Revision history for LDAPauthentication


Revision [23370]

Last edited on 2016-05-20 07:38:47 by DomBonj [Replaces old-style internal links with new pipe-split links.]
Additions:
- Make sure PHP is compiled with [[http://php.net/manual/en/ref.ldap.php | LDAP support]]
Deletions:
- Make sure PHP is compiled with [[http://php.net/manual/en/ref.ldap.php LDAP support]]


Revision [20101]

Edited on 2008-06-28 06:49:29 by DomBonj [1.1.6.5 compatibility]
Additions:
- Wikka 1.1.6.3 & 1.1.6.4 & 1.1.6.5
1. In ##actions/usersettings.php##, go to line 82 [version 1.1.6.3 only] or 100 [versions 1.1.6.4 & 1.1.6.5 only] and replace the following code block:
2. Go to line 389 [version 1.1.6.3 only] or 417 [versions 1.1.6.4 & 1.1.6.5 only] and replace the following code block:
Deletions:
- Wikka 1.1.6.3 & 1.1.6.4
1. In ##actions/usersettings.php##, go to line 82 [version 1.1.6.3 only] or 100 [version 1.1.6.4 only] and replace the following code block:
2. Go to line 389 [version 1.1.6.3 only] or 417 [version 1.1.6.4 only] and replace the following code block:


Revision [20014]

Edited on 2008-06-07 17:10:57 by DomBonj [1.1.6.4 compatibility]
Additions:
- Documentation: LDAPauthenticationInfo
- Wikka 1.1.6.3 & 1.1.6.4
- Add the two code blocks below to ##actions/usersettings.php##
- Add the three lines below to ##wikka.config.php##
- Make sure PHP is compiled with [[http://php.net/manual/en/ref.ldap.php LDAP support]]
1. In ##actions/usersettings.php##, go to line 82 [version 1.1.6.3 only] or 100 [version 1.1.6.4 only] and replace the following code block:
%%(php)
%%(php)
return strtolower($name);
$success = false;
if ($ldapconn = ldap_connect($LDAPserver))
// put here any LDAP option you may want to set
//ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
if ($result = ldap_bind($ldapconn, sprintf($LDAPreq, LDAP_wikiname_to_login($login)), $pwd))
$success = true;
ldap_close($ldapconn);
return $success;
2. Go to line 389 [version 1.1.6.3 only] or 417 [version 1.1.6.4 only] and replace the following code block:
%%(php)
case (strlen($_POST['password']) == 0):
$error = ERROR_EMPTY_PASSWORD;
$password_highlight = INPUT_ERROR_STYLE;
break;
case (md5($_POST['password']) != $existingUser['password']):
%%(php)
case (strlen($_POST['password']) == 0):
$error = ERROR_EMPTY_PASSWORD;
$password_highlight = INPUT_ERROR_STYLE;
break;
case (isset($this->config['user_identification']) && ($this->config['user_identification']=='ldap') && LDAP_auth($this->config['ldap_server'], $this->config['ldap_name'], $_POST['name'], $_POST['password'])):
// authenticated by the LDAP directory
$this->SetUser($existingUser);
$this->Redirect($url, '');
break;
case (md5($_POST['password']) != $existingUser['password']):
3. Add the following lines (with the appropriate values for the second and third lines) to ##wikka.config.php##:
%%(php)
'user_identification' => 'ldap',
'ldap_server' => 'myldapserver',
'ldap_name' => '%s',
Deletions:
- Documentation: LDAPauthenticationInfo
- Wikka 1.1.6.3
- Add the two code blocks below to ##actions/usersettings.php##
- Add the three lines below to ##wikka.config.php##
- Make sure PHP is compiled with [[http://php.net/manual/en/ref.ldap.php LDAP support]]
1. In ##actions/usersettings.php##, go to line 82 and replace the following code block:
%%(php)
%%
%%(php)
return strtolower($name);
$success = false;
if ($ldapconn = ldap_connect($LDAPserver))
{
// put here any LDAP option you may want to set
//ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
if ($result = ldap_bind($ldapconn, sprintf($LDAPreq, LDAP_wikiname_to_login($login)), $pwd))
{
$success = true;
}
ldap_close($ldapconn);
}
return $success;
2. Go to line 389 and replace the following code block:
%%(php)
case (strlen($_POST['password']) == 0):
$error = ERROR_EMPTY_PASSWORD;
$password_highlight = INPUT_ERROR_STYLE;
break;
case (md5($_POST['password']) != $existingUser['password']):
%%
%%(php)
case (strlen($_POST['password']) == 0):
$error = ERROR_EMPTY_PASSWORD;
$password_highlight = INPUT_ERROR_STYLE;
break;
case (isset($this->config['user_identification']) && ($this->config['user_identification']=='ldap') && LDAP_auth($this->config['ldap_server'], $this->config['ldap_name'], $_POST['name'], $_POST['password'])):
// authenticated by the LDAP directory
$this->SetUser($existingUser);
$this->Redirect($url, '');
break;
case (md5($_POST['password']) != $existingUser['password']):
3. Add the following lines (with the appropriate values for lines 2 and 3) to ##wikka.config.php##:
%%(php)
'user_identification' => 'ldap',
'ldap_server' => 'myldapserver',
'ldap_name' => '%s',
%%


Revision [19390]

Edited on 2008-01-28 00:15:40 by DomBonj [Modified links pointing to docs server]

No Differences

Revision [17677]

