Community Support for OpenDocMan
I'd like a tester or two please... I added LDAP support - Printable Version

+- Community Support for OpenDocMan (http://forum.opendocman.com)
+-- Forum: OpenDocMan Community Discussion (http://forum.opendocman.com/forum-5.html)
+--- Forum: OpenDocMan Feature Requests (http://forum.opendocman.com/forum-7.html)
+--- Thread: I'd like a tester or two please... I added LDAP support (/thread-801.html)



I'd like a tester or two please... I added LDAP support - HyTronix - 03-26-2015

Hi All,


I posted to the devs mailing list, but then looking through the archives it looks like it's been dead a while.

Anyway, I wrote "users from LDAP" support.  It works fine here, but obviously I'd like to get someone else to test it.

Here's what I posted to the devs list:

Hi Devs,

I just wrote in support for getting user accounts from LDAP.  Basically, if this option is enabled, it will check LDAP for the user who is being logged in.  If the username and password match, it'll then check the opendocman database to see if the user already exists there.  If it does, it synchronizes the password field with the LDAP password.  If not, it adds a new user with defaults.  All of this is against version 1.3.2.

To test this out, you need the following in config.php:

-----8<-----
$GLOBALS['CONFIG']['ldap_enable'] = TRUE;
$GLOBALS['CONFIG']['ldap_host'] = 'my.ldaphost.com';
$GLOBALS['CONFIG']['ldap_port'] = '389';

$GLOBALS['CONFIG']['base_dn'] = "ou=People,dc=mydomain,dc=com";
$GLOBALS['CONFIG']['searchfilter'] = "(&(uid=%uid))";
$GLOBALS['CONFIG']['bind_dn'] = "cn=Manager,dc=mydomain,dc=com";
$GLOBALS['CONFIG']['bind_pw'] = "managers_password";
-----8<-----

...and then patch index.php with this patch:

-----8<-----
--- index.php    2015-03-26 13:42:01.781054000 -0400
+++ index.php-orig    2015-03-26 13:49:07.721054000 -0400
@@ -78,15 +78,6 @@
    $frmuser = $_POST['frmuser'];
    $frmpass = $_POST['frmpass'];

-    // JEPH - Check for LDAP users enabled
-    if($GLOBALS['CONFIG']['ldap_enable']) {
-    require 'ldap-users.inc';
-    $ldap_success = ldap_login($frmuser, $frmpass);
-    if(!empty($ldap_success)) {
-        add_or_modify($frmuser, $frmpass);
-    }
-    }
-  
    // check login and md5()
    // connect and execute query
    $query = "
@@ -134,11 +125,11 @@

    // if row exists - login/pass is correct
    if (count($result) == 1)
-    {  
+    {      
        // register the user's ID
        $id = $result[0]['id'];
-        $username = $result[0]['username'];
-        $password = $result[0]['password'];
+        $username = $result['username'];
+        $password = $result['password'];

        // initiate a session
        $_SESSION['uid'] = $id;
-----8<-----

...and add my routines to ldap-users.inc (all of this attached) but in case this list strips attachments, test follows:

-----8<-----
<?php
   // ldap-users.inc
   //
   // Authenticate users against LDAP
   // John E.P. Hynes/HyTronix [03/25/2015]
   //
   // Takes username/password and tries to bind.
   // Return user name on success, FALSE on failure.

function ldap_login($user, $pass) {
   $ldap_host = $GLOBALS['CONFIG']['ldap_host'];
   $ldap_port = $GLOBALS['CONFIG']['ldap_port'];
   $base_dn = $GLOBALS['CONFIG']['base_dn'];
   $searchfilter = $GLOBALS['CONFIG']['searchfilter'];
   $bind_dn = $GLOBALS['CONFIG']['bind_dn'];
   $bind_pw = $GLOBALS['CONFIG']['bind_pw'];

   $ldap_conn = ldap_connect($ldap_host, $ldap_port)
       or error_log("ldap_connect() failed.");

   ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3);
   ldap_set_option($ldap_conn, LDAP_OPT_REFERRALS, 0);

   $bind = ldap_bind($ldap_conn, $bind_dn, $bind_pw)
       or error_log("ldap_bind() failed.");

   $match_count = 1;
   $this_filter = str_replace("%uid", $user, $searchfilter, $match_count);
   if(empty($this_filter)) {
       error_log("Error in searchfilter with str_replace(), got $this_filter");
       return FALSE;
   }
 
   $attribute = array("uid");
   $search_results = @ldap_search($ldap_conn, $base_dn, $this_filter, $attribute, 0, 2);
 
   if (!$search_results) {
       error_log("Something went wrong in ldap_search.");
   }

   if (ldap_count_entries($ldap_conn, $search_results) != 1) {
       error_log("ldap_search() returned $search_results in error.");
       return FALSE;
   }

   $user_entry = ldap_first_entry($ldap_conn, $search_results);
   $this_dn = ldap_get_dn($ldap_conn, $user_entry);

