unofficial serendipity_event_externalauth alteration

Creating and modifying plugins.
Post Reply
combhua
Posts: 2
Joined: Fri Apr 11, 2008 8:14 pm

unofficial serendipity_event_externalauth alteration

Post by combhua »

In the places I've used LDAP to check authentication, there's a setup not possible with the current code. The LDAP servers I use allow anonymous access but uses a distinguished name which cannot be guessed beforehand so you have to do a search, etc to get the DN before using ldap_bind to actually authenticate.

On your config page, it would look similar to this:

Authentication String: "o=MyCompany, c=US";
Query to Find User: "uid=%1"
LDAP DN name used to connect: _blank_
Password for LDAP DN used to connect: _blank_

In this codeblock:

Code: Select all

if ($this->get_config('auth_query') == '') { // standard LDAP with anon access
	/* .. snip .. */
} else { // LDAP with protected access and messy schema
	/* .. snip .. */
}
We're ignoring the option of a non-standard/messy schema LDAP that allows anon access.

My proposed solution is to either handle the protected access binding prior to this code block:

Code: Select all

if (the config is set with the LDAP DN used to connect parameters) {
	/* .. bind to restricted access LDAP server .. */
}

if ($this->get_config('auth_query') == '') { // standard LDAP 
	/* .. snip .. */
} else { // LDAP with messy schema
	/* .. snip .. */
}
Alternatively, you can alter the 'else' block by removing the

Code: Select all

if ($r = @ldap_search($ds, $this->get_config('rdn'), $auth_query)) {
conditional and rewriting it as :

Code: Select all

if (the config is set with the LDAP DN used to connect parameters) {
	/* .. bind to restricted access LDAP server .. */
}

If any of you find yourself in this particular scenario, I hope this helps if it doesn't make it into the official release of the plugin.
Top
garvinhicking
Core Developer
Posts: 30022
Joined: Tue Sep 16, 2003 9:45 pm
Location: Cologne, Germany
Contact:
Contact garvinhicking

Re: unofficial serendipity_event_externalauth alteration

Post by garvinhicking »

Hi!

Would you maybe have a unified diff to apply against the current plugin so that I could have a look to try to include it to the official plugin?

Regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
Top
combhua
Posts: 2
Joined: Fri Apr 11, 2008 8:14 pm

Post by combhua »

It's in my office, so when I get there on Monday, I'll check over it to clean out the unrelated changes I made and then share them with you. It may require some cleanup once you review it if I misunderstood any of your code - I hurried to wrap it up on Friday.

comb
Top
garvinhicking
Core Developer
Posts: 30022
Joined: Tue Sep 16, 2003 9:45 pm
Location: Cologne, Germany
Contact:
Contact garvinhicking

Post by garvinhicking »

Hi!

That's okay, no hurry. Tell me when you have it :)

Thanks,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
Top
Post Reply

Return to “Plugins”