1
pemen
Xoops Authentication system
  • 2005/10/5 16:27

  • pemen

  • Not too shy to talk

  • Posts: 186

  • Since: 2002/7/8 7


I upgrade the XOOPS Authentication system for XOOPS 2.2.x

This new version include :

- Active Directory support
- Allow user to by pass authentication method and directly login in XOOPS
- Code reorganisation
- Improve error handler

ROADMAP :

- Synchronisation system
Automaticly at login
By cron job
- NT Server Support

In the future

- SSO Support : CAS, ...

Download here :

XOOPS Auth Sourceforge Patches


Thanks for feedbacks
Identity management, LDAP, Workflow and more
XoopsPro

2
Herko
Re: Xoops Authentication system
  • 2005/10/5 18:22

  • Herko

  • XOOPS is my life!

  • Posts: 4238

  • Since: 2002/2/4 1


thanks for sending in your work! We'll look at it in the next release (not 2.2.3final).

Herko

3
pemen
Re: Xoops Authentication system (LDAP)
  • 2005/10/5 19:27

  • pemen

  • Not too shy to talk

  • Posts: 186

  • Since: 2002/7/8 7


I work on the XOOPS Authentication system for the first release of the 2.2 serie. It's myth that included it in the core.

I'm very surprised that this hack isn't in the 2.2.3 !!
The first version has many problems. For me this version must be included (after tests) in the 2.2.3 to offer a good
and functionnal authentication system.
Identity management, LDAP, Workflow and more
XoopsPro

4
Herko
Re: Xoops Authentication system (LDAP)
  • 2005/10/5 19:45

  • Herko

  • XOOPS is my life!

  • Posts: 4238

  • Since: 2002/2/4 1


the reason it's not going to be in 2.2.3 final is because that is already being tested by the beta testing team. If we added new features now, all testing will have to be done again (maybe not all, but 20% at least). That would delay release so much, that it will have to wait for 2.2.4, probably.

Herko

5
pemen
Re: Xoops Authentication system (LDAP)
  • 2005/10/6 6:58

  • pemen

  • Not too shy to talk

  • Posts: 186

  • Since: 2002/7/8 7


OK.
Waiting for the 2.2.4 ...
Identity management, LDAP, Workflow and more
XoopsPro

6
Carnifex
Re: Xoops Authentication system (LDAP)
  • 2005/11/9 15:15

  • Carnifex

  • Just popping in

  • Posts: 11

  • Since: 2005/10/4


Quote:

pemen wrote:
I think that you don't activate the LDAP extension in PHP.

PHP need to be compiled with the option --with-ldap in UNIX system or uncomment the line : php_ldap.dll in windows system.

I'm getting there.

Here's what I did so far, which may help others. I'm running WinXP with Apache 2.0.54, and PHP5. It's important to note that when you download PHP5, you may not by default get all the extentions (I didn't) - which you've figured out, if you've got XOOPS running, since the MySQL is one you need to download seperately.

What I had to do - as pemen says above, uncomment php_ldap.dll in php.ini, which is located in C:\windows\system32.

Copy php_ldap.dll into your \ext folder. On my install, that's c:\php\ext

Copy libeay32.dll and ssleay32.dll into your %system% folder. On my install, that's C:\windows\system32. (learned that from here, a good resource.)

LDAP is now running on my server via PHP. I'm now getting "No corresponding user info", which is way better than "LDAP extension not loaded". Now I just need to figure out which tables/fields in the database to populate with my user info.

7
Carnifex
Re: Xoops Authentication system (LDAP)
  • 2005/11/9 16:10

  • Carnifex

  • Just popping in

  • Posts: 11

  • Since: 2005/10/4


Got this working, with only a few glitches

I need to manually create the accounts for the user in xoops, with a 'dummy' PW. When the user logs in using their AD credentials it works fine. That bit is excellent.

However, my usernames contain a period - firstname.lastname, and XOOPS won't allow those usernames. What I've been forced to do is create the account with just the firstname, then go into MySQL and manually change the loginname field to firstname.lastname. That seems to work. I'm planning on doing a large 'insert' on the tables manually to create the users so that's not a huge deal for me.

But now... after making the changes, I am getting php errors all over the place:

Fatal errorOnly variables can be passed by reference in C:Program FilesApache GroupApache2htdocsdspportalmodulessmartsectionincludecommon.php on line 31


For example. that bit of code is:

// Creating the SmartModule object
$smartModule =& ss_getModuleInfo();
$myts MyTextSanitizer::getInstance();
$smartsection_moduleName $myts->displayTarea($smartModule->getVar('name'));


not sure where to go with that.

8
Carnifex
Re: Xoops Authentication system (LDAP)
  • 2005/11/9 16:57

  • Carnifex

  • Just popping in

  • Posts: 11

  • Since: 2005/10/4


Trying to work through this, in case it comes up for others: Warning to others - I'm not a coder, so I'm more or less poking until it works: I used the example in this thread for guidance.

Line 31 in common.php read:
$smartsection_moduleName $myts->displayTarea($smartModule->getVar('name'));


I have broken that into 2 lines, now 31 and 32:
$smartsection_moduleName $smartModule->getVar('name');
$smartsection_moduleName $myts->displayTarea($smartsection_moduleName);


And that has corrected the error I was having.

9
pemen
Re: Xoops Authentication system (LDAP)
  • 2005/11/9 17:14

  • pemen

  • Not too shy to talk

  • Posts: 186

  • Since: 2002/7/8 7


Quote:
I need to manually create the accounts for the user in xoops, with a 'dummy' PW. When the user logs in using their AD credentials it works fine. That bit is excellent.


In your case, it's your AD that is your authentification system and valid the credentials.
After that, the XOOPS Auth system just load the XOOPS User account with the login enter in the login form.

So if your login is foouser , the XOOPS Auth system tries to verify the foouser/pw in AD and after that load the XOOPS user identify by the uname : foouser
In this case the AD password can be different from the XOOPS USer but it's better to be the same !

Quote:
However, my usernames contain a period - firstname.lastname, and XOOPS won't allow those usernames. What I've been forced to do is create the account with just the firstname, then go into MySQL and manually change the loginname field to firstname.lastname. That seems to work.


I've never test this case. Can I have more details about your AD login : period - firstname.lastname ??

Quote:
I'm planning on doing a large 'insert' on the tables manually to create the users so that's not a huge deal for me.


The synchronisation system for the next version.
Identity management, LDAP, Workflow and more
XoopsPro

10
Carnifex
Re: Xoops Authentication system (LDAP)
  • 2005/11/9 18:44

  • Carnifex

  • Just popping in

  • Posts: 11

  • Since: 2005/10/4


Quote:

pemen wrote:
I've never test this case. Can I have more details about your AD login : period - firstname.lastname ??


The way we set our users up in AD, their logon name is firstname.last name, so for example a user's logon might be thomas.smith, with their email address as thomas.smith@mycompany.com I'm using the LDAP attribute 'mailNickname' as suggested elsewhere.

I am having a problem with that now - I can create users manually, and have them login with their AD credentials, but if they try to edit their profile, it errors with "invalid username". I don't think has anything to do with this mod, but rather a function of XOOPS in general, not allowing the '.' character in the username. I'm trying to figure out where that restriction is now.


Quote:

pemen wrote:
The synchronisation system for the next version.

Any idea how long before that might be ready?

Login

Who's Online

367 user(s) are online (251 user(s) are browsing Support Forums)


Members: 0


Guests: 367


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits