Revision history for ActiveDirectory


Revision [19002]

Last edited on 2008-01-28 00:13:29 by AndreasHeintze [Modified links pointing to docs server]

No Differences

Revision [15812]

Edited on 2006-12-19 02:12:55 by AndreasHeintze [Modified links pointing to docs server]
Additions:
Shouldn't it be Wakka.class.php now??? /AndreasHeintze


Revision [11263]

Edited on 2005-10-05 14:08:54 by JulianElve [Added note on change to GetUserName needed to make this work in my intranet]
Additions:
~~&I found that in my intranet environment I needed to modify the function ""GetUserName()"" in wikka.php to use the AUTH_USER server variable:
~~&%%(php)
function GetUserName() {
if ($user = $this->GetUser())
$name = $user["name"];
// start of new code
else if (!$name = $_SERVER["AUTH_USER"])
$name = $_SERVER["AUTH_USER"];
//end of new code
else if (!$name = gethostbyaddr($_SERVER["REMOTE_ADDR"]))
$name = $_SERVER["REMOTE_ADDR"];
return $name;
}
~~&--JulianElve


Revision [6246]

Edited on 2005-02-22 13:33:27 by ChristianBarthelemy [Still far from being finished...]
Additions:
So here is a quick and dirty solution that works but still as a prototype and it is only checking the computer name for now.
===Prerequisites===
You must allow php_ldap
First, the users have to be somehow created (I would expect this do be done through a batch import of an ActiveDirectory). To test it quickly, simply fill the alias field with your computer name alias and its done. You will not have to sign again and the system will recognise your machine.
Identify the ActiveDirectory ID of the user (not only the computer).
Deletions:
So here is a quick and dirty solution that works but still as a prototype.
First, the users have to be somehow created (I would expect this do be done through a batch import of an ActiveDirectory). To test it quickly, simply fill the alias field with your ActiveDirectory alias and its done. You will not have to sign again and the system will recognise you.


Revision [6242]

Edited on 2005-02-22 10:43:27 by NilsLindenberg [code change + comment]
Additions:
if (($this->config["user_identification"]=="active_directory") && (!$this->GetUser()))
{
~&Christian, I changed
~&%%(php)
if (($this->config["user_identification"]="active_directory") && (!$this->GetUser()))
%% to
~&%%(php)
if (($this->config["user_identification"]=="active_directory") && (!$this->GetUser()))%%
~&--NilsLindenberg
Deletions:
if (($this->config["user_identification"]="active_directory") && (!$this->GetUser())) {


Revision [6170]

Edited on 2005-02-18 22:09:25 by ChristianBarthelemy [Good proposal Nils: it's done]
Additions:
if (($this->config["user_identification"]="active_directory") && (!$this->GetUser())) {
Deletions:
if (($this->config["active_directory"]) && (!$this->GetUser())) {


Revision [6169]

Edited on 2005-02-18 22:06:44 by ChristianBarthelemy [Good recommendation Nils: I did it]
Additions:
ALTER TABLE `wikka_users` ADD `alias` VARCHAR(75) NOT NULL
"user_identification" => "active_directory",
~~~&Truly true - and it is done, good idea --ChristianBarthelemy
The current system of registration will still work for the users out of the ActiveDirectory with no alias in the users database . The capabilities can be set off by putting "user_identification" => "wikka" (default value) in the wikka.config.php.
Deletions:
ALTER TABLE `wikka_users` ADD `alias`...I have no access to my DB right now and cannot remember what I put (alias is similar to the name field);
"active_directory" => "1",
The current system of registration will still work for the users out of the ActiveDirectory with no alias in the users database . The capabilities can be set off by putting "active_directory" => "0" in the wikka.config.php.


Revision [6166]

Edited on 2005-02-18 18:19:30 by JavaWoman [comment about auth method]
Additions:
~~&I agree - LDAP would be another option to add (some time) --JavaWoman


Revision [6163]

Edited on 2005-02-18 18:01:58 by NilsLindenberg [comment about auth method]
Additions:
~&how about an entry like "user_identification" with the values "wikka" and "active_directory"? Would make it easier to add other systems --NilsLindenberg


Revision [6159]

Edited on 2005-02-18 17:57:48 by ChristianBarthelemy [1st draft]
Additions:
Using wikka as an Intranet knowledge management system, I don't want my user to signin in wikka because they already are known since they signed when booting their computer. However, we want to secure some pages through ACLs and we want to keep track of the modifications...
So here is a quick and dirty solution that works but still as a prototype.
Deletions:
Using wikka as an Intranet knowledge management system...


Revision [6158]

Edited on 2005-02-18 17:55:30 by ChristianBarthelemy [1st draft]
Additions:
====Using ActiveDirectory to identify the users====
{{lastedit show="3"}}

Using wikka as an Intranet knowledge management system...

===A solution===

===The code===

1) Add a new field in the users database:

%%(sql)
ALTER TABLE `wikka_users` ADD `alias`...I have no access to my DB right now and cannot remember what I put (alias is similar to the name field);
%%

1) Add the following code in wikka.config.php

%%(php)
"active_directory" => "1",
%%

1) in wikka.php, just after:

%%(php)
// THE BIG EVIL NASTY ONE!
function Run($tag, $method = "")
{
// do our stuff!
if (!$this->method = trim($method)) $this->method = "show";
if (!$this->tag = trim($tag)) $this->Redirect($this->Href("", $this->config["root_page"]));
%%

Add the following code:

%%(php)
// Check if active_directory is on and Active Directory user known
if (($this->config["active_directory"]) && (!$this->GetUser())) {
$idAD = $this->GetUserName();
$sql = "SELECT name"
. " FROM ".$this->config["table_prefix"]."users"
. " WHERE alias = '"
. mysql_real_escape_string($idAD)
. "' limit 1";
$hisname = $this->LoadSingle($sql);
if ($hisname) {
$this->SetUser($this->LoadUser($hisname["name"]));
}
}
%%

===How to use it?===
The current system of registration will still work for the users out of the ActiveDirectory with no alias in the users database . The capabilities can be set off by putting "active_directory" => "0" in the wikka.config.php.
First, the users have to be somehow created (I would expect this do be done through a batch import of an ActiveDirectory). To test it quickly, simply fill the alias field with your ActiveDirectory alias and its done. You will not have to sign again and the system will recognise you.

===To Do===
Deliver a way to feed the users database with an export from an ActiveDirectory (it is easy).

----
CategoryUserContributions
Deletions:
Just a quick entry until I have time to post the code I built this night: found a way to use ActiveDirectory to be used for login and identification. Quick and dirty but anyway will push that either today or tomorrow.


Revision [6138]

The oldest known version of this page was created on 2005-02-18 11:19:04 by ChristianBarthelemy [1st draft]
Valid XHTML :: Valid CSS: :: Powered by WikkaWiki