Edited on 2007-10-28 09:48:09 by DomBonj [v0.90: first upload]
Additions:
=====LDAPauthentication=====
- Documentation: LDAPauthenticationInfo
==works with:==
- Wikka 1.1.6.3
>>//NOT included in any Wikka version//{{lastedit show="3"}}
This is the development page for the LDAPauthentication extension.
===Installation===
- Add the two code blocks below to ##actions/usersettings.php##
- Add the three lines below to ##wikka.config.php##
- Make sure PHP is compiled with [[http://php.net/manual/en/ref.ldap.php LDAP support]]
=== Code ===
1. In ##actions/usersettings.php##, go to line 82 and replace the following code block:
%%(php)
if (!defined('TEMP_PASSWORD_LABEL')) define('TEMP_PASSWORD_LABEL', "Password reminder:");
//initialize variables
$params = '';
%%
with the following code block:
%%(php)
if (!defined('TEMP_PASSWORD_LABEL')) define('TEMP_PASSWORD_LABEL', "Password reminder:");
function LDAP_wikiname_to_login ($name)
{
return strtolower($name);
}
function LDAP_auth ($LDAPserver, $LDAPreq, $login, $pwd)
{
$success = false;
if ($ldapconn = ldap_connect($LDAPserver))
{
// put here any LDAP option you may want to set
//ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
if ($result = ldap_bind($ldapconn, sprintf($LDAPreq, LDAP_wikiname_to_login($login)), $pwd))
{
$success = true;
}
ldap_close($ldapconn);
}
return $success;
}
//initialize variables
$params = '';
%%
2. Go to line 389 and replace the following code block:
%%(php)
case (strlen($_POST['password']) == 0):
$error = ERROR_EMPTY_PASSWORD;
$password_highlight = INPUT_ERROR_STYLE;
break;
case (md5($_POST['password']) != $existingUser['password']):
%%
with the following code block:
%%(php)
case (strlen($_POST['password']) == 0):
$error = ERROR_EMPTY_PASSWORD;
$password_highlight = INPUT_ERROR_STYLE;
break;
case (isset($this->config['user_identification']) && ($this->config['user_identification']=='ldap') && LDAP_auth($this->config['ldap_server'], $this->config['ldap_name'], $_POST['name'], $_POST['password'])):
// authenticated by the LDAP directory
$this->SetUser($existingUser);
$this->Redirect($url, '');
break;
case (md5($_POST['password']) != $existingUser['password']):
%%
3. Add the following lines (with the appropriate values for lines 2 and 3) to ##wikka.config.php##:
%%(php)
'user_identification' => 'ldap',
'ldap_server' => 'myldapserver',
'ldap_name' => '%s',
%%
CategoryUserContributions
Deletions:
=====LDAPauthentication Documentation=====
//Not included in official Wikka version//
Development: LDAPauthentication>>This is the documentation page for LDAPauthentication.::c::
===Documentation===
==Short description==
Authenticates a user against a LDAP directory.
==Parameters and configuration==
Three configuration parameters have been added to wikka.config.php:
""<table cellspacing="0" cellpadding="2" border="1">
<thead>
<tr><th scope="col">name</th><th scope="col">type</th><th scope="col">required?</th><th scope="col">default</th><th scope="col">description</th></tr>
</thead>
<tbody>
<tr><td>user_identification</td><td>string</td><td>required</td><td>wikka</td><td>Set to 'ldap' to enable LDAP authentication</td></tr>
<tr><td>ldap_server</td><td>string</td><td>required</td><td></td><td>Name or IP address of the LDAP server</td></tr>
<tr><td>ldap_name</td><td>string</td><td>required</td><td></td><td>LDAP Relative Distinguished Name (RDN) to use in the bind() operation. Its value depends on your directory's structure</td></tr>
</tbody>
</table>""
==Long description==
With this extension, it is possible to add to the built-in authentication of WikkaWiki an alternative authentication method: the lookup of the user's credentials (login/password) into a LDAP-compliant directory. The main benefit is that it is not necessary for users to remember a specific password in order to log into the wiki.
===Notes===
~- If the LDAP authentication fails, there is a fallback to the standard built-in authentication. Therefore, LDAP-authenticated and wiki-authenticated users can coexist
~- To accomodate differences in naming schemes between the wiki and the LDAP directory, one can modify the function LDAP_wikiname_to_login() which defines an algorithmical mapping between the two types of identifiers (i.e. it translates a wiki name into a LDAP user name)
~~- its default version simply turns the WikiName into lowercase
~- Users still need to sign-up into the wiki and to define their settings (in other words, the full set of user settings is not obtained from the LDAP directory)
~~- this is a bit clumsy, but it avoids changing the data model and the native authentication scheme
~- To turn off the feature and go back to the native authentication scheme, set ##"user_identification" => "wikka"## in wikka.config.php
~- In an Active Directory environment, it seems a good value for ldap_name is: 'mydomain\\%s' where mydomain is the Windows server domain name
~- A main difference with the existing ActiveDirectory extension is that the latter authenticates the user's computer, and not the user herself, and requires to configure manually the association between WikiName and LDAP user name
===To-do, bugs and limitations===
~- To-do: test code with [[http://www.openldap.org OpenLDAP]] (was only tested against Active Directory on Windows 2003)
~- Limitation: communication between the web server and the LDAP host is not encrypted and passwords are sent in clear text. This is a potential security breach.
==Author==
DomBonj
CategoryDocumentation


Revision [17674]

The oldest known version of this page was created on 2007-10-28 09:44:32 by DomBonj [v0.90: first upload]
Valid XHTML :: Valid CSS: :: Powered by WikkaWiki