind($ldap_conn, $this_dn, $pass);
     if (!$user_bind) {
         return FALSE;
     }

     ldap_close($ldap_conn);

     return $user;
}

function add_or_modify($username, $password) {
     // Check to make sure user does not already exist
     $pdo = $GLOBALS['pdo'];
     $query = "SELECT COUNT(*) FROM 
{$GLOBALS['CONFIG']['db_prefix']}user WHERE username = '$username'";
     if ($count = $pdo->query($query)) {
         if ($count->fetchColumn() == 1) {
             update_password($username, $password);
             return;
         } elseif ($count->fetchColumn() == 0) {
             create_user($username, $password);
             return;
         }
         else {
             error_log("Database error - username not unique.");
         }
     }

     return;
}

function update_password($username, $password) {
     $pdo = $GLOBALS['pdo'];
     $query = "UPDATE {$GLOBALS['CONFIG']['db_prefix']}user
                 SET password=md5(:password) WHERE username=:username";
     $stmt = $pdo->prepare($query);
     $stmt->execute(array(':username' => $username, ':password' => 
$password));

     return;
}

function create_user($username, $password) {
     $pdo = $GLOBALS['pdo'];
     $department = 1;
     $phonenumber = "000-000-0000";
     $email = "";
     $lastname = "";
     $firstname = "";
     $can_add = 0;
     $can_checkin = 0;

     $query = "INSERT INTO {$GLOBALS['CONFIG']['db_prefix']}user
         (username, password, department, phone, Email,last_name, 
first_name, can_add, can_checkin)
         VALUES(
             :username,
             md5(:password),
             :department,
             :phonenumber,
             :email,
             :lastname,
             :firstname,
             :can_add,
             :can_checkin
         )";

     $stmt = $pdo->prepare($query);
     $stmt->execute(array(
         ':username' => $username,
         ':password' => $password,
         ':department' => $department,
         ':phonenumber' => $phonenumber,
         ':email' => $email,
         ':lastname' => $lastname,
         ':firstname' => $firstname,
         ':can_add' => $can_add,
         ':can_checkin' => $can_checkin
         ));

     $user_id = $pdo->lastInsertId();;
     $admin = 0;
     $query = "INSERT INTO {$GLOBALS['CONFIG']['db_prefix']}admin (id, 
admin) VALUES(:user_id, :admin)";
     $stmt = $pdo->prepare($query);
     $stmt->execute(array(':user_id' => $user_id, ':admin' => $admin));

     return;
}

?>
-----8<-----

[Opendocman-devel] SF.net SVN: opendocman:[906] opendocman/trunk/add.php

[opendocman d. d. <ope...@li...>]

Revision: 906
          http://opendocman.svn.sourceforge.net/opendocman/?rev=906&view=rev
Author:   logart
Date:     2012-04-24 22:37:40 +0000 (Tue, 24 Apr 2012)
Log Message:
-----------
0000260: Multiple-upload feature (for non-IE browsers only)

Modified Paths:
--------------
    opendocman/trunk/add.php

Modified: opendocman/trunk/add.php
===================================================================
--- opendocman/trunk/add.php	2012-04-18 17:53:27 UTC (rev 905)
+++ opendocman/trunk/add.php	2012-04-24 22:37:40 UTC (rev 906)
@@ -138,7 +138,8 @@
         <td>
             <a class="body" tabindex=1 href="help.html#Add_File_-_File_Location" onClick="return popup(this, 'Help')" style="text-decoration:none"><?php echo msg('label_file_location');?></a>
         </td>
-        <td colspan=3><input tabindex="0" name="file" type="file">
+        <td colspan=3>
+            <input tabindex="0" name="file[]" type="file" multiple="multiple">
         </td>
     </tr>
 
@@ -428,16 +429,42 @@
 }
 else 
 {
-    //submited form
-    // change this to 100 if you want to add 100 of the same files automatically.  For debuging purpose only
-    for($khoa = 0; $khoa<1; $khoa++)
+    //invalid file
+    if (empty($_FILES))
     {
-        //invalid file
-        if(empty($_FILES))
+        header('Location:error.php?ec=11');
+        exit;
+    }
+
+    $numberOfFiles = count($_FILES['file']['name']);
+    
+    // First we need to make sure all files are allowed types
+    for ($count = 0; $count < $numberOfFiles; $count++)
+    {
+        // check file type
+        foreach ($GLOBALS['CONFIG']['allowedFileTypes'] as $thistype)
         {
-            header('Location:error.php?ec=11');
+            if ($_FILES['file']['type'][$count] == $thistype)
+            {
+                $allowedFile = 1;
+                break;
+            } else
+            {
+                $allowedFile = 0;
+            }
+        }
+        // illegal file type!
+        if ($allowedFile != 1)
+        {
+            $last_message = 'MIMETYPE: ' . $_FILES['file']['type'][$count] . ' Failed';
+            header('Location:error.php?ec=13&last_message=' . urlencode($last_message));
             exit;
         }
+    }
+    
+    //submited form
+    for ($count = 0; $count<$numberOfFiles; $count++)
+    {
         
         if ($GLOBALS['CONFIG']['authorization'] == 'True')
         {
@@ -468,41 +495,19 @@
             list($current_user_dept) = mysql_fetch_row($result);
         }
         // File is bigger than what php.ini post/upload/memory limits allow.
-        if($_FILES['file']['error'] == '1')
+        if($_FILES['file']['error'][$count] == '1')
         {
            header('Location:error.php?ec=26');
             exit;
         }
 
