Jul 05, 2009, 01:26 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
Search via SMF or Google: modx forums all of modxcms.com web
  MODxCMS.com   Forums   Help Login Register  
News:Donate to MODx: Donations
Pages: [1] 2   Go Down
  Print  
Author Topic: [Plugin] LDAP Authentication Plugin  (Read 6443 times)
0 Members and 1 Guest are viewing this topic.
puki1400
Jr. Member
*
Posts: 11


« on: Dec 11, 2006, 04:20 PM »

Hello All...
I've decided to work on an LDAP authentication plugin (why not?).

Anyway, I took the IMAP auth plugin and triend to modify it to work with LDAP, but it's not working. Here's the code:
Code:
/* <?php
 
*  Written bySamuel Gammon
 
*  Based on the IMAP authentication plugin by Adam Crownoble
 
*  Contactsamusweb@gmail.com
 
*  Created12/10/2005
 
*  NameLDAP Authentication
 
*  For: MODX CMS (modxcms.com)
 *  
Code TypePlugin
 
*  DescriptionAuthenticate against an LDAP server
 
*  Configuration: &server=IMAP Server;string;[your ldap server url]
                   &
port=IMAP Port;int;993
                   
&ssl=SSL;list;Yes,No;Yes
                   
&validate_ssl_cert=Validate SSL Certificate;list;Yes,No;Yes
                   
&ldap_user=LDAP Username;string;[YOUR LDAP USER NAME]
                   &
ldap_pass=LDAP Password;string;[YOUR LDAP PASSWORD]
 *  
EventsOnManagerAuthentication and/or OnWebAuthentication
 
*/

/*
                             License

LDAP Authentication - A MODx plugin that allows authentication against an LDAP server
Copyright (C) 2005  Adam Crownoble

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA

*/

// Psuedo Constants
$eventId 0;
//$box = "INBOX";
$eventName $modx->Event->activePlugin;

// Generate flags
//$flags = '/ldap';
//if($ssl == 'Yes') $flags .= '/ssl';
//if($validate_ssl_cert != 'Yes') $flags .= '/novalidate-cert';

// Assume authentication failed
$success false;

// If LDAP extension not installed...
if(!function_exists('ldap_connect')) {

 
// Get the event's
 
if($eventName == 'OnManagerAuthentication') {
  
$eventId 81;
 } elseif(
$eventName == 'OnWebAuthentication') {
  
$eventId 79;
 }

 
// Log an error
 
$modx->logEvent($eventId3'The PHP LDAP extension must be enabled for the IMAP Authentication plugin to work.''IMAP Authentication Plugin');

// If the LDAP extension exists...
} else {

 
// Attempt to open an LDAP connection to the server using the given username and password
 // If the connection fails PHP will throw an error so we use @ to supress it

//--------------LDAP CONNECT START

  
$ldap_connection = @ldap_connect("$server:$port")
if (
$ldap_connection) {
  
$ldap_authenticate ldap_bind($ldap_connection$ldap_user$ldap_pass);
     if (
$ldap_authenticate) {  

  
$dn "cn=$username"//the object itself instead of the top search level as in ldap_search
  
$filter="(objectclass=*)"// this command requires some filter
  
$justthese = array("cn""pass""mail"); //the attributes to pull, which is much more efficient than pulling all attributes if you don't do this
     
$sr=ldap_read($ldap_connection$dn$filter$justthese);
         
$entry ldap_get_entries($ds$sr);

$entry[0]["mail"][0] = $mail_real
$entry
[0]["pass"][0] = $pass_real

if ($password $pass_real) {
 
$sucess true;
}
} else {
$sucess false;
} else {
$error "Could not authenticate to LDAP server to search for username and pass.";
} else {
$error "Could not connect to LDAP server.";
}

ldap_close($ldap_connection);
 

 }

}
if (
$error) {
echo 
$error;
}
// Return the succes boolean
$modx->Event->output($success);


What say the MODx community? I'm REALLY desperate to make this work.

Instead of spitting out an error when I configure it for the wrong server, it authenticates just fine. I'm not sure whether it is authenticating through SQL or LDAP, even in the Audit Trail.

Thanks in advance for help  Grin.

mod note: added code tags.
« Last Edit: Dec 12, 2006, 01:15 PM by puki1400 » Logged
doze
Coding Team
*
Posts: 3,660


....Boom!


« Reply #1 on: Dec 27, 2006, 05:05 AM »

Hello, just noticed this thread, so a little late reply, but looking at your code, shouldn't:

ldap_get_entries($ds, $sr);

be:

ldap_get_entries($ldap_connection, $sr);

and:

$entry[0]["mail"][0] = $mail_real
$entry[0]["pass"][0] = $pass_real

be:

$mail_real = $entry[0]["mail"][0];
$pass_real = $entry[0]["pass"][0];

and then you have that if ($password = $pass_real) conditional there, but I don't see where $password comes from.. so those are wrong atleast, didn't look at the logic yet.
Logged

New MODx wiki! Please help up with documentation efforts! || Old Wiki
puki1400
Jr. Member
*
Posts: 11


« Reply #2 on: Dec 28, 2006, 02:02 PM »

I actually don't know, I have no experience whatsoever in plugin writing.
All I changed from the IMAP plugin (which seemed to work) was the connection string, and the variables (which I thought I replaced  Undecided). I'll try what you found, thanks  Smiley.

