Ticket #277 (new defect)

Opened 9 months ago

Last modified 8 months ago

Multiple LDAP authentication

Reported by: garrettn Assigned to: nobody
Priority: low Milestone:
Component: core Version: 0.9.0
Severity: minor Keywords: authentication
Cc: Patch Included: 0
Review Stage: tobeverified

Description

Two things:

First, documentation for /auth/multiple should be updated so that the auth.ini file is like the following:

ldap_search_attr[] = sn

ldap_search_attr[] = givenname

ldap_search_attr[] = mail

I initially went

ldap_search_attr[] = sn,givenname,mail

which didn't load them into an array as it should've.

I also added two new properties

ldap_bind_as_user = true

ldap_bind_as_user_usernamedomain = "@cgustudent.cgu.edu"

and the code in auth/ldap/lib.php so that it can try logging into ldap as the current user instead of having hardcoded information. lib.php is attached, with my modified sections clearly marked (lines 78-87, 234-239)

Attachments

lib.php (9.1 kB) - added by garrettn on 01/19/08 21:22:00.
.htaccess (30 bytes) - added by garrettn on 01/19/08 21:23:40.
Also, we might as well put htaccess file in multiple to avoid exposing auth.ini

Change History

01/19/08 21:22:00 changed by garrettn

  • attachment lib.php added.

01/19/08 21:23:40 changed by garrettn

  • attachment .htaccess added.

Also, we might as well put htaccess file in multiple to avoid exposing auth.ini

01/20/08 03:02:02 changed by garrettn

As per following 21:23:40, it's nice to put the htaccess file in the auth/multiple folder -- just easier for the user.

Also, I found another issue with Windows2003 domains with certain settings. Adding the line

// Required with Windows2003 Server Domains, //Hasn't caused any issues with 2000 networks. @ldap_set_option($DS, LDAP_OPT_REFERRALS, 0);

on line 61 after @ldap_set_option in function ldap_init_connection in auth/ldap/lib.php

fixed the issue.

01/24/08 08:24:34 changed by misja

  • haspatch changed.
  • review_stage set to review.

First of all I think the ini file should be stored outside of the auth directory, hence the full path you have to provide to that file. Second, ldap_search_attr is an associative array, I don't think you have configured it properly? As for the Windows2003 setting, it would be good to have such an addition but should get tested with other LDAP servers to see if it doesn't break anything.

02/05/08 08:52:39 changed by misja

  • review_stage changed from review to tobeverified.

Setting review state to tobeverified, Nathan's suggested changes need testing esp. against Windows LDAP.

02/15/08 08:28:12 changed by misja

  • milestone deleted.

Dropping milestone, this needs to get verified first.