Ldap Auth

A place to discuss and receive support for the Web Auction application.

Postby idefixgallier » Tue Jun 19, 2007 6:39 am

Hi!

I found the entries for the Ldap Authentication in the config.ini File, but
if I enter our local ldap server nothing is happening after authentication (the webserver
not even tries to reach the ldap server)

How can I fix that?

lg
martin
idefixgallier
 
Posts: 7
Joined: Wed Dec 31, 1969 5:00 pm

Postby shannah » Tue Jun 19, 2007 10:28 am

Hi Martin,

The LDAP stuff was disabled for the public release.Ê We had been using it for the plantsale auction at the university for the user info instead of storing the user info in the users tables, but in general most people won't have LDAP available so I removed it.Ê Most of the LDAP stuff has just been commented out but it would take a bit of tweaking to get it to work properly with the current setup.

-Steve

--
Steve Hannah
@shannah78 (on twitter)
sjhannah.com blog
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm

Postby idefixgallier » Wed Jun 20, 2007 1:18 am

Hi Steve!

We also use a central ldap server on our university for authentication - can
you give me a hint in what files I have to search (at least - does dataface or webauction the ldap thing?)

lg
idefixgallier
 
Posts: 7
Joined: Wed Dec 31, 1969 5:00 pm

Postby shannah » Wed Jun 20, 2007 1:54 am

HI Martin,

It would likely be a little bit of a different setup.Ê We don't use LDAP for auth, just for accessing user info like email address, name, and phone number.Ê We use CAS for authentication.Ê In order to use LDAP properly for authentication, it will be best to create an LDAP authentication module (none exists right now).Ê You can check out the CAS authentication module for an example of how to write one.

The remnants of the LDAP stuff for gathering user info can be found in the include/functions.inc.php file.Ê The getLDAPUserInfo() function.

-Steve

--
Steve Hannah
@shannah78 (on twitter)
sjhannah.com blog
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm

Postby idefixgallier » Wed Jun 20, 2007 6:51 am

Thank you for your help!

I have gone the dirty way and simply commented out some lines in the AuthenticationTool.php and added my Ldap Authentication (and
add the user to the users table if not existing) and we all are happy ...

lg
Martin
idefixgallier
 
Posts: 7
Joined: Wed Dec 31, 1969 5:00 pm

Postby shannah » Wed Jun 20, 2007 4:39 pm

Hi Martin,

That's great!Ê Please consider distributing this modified module so that others can use it.Ê I'm sure that LDAP authentication would be useful to lots of other people.

Best regards
Steve
--
Steve Hannah
@shannah78 (on twitter)
sjhannah.com blog
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm

Postby shannah » Wed Jun 20, 2007 4:40 pm

Or if you don't feel it's ready to distribute, you can send it to me and I can add the finishing touches to make it more "generic".

-Steve

--
Steve Hannah
@shannah78 (on twitter)
sjhannah.com blog
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm

Postby idefixgallier » Thu Jun 21, 2007 5:06 am

Sure - I just changed the function below in Datafaces's AuthenticationTool.php

If you want to make it generic, I would propose you check the auth_type for ldap
and put some extra options in the conf.ini:
ldap_user_tree or something to specify the search base.

lg
Martin


function checkCredentials(){
$app =& Dataface_Application::getInstance();
if ( !$this->authEnabled ) return true;
if ( isset($this->delegate) and method_exists($this->delegate, 'checkCredentials') ){
return $this->delegate->checkCredentials();
} else {
// The user is attempting to log in.
$creds = $this->getCredentials();
if ( !isset( $creds['UserName'] ) || !isset($creds['Password']) ){
// The user did not submit a username of password for login.. trigger error.
//trigger_error("Username or Password Not specified", E_USER_ERROR);
return false;
}

// *************** LDAP CONNECT *********************
$connect = ldap_connect('10.0.0.1');

// *********** Search for the DN of the username and read mail/sn/givenname ************
$read=ldap_search($connect,"ou=Users,dc=fh-stpoelten,dc=ac.at","(uid=".trim(strtolower($creds['UserName'])).")",array("cn","givenname","sn","mail"));
$info = ldap_get_entries($connect, $read);
// *********** read result ***************
$dn=$info[0]['dn'];
if (!$dn)
{
ldap_close($connect);
return false;
}
if(@ldap_bind($connect,$dn,$creds['Password']))
{
$erg=mysql_query('Select * from users where username="'.trim(strtolower($creds['UserName'])).'";',$app->db());
if ( !$erg ) trigger_error(mysql_error($app->db()), E_USER_ERROR);
if(mysql_num_rows($erg)<1)
{
$erg=mysql_query('Insert into users(username,password,firstname,lastname,title,department,phone,email,role,prefs_receive_outbid_notifications) Values("'.trim(strtolower($creds['UserName'])).'",null,"'.$info[0]['givenname'][0].'","'.$info[0]['sn'][0].'",null,null,null,"'.$info[0]['mail'][0].'","User",1);',$app->db());
if ( !$erg ) trigger_error(mysql_error($app->db()), E_USER_ERROR);
}
ldap_close($connect);
return true;
}
else
{
ldap_close($connect);
return false;
}