         // File too big?
-        if($_FILES['file']['size'] >  $GLOBALS['CONFIG']['max_filesize'] )
+        if($_FILES['file']['size'][$count] >  $GLOBALS['CONFIG']['max_filesize'] )
         {
             header('Location:error.php?ec=25');
             exit;
         }
 
-    // check file type
-    foreach($GLOBALS['CONFIG']['allowedFileTypes'] as $thistype)
-    {
-        if ($_FILES['file']['type'] == $thistype)
-        {
-            $allowedFile = 1;
-            break;
-        }
-        else
-        {
-            $allowedFile = 0;
-        }
-    }
-    // illegal file type!
-    if ($allowedFile != 1)
-    {
-        $last_message='MIMETYPE: ' . $_FILES['file']['type'] . ' Failed';
-        header('Location:error.php?ec=13&last_message=' . urlencode($last_message));
-        exit;
-    }
-
-
         // Check to make sure the dir is available and writeable
         if (!is_dir($GLOBALS['CONFIG']['dataDir']))
         {
@@ -554,7 +559,7 @@
             0,
             '" . addslashes($_REQUEST['category']) . "',
             '" . addslashes($owner_id) . "',
-            '" . addslashes($_FILES['file']['name']) . "',
+            '" . addslashes($_FILES['file']['name'][$count]) . "',
             NOW(),
             '" . addslashes($_REQUEST['description']) . "',
             '" . addslashes($current_user_dept) . "',
@@ -623,27 +628,23 @@
         // save uploaded file with new name
         $newFileName = $fileId . '.dat';
 
-        if($khoa==0)
+        if (!is_uploaded_file($_FILES['file']['tmp_name'][$count]))
         {
-            if (!is_uploaded_file ($_FILES['file']['tmp_name']))
-            {
-                header('Location: error.php?ec=18');
-                exit;
-            }
-            move_uploaded_file($_FILES['file']['tmp_name'], $GLOBALS['CONFIG']['dataDir'] . '/' . $newFileName);
+            header('Location: error.php?ec=18');
+            exit;
         }
-        else
-        {
-            copy($GLOBALS['CONFIG']['dataDir'] . '/' . ($fileId-1) . '.dat', $GLOBALS['CONFIG']['dataDir'] . '/' . $newFileName);
-        }
+        move_uploaded_file($_FILES['file']['tmp_name'][$count], $GLOBALS['CONFIG']['dataDir'] . '/' . $newFileName);
+
+        //copy($GLOBALS['CONFIG']['dataDir'] . '/' . ($fileId-1) . '.dat', $GLOBALS['CONFIG']['dataDir'] . '/' . $newFileName);
+        
         // back to main page
         $message = urlencode(msg('message_document_added'));
 
         // Call the plugin API
-        callPluginMethod('onAfterAdd',$fileId);
-        
-        header('Location: details.php?id=' . $fileId . '&last_message=' . $message);
+        callPluginMethod('onAfterAdd', $fileId);
     }
+    header('Location: details.php?id=' . $fileId . '&last_message=' . $message);
+    exit;
 }
 ?>
 <script type="text/javascript">

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Opendocman-devel] SF.net SVN: opendocman:[905] opendocman/tags/1.2.6.1-release/

[opendocman d. d. <ope...@li...>]

Revision: 905
          http://opendocman.svn.sourceforge.net/opendocman/?rev=905&view=rev
Author:   logart
Date:     2012-04-18 17:53:27 +0000 (Wed, 18 Apr 2012)
Log Message:
-----------
1.2.6.1 release

- 0000464: [User Interface] Install folder warning message breaks tweeter theme in IE (logart) - resolved.
- 0000463: [Core] Not able to download previous version of document. (logart) - resolved.
- 0000462: [Database] Reviewer cannot admin files that are in review queue (logart) - resolved.
- 0000291: [Input Validation] Input validation - admin tools (logart) - resolved.
- 0000455: [User Interface] Edit/Add User - Admin checkbox should show/hide reviewer selection list (logart) - resolved.
- 0000456: [User Interface] Buttons on various forms are not aligned nicely in all browsers (logart) - resolved.
- 0000453: [User Interface] UI - Clicking cancel on the Add User screen causing input validation to fire off (logart) - resolved.
- 0000458: [Error] undefined index last_message - admin pages (logart) - resolved.
- 0000461: [Core] Delete/Undelete - Undelete file not working. (logart) - resolved.
- 0000324: [Core] Admin users should see all reviewable files (logart) - resolved.

Added Paths:
-----------
    opendocman/tags/1.2.6.1-release/

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.