bgame-hunter / cpassman

Automatically exported from code.google.com/p/cpassman
0 stars 0 forks source link

LDAP auth with OpenLDAP parameters? #272

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. .
2. .
3. .

What is the expected output? What do you see instead?
We will use user from our ldap server in cpassman

What version of the product are you using?
1.82

Please provide any additional information below.
I think adLDAP is only for a Active Directory or? Or can i use it with usually 
OpenLDAP parameters. Second question: Where do I configure the LDAP 
authentication. In the file adLDAP.php or in the LDAP settings webinterface. 

Original issue reported on code.google.com by bennywil...@googlemail.com on 13 Jun 2012 at 6:40

GoogleCodeExporter commented 8 years ago
I'm using a release from earlier this year at home (version 2.1.5, git commit 
#65f316708fbc19d225a8e10ffeace3afca31c3c5) and had to hack up main.queries.php 
to get it to talk to Openldap.  I can't seem to use the current master version 
or the most recently modified 2.1.8 version as neither seem to correctly 
initialize the mysql database tables (database created, user grants, 
install.php bombs on step #4).

This is the 1 line fast hack I did to get it working with the older commit:

    if ($adldap -> authenticate($username,$password_clear)){
    if ($adldap -> authenticate("uid=$username,",$password_clear)){

Then in the web ui set...

LDAP account suffix for your domain: ou=People,dc=domain,dc=com

LDAP base dn for your domain: dc=domain,dc=com

LDAP array of domain controllers: localhost

I had TLS/SSL disabled for this particular test, but they should be usable if 
your ldap.conf is setup correctly.

Original comment by technoe...@gmail.com on 26 Jul 2012 at 5:01

GoogleCodeExporter commented 8 years ago
To login using UID, I have add a search before in the bind.

In the file includes/libraries/adLDAP/adLDAP.php in the authenticate function 
add:

//Search the user
$this->_filter = "(|(uid=" . $username . "))";
$this->_result = 
@ldap_search($this->_conn,$this->_account_suffix,$this->_filter) or die 
("Search error.");
$this->_entries = @ldap_get_entries($this->_conn, $this->_result);
$this->_binddn = $this->_entries[0]["dn"];

// Bind as the user
$this->_bind = @ldap_bind($this->_conn,$this->_binddn,$password);

After that in the web interface:

LDAP account suffix for your domain: ou=people,dc=domain,dc=com
LDAP base dn for your domain: dc=domain,dc=com
LDAP array of domain controllers: IP_to_LDAPSERVER

NOTE: You can change the filter to allow as well mail authentication, for 
example: $filter = "(|(uid=" . $username . ")" . "(mail=" . $username ."@\*))";

Original comment by josedes...@gmail.com on 23 Oct 2012 at 9:19

GoogleCodeExporter commented 8 years ago
For Version 1.0 Try try the following:

         //OpenLDAP?
-        if($this->openLDAP == true) { $this->ldapBind = 
@ldap_bind($this->ldapConnection, "uid=".$username . $this->accountSuffix, 
$password); }
+        if($this->openLDAP == true) { 
+      //$this->ldapBind = @ldap_bind($this->ldapConnection, "uid=".$username . 
$this->accountSuffix, $password); 
+       
+      // By A. Koros: Commented out the above line and added section below to 
allow uid search
+           
////////////////////////////////////////////////////////////////////////////////
////////
+
+      // Atempt to bind anonymously first
+      $this->ldapBind = @ldap_bind($this->ldapConnection, NULL, NULL); 
+
+      //Search the user's dn using the supplied username as the uid
+      $this->filter = "(&(objectClass=*)(uid=" . $username . "))";
+      $this->result = 
@ldap_search($this->ldapConnection,$this->baseDn,$this->filter) or die ("Search 
error.");
+
+      $this->entries = @ldap_get_entries($this->ldapConnection, $this->result);
+      $ldapBindDn = $this->entries[0]["dn"];
+      //echo $ldapBindDn;
+
+      // Bind as the user
+      $this->ldapBind = @ldap_bind($this->ldapConnection,$ldapBindDn,$password);
+      
+      // End of Koros Additions
+      ///////////////////////////
+   }
         else                       { $this->ldapBind = @ldap_bind($this->ldapConnection, $username . $this->accountSuffix, $password); }

         if (!$this->ldapBind){ 
             $ret = false; 
         }

Original comment by andko...@gmail.com on 10 Jul 2014 at 9:01