1
Feng Office 2 / LDAP Authentication in fengoffice 2.0beta2
« on: November 02, 2011, 09:38:24 am »
Attempting to use LDAP authentication in fengoffice 2.0beta 2 generates the following error in my system's '/var/log/messages':
To fix this, I added the 'isValidPasswordLdap' function from the ldap 1.6.2 patch into <FENGROOT>/application/models/contacts/Contact.class.php, which eliminated the above error.
That is, after applying the patch described below, I can authenticate pre-created users against an LDAP server as defined in <FENGROOT>/config/ldap.config.php.
Code: [Select]
PHP Fatal error: Call to undefined method Contact::isValidPasswordLdap() in <FENGROOT>/application/controllers/AccessController.class.php on line 115
To fix this, I added the 'isValidPasswordLdap' function from the ldap 1.6.2 patch into <FENGROOT>/application/models/contacts/Contact.class.php, which eliminated the above error.
That is, after applying the patch described below, I can authenticate pre-created users against an LDAP server as defined in <FENGROOT>/config/ldap.config.php.
Code: [Select]
diff -u application/models/contacts/Contact.class.php.2.0beta2 application/models/contacts/Contact.class.php
produces the following output:Code: [Select]
--- application/models/contacts/Contact.class.php.2.0beta2 2011-11-02 08:18:45.000000000 -0400
+++ application/models/contacts/Contact.class.php 2011-11-02 08:22:11.000000000 -0400
@@ -461,6 +461,44 @@
return sha1 ( $this->getSalt () . $check_password ) == $this->getToken ();
} // isValidPassword
+ /**
+ * Check if $check_password is valid LDAP user password
+ *
+ * @param string $check_password
+ * @return boolean
+ */
+ function isValidPasswordLdap($user, $password, $config) {
+
+ // Connecting using the configuration:
+ require_once "Net/LDAP2.php";
+
+ $ldap = Net_LDAP2::connect($config);
+
+ // Testing for connection error
+ if (PEAR::isError($ldap)) {
+ return false;
+ }
+ $filter = Net_LDAP2_Filter::create($config['uid'], 'equals', $user);
+ $search = $ldap->search(null, $filter, null);
+
+ if (Net_LDAP2::isError($search)) {
+ return false;
+ }
+
+ if ($search->count() != 1) {
+ return false;
+ }
+
+ // User exists so we may rebind to authenticate the password
+ $entries = $search->entries();
+ $bind_result = $ldap->bind( $entries[0]->dn(), $password);
+
+ if (PEAR::isError($bind_result)) {
+ return false;
+ }
+ return true;
+ } // isValidPasswordLdap
+
/**
* Check if $twisted_token is valid for this user account