search

WWBN / AVideo

Create Your Own Broadcast Network With AVideo Platform Open-Source. OAVP OVP
https://avideo.tube/AVideo_OpenSource
Other
1.86k stars 966 forks source link

LDAP Auth #8931

Open jrgray99 opened 3 months ago

jrgray99 commented 3 months ago

Currently, I can only login via LDAP with a user's CN (John Doe). For me this is different than what we would call the username (e.g. jdoe). This will completely confuse my users. Also, I have users in multiple OUs that need to login instead of just the one.

It would be very helpful if LDAP auth could do a couple things differently to allow more flexibility.

  1. Bind with a set user (FQDN) rather than the user attempting to login to AVideo.
  2. Perform an LDAP search instead of looking in a specific OU.
  3. Use a different attribute than CN, such as sAMAccountName.

Here is some sample code I am using on another app to do these things.

if(isset($_POST['username']) && isset($_POST['password'])){

    $adServer = "ldap://ldap.example.com";

    $ldap = ldap_connect($adServer);
    $username = $_POST['username'];
    $password = $_POST['password'];

    $ldaprdn = 'example' . "\\" . $username;

    ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
    ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);

    $bind = @ldap_bind($ldap, $ldaprdn, $password);

    if ($bind) {
        $filter="(sAMAccountName=$username)";
        $result = ldap_search($ldap,"dc=EXAMPLE,dc=COM",$filter);
        ldap_sort($ldap,$result,"sn");
        $info = ldap_get_entries($ldap, $result);
        for ($i=0; $i<$info["count"]; $i++)
        {
            if($info['count'] > 1)
                break;
            echo "<p>authentication successful</p>\n";
            $_SESSION['loggedin'] = true;
            print_r ($_SESSION);
            header('Location: index.php');
        }
        @ldap_close($ldap);
    } else {
        echo '<p>Invalid username or password. Click <a href="login.php">here</a> to try again.<p>';
    }

While this is somewhat Active Directory centric, I believe is can still work with multiple LDAP providers.

I am not really a coder, but would be happy to help any way I can. BTW, thanks for a great application.

DanielnetoDotCom commented 3 months ago

try to add this

RND = example\{$user}

this 'example' I guess is something else

jrgray99 commented 3 months ago

That's so funny. I thought I had tried that before but apparently I didn't have it set up correctly. Anyway, it worked. Sorry for not exhausting my options before reaching out. Thank you!