server icon indicating copy to clipboard operation
server copied to clipboard

Published 20 hours ago verified publisher icon hashtopolis

Adding LDAP authentication

Open dru1d-foofus opened this issue 4 years ago • 4 comments

Potentially Fixes #316

I have been working to add LDAP authentication functionality for our particular environment and noticed there was an outstanding issue/feature request from 2018. We use starttls here and that might not be required for every LDAP configuration; however, I didn't have time to really expand upon those edge cases.

There have also been changes made to the UserAPI for enabling and disabling LDAP. I updated the .tex files, but didn't not generate new .pdfs or anything.

I'm not the most skilled developer and there will probably be bugs/better ways to accomplish the task, but I'm hoping this will help get the ball rolling.

dru1d-foofus avatar Aug 21 '20 21:08 dru1d-foofus

I review the code and I managed to get it to work. So thanks for your contribution! Like you described, it has some limitations. First of, when you want to use this module you need to install the php-ldap library. This should be mentioned somewhere.

Second, I guess you have been working with a ldap server that allows for 'username@domain' bind. This is mostly common for I guess a windows AD environment.

To make the code work with other LDAP servers the line: $ldapbind = @ldap_bind($ldap_conn, $username."@".$domain, $password);

should be changed to:

$ldapbind = @ldap_bind($ldap_conn, "cn=".$username.",".$base_dn, $password);

Where 'domain' will be changed to 'Base DN' An example: 'dc=example, dc=org'

this will make the code compatible with both active directory as well as with a linux ldap server.

Also an inclusion of an simple checkbox to check to either disable or enable TLS would be a minor change but a big plus.

So I would prefer some minor changes before we accept this pull request

  1. Doc update to show that additional php library is required
  2. make small change to make code work with non-ad ldap servers
  3. add options to support disabling TLS

zyronix avatar Dec 20 '20 11:12 zyronix

Any chance we can get this merged and a new release put out?? :) pretty please

gentoo9ball avatar Jul 14 '21 17:07 gentoo9ball

My apologies! I didn't mean to drop this on your doorstep and bail. I have had other work commitments that took me in a different direction and I really don't have the bandwidth to finish what I started here.

I just wanted to to share a partial solution for an on-going feature request in hopes that it could help aid in development.

dru1d-foofus avatar Jul 23 '21 20:07 dru1d-foofus

@gentoo9ball Could you test the branch of @dru1d-foofus? This help me to determine if the code is ready.

zyronix avatar Aug 26 '21 19:08 zyronix