/* import('Dataface/Serializer.php');
$serializer =& new Dataface_Serializer($this->usersTable);
//$res = mysql_query(
$sql = "SELECT `".$this->usernameColumn."` FROM `".$this->usersTable."`
WHERE `".$this->usernameColumn."`='".addslashes(
$serializer->serialize($this->usernameColumn, $creds['UserName'])
)."'
AND `".$this->passwordColumn."`=".
$serializer->encrypt(
$this->passwordColumn,
"'".addslashes($serializer->serialize($this->passwordColumn, $creds['Password']))."'"
);
$res = mysql_query($sql, $app->db());
if ( !$res ) trigger_error(mysql_error($app->db()), E_USER_ERROR);

if ( mysql_num_rows($res) === 0 ){
return false;
}
@mysql_free_result($res);
return true; */
}

}
idefixgallier
 
Posts: 7
Joined: Wed Dec 31, 1969 5:00 pm

AuthenticationTool.php

Postby ikramahamed82 » Wed Mar 04, 2009 6:59 am

Hi,

Does the entire code go in to AuthenticationTool.php


function checkCredentials(){
$app =& Dataface_Application::getInstance();
if ( !$this->authEnabled ) return true;
if ( isset($this->delegate) and method_exists($this->delegate, 'checkCredentials') ){
return $this->delegate->checkCredentials();
} else {
// The user is attempting to log in.
$creds = $this->getCredentials();
if ( !isset( $creds['UserName'] ) || !isset($creds['Password']) ){
// The user did not submit a username of password for login.. trigger error.
//trigger_error("Username or Password Not specified", E_USER_ERROR);
return false;
}

// *************** LDAP CONNECT *********************
$connect = ldap_connect('10.0.0.1');

// *********** Search for the DN of the username and read mail/sn/givenname ************
$read=ldap_search($connect,"ou=Users,dc=fh-stpoelten,dc=ac.at","(uid=".trim(strtolower($creds['UserName'])).")",array("cn","givenname","sn","mail"));
$info = ldap_get_entries($connect, $read);
// *********** read result ***************
$dn=$info[0]['dn'];
if (!$dn)
{
ldap_close($connect);
return false;
}
if(@ldap_bind($connect,$dn,$creds['Password']))
{
$erg=mysql_query('Select * from users where username="'.trim(strtolower($creds['UserName'])).'";',$app->db());
if ( !$erg ) trigger_error(mysql_error($app->db()), E_USER_ERROR);
if(mysql_num_rows($erg)<1>db());
if ( !$erg ) trigger_error(mysql_error($app->db()), E_USER_ERROR);
}
ldap_close($connect);
return true;
}
else
{
ldap_close($connect);
return false;
}


/* import('Dataface/Serializer.php');
$serializer =& new Dataface_Serializer($this->usersTable);
//$res = mysql_query(
$sql = "SELECT `".$this->usernameColumn."` FROM `".$this->usersTable."`
WHERE `".$this->usernameColumn."`='".addslashes(
$serializer->serialize($this->usernameColumn, $creds['UserName'])
)."'
AND `".$this->passwordColumn."`=".
$serializer->encrypt(
$this->passwordColumn,
"'".addslashes($serializer->serialize($this->passwordColumn, $creds['Password']))."'"
);
$res = mysql_query($sql, $app->db());
if ( !$res ) trigger_error(mysql_error($app->db()), E_USER_ERROR);

if ( mysql_num_rows($res) === 0 ){
return false;
}
@mysql_free_result($res);
return true; */
}

}
ikramahamed82
 
Posts: 3
Joined: Tue Mar 03, 2009 9:37 pm

Postby shannah » Thu Mar 05, 2009 9:38 am

It would be better to go the module approach mentioned in http://xataface.com/forum/viewtopic.php?t=4475 than to try to modify the Authentication tool.

-Steve
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm


Return to Web Auction Discussion

Who is online

Users browsing this forum: No registered users and 18 guests

cron
Powered by Dataface
© 2005-2007 Steve Hannah All rights reserved