Xataface Forums

Put a face on your database
http://xataface.com/forum/

Ldap Auth

http://xataface.com/forum/viewtopic.php?f=5&t=4175

Page 1 of 1

PostPosted: Tue Jun 19, 2007 6:39 am
by idefixgallier
Hi!

I found the entries for the Ldap Authentication in the config.ini File, but
if I enter our local ldap server nothing is happening after authentication (the webserver
not even tries to reach the ldap server)

How can I fix that?

lg
martin

PostPosted: Tue Jun 19, 2007 10:28 am
by shannah

Hi Martin,

The LDAP stuff was disabled for the public release.Ê We had been using it for the plantsale auction at the university for the user info instead of storing the user info in the users tables, but in general most people won't have LDAP available so I removed it.Ê Most of the LDAP stuff has just been commented out but it would take a bit of tweaking to get it to work properly with the current setup.

-Steve

PostPosted: Wed Jun 20, 2007 1:18 am
by idefixgallier
Hi Steve!

We also use a central ldap server on our university for authentication - can
you give me a hint in what files I have to search (at least - does dataface or webauction the ldap thing?)

lg

PostPosted: Wed Jun 20, 2007 1:54 am
by shannah

HI Martin,

It would likely be a little bit of a different setup.Ê We don't use LDAP for auth, just for accessing user info like email address, name, and phone number.Ê We use CAS for authentication.Ê In order to use LDAP properly for authentication, it will be best to create an LDAP authentication module (none exists right now).Ê You can check out the CAS authentication module for an example of how to write one.

The remnants of the LDAP stuff for gathering user info can be found in the include/functions.inc.php file.Ê The getLDAPUserInfo() function.

-Steve

PostPosted: Wed Jun 20, 2007 6:51 am
by idefixgallier
Thank you for your help!

I have gone the dirty way and simply commented out some lines in the AuthenticationTool.php and added my Ldap Authentication (and
add the user to the users table if not existing) and we all are happy ...

lg
Martin

PostPosted: Wed Jun 20, 2007 4:39 pm
by shannah

Hi Martin,

That's great!Ê Please consider distributing this modified module so that others can use it.Ê I'm sure that LDAP authentication would be useful to lots of other people.

Best regards
Steve

PostPosted: Wed Jun 20, 2007 4:40 pm
by shannah

Or if you don't feel it's ready to distribute, you can send it to me and I can add the finishing touches to make it more "generic".

-Steve

PostPosted: Thu Jun 21, 2007 5:06 am
by idefixgallier
Sure - I just changed the function below in Datafaces's AuthenticationTool.php

If you want to make it generic, I would propose you check the auth_type for ldap
and put some extra options in the conf.ini:
ldap_user_tree or something to specify the search base.

lg
Martin


function checkCredentials(){
$app =& Dataface_Application::getInstance();
if ( !$this->authEnabled ) return true;
if ( isset($this->delegate) and method_exists($this->delegate, 'checkCredentials') ){
return $this->delegate->checkCredentials();
} else {
// The user is attempting to log in.
$creds = $this->getCredentials();
if ( !isset( $creds['UserName'] ) || !isset($creds['Password']) ){
// The user did not submit a username of password for login.. trigger error.
//trigger_error("Username or Password Not specified", E_USER_ERROR);
return false;
}

// *************** LDAP CONNECT *********************
$connect = ldap_connect('10.0.0.1');

// *********** Search for the DN of the username and read mail/sn/givenname ************
$read=ldap_search($connect,"ou=Users,dc=fh-stpoelten,dc=ac.at","(uid=".trim(strtolower($creds['UserName'])).")",array("cn","givenname","sn","mail"));
$info = ldap_get_entries($connect, $read);
// *********** read result ***************
$dn=$info[0]['dn'];
if (!$dn)
{
ldap_close($connect);
return false;
}
if(@ldap_bind($connect,$dn,$creds['Password']))
{
$erg=mysql_query('Select * from users where username="'.trim(strtolower($creds['UserName'])).'";',$app->db());
if ( !$erg ) trigger_error(mysql_error($app->db()), E_USER_ERROR);
if(mysql_num_rows($erg)<1)
{
$erg=mysql_query('Insert into users(username,password,firstname,lastname,title,department,phone,email,role,prefs_receive_outbid_notifications) Values("'.trim(strtolower($creds['UserName'])).'",null,"'.$info[0]['givenname'][0].'","'.$info[0]['sn'][0].'",null,null,null,"'.$info[0]['mail'][0].'","User",1);',$app->db());
if ( !$erg ) trigger_error(mysql_error($app->db()), E_USER_ERROR);
}
ldap_close($connect);
return true;
}
else
{
ldap_close($connect);
return false;
}


