AD Multidomain logins
Status: Beta
Brought to you by:
tsdogs
Menu
▾
▴
#14 AD Multidomain logins
open
nobody
None
5
2015-08-31
2011-10-18
Anonymous
No
Hi,
We have a single forest / multidomain AD setup and I wanted to allow users login from all the domains so I modified the code as follows: (Diff)
Commentif this is of any use....
--- ldap.inc.php-original 2011-10-13 15:11:12.000000000 +0100
+++ ldap.inc.php-multidomain 2011-10-18 14:49:24.000000000 +0100
@@ -38,6 +38,26 @@
function authenticate($login,$password) {
$result = false;
+
+ // parse login to see if includes domain.
+ //
+ if (preg_match("/@/",$login)) {
+ // Full domainName is user@domain format
+ $loginArray = split("@",$login);
+ $login = strtolower($loginArray[0]);
+ $domain = strtolower($loginArray[1]);
+
+ $this->config['host'] = $this->config[$domain]['host'];
+ $this->config['domain'] = $this->config[$domain]['domain'];
+ $this->config['basedn'] = $this->config[$domain]['basedn'];
+ $this->config['userdn'] = $this->config[$domain]['userdn'];
+ $this->config['groupdn'] = $this->config[$domain]['groupdn'];
+
+ }else {
+ // Use default domain entries
+ // do nothing
+ }
+
/ just to be sure /
$this->disconnect();
if ($this->connect()) {
@@ -57,23 +77,33 @@
return $result;
}
-
function userinfo($login) {
$result = array();
+
+ //
+ // Full domainName is user@domain format
+ //
+ if (preg_match("/@/",$login)) {
+ // Full domainName is user@domain format
+ $loginArray = split("@",$login);
+ $login = strtolower($loginArray[0]);
+ }
+
if ($this->connect() and $this->bind()) {
while in the config file I set up the following entries.....
$CONFIG['ldap']['host'] = 'defaultDomain.local';
$CONFIG['ldap']['domain'] = 'defaultDomain.local';
$CONFIG['ldap']['basedn'] = 'dc=XXX,dc=XXX,dc=local';
$CONFIG['ldap']['userdn'] = 'ou=XXX,dc=XX,dc=XXX,dc=local';
$CONFIG['ldap']['groupdn'] = 'ou=XXXX,dc=XX,dc=XXX,dc=local';
$CONFIG['ldap']['domain1.local']['host'] = 'xxxx.domain1.local';
$CONFIG['ldap']['domain1.local']['domain'] = 'domain1.local';
$CONFIG['ldap']['domain1.local']['basedn'] = 'dc=XX,dc=domain1,dc=local';
$CONFIG['ldap']['domain1.local']['userdn'] = 'dc=ie,dc=domain1,dc=local';
$CONFIG['ldap']['domain1.local']['groupdn'] = 'dc=ie,dc=domain1,dc=local';
$CONFIG['ldap']['domain2.local']['host'] = 'xxxx.domain1.local';
$CONFIG['ldap']['domain2.local']['domain'] = 'domain1.local';
$CONFIG['ldap']['domain2.local']['basedn'] = 'dc=domain1,dc=local';
$CONFIG['ldap']['domain2.local']['userdn'] = 'ou=Users,dc=domain2,dc=local';
$CONFIG['ldap']['domain2.local']['groupdn'] = 'ou=Groups.dc=domain2,dc=local';
etc....
Discussion
Anonymous
Hi,
Really need the same implementation but I'm not able to have it working. Could you attach the 3 modified working files (removing private info)?
Regards.
it would be nice to have it working for login in the form of DOMAINNAME\USERNAME