Also: is there any way to have user groups with an authentication plugin such as this one?
Logged
doze
Coding Team
*
Posts: 3,660


....Boom!


« Reply #3 on: Dec 28, 2006, 02:23 PM »

The imap plugin seems to use $username and $userpassword variables what are not initialized in it, I guess those hold the username/password from MODx login on that event, so you might want to change:

if ($password = $pass_real) {
 $sucess = true;
}

to:

if ($userpassword == $pass_real) {
 $sucess = true;
}

Do you mean with the user groups question, that you would want MODx to use the usergroups from LDAP or what?
Logged

New MODx wiki! Please help up with documentation efforts! || Old Wiki
puki1400
Jr. Member
*
Posts: 11


« Reply #4 on: Dec 28, 2006, 03:08 PM »

Well, I make heavy use of the usergroups function for access permissions.
Can a user's group be retrieved via an LDAP field (I know it can be retrieved, but can it be passed on to the MODx system)?
Logged
doze
Coding Team
*
Posts: 3,660


....Boom!


« Reply #5 on: Dec 29, 2006, 05:39 PM »

You'd need to do some synchronization module to retrieve (and create) usergroups from LDAP to MODx.. And you know that even if you make this LDAP plugin, you still need to have all the users from LDAP in MODx too with the same user names.. Atleast that's what I think, someone correct me if I'm wrong. So you need some synchronization module to do that too.

In future versions (1.0), it will be easier to have the users to come from LDAP or AD or IMAP or SMF or whatever or all combined, but you can get more info about that when the time comes..
Logged

New MODx wiki! Please help up with documentation efforts! || Old Wiki
puki1400
Jr. Member
*
Posts: 11


« Reply #6 on: Dec 30, 2006, 01:12 PM »

When is V1.0 coming out then?
Logged
doze
Coding Team
*
Posts: 3,660


....Boom!


« Reply #7 on: Dec 30, 2006, 01:18 PM »

There's not any fixed time frames, but I suspect that you have something by the next christmas..
Logged

New MODx wiki! Please help up with documentation efforts! || Old Wiki
puki1400
Jr. Member
*
Posts: 11


« Reply #8 on: Dec 30, 2006, 01:24 PM »

Cool. I think I can wait that long  Smiley.

Thanks for the help, I'll mark this as officially closed in my book. Thanks for the help, doze  Grin!
Logged
dwalters
Jr. Member
*
Posts: 8


« Reply #9 on: Mar 01, 2007, 03:24 AM »

The project I'm working on requires LDAP access before Dec 2007, so I'd be very interested to have a go at coding this plugin.

One way I see this working is like this. When the manager logs in to view the 'Web users' page s/he would see the list of exisiting MODx users (if any) and also a list of users from the LDAP server. The manager could then choose which of the available LDAP users to convert to MODx members. Does this sound like a reasonable scheme?

Being new to MODx I'm unsure how to go about implementing this. Doze mentions (above) the need to write a synchronisation module to convert LDAP users to MODx members. Does anyone have any pointers regarding the inner workings of the MODx web user creation process that would help me get under way?

Thanks for your help.
Logged
doze
Coding Team
*
Posts: 3,660


....Boom!


« Reply #10 on: Mar 01, 2007, 06:33 AM »

The SFM integration module converts SMF users to MODx users, you could look at that for some example code.
Logged

New MODx wiki! Please help up with documentation efforts! || Old Wiki
sorenmalling
Guest
« Reply #11 on: Feb 22, 2008, 06:16 PM »

Hi,

Sorry for "waking up" this thread, but I would like to know, whether there is plans for LDAP support in the upcoming release?

I'm depending on the LDAP support, for choosing MODx running our organisation site, with about 8000 members already registred in a LDAP database.

Best regards

Sřren
Logged
unclespencer
Jr. Member
*
Posts: 33


WWW
« Reply #12 on: Nov 17, 2008, 06:02 PM »

any news on this technology?
Logged
leapy
Member
**
Posts: 79


« Reply #13 on: Nov 18, 2008, 12:30 PM »

Nothing at all. Which is a shame.

I could use LDAP but wouldn't know where to start, hence my post of some months ago at http://modxcms.com/forums/index.php/topic,27208.0.html.

L
Logged
BobRay
Coding Team
*
Posts: 3,175



WWW
« Reply #14 on: Nov 18, 2008, 05:26 PM »

I wrote an LDAP authentication routine in PHP a long, long time ago. I don't have it any more, but I wouldn't think it would be that hard to do for MODx.   The development needs to be done by someone with access to a LDAP system, though, which leaves me out.



Logged

MODx info for newbies: http://bobsguides.com/MODx.html
Pages: [1] 2   Go Up
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP

Copyright © 2005-2008 MODxCMS, All rights reserved. Contact Us
Styles by ziworks.com

Powered by SMF | SMF © 2006-2008, Simple Machines LLC

Valid XHTML 1.0! Valid CSS!