Re: [openupload-devel] Chained authentication ?
Status: Beta
Brought to you by:
tsdogs
Menu
▾
▴
Re: [openupload-devel] Chained authentication ?
|
From: <wal...@no...> - 2011-04-20 07:52:53
|
This seems to be working (at least for authentication) : a user can
connect either using an internal account or using a ldap directory entry.
( class file is lib/modules/auth/chained.inc.php , put
$CONFIG['auth']='chained' in config.inc.php , adjust ldap settings )
<?php
class chainedAuth extends authBase {
var $authD='' ;
var $authL='' ;
var $internal=true;
function chainedAuth() {
require_once(app()->config['INSTALL_ROOT'].'/lib/modules/auth/default.inc.php');
require_once(app()->config['INSTALL_ROOT'].'/lib/modules/auth/ldap.inc.php');
$this->authD= new defaultAuth();
$this->authL= new ldapAuth();
$this->features = array('useradmin' => 'yes', 'groupadmin' => 'yes');
}
function init() {
$this->authL->init();
$this->authD->init();
}
function authenticate($user,$pwd) {
if (!$this->authD->authenticate($user,$pwd))
{
$this->internal=false;
$res= $this->authL->authenticate($user,$pwd);
return $res;
}
else
{
$this->internal=true;
return true;
}
}
function userinfo($login) {
// I'm not sure if userinfo is called upon the logged-in user
// if yes the code below is correct
// if not , it should be modified ( search $login in internal database
// if present retrieve info from database, otherwise fetch info from ldap
directory
if ($this->internal) {
$r = $this->authD->userInfo($login);
}
else{
$r= $this->authL->userinfo($login);
}
return $r; }
function groupinfo($group = '') {
if ($this->internal) $r = $this->authD->groupinfo($group);
else $r=$this->authL->groupinfo($group);
return $r; }
function users() { return $this->authD->users(); }
function useradd($user) { $this->authD->useradd($user);}
function useredit($user) {
$this->authD->useredit($user);
}
function userdel($id) {
$this->authD->userdel($id);
}
function groupadd($group) {
$this->authD->groupadd($group);
}
function groupedit($group) {
$this->authD->groupedit($group);
}
function groupdel($id) {
$this->authD->groupedit($id);
}
}
?>
Feel free to reuse and improve (some functions may be incorrect, groupinfo
for example : I'm not sure )
Regards, W.
> Hi,
>
> I'd like to set-up the following authentication scheme :
>
> 1) First, the user is authenticated against the openupload internal
> authentication database
> 2) If the user does not exist in the database, then the user is
> authenticated against an ldap server.
>
> This would be useful if :
> 1) some users (who do not belong to the company) are not present in the
> ldap directory ( and for whatever reason we do not want to put them into
> the directory)
> 2) the corporate users exist in the ldap directory .
>
> I've been thinking of the following implementation :
> 1) create a new class called 'chainedAuth' extending AuthBase
> 2) this class will hold references to an instance of defaultAuth (dA) and
> to an instance of ldap Auth (lA)
> 3) calls to AuthBase functions will be forwarded to dA and/or lA
>
> for example :
>
> function authenticate($user,$pwd) {
>
> if (!this->$dA->authenticate($user,$pwd))
> return ( this->$lA->authenticate($user,$pwd))
> else
> return true;
> }
>
> I'm not sure about how all AuthBase functions should be implemented
> (userdel() should probably be forwarded to dA only, userInfo() to both dA
> and lA, ...)
>
>
> Well, I'll investigate further and any idea or suggestion is welcomed.
>
> Regards,W.
>
>
> ------------------------------------------------------------------------------
> Benefiting from Server Virtualization: Beyond Initial Workload
> Consolidation -- Increasing the use of server virtualization is a top
> priority.Virtualization can reduce costs, simplify management, and improve
> application availability and disaster protection. Learn more about
> boosting
> the value of server virtualization. http://p.sf.net/sfu/vmware-sfdev2dev
> _______________________________________________
> Openupload-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/openupload-devel
>
|
