LDAP authentication - I created!

[snake-bis]

Ho, and to add the Email adress imported from LDAP to the profile :

Code: Select all

// ---------------- Start of LDAP authentication code ----------------
        $auth_type="ldap"; // Possible values: ldap | mysql
        $ldap_server="XX.XX.XX.XX";
        $base_dn="DC=domain, DC=local";
      $root_dn="domain\ldap";
      $pass_dn="password";

        if ($auth_type == "ldap"){
                if($connect=@ldap_connect($ldap_server)){ // if connected to ldap server
                        ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3);
                  ldap_set_option($connect, LDAP_OPT_REFERRALS,0);
                        // bind to ldap connection
                        if(($bind=@ldap_bind($connect , $root_dn, $pass_dn)) == false){
                                print "bind:__FAILED__<br>\n";
                                return false;
                        }

                        // search for user
                  if (($res_id = ldap_search( $connect, $base_dn, "samaccountname=$user")) == false) {
                                print "failure: search in LDAP-tree failed<br>";
                                return false;
                        }

                        // verify if there is only one entry of this user:
                        if (ldap_count_entries($connect, $res_id) > 1) {
                                print "failure: user $user found more than once<br>\n";
                                return false;
                        }
                        elseif (ldap_count_entries($connect, $res_id) == 1){
                        //print "pllllll";
                        //return false;
                                if (( $entry_id = ldap_first_entry($connect, $res_id))== false) {
                                        print "failur: entry of searchresult couln't be fetched<br>\n";
                                        return false;
                                }

                                if (( $user_dn = ldap_get_dn($connect, $entry_id)) == false) {
                                        print "failure: user-dn coulnd't be fetched<br>\n";
                                        return false;
                                }

                                /* Authentifizierung des User */
                                if (($link_id = ldap_bind($connect, $user_dn, $pass)) == false) {
                                        print "failure: username, password didn't match: $user_dn<br>\n";
                                        return false;
                                }

                                // verify if user is already registered at database:
                                $sel0 = mysql_query("SELECT ID,pass FROM user WHERE name = '$user'");
                                $chk = mysql_fetch_array($sel0);

                                // if user already exists, just keep the password updated:
                                if ($chk["ID"] != "")
                                {
                                        if ($chk["pass"] != $pass)
                                        {
                                                $this->admin_editpass($chk["ID"], $pass, $pass);
                                        }
                                }
                                // if user isn't registered at database yet, add the user right now:
                                else
                                {
                              $filter = "(|(samaccountname=$user))";
                              $LDAPattributes = array("sn","givenname","mail");
                              $sr = ldap_search($connect, $base_dn, $filter, $LDAPattributes);
                              $entry = ldap_get_entries($connect, $sr);
                              //$entry[0]["mail"][0]
                                        $newid = $this->add($user, $entry[0]["mail"][0], 0, $pass, /*$admin*/1, /*$sysloc*/"");
                                }
                                unset($chk);
                                // Now the database is updated the system can try the normal database auth
                        }
                        @ldap_close($connect);
                }
        }
        // ---------------- End of LDAP authentication code ------------------


[snake-bis]

it is not included

[alissaknight]

Guys,

I have tried all the code examples and most recently, snake-bis. The error message I'm getting is:

"Fatal error: Call to undefined function ldap_connect()"



Alissa

[alissaknight]

WORKING!!! If you get this error message it's because you do not have php5-ldap module installed. On ubuntu, simply install it by:

# sudo apt-get install php5-ldap

[bunny1985]

hi. It looks like i am writing to much ( I always said that forum is for reading , not for writing)
, but i have to say few words in ldap authentication

I use adldap for this with my own implementation, and it was not very dificult to deal with this, but:
it is important that you should always use ldaps - secured instead of clean ldap
for this to work you need ldap.conf configured ,certificates imported and port selected;


Why is it so important? becouse if you use ldap to authenticate, your password is sent as plain text. Anybody with a sniffer can see it.
Just remember that.

[Eric]

LDAP authentication works with collabtive 1.0 ?

(it's very important for me)

[Eva]

No, it is not implemented in Collabtive 1.0.

[Eric]

No, it is not implemented in Collabtive 1.0.

very, very bad news !!

(I'm ready to pay for this fonctionnality !)

does the patch from snake-bis work with the new version ?

[Eric]

after testing, this patch for ldap authentication doesn't work.

I can't use collabtive without ldap authentication....

could you make a module ? I'm ready to pay for this module...

can i have an answer about that ?

@snake-bis could you upgrade your patch ?


thx !

[Eva]

Dear Eric,

please contact us via e-mail, so we can talk about this as a custom modification: collabtive@o-dyn.de
Thank you!

Eva