[Phplib-trackers] [ phplib-Support Requests-759762 ] CT_LDAP needs modification
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
[Phplib-trackers] [ phplib-Support Requests-759762 ] CT_LDAP needs modification
|
From: SourceForge.net <no...@so...> - 2003-06-30 11:06:14
|
Support Requests item #759762, was opened at 2003-06-24 04:49 Message generated for change (Comment added) made by nobody You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=403612&aid=759762&group_id=31885 Category: None Group: None Status: Open Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: CT_LDAP needs modification Initial Comment: I have been looking into methods for LDAP authentication and wanted to check an opinion I have formed. The way in which phpLib7.4pre2 checks user authentication in CT_LDAP is somewhere between wierd and useless. From what I can read in the source you can not authenticate "normal" LDAP users. Instead phpLib wants its own attributes for username and password (instead of using the DN for userID and so on.) I would prefer a method that looks for a DN (which is allways unique) and then tries to bind to the server with that DN and the provided password. This is the way that mod_auth in apache handles the password check and is more comaptible. What are the reasons for the implementation in phpLib and what are the plans for the future? In php4 you could have the whole page managment without an sql backend which is cool. Or, I could just be way off and I am mistaking totally? ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2003-06-30 04:06 Message: Logged In: NO Binding authentication added directly to "Example_Auth" auth_validatelogin() in local.inc. // connect... $ds=ldap_connect($this->ldap_host, $this->ldap_port);// or echo "Error Connecting to LDAP server..."; if ($ds) { // admin bind... $r=ldap_bind($ds, $this->rootdn, $this->rootpw);// or echo "Error Binding to LDAP server..."; // search for uname... $sr=ldap_search($ds,$this->basedn, $this- >attr_uname."=".addslashes($HTTP_POST_VARS["username"]) ); // get matching entries (should only be one) $info = ldap_get_entries($ds, $sr); // test all results, and get uid and permissions... for ($i=0; $i<$info["count"]; $i++) { // bind as user to test password $r=@ldap_bind($ds, $info[$i]["dn"], addslashes($HTTP_POST_VARS["password"]) ); // if bind is successful... if ($r) { // fetch UID and perms $uid = md5($info[$i]["dn"]); $this->auth["perm"] = $info[$i][$this- >attr_perms][0]; } } } ldap_close($ds); return $uid; } ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=403612&aid=759762&group_id=31885 |
