was able to add this feature by making the following changes:
in user.class.php I eliminated the self::isPasswordMgmtExternal test in comparePassword and encryptPassword
in doAuthorize.php I changed the auth_does_password_match function
function auth_does_password_match(&$user,$cleartext_password)
{
$authCfg = config_get('authentication');
$ret = new stdClass();
$ret->status_ok = true;
$ret->msg = 'ok';
if ('LDAP' == $authCfg['method'])
{
$msg[ERROR_LDAP_AUTH_FAILED] = lang_get('error_ldap_auth_failed');
$msg[ERROR_LDAP_SERVER_CONNECT_FAILED] = lang_get('error_ldap_server_connect_failed');
$msg[ERROR_LDAP_UPDATE_FAILED] = lang_get('error_ldap_update_failed');
$msg[ERROR_LDAP_USER_NOT_FOUND] = lang_get('error_ldap_user_not_found');
$msg[ERROR_LDAP_BIND_FAILED] = lang_get('error_ldap_bind_failed');
$xx = ldap_authenticate($user->login, $cleartext_password);
// if the LDAP fails for any reason then check the local
if($xx->status_ok)
{
// LDAP authenticated
$ret->status_ok = $xx->status_ok;
$ret->msg = $msg[$xx->status_code];
}
else
{
//LDAP failed - try the local DB
if ($user->comparePassword($cleartext_password) != tl::OK)
{
// LDAP pass back the original LDAP error if the local db does not authenticate
$ret->status_ok = $xx->status_ok;
$ret->msg = $msg[$xx->status_code];
}
}
}
else // normal database password compare
{
if ($user->comparePassword($cleartext_password) != tl::OK)
$ret->status_ok = false;
}
return $ret;
}
//////////////////////////////////////////////////////
In our environment we use LDAP for our general users and we create special administrative users using local ids. I have noticed a few requests for this in the forums.
I have updated the code below to support checking only when the LDAP user is not found.
function auth_does_password_match(&$user,$cleartext_password)
{
$authCfg = config_get('authentication');
$ret = new stdClass();
$ret->status_ok = true;
$ret->msg = 'ok';
if ('LDAP' == $authCfg['method'])
{
$msg[ERROR_LDAP_AUTH_FAILED] = lang_get('error_ldap_auth_failed');
$msg[ERROR_LDAP_SERVER_CONNECT_FAILED] = lang_get('error_ldap_server_connect_failed');
$msg[ERROR_LDAP_UPDATE_FAILED] = lang_get('error_ldap_update_failed');
$msg[ERROR_LDAP_USER_NOT_FOUND] = lang_get('error_ldap_user_not_found');
$msg[ERROR_LDAP_BIND_FAILED] = lang_get('error_ldap_bind_failed');
$xx = ldap_authenticate($user->login, $cleartext_password);
// if the LDAP fails for any reason then check the local
if($xx->status_ok)
{
// LDAP authenticated
$ret->status_ok = $xx->status_ok;
$ret->msg = $msg[$xx->status_code];
}
else
{
// user not found in LDAP - try the local DB
if($xx->status_code == ERROR_LDAP_USER_NOT_FOUND)
{
if ($user->comparePassword($cleartext_password) != tl::OK)
{
// LDAP pass back the original LDAP error if the local db does not authenticate
$ret->status_ok = $xx->status_ok;
$ret->msg = $msg[$xx->status_code];
}
}
else
{
// LDAP pass back the original LDAP error if the local db does not authenticate
$ret->status_ok = $xx->status_ok;
$ret->msg = $msg[$xx->status_code];
}
}
}
else // normal database password compare
{
if ($user->comparePassword($cleartext_password) != tl::OK)
$ret->status_ok = false;
}
return $ret;
}
分享到:
相关推荐
LDAP配置,LDAP相关配置.
Maximo - LDAP 配置 目录 预备知识 –LDAP协议 –目录服务器 –目录结构 –验证vs授权 –验证过程 –用户定义 –Cron任务 WAS配置 –开启应用程序安全性 –联合存储库 –Ldap存储库 –安全角色到用户/组映射 ...
websphere portal 集群 ldap配置详细文档 数据仓库项目集群配置,使用TDS6.2做ldap服务器
这是一遍比较完整的linux下svn+apche+ldap安装配置手册,根据本人实际安装整理后的文档,目前都算是最新版本。其中ldap使用sun的opends,个人感觉比openldap要方便,当然重点不是用什么ldap而是如何配置。 主要包括...
关于 Domino-ldap配置使用文档
asa_ldap_authenticationASA防火墙LDAP配置指南.pdf
BIEE LDAP 配置 详尽的图文解释。
ldap 服务配置文档 pam 及数据库导入当操作。
ldap安装配置新手必看
Linux——LDAP配置[借鉴].pdf
迪普ldap配置手册,详细的介绍了ldap的配置方法。
本文档详细描述了Unix中常用的邮件服务器qmail的安装和配置过程,以及qmail和LDAP的整合,重点在于qmail的基本应用及其通过LDAPServer来进行Pop3认证的配置过程,对于其它诸如邮件网关、邮件虚拟域、邮件列表、SMTP...
介绍了什么是ldap,如何进行客户端的配置
飞连v2.0 初次使用-LDAP 配置手册
confluence的安装过程(附图),confluence与ldap的集成过程还有集成以后的部分权限设置过程,以便LDAP用户直接登录
Open_LDAP安装配置
LDAP服务器的配置
ldap组件配置案例