Ldap Authentication patch

[Hitman]

Hi
we are currenty looking for a project life opengoo and this software seems promising, but we will need ldap support and i am not sure how this "patch" works.
Does it import users from my LDAP Server to the opengoo Database or will i have to create / import each user? Can i map groups from the LDAP Server to groups in OpenGoo?
If this is possible i can start evaluating the whole thing.

I'm not the one who has written the patch and I'm not good enough in PHP to fully understand the code but I can explain what I've seen so far by using the software:

- You need to create a user locally in OpenGoo for each user in LDAP you will want to use with the same username as in LDAP. When you login, during the authentication phase, the patch will look for the specified username in the LDAP tree. If found, it will verify the password provided with the one in LDAP. If not found, it will check in the local OpenGoo user DB.

- As far as LDAP groups go, I don't think you can limit access to specific groups. Again, I might be wrong. The author of the patch might be able to give you better answers about this.

[allenlook]

Does LDAP also imply it works with Active Directory?

[Hitman]

It should, but I've never tried it.

[allenlook]

I guess it never made it to the plugin directory?

[thevenin]

Hello

Is there a new patch for fengoffice 1.6.2 ?

Thank you

[StAn666]

Applied the patch to feng office 1.6.2, have fun 

[markc]

Remember if you need to use local users in addition to ldap users modify ./application/controllers/AccessController.class.php to look like this:

Code: [Select]

    $userIsValidPassword = $user->isValidPasswordLdap($username, $password, $config_ldap);
                        if (!$userIsValidPassword) {
                          $userIsValidPassword = $user->isValidPassword($password);
                        }
                        } else {
                          $userIsValidPassword = $user->isValidPassword($password);
                        }
Source-> http://forums.fengoffice.com/index.php?topic=2821.0 <- post. The other patch there is something about fixing a typo in the search functions but I don't use that part and have never had a problem.

Also, since I've never seen it mentioned elsewhere...if you're trying to use the 1.5 ldap patch on 1.6.1 and have trouble, you may need to put function hasMailAccounts() and function hasEmailAccounts() back into ../application/models/users/User.class.php after applying the 1.5 ldap patch. As far as I can tell they were new in 1.6.1 and so (of course) are missing from the 1.5 version of the ldap patch.

[inlypjp]

Just to share here - we've been prototyping Feng Office/OpenGoo for use internally here, but we really wanted the LDAP authentication without having to pre-create the users.  So, with a little php legwork, we got it to work.

Here's the patch (which is applied after the other LDAP patch(es) are applied).

Hope it works out for you.  Our user base can now login without having to be pre-created (from Feng's perspective).

[mmccarn]

Thanks! This worked perfectly for me on Feng Office 1.7.3.1.

Here's what I did:
- download the patch supplied by inlypjp (I had to create an account and login to the forum in order to "see" the download link for the patch).
- identify the files modified by the patch using grep \+\+\+ ldap-patch-3.diff
- Open a command prompt and change to the ROOT folder for Feng Office
- backup the affected files:

Code: [Select]

cp ./application/models/users/User.class.php ./application/models/users/User.class.php.org
cp ./application/controllers/AccessController.class.php ./application/controllers/AccessController.class.php.org- Apply the patch using  

Code: [Select]

patch -p1 < ldap-patch-3.diff
My Feng Office is running on SME Server v8b6 (CentOS v5.5)
My "LDAP" is really "Active Directory" (the patch looks like it's using Active Directory values when populating 'full name' and 'email address').

Active Directory users are now created automatically at first login.  Each user has:
- email address filled from AD
- Full Name filled from AD
- personal workspace created in Feng Office
- random password (which is never used) stored in Feng database.
- the 'owner company' assigned as his/her Company.


Now I just need to get them added to some sort of "Authorized Users" group with default Read only access to (almost) everything, and I'll be all set!

[mmccarn]

This patch no longer works for me after upgrading to 1.7.4, even thought the two files modified by this patch have not changed since 1.7.3.1.

I can still login using LDAP as long as I pre-create the user with a random password.

[efrakt]

I just used this to patch my fresh 1.7.4 install and it worked perfectly 

Thanks a bunch inlypjp!!!