Author Topic: LDAP Authentication in fengoffice 2.0beta2  (Read 4376 times)

mmccarn

  • Freshman
  • *
  • Posts: 33
    • View Profile
LDAP Authentication in fengoffice 2.0beta2
« on: November 02, 2011, 09:38:24 am »
Attempting to use LDAP authentication in fengoffice 2.0beta 2 generates the following error in my system's '/var/log/messages':
Code: [Select]
PHP Fatal error:  Call to undefined method Contact::isValidPasswordLdap() in <FENGROOT>/application/controllers/AccessController.class.php on line 115
To fix this, I added the 'isValidPasswordLdap' function from the ldap 1.6.2 patch into <FENGROOT>/application/models/contacts/Contact.class.php, which eliminated the above error.

That is, after applying the patch described below, I can authenticate pre-created users against an LDAP server as defined in <FENGROOT>/config/ldap.config.php.

Code: [Select]
diff -u application/models/contacts/Contact.class.php.2.0beta2 application/models/contacts/Contact.class.php produces the following output:
Code: [Select]
--- application/models/contacts/Contact.class.php.2.0beta2      2011-11-02 08:18:45.000000000 -0400
+++ application/models/contacts/Contact.class.php       2011-11-02 08:22:11.000000000 -0400
@@ -461,6 +461,44 @@
                return sha1 ( $this->getSalt () . $check_password ) == $this->getToken ();
        } // isValidPassword

+        /**
+         * Check if $check_password is valid LDAP user password
+         *
+         * @param string $check_password
+         * @return boolean
+         */
+        function isValidPasswordLdap($user, $password, $config) {
+
+                // Connecting using the configuration:
+                require_once "Net/LDAP2.php";
+
+                $ldap = Net_LDAP2::connect($config);
+
+                // Testing for connection error
+                if (PEAR::isError($ldap)) {
+                    return false;
+                }
+                $filter = Net_LDAP2_Filter::create($config['uid'], 'equals', $user);
+                $search = $ldap->search(null, $filter, null);
+
+                if (Net_LDAP2::isError($search)) {
+                    return false;
+                }
+
+                if ($search->count() != 1) {
+                    return false;
+                }
+
+                // User exists so we may rebind to authenticate the password
+                $entries = $search->entries();
+                $bind_result = $ldap->bind( $entries[0]->dn(), $password);
+
+                if (PEAR::isError($bind_result)) {
+                        return false;
+                }
+                return true;
+        } // isValidPasswordLdap
+

        /**
         * Check if $twisted_token is valid for this user account

franponce87

  • Administrator
  • Hero Member
  • *****
  • Posts: 1819
    • View Profile
    • Email
Re: LDAP Authentication in fengoffice 2.0beta2
« Reply #1 on: November 04, 2011, 08:31:57 am »
Thanks for your input!

Best regards,
Francisco
Would you like to install Feng Office Professional or Enterprise Edition in your servers? No problem! Read this article!

CheezItMan

  • Freshman
  • *
  • Posts: 11
    • View Profile
    • Email
Re: LDAP Authentication in fengoffice 2.0beta2
« Reply #2 on: November 19, 2011, 06:44:46 am »
Any way to create users when they login the first time?

 

anything