#123 Alternative LDAP for auth and perm classes

[Anonymous]

I am in the process of trying to use our LDAP-server for
authentication in phpLib and have found a couple of snags in
the existing LDAP implementation.

First i would like to see phpLib make available authentication
with existing LDAP directories. The current LDAP class
simply replaces mysql storage for LDAP. No consideration or
implementation of authenticating against existing user
accounts and permission settings in LDAP is provided.

THis is really not that hard. I have hacked my way through
the authentication part but I stumble on permissions since I
am not deeply into the structures inside phpLib.

I do not have the capasity to figure out how to make this a
part of the LDAP class but...

The following code offers LDAP authentication with existing
userbases (Novell, Active Directory...) and replaces the
mysql code in auth_validatelogin() in local.inc:

// connect...
$ds=ldap_connect($this->ldap_host, $this->ldap_port);/
/ or echo "Error Connecting to LDAP server...";

if ($ds) {
// admin bind...
$r=ldap_bind($ds, $this->rootdn, $this->rootpw);//
or echo "Error Binding to LDAP server...";
// search for uname...
$sr=ldap_search($ds,$this->basedn, $this-
>attr_uname."=".addslashes($HTTP_POST_VARS["username
"]) );
// get matching entries (should only be one)
$info = ldap_get_entries($ds, $sr);

// test all results, and get uid and permissions...
for ($i=0; $i<$info["count"]; $i++) {
// bind as user to test password
$r=@ldap_bind($ds, $info[$i]["dn"],
addslashes($HTTP_POST_VARS["password"]) );
// if bind is successful...
if ($r) {
// fetch UID and perms - not completed!!
$uid = md5($info[$i]["dn"]);
$this->auth["perm"] = $info[$i][$this-
>attr_perms][0];
}
}
}
ldap_close($ds);
return $uid;