I love this tool and see lots of uses for it. My one question is we are currently using a core authentication database and ldap to login. Single login. How hard is it from the perspective of ORS to have me change some code to use our authentication? We currently use php for our code also.
Don't know if this makes sense but amy help would be great.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Makes lots of sense! Actually, I don't think it would be a tremendous thrash to set it up to work with an LDAP database, esp. as you are already using a PHP-based one.
When a user logs into ORS, it issues that person a session UID (user ID). This UID is stored with the user's usernumber (USN, a permanent number associated with that user). Each subsequent call to ORS simply passes the UID and the system knows who they are and lets them do their thing.
To make this work with an external authentication program, after the user has satified YOU that they are authentic, you simply need to figure out the user's user number (usn) and issue them a UID.
The functions.php file contains functions to do this and you can "include" this whole file into the LDAP authentication routine (somewhere after they have been authenticated). USERIDLOOKUP is the routine which is used by ORS to assign a user a UID when they log in (it is also used for subsequent validation of that UID). Two approaches:
(1) You could call this function directly with an array containing two keys: 'lastname' and 'password' which will be used to look up the user. The only problem here is that you prob. need to fix the password (e.g. to an empty string) and keep the user from changing it (modifications to the "utilities.php" file). There is no good reason to bother tying this password into the LDAP database, probably... it might be more trouble than it is worth!
(2) You could do the USN lookup and UID assignment steps yourself. See the code inside the IF statement after the comment:
//if name+PIN matches (and PIN is NOT empty!) this is them
somewhere around line 840. This is the code which is run when the user first logs in. You can see that you can use LOOKUPUSN and ASSIGNUID to find the usernumber and assign that user a session UID.
The hardest part will be having sufficient information to look up the user's user number (usn). We do it based on first and last name. You could modify it to be last name only (just make sure your users all have unique last names!)
Once you've assigned a UID, all you have to do is include index.php with the array $HTTP_POST_VARS set with the "UID" key set to the assigned UID.
Write me off-line (jshaver@ors.sourceforge.net) to talk about this more. If you can get this to work, I'd be happy to figure out how to integrate it into the program as an option. Which LDAP client are you using?
-Jeremy
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
-
2003-04-23
Great feedback Jeremy! Thanks, I will be trying this over the next couple of days and will let you know the out come. I think from your comments and the stuff were trying to do, it should be a no brainer.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Has there been any progress on this enhancement? I am very interested in using LDAP as an auth. piece also. I would be will to help in testing and such.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Need to check with "d518920". Haven't heard anything since April. Unfortunatly, it isn't on the top of our list... Drop a "feature request" in for it if you'd like!
-Jeremy
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I love this tool and see lots of uses for it. My one question is we are currently using a core authentication database and ldap to login. Single login. How hard is it from the perspective of ORS to have me change some code to use our authentication? We currently use php for our code also.
Don't know if this makes sense but amy help would be great.
Makes lots of sense! Actually, I don't think it would be a tremendous thrash to set it up to work with an LDAP database, esp. as you are already using a PHP-based one.
When a user logs into ORS, it issues that person a session UID (user ID). This UID is stored with the user's usernumber (USN, a permanent number associated with that user). Each subsequent call to ORS simply passes the UID and the system knows who they are and lets them do their thing.
To make this work with an external authentication program, after the user has satified YOU that they are authentic, you simply need to figure out the user's user number (usn) and issue them a UID.
The functions.php file contains functions to do this and you can "include" this whole file into the LDAP authentication routine (somewhere after they have been authenticated). USERIDLOOKUP is the routine which is used by ORS to assign a user a UID when they log in (it is also used for subsequent validation of that UID). Two approaches:
(1) You could call this function directly with an array containing two keys: 'lastname' and 'password' which will be used to look up the user. The only problem here is that you prob. need to fix the password (e.g. to an empty string) and keep the user from changing it (modifications to the "utilities.php" file). There is no good reason to bother tying this password into the LDAP database, probably... it might be more trouble than it is worth!
(2) You could do the USN lookup and UID assignment steps yourself. See the code inside the IF statement after the comment:
//if name+PIN matches (and PIN is NOT empty!) this is them
somewhere around line 840. This is the code which is run when the user first logs in. You can see that you can use LOOKUPUSN and ASSIGNUID to find the usernumber and assign that user a session UID.
The hardest part will be having sufficient information to look up the user's user number (usn). We do it based on first and last name. You could modify it to be last name only (just make sure your users all have unique last names!)
Once you've assigned a UID, all you have to do is include index.php with the array $HTTP_POST_VARS set with the "UID" key set to the assigned UID.
Write me off-line (jshaver@ors.sourceforge.net) to talk about this more. If you can get this to work, I'd be happy to figure out how to integrate it into the program as an option. Which LDAP client are you using?
-Jeremy
Great feedback Jeremy! Thanks, I will be trying this over the next couple of days and will let you know the out come. I think from your comments and the stuff were trying to do, it should be a no brainer.
Has there been any progress on this enhancement? I am very interested in using LDAP as an auth. piece also. I would be will to help in testing and such.
Need to check with "d518920". Haven't heard anything since April. Unfortunatly, it isn't on the top of our list... Drop a "feature request" in for it if you'd like!
-Jeremy