Serendipity Forums

User and developer community
https://board.s9y.org/

unofficial serendipity_event_externalauth alteration

https://board.s9y.org/viewtopic.php?t=12729

Page 1 of 1

unofficial serendipity_event_externalauth alteration

Posted: Fri Apr 11, 2008 8:32 pm
by combhua
In the places I've used LDAP to check authentication, there's a setup not possible with the current code. The LDAP servers I use allow anonymous access but uses a distinguished name which cannot be guessed beforehand so you have to do a search, etc to get the DN before using ldap_bind to actually authenticate.

On your config page, it would look similar to this:

Authentication String: "o=MyCompany, c=US";
Query to Find User: "uid=%1"
LDAP DN name used to connect: _blank_
Password for LDAP DN used to connect: _blank_

In this codeblock:

Code: Select all

if ($this->get_config('auth_query') == '') { // standard LDAP with anon access
	/* .. snip .. */
} else { // LDAP with protected access and messy schema
	/* .. snip .. */
}
We're ignoring the option of a non-standard/messy schema LDAP that allows anon access.

My proposed solution is to either handle the protected access binding prior to this code block:

Code: Select all

if (the config is set with the LDAP DN used to connect parameters) {
	/* .. bind to restricted access LDAP server .. */
}

if ($this->get_config('auth_query') == '') { // standard LDAP 
	/* .. snip .. */
} else { // LDAP with messy schema
	/* .. snip .. */
}
Alternatively, you can alter the 'else' block by removing the

Code: Select all

if ($r = @ldap_search($ds, $this->get_config('rdn'), $auth_query)) {
conditional and rewriting it as :

Code: Select all

if (the config is set with the LDAP DN used to connect parameters) {
	/* .. bind to restricted access LDAP server .. */
}

If any of you find yourself in this particular scenario, I hope this helps if it doesn't make it into the official release of the plugin.

Re: unofficial serendipity_event_externalauth alteration

Posted: Sat Apr 12, 2008 1:08 pm
by garvinhicking
Hi!

Would you maybe have a unified diff to apply against the current plugin so that I could have a look to try to include it to the official plugin?

Regards,
Garvin

Posted: Sun Apr 13, 2008 1:59 am
by combhua
It's in my office, so when I get there on Monday, I'll check over it to clean out the unrelated changes I made and then share them with you. It may require some cleanup once you review it if I misunderstood any of your code - I hurried to wrap it up on Friday.

comb

Posted: Mon Apr 14, 2008 10:23 am
by garvinhicking
Hi!

That's okay, no hurry. Tell me when you have it :)

Thanks,
Garvin
All times are UTC+02:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited