Re: [openupload-devel] Chained authentication ?

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Thanks Allesandro

for those interested please find below the new source code version , which
takes into account Allesandro remarks.

For userinfo() : I'm using either defaultAuth or ldapAuth according to the
authentication scheme.

For groupinfo : I'm calling first defaultAuth:groupinfo() and then, if the
result is empty , I'm calling ldapAuth:groupinfo()

All others functions (useredit .... ) are only implemented in defaultAuth
and hence are delegated to that class.

I'll have more time next week to carry out more tests and I'll report here.

There remains one problem though : it is possible to edit a ldap user ,
even if modifications are not saved. I did not find a way to prevent this
( I had to enable user modifications for internal users).

Regards,
W

<?php

class chainedAuth extends authBase {
  var $authD='' ; // default (internal) authentication
  var $authL='' ; // ldap authentication

  function chainedAuth() {
    require_once(app()->config['INSTALL_ROOT'].'/lib/modules/auth/default.inc.php');
    require_once(app()->config['INSTALL_ROOT'].'/lib/modules/auth/ldap.inc.php');
    $this->authD= new defaultAuth();
    $this->authL= new ldapAuth();
    $this->features = array('useradmin' => 'yes', 'groupadmin' => 'yes');
    $this->userfields =
array('login','password','name','group_name','email','lang','reg_date','regid','active');
  }

  function init() {
    $this->authL->init();
    $this->authD->init();
  }

  function authenticate($user,$pwd) {

    if (!$this->authD->authenticate($user,$pwd))
      {
	$_SESSION['user']['internalauth']=false;
	$res= $this->authL->authenticate($user,$pwd);
        return $res;
      }
    else
      {
	$_SESSION['user']['internalauth']=true;
	$this->internal=true;
        return true;
      }
  }

  function userinfo($login) {
    if ($_SESSION['user']['internalauth']) $r =
$this->authD->userInfo($login);
    else  $r= $this->authL->userinfo($login);
    return $r;
  }

  function groupinfo($group = '') {
    $r = $this->authD->groupinfo($group);
    if (empty($r))  $r=$this->authL->groupinfo($group);
    return $r; }

  // functions below are only implemented in defaultAuth
  // hence they are delegated to authD  ( default authenticator )
  function users() { return $this->authD->users(); }

  function useradd($user) { $this->authD->useradd($user);}

  function useredit($user) {
    // check if $user is internal as we do not edit
    // users in ldap directory.
    // the check is not very useful because the form calling this function
    // display the new values even if they are not applied here
     $users=$this->users(); // retrieve internal users
     foreach ($users as $u) {
                 if (strcmp($u['login'],$user['login'])==0)
                        {
    $this->authD->useredit($user);
    break;
                        }
	}
  }

  function userdel($id) {
    $this->authD->userdel($id);
  }

  function groupadd($group) {
    $this->authD->groupadd($group);
  }

  function groupedit($group) {
    $this->authD->groupedit($group);
  }

  function groupdel($id) {
    $this->authD->groupedit($id);
  }

}
?>

>  On Wed, 20 Apr 2011 09:52:45 +0200 (CEST), wal...@no... wrote:
>> This seems to be working (at least for authentication) : a user can
>> connect either using an internal account or using a ldap directory
>> entry.
>>
>
>  Great, I also thought about this option.
>
>  Yes it should work, but the trouble here could be to find out about the
>  groups or other info.
>  (the $this->internal is not kept between requests which could lead to
>  some trouble in the next requests)
>
>  Imho, you should save in the user info (session) where you retrieved
>  the authentication from,
>  and then use this value instead of the $this->internal.
>
>  my 2 cents.
>  Alessandro
>
>
> ------------------------------------------------------------------------------
> Benefiting from Server Virtualization: Beyond Initial Workload
> Consolidation -- Increasing the use of server virtualization is a top
> priority.Virtualization can reduce costs, simplify management, and improve
> application availability and disaster protection. Learn more about
> boosting
> the value of server virtualization. http://p.sf.net/sfu/vmware-sfdev2dev
> _______________________________________________
> Openupload-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/openupload-devel
>