   $user_bind = ldap_bind($ldap_conn, $this_dn, $pass);
   if (!$user_bind) {
       return FALSE;
   }

   ldap_close($ldap_conn);

   return $user;
}

function add_or_modify($username, $password) {
   // Check to make sure user does not already exist
   $pdo = $GLOBALS['pdo'];
   $query = "SELECT COUNT(*) FROM {$GLOBALS['CONFIG']['db_prefix']}user WHERE username = '$username'";
   if ($count = $pdo->query($query)) {
       if ($count->fetchColumn() == 1) {
           update_password($username, $password);
           return;
       } elseif ($count->fetchColumn() == 0) {
           create_user($username, $password);
           return;
       }
       else {
           error_log("Database error - username not unique.");
       }
   }
 
   return;
}

function update_password($username, $password) {
   $pdo = $GLOBALS['pdo'];
   $query = "UPDATE {$GLOBALS['CONFIG']['db_prefix']}user
               SET password=md5(:password) WHERE username=:username";
   $stmt = $pdo->prepare($query);
   $stmt->execute(array(':username' => $username, ':password' => $password));

   return;
}

function create_user($username, $password) {
   $pdo = $GLOBALS['pdo'];
   $department = 1;
   $phonenumber = "000-000-0000";
   $email = "";
   $lastname = "";
   $firstname = "";
   $can_add = 0;
   $can_checkin = 0;

   $query = "INSERT INTO {$GLOBALS['CONFIG']['db_prefix']}user
       (username, password, department, phone, Email,last_name, first_name, can_add, can_checkin)
       VALUES(
           :username,
           md5(:password),
           :department,
           :phonenumber,
           :email,
           :lastname,
           :firstname,
           :can_add,
           :can_checkin
       )";

   $stmt = $pdo->prepare($query);
   $stmt->execute(array(
       ':username' => $username,
       ':password' => $password,
       ':department' => $department,
       ':phonenumber' => $phonenumber,
       ':email' => $email,
       ':lastname' => $lastname,
       ':firstname' => $firstname,
       ':can_add' => $can_add,
       ':can_checkin' => $can_checkin
       ));

   $user_id = $pdo->lastInsertId();;
   $admin = 0;
   $query = "INSERT INTO {$GLOBALS['CONFIG']['db_prefix']}admin (id, admin) VALUES(:user_id, :admin)";
   $stmt = $pdo->prepare($query);
   $stmt->execute(array(':user_id' => $user_id, ':admin' => $admin));

   return;
}

?>
-----8<-----

[attachment=61]
[attachment=62]
[attachment=63]


RE: I'd like a tester or two please... I added LDAP support - jchadwick - 01-02-2017

(03-26-2015, 11:21 AM)Did anyone end up testing this out? HyTronix Wrote: Hi All,


I posted to the devs mailing list, but then looking through the archives it looks like it's been dead a while.

Anyway, I wrote "users from LDAP" support.  It works fine here, but obviously I'd like to get someone else to test it.

Here's what I posted to the devs list:

Hi Devs,

I just wrote in support for getting user accounts from LDAP.  Basically, if this option is enabled, it will check LDAP for the user who is being logged in.  If the username and password match, it'll then check the opendocman database to see if the user already exists there.  If it does, it synchronizes the password field with the LDAP password.  If not, it adds a new user with defaults.  All of this is against version 1.3.2.

To test this out, you need the following in config.php:

-----8<-----
$GLOBALS['CONFIG']['ldap_enable'] = TRUE;
$GLOBALS['CONFIG']['ldap_host'] = 'my.ldaphost.com';
$GLOBALS['CONFIG']['ldap_port'] = '389';

$GLOBALS['CONFIG']['base_dn'] = "ou=People,dc=mydomain,dc=com";
$GLOBALS['CONFIG']['searchfilter'] = "(&(uid=%uid))";
$GLOBALS['CONFIG']['bind_dn'] = "cn=Manager,dc=mydomain,dc=com";
$GLOBALS['CONFIG']['bind_pw'] = "managers_password";
-----8<-----

...and then patch index.php with this patch:

-----8<-----
--- index.php    2015-03-26 13:42:01.781054000 -0400
+++ index.php-orig    2015-03-26 13:49:07.721054000 -0400
@@ -78,15 +78,6 @@
    $frmuser = $_POST['frmuser'];
    $frmpass = $_POST['frmpass'];

-    // JEPH - Check for LDAP users enabled
-    if($GLOBALS['CONFIG']['ldap_enable']) {
-    require 'ldap-users.inc';
-    $ldap_success = ldap_login($frmuser, $frmpass);
-    if(!empty($ldap_success)) {
-        add_or_modify($frmuser, $frmpass);
-    }
-    }
-  
    // check login and md5()
    // connect and execute query
    $query = "
@@ -134,11 +125,11 @@

