Re: [phpesp-dev] ldap patch

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Tue, Mar 26, 2002 at 02:52:04PM -0500, James E. Flemer wrote:
> Well I don't use LDAP, and haven't for the past 3-4
> years... So I made a few cosmetic changes and commited your
> patch. Could you check out the latest CVS version and try
> it out. Hopefully I didn't break anything. Also it would be
> nice if you could write a small README.LDAP or something
> giving some pointers on what to set each of the new
> phpESP.ini variables to when using LDAP (and any other
> pointers you think appropriate).

Cool. I have looked at it and it looks great. There is one problem
though. If the ldap server allows anonymous binding then a blank dn
will return a success. We just have to make sure the search results 
returns the right count. So on line 145 of espauth-ldap.inc just change 

if ($search_result) {

to 

if (ldap_count_entries($ds,$search_result)==1) { 

that should fix it. I should have a quick README.ldap coming soon.

> 
> I haven't really looked too closely at your patch, but let
> me say this in case it applies. There is a field called
> 'auth' in both the respondent table, and the designer
> table. The default value is BASIC. That field is currently
> not used at all. I put it in there for the possiblity of
> future auth-types to set it if they need to. Perhaps the
> LDAP auth would want to use that field. Anyway ... it's
> there for your use.
>

Ok. 

> -James
> 
> On Fri, 22 Mar 2002, Christopher Zorn wrote:
> 
> > Ok. Here is my patch. It is a quick hack so I may be
> > over looking some things. Please point out anything
> > that you see wrong with it. All I am using ldap for is
> > authentication for now. When someone trys to log into
> > phpESP/admin it will check the database ( this is so we
> > can still have a root user ) if that fails it
> > authenticates against the ldap server and if
> > successfull it will either insert user information into
> > the database and create a seperate group for the user
> > or update the user password to match the one for ldap.
> > What do you guys think?
> 