On Wed, Apr 14, 2004 at 05:42:37PM -0400, Clayton Dukes wrote:
> One question -- have you put any thought into enabling the use of LDAP login
> auth to the interface?
As Javier said, I've put a patch in that does this. If you're up to
patching the system yourself I've included it. You will definitely
need to change the ldap_bind line and most likely the ldap_connect
line; ldapi:/// means use the Unix socket and not TCP connection. Makes
things run faster.
All it does is attempt to bind to the ldap server as that user using
the normal password. It's pretty cool because now our Unix servers,
routers, switches and NMS (including nagios) all have a single login.
The NT servers have to be different, but you'd expect that from
Microsoft.
The patch is rough and ready. For example there is no way within
JFFNMS to turn on and off if a user is in LDAP or not. You will
also need to adjust the auth table.
ALTER TABLE auth ADD COLUMN ldap tinyint(1) NOT NULL default '1';
change to default '0' if you want your users to not use ldap by
default.
- Craig
--
Craig Small GnuPG:1C1B D893 1418 2AF4 45EE 95CB C76C E5AC 12CA DFA5
Eye-Net Consulting http://www.enc.com.au/ MIEE Debian developer
csmall at : enc.com.au ieee.org debian.org
--- lib/api.classes.inc.php.orig 2004-04-02 13:04:46.000000000 +1000
+++ lib/api.classes.inc.php 2004-04-05 10:07:56.000000000 +1000
@@ -637,18 +637,31 @@
$cant_auth = 0;
if (isset($user) && isset($pass)) {
- $query_auth = "select id as auth_user_id, usern as auth_user_name,
passwd, fullname as auth_user_fullname from auth where usern = '$user'";
+ $query_auth = "select id as auth_user_id, usern as auth_user_name,
passwd, fullname as auth_user_fullname, ldap from auth where usern = '$user'";
$result_auth = db_query ($query_auth);
$cant_auth = db_num_rows($result_auth);
}
if ($cant_auth == 1) {
$reg = db_fetch_array ($result_auth);
+ if ($reg['ldap']) {
+ if ( ($ldapconn = ldap_connect('ldapi:///'))) {
+ $rdn = "uid=$user,ou=People,dc=example,dc=com";
+ if (@ldap_bind($ldapconn, $rdn, $pass)) {
+ $auth = 1;
+ ldap_unbind($ldapconn);
+ }
+ }
+ } else {
+ // User password stored in JFFNMS and not in LDAP
+
+
$passwd= trim($reg[passwd]);
$encrypt = trim(crypt($pass,$passwd));
//debug ("USER $user: plain: $pass crypt: $encrypt stored: $passwd");
if ($encrypt == $passwd) $auth = 1;
+ } // not ldap
}
if (($auth==0) && ($cant_auth == 0)){ //not found in DB
--- lib/api.user.inc.php.orig 2004-04-02 13:03:33.000000000 +1000
+++ lib/api.user.inc.php 2004-04-02 13:04:37.000000000 +1000
@@ -66,7 +66,7 @@
if (empty($usern)) unset($usern);
if (empty($passwd)) unset($passwd);
- $user_fields = compact("fullname","usern","passwd","router");
+ $user_fields = compact("fullname","usern","passwd","router","ldap");
return db_update("auth",$user_id,$user_fields);
}