/* import('Dataface/Serializer.php');
$serializer =& new Dataface_Serializer($this->usersTable);
//$res = mysql_query(
$sql = "SELECT `".$this->usernameColumn."` FROM `".$this->usersTable."`
WHERE `".$this->usernameColumn."`='".addslashes(
$serializer->serialize($this->usernameColumn, $creds['UserName'])
)."'
AND `".$this->passwordColumn."`=".
$serializer->encrypt(
$this->passwordColumn,
"'".addslashes($serializer->serialize($this->passwordColumn, $creds['Password']))."'"
);
$res = mysql_query($sql, $app->db());
if ( !$res ) trigger_error(mysql_error($app->db()), E_USER_ERROR);

if ( mysql_num_rows($res) === 0 ){
return false;
}
@mysql_free_result($res);
return true; */
}

}

AuthenticationTool.php

PostPosted: Wed Mar 04, 2009 6:59 am
by ikramahamed82
Hi,

Does the entire code go in to AuthenticationTool.php


function checkCredentials(){
$app =& Dataface_Application::getInstance();
if ( !$this->authEnabled ) return true;
if ( isset($this->delegate) and method_exists($this->delegate, 'checkCredentials') ){
return $this->delegate->checkCredentials();
} else {
// The user is attempting to log in.
$creds = $this->getCredentials();
if ( !isset( $creds['UserName'] ) || !isset($creds['Password']) ){
// The user did not submit a username of password for login.. trigger error.
//trigger_error("Username or Password Not specified", E_USER_ERROR);
return false;
}

// *************** LDAP CONNECT *********************
$connect = ldap_connect('10.0.0.1');

// *********** Search for the DN of the username and read mail/sn/givenname ************
$read=ldap_search($connect,"ou=Users,dc=fh-stpoelten,dc=ac.at","(uid=".trim(strtolower($creds['UserName'])).")",array("cn","givenname","sn","mail"));
$info = ldap_get_entries($connect, $read);
// *********** read result ***************
$dn=$info[0]['dn'];
if (!$dn)
{
ldap_close($connect);
return false;
}
if(@ldap_bind($connect,$dn,$creds['Password']))
{
$erg=mysql_query('Select * from users where username="'.trim(strtolower($creds['UserName'])).'";',$app->db());
if ( !$erg ) trigger_error(mysql_error($app->db()), E_USER_ERROR);
if(mysql_num_rows($erg)<1>db());
if ( !$erg ) trigger_error(mysql_error($app->db()), E_USER_ERROR);
}
ldap_close($connect);
return true;
}
else
{
ldap_close($connect);
return false;
}


/* import('Dataface/Serializer.php');
$serializer =& new Dataface_Serializer($this->usersTable);
//$res = mysql_query(
$sql = "SELECT `".$this->usernameColumn."` FROM `".$this->usersTable."`
WHERE `".$this->usernameColumn."`='".addslashes(
$serializer->serialize($this->usernameColumn, $creds['UserName'])
)."'
AND `".$this->passwordColumn."`=".
$serializer->encrypt(
$this->passwordColumn,
"'".addslashes($serializer->serialize($this->passwordColumn, $creds['Password']))."'"
);
$res = mysql_query($sql, $app->db());
if ( !$res ) trigger_error(mysql_error($app->db()), E_USER_ERROR);

if ( mysql_num_rows($res) === 0 ){
return false;
}
@mysql_free_result($res);
return true; */
}

}

PostPosted: Thu Mar 05, 2009 9:38 am
by shannah
It would be better to go the module approach mentioned in http://xataface.com/forum/viewtopic.php?t=4475 than to try to modify the Authentication tool.

-Steve
All times are UTC - 7 hours
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/