|
From: SourceForge.net <no...@so...> - 2003-06-30 10:39:47
|
Bugs item #763113, was opened at 2003-06-30 03:39 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=403611&aid=763113&group_id=31885 Category: Authentication Group: current CVS Status: Open Resolution: None Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: Alternative LDAP for auth and perm classes Initial Comment: I am in the process of trying to use our LDAP-server for authentication in phpLib and have found a couple of snags in the existing LDAP implementation. First i would like to see phpLib make available authentication with existing LDAP directories. The current LDAP class simply replaces mysql storage for LDAP. No consideration or implementation of authenticating against existing user accounts and permission settings in LDAP is provided. THis is really not that hard. I have hacked my way through the authentication part but I stumble on permissions since I am not deeply into the structures inside phpLib. I do not have the capasity to figure out how to make this a part of the LDAP class but... The following code offers LDAP authentication with existing userbases (Novell, Active Directory...) and replaces the mysql code in auth_validatelogin() in local.inc: // connect... $ds=ldap_connect($this->ldap_host, $this->ldap_port);/ / or echo "Error Connecting to LDAP server..."; if ($ds) { // admin bind... $r=ldap_bind($ds, $this->rootdn, $this->rootpw);// or echo "Error Binding to LDAP server..."; // search for uname... $sr=ldap_search($ds,$this->basedn, $this- >attr_uname."=".addslashes($HTTP_POST_VARS["username "]) ); // get matching entries (should only be one) $info = ldap_get_entries($ds, $sr); // test all results, and get uid and permissions... for ($i=0; $i<$info["count"]; $i++) { // bind as user to test password $r=@ldap_bind($ds, $info[$i]["dn"], addslashes($HTTP_POST_VARS["password"]) ); // if bind is successful... if ($r) { // fetch UID and perms - not completed!! $uid = md5($info[$i]["dn"]); $this->auth["perm"] = $info[$i][$this- >attr_perms][0]; } } } ldap_close($ds); return $uid; ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=403611&aid=763113&group_id=31885 |