    // if row exists - login/pass is correct
    if (count($result) == 1)
-    {  
+    {      
        // register the user's ID
        $id = $result[0]['id'];
-        $username = $result[0]['username'];
-        $password = $result[0]['password'];
+        $username = $result['username'];
+        $password = $result['password'];

        // initiate a session
        $_SESSION['uid'] = $id;
-----8<-----

...and add my routines to ldap-users.inc (all of this attached) but in case this list strips attachments, test follows:

-----8<-----
<?php
   // ldap-users.inc
   //
   // Authenticate users against LDAP
   // John E.P. Hynes/HyTronix [03/25/2015]
   //
   // Takes username/password and tries to bind.
   // Return user name on success, FALSE on failure.

function ldap_login($user, $pass) {
   $ldap_host = $GLOBALS['CONFIG']['ldap_host'];
   $ldap_port = $GLOBALS['CONFIG']['ldap_port'];
   $base_dn = $GLOBALS['CONFIG']['base_dn'];
   $searchfilter = $GLOBALS['CONFIG']['searchfilter'];
   $bind_dn = $GLOBALS['CONFIG']['bind_dn'];
   $bind_pw = $GLOBALS['CONFIG']['bind_pw'];

   $ldap_conn = ldap_connect($ldap_host, $ldap_port)
       or error_log("ldap_connect() failed.");

   ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3);
   ldap_set_option($ldap_conn, LDAP_OPT_REFERRALS, 0);

   $bind = ldap_bind($ldap_conn, $bind_dn, $bind_pw)
       or error_log("ldap_bind() failed.");

   $match_count = 1;
   $this_filter = str_replace("%uid", $user, $searchfilter, $match_count);
   if(empty($this_filter)) {
       error_log("Error in searchfilter with str_replace(), got $this_filter");
       return FALSE;
   }
 
   $attribute = array("uid");
   $search_results = @ldap_search($ldap_conn, $base_dn, $this_filter, $attribute, 0, 2);
 
   if (!$search_results) {
       error_log("Something went wrong in ldap_search.");
   }

   if (ldap_count_entries($ldap_conn, $search_results) != 1) {
       error_log("ldap_search() returned $search_results in error.");
       return FALSE;
   }

   $user_entry = ldap_first_entry($ldap_conn, $search_results);
   $this_dn = ldap_get_dn($ldap_conn, $user_entry);

   $user_bind = ldap_bind($ldap_conn, $this_dn, $pass);
   if (!$user_bind) {
       return FALSE;
   }

   ldap_close($ldap_conn);

   return $user;
}

function add_or_modify($username, $password) {
   // Check to make sure user does not already exist
   $pdo = $GLOBALS['pdo'];
   $query = "SELECT COUNT(*) FROM {$GLOBALS['CONFIG']['db_prefix']}user WHERE username = '$username'";
   if ($count = $pdo->query($query)) {
       if ($count->fetchColumn() == 1) {
           update_password($username, $password);
           return;
       } elseif ($count->fetchColumn() == 0) {
           create_user($username, $password);
           return;
       }
       else {
           error_log("Database error - username not unique.");
       }
   }
 
   return;
}

function update_password($username, $password) {
   $pdo = $GLOBALS['pdo'];
   $query = "UPDATE {$GLOBALS['CONFIG']['db_prefix']}user
               SET password=md5(:password) WHERE username=:username";
   $stmt = $pdo->prepare($query);
   $stmt->execute(array(':username' => $username, ':password' => $password));

   return;
}

function create_user($username, $password) {
   $pdo = $GLOBALS['pdo'];
   $department = 1;
   $phonenumber = "000-000-0000";
   $email = "";
   $lastname = "";
   $firstname = "";
   $can_add = 0;
   $can_checkin = 0;

   $query = "INSERT INTO {$GLOBALS['CONFIG']['db_prefix']}user
       (username, password, department, phone, Email,last_name, first_name, can_add, can_checkin)
       VALUES(
           :username,
           md5(:password),
           :department,
           :phonenumber,
           :email,
           :lastname,
           :firstname,
           :can_add,
           :can_checkin
       )";

   $stmt = $pdo->prepare($query);
   $stmt->execute(array(
       ':username' => $username,
       ':password' => $password,
       ':department' => $department,
       ':phonenumber' => $phonenumber,
       ':email' => $email,
       ':lastname' => $lastname,
       ':firstname' => $firstname,
       ':can_add' => $can_add,
       ':can_checkin' => $can_checkin
       ));

   $user_id = $pdo->lastInsertId();;
   $admin = 0;
   $query = "INSERT INTO {$GLOBALS['CONFIG']['db_prefix']}admin (id, admin) VALUES(:user_id, :admin)";
   $stmt = $pdo->prepare($query);
   $stmt->execute(array(':user_id' => $user_id, ':admin' => $admin));

   return;
}

?>
-----8<-----



RE: I'd like a tester or two please... I added LDAP support - jchadwick - 01-02-2017

Did this get any traction? I see in the source files there is a ldap.inc file but it mentions in the comments that ldap isn't working.