I'm assuming you're talking about one of these (they were the only
results for a search on bakery for 'ldap' that I could find):
http://bakery.cakephp.org/articles/view/ldap-models-in-cakephp
http://bakery.cakephp.org/articles/view/using-ldap-as-a-datasource-basic-find-example
I looked at that and it doesn't seem to me like it will work. Have you
(or anyone else, for that matter) actually tried using Auth with one
of these as the model? The problem that I see is that LDAP (or at
least our ldap server) doesn't let me see even encrypted passwords, so
I can't do what auth tries to do, namely hash a password, then run
$model->find() on the username and hashed password. For authenticating
based on ldap, basically I have to run ldap_bind($ldap, $username,
$password) to authenticate against the server (this is simplified, but
that's the general idea). I can't use ldap_search() for that sort of
query. In other words, from what I can tell, LDAP as a model doesn't
map onto Auth's expectations of the model providing a table-like
mapping of usernames to passwords, a pretty fundamental limitation of
Auth, IMHO. I have also searched high and low for any concrete
information about using Auth with an LDAP model and I've come up empty-
handed--except for things that don't use Auth in the first place, or
where they do the same thing I do, namely extend Auth.
Now, I suppose I could modify things so that doing a find() that
contains a password tries to do a bind instead of/in addition to a
search... Part of the thing is that I still want to have a table that
stores user data for users that have logged in; might be able to hack
it so that the LdapUser model saves a User as well, but I'm not sure
how that'd work.
If there is anyone else who has dealt with this before, I'd love to
hear from them.
On Oct 24, 2:46 am, Penfold <[EMAIL PROTECTED]> wrote:
> Hi,
>
> there is a article on bakery about using ldap, in theory you would
> replace you users table with a link to ldap and you wont need to
> change anything in auth.
>
> and all user information will be store in ldap
>
> On 23 Oct, 22:10, Nathaniel Price <[EMAIL PROTECTED]> wrote:
>
> > I'd like to extend the Auth component in such a way as to be able to
> > use LDAP to log users in; basically, my approach would be to
> > authenticate the user via LDAP, then, if the user is valid and
> > properly authenticated, it would put them into the user database that
> > Auth uses and would hand control back to Auth from there. It looks
> > something like this:
>
> > <?php
> > App::import('Component', 'Auth');
>
> > class LdapAuth extends Auth {
> > var $ldapModel = 'LdapUser';
>
> > function startup(&$controller) {
> > $username =
> > $controller->data[$this->userModel][$this->fields['username']];
>
> > $password = $controller->data[$this->userModel][$this-
>
> > >fields['password']];
>
> > $res = $this->preauthUser($username, $password);
>
> > if (!$res) {
> > //set password to blank to ensure the auth fails
> >
> > $controller->data[$this->userModel][$this->fields['password']] =
> > '';
> > }
> > //Continue with standard auth process
> > return parent::startup($controller);
> > }
>
> > //... rest of class here}
>
> > ?>
>
> > However, when I try to use this component in my pages, I get the
> > following error:
> > Fatal error: Class 'Auth' not found in C:\...\app\controllers
> > \components\ldap_auth.php on line 4
>
> > Is there something I'm doing wrong that makes it so that Auth isn't
> > included in my file? I thought App::import() would take care of that,
> > but apparently it's not.
>
> > Thanks!
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
