- 1
[Opened] jAuth et drivers LDPA
Posted by hervejelix on 09/23/2015 11:24
bonjour, je veux tester un configuration d'authentification avec le module jAuth et utiliser le drivers LDPA. je prend pour exemple un serveur "Online LDAP Test Server" trouver :
http://stackoverflow.com/questions/7667197/is-there-any-free-ldap-server-with-data
http://www.forumsys.com/tutorials/integration-how-to/ldap/online-ldap-test-server/
le test en ligne de commande sur linux fonctionne Example of using from command line:
ldapsearch -W -h ldap.foobar.com -D "uid=tesla,dc=example,dc=com" -b "dc=example,dc=com"
voici ma configuration du drivers LDPA sans le fichier auth.coord.ini.php
;------- parameters for the "ldap" driver [ldap] ; default "localhost" hostname="ldap.foobar.com" ; default 389 port=389 ; DOMAIN\user or user@DOMAIN to connect with LDAP (user who has at least search right) ldapUser= "cn=read-only-admin,dc=example,dc=com" ; password used to connect with LDAP ldapPassword= "password" ; LDAP search params ; search base, example for Active Directory: "ou=ADAM users,o=Microsoft,c=US" searchBaseDN="dc=example,dc=com" ; search filter, example for Active Directory: "(objectClass=user)" searchFilter="(objectClass=person)" ; attributes to retrieve for the search, example for Active Directory: "cn,distinguishedName,name" searchAttributes="uid" ; name of the php function to crypt the password in the database password_crypt_function = sha1 ; if you want to use a salt with sha1: ;password_crypt_function = "1:sha1WithSalt" ;password_salt = "here_your_salt"
lors de d'une simple connexion avec login = 'tesla' et password = 'password' j'ai une erreur de connexion.
[Opened] jAuth et drivers LDPA
Posted by foxmask on 09/23/2015 11:47
Voici comment j'ai dû faire ici
dans mon controleur login :
function in() {
global $gJCoord;
$rep = $this->getResponse('redirect');
$form = jForms::fill("intranet~login");
if(!
$form || !$form->check()) {
jMessage::add(jLocale::get("intranet.permission.denied"),'error');
$rep->action = 'intranet~login:home';
return $rep;
}
//lets connect to the server
$ldapserver = jClasses::getService('ldap_foobar~foobarLdapCheck')->connect();
// the server is not found :/
if (!$ldapserver) {
jMessage::add(jLocale::get("intranet.erreur2"),'error');
jLog::dump('[ldap_connect failed]','itToolsError');
$rep = $this->getResponse('redirect');
$rep->action = 'intranet~login:home';
return $rep;
}
// How the LDAP auth is working :
// 1) we "bind" the server with a "minimal" user (define in the defaultconfig.ini.php file available from $gJConfig variable)
// 2) we search the entries regarding the base_dn + user's login
// 3) we get the entries of this user : his base dn !
// 4) we "bind" the server again but with the user's base dn + password to
// check the validation of his password and then if it's return true, the password is ok
// otherwise the password / login is not valid
ldap_set_option($ldapserver, LDAP_OPT_PROTOCOL_VERSION, 3);
// 1) we "bind" the server with a "minimal" user (define in the defaultconfig.ini.php file available from $gJConfig variable)
if ( jClasses::getService('ldap_foobar~foobarLdapCheck')->bind($ldapserver) === false ) {
jMessage::add(jLocale::get("intranet.erreur3"),'error');
$rep = $this->getResponse('redirect');
$rep->action = 'intranet~login:home';
return $rep;
}
$base_dn = "OU=toutlemonde,DC=foobar,DC=com";
$login = $form->getData('login');
// 2) we search the entries regarding the base_dn + user's login
$sr = ldap_search($ldapserver, $base_dn, "uid=$login");
// 3) we get the entries of this user : his base dn !
$info = ldap_get_entries ($ldapserver, $sr);
if ($info['count'] == 0) {
jMessage::add(jLocale::get("intranet.erreur3"),'error');
$rep->action = 'intranet~login:home';
return $rep;
}
// now let's check the password validation
$password = $form->getData('password');
// get the DN of this user
$user_dn = $info[0]['dn'];
// let's bind the server again withe the user's password
// 4) we "bind" the server again but with the user's base dn + password to
try {
$bind = @ldap_bind($ldapserver,$user_dn,$password);
} catch (Exception $e) {
jLog::dump($bind,'[ldap_bind failed]','itToolsError');
}
// if we get a resource ; it's return true ; otherwise false
if($bind) {
$_SESSION['login'] = $login;
$_SESSION['pass'] = jCrypt::encrypt($password,$gJCoord->getPlugin('auth')->config['persistant_crypt_key']);
$rep->action = 'intranet~userprefs:index';
return $rep;
} else {
jMessage::add(jLocale::get("intranet.erreur3"),'error');
jLog::dump($bind,'[$bind empty?]','itToolsError');
$rep->action = 'intranet~login:home';
return $rep;
}
}
dans ma classe ldap_foobar
class foobarLdapCheck {
/**
* connect to the LDAP server with the parm defined in the defaultconfig.ini.php
* @return boolean $ldapserver
*/
function connect() {
global $gJConfig;
try {
$ldapserver=@ldap_connect($gJConfig->ldap['ldapserver']);
} catch (Exception $e) {
jLog::dump($ldapserver,'[ldap_connect failed]','itToolsError');
return false;
}
if(!$ldapserver) {
jLog::dump($ldapserver,'[$ldapserver ?]','itToolsError');
return false;
}
return $ldapserver;
}
/**
* bind the ldap server
* @return boolean $bind
*/
function bind($ldapserver) {
global $gJConfig;
try {
$bind = @ldap_bind($ldapserver,$gJConfig->ldap['ldap_rdn'],$gJConfig->ldap['ldap_password']);
} catch (Exception $e) {
jLog::dump($bind,'[ldap_bind failed]','itToolsError');
return false;
}
if(!$bind) {
jLog::dump($bind,'[$bind ?]','itToolsError');
return false;
}
return $bind;
}
}
comme j'ai mis en "commentaire" (dans le code où je décris toutees les étapes), il m'a fallu d'abord faire une premiere requete ldap avec un user basic pour obtenir une 'ressource' puis retourner dans le ldap avec cette resource et avec une nouvelle requete pour recup le login & pass de l'utilisateur.
C'est fastidieux mais j'ai pas pu mieux faire :/
et le code marche toujours apres 4ans :)
@GitHub - Forum HaveFnuBB! powered by Jelix - Le Booster Jelix !
- 1
