Support Forums - All Posts - XOOPS Web Application System

Re: LDAP authentication

2003/11/1 20:10
mercibe
Just popping in
Posts: 55
Since: 2003/6/12

Strange... This is a standard XOOPS function that should be present in your user.php

Did you check if you have the getObjects function defined in your /kernel/user.php ?

The definition should start like this:

function &getObjects($criteria = null, $id_as_key = false)

If the "line" you mention is reached, it means that your LDAP connection is successful. Try to put some debug info to understand what is going on after...

This hack does not perform an autologin (read again its decription). In order to do that you could check the AUTH_USER HTTP header variable that has to be filled in with the username of a user already authenticated by your web server via the Basic Authentication mechanism (on the same domain). Then takes the approriate decisions to create or load the user data from XOOPS database based on your LDAP directory data and connect him to Xoops. This check/behaviour should be done ("included") automatically on every pages. A nice hack to develop

Hope this will help !

BM

Problem getting Xoops working through a proxy server

2003/10/24 12:51
mercibe
Just popping in
Posts: 55
Since: 2003/6/12

Hi,

We have just configured our corporate proxy server to map our XOOPS machine to our standard staging Intranet URL.

http://www.intranet.com:8081/ =>http://158.166.248.205/

We adapted the XOOPS virtual path (mainfile.php):

// XOOPS Virtual Path (URL)
define('XOOPS_URL', 'http://www.intranet.com:8081');

... and now we have a blank page when we connect through the proxy. If we restore the old value of the XOOPS_URL (http://158.166.248.205) we can connect trough the proxy but, of course, only for the "home" page. All other links point to the IP address.

I suppose that something goes wrong with the ":" in the XOOPS_URL. Do you have any idea ?

Thank you in advance for your help.

BM

LDAP authentication

2003/10/9 13:37
mercibe
Just popping in
Posts: 55
Since: 2003/6/12

It is my first PHP "development" and first post to a public forum. So I am a bit shy... Time to share experience!
I have just finished the first version of a small hack to use our internal user directory accessible through LDAP for XOOPS user authentication.
The goal is to allow all users registered in the Directory to directly connect to Xoops, without having to register manually
BUT WITHOUT preventing users not present in the central Directory to register. How is it working ?
In fact, I simply automatically register the users that I can authenticate through LDAP and then let the normal authentication process continue.

2 files have to be modified:

Add these 3 lines at the very beginning of the &loginUser($uname, $pwd) function in /kernel/member.php


$ldap_criteria = new CriteriaCompo(new Criteria('uname', $uname));

        $ldap_criteria->add(new Criteria('pass', $pwd));        

    $authenticated = $this->_uHandler->LDAPAuthentication($ldap_criteria, false);

Add the following function to the XoopsUserHandler class in /kernel/user.php


/**

     * retrieve users from a Directory server through LDAP

     * @param object $criteria {@link CriteriaElement} conditions to be met

     * @return true if the user has been authenticated, otherwise false 



     */

    function LDAPAuthentication($criteria = null)

    {           

    $uid_attr = "uid";

    $mail_attr = "mail";

    $name_attr = "cn";

    $ldap_server = "ldap.bb.cc.dd";

    $ldap_port = 389;

    $base_dn = "ou=People,o=bb.cc.dd";

    $timezone_offset = 1;

    

    $authenticated = false;

    

      if (isset($criteria) && is_subclass_of($criteria, 'criteriaelement')) {

        

    $ds=ldap_connect($ldap_server, $ldap_port) or die("Could not connect to LDAP server.");

                   

    if($ds) {

        

          //Authentication

      $pass=$criteria->criteriaElements[1]->value;                $ldapbind=ldap_bind($ds,$uid_attr."=".$criteria->criteriaElements[0]->value.",".$base_dn,$criteria->criteriaElements[1]->value);

      if($ldapbind) {

                $authenticated = true;

                // Get info from LDAP (mail,name)

$sr=ldap_search($ds,$base_dn,$uid_attr."=".$criteria->criteriaElements[0]->value,Array($mail_attr,$name_attr)); 

                $info = ldap_get_entries($ds, $sr);

        if($info["count"] == 1) {

            // Search user in the DB        

            $criteria = new CriteriaCompo(new Criteria('uname',$criteria->criteriaElements[0]->value));            

            $user =& $this->getObjects($criteria, false);



            $member_handler =& xoops_gethandler('member');

            



            if (!$user || count($user) != 1) {

                $xuser =& $member_handler->createUser();

                $xuser->setVar("uname",$criteria->criteriaElements[0]->value);

                $xuser->setVar("user_avatar","blank.gif");

                $xuser->setVar('user_regdate', time());

                $xuser->setVar('timezone_offset', $timezone_offset);

                $xuser->setVar('actkey',substr(md5(uniqid(mt_rand(), 1)), 0, 8));                                

            }

            else {

                $xuser = & $user[0];

            }    

                        

            $xuser->setVar("email",$info[0][$mail_attr][0]);

            $xuser->setVar("name",$info[0][$name_attr][0]);            

            $xuser->setVar("pass",md5($pass));            

            $xuser->setVar("level",1);            

            $xuser->setVar('notify_method', 2);

                                                                                                                                    

                    // Store info in DB (update or insert)

            $ret = $this->insert($xuser);

            

            //Add the user to Registered Users group

            $member_handler->addUserToGroup(XOOPS_GROUP_USERS, $xuser->getVar('uid'));                    

        }

      }

            

      ldap_close($ds);

    }

    else {

        //echo "cannot connect to ldap server";

    }

        

      }

     

       return $authenticated;

  }

In order to minimize the files to modify I put all configuration data directly where there are used.
I suppose it should be located outside, but where ? (config.inc.php ?)
This hack should also work for those working with Active Directory (through LDAP, of course)
by simply adapting LDAP server info at the beginning of the LDAPAuthentication function.

Even if your LDAP server is down, registered users should be able to connect to Xoops.

I hope this will be useful for someone. In our case it allowed us to immediately adopt XOOPS for our internal developper portal.

Now I have to try the secure (SSL login page ?) authentication process to
avoid the "travelling" of clear passwords over the network... Any ideas or tips ?

Regards,

BM

Stats
Goal:	$100.00
Due Date:	Apr 30
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Forum Index

Re: LDAP authentication

Problem getting Xoops working through a proxy server

LDAP authentication

Login

Search

Recent Posts

Re: Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Re: NewBB v 5.1.0 b 6

Re: NewBB v 5.1.0 b 6

NewBB v 5.1.0 b 6

Re: XOOPS 2.5.11 search user is not working

Re: oledrion

Re: oledrion

Re: oledrion

Re: oledrion

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}