FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum Development » Plugins and Code Hacks » LDAP Plugin Enhancements (Updated!)
Show: Today's Messages :: Polls :: Message Navigator
Switch to threaded view of this topic Create a new topic Submit Reply
LDAP Plugin Enhancements (Updated!) [message #166921] Wed, 28 March 2012 13:13 Go to next message
Multitool is currently offline  Multitool   United Kingdom
Messages: 47
Registered: February 2012
Karma: 1
Member
Hi all,

OK, updates to this as follows.

I'm not the world's greatest programmer, and I know next to nothing about PHP, but this seems to work for my application. Comments and criticisms would be gratefully received!

Summary of changes:

• Changed to use LDAP URLs instead of servername/port. This allows use of LDAPS (LDAP over SSL).
• Allow forum user details (email address, real name, alias) to be set from attributes retrieved from LDAP server.
• Always update email/name/alias with current info from LDAP server at each login (if enabled).
• If the user doesn't already exist, check whether an existing user has the same email address (as retrieved from LDAP) as the user trying to log in. If an existing user with the same email address is present, change the login of that user to the login of the user logging in, and update the name/alias with details from the LDAP server. (This should ensure that posts imported from NNTP are assigned to the correct user, even if that user has never logged in to the forum before, and also avoids duplicate email address problems.)

(I also reinstated the password synchronisation, as this seems to be required for reasons I don't understand.)

As mentioned above, it's probably not the most efficient piece of code ever written, but it seems to work for me Smile

Hope it's useful to others.


[Updated on: Thu, 29 March 2012 19:49]

Report message to a moderator

Re: LDAP Plugin Enhancements (Updated!) [message #166963 is a reply to message #166921] Tue, 10 April 2012 12:45 Go to previous messageGo to next message
naudefj is currently offline  naudefj   South Africa
Messages: 3771
Registered: December 2004
Karma: 28
Senior Member
Administrator
Core Developer
Thanks for the heads-up.

To add this to the next release, we need:

1. Patch (diff of your changes).

2. Upgrade procedure for sites still using servername/port.
Re: LDAP Plugin Enhancements (Updated!) [message #167108 is a reply to message #166963] Thu, 26 April 2012 19:13 Go to previous messageGo to next message
Multitool is currently offline  Multitool
Messages: 47
Registered: February 2012
Karma: 1
Member
I didn't really plan for it to be included in the next release, as some of the extra options are quite installation-specific, and the code probably isn't robust.

But if you really want to include it, I'll do a diff of the changes Smile

Upgrade procedure should be easy, as a URL can be derived from servername/port - it's just LDAP://<servername>:<port>/ Wink
Re: LDAP Plugin Enhancements (Updated!) [message #167111 is a reply to message #167108] Fri, 27 April 2012 08:11 Go to previous messageGo to next message
naudefj is currently offline  naudefj   South Africa
Messages: 3771
Registered: December 2004
Karma: 28
Senior Member
Administrator
Core Developer
Multitool wrote on Thu, 26 April 2012 21:13
But if you really want to include it, I'll do a diff of the changes Smile


Would be great if you don't mind.
Re: LDAP Plugin Enhancements (Updated!) [message #167818 is a reply to message #167111] Tue, 09 October 2012 15:54 Go to previous messageGo to next message
andy_scouser is currently offline  andy_scouser   United Kingdom
Messages: 76
Registered: June 2003
Karma: 1
Member
Hi guys,

Im wondering whether anybody uses this plugin? I have access to an LDAP to authenticate some users to and it works great, thanks multitool. Is there a way I can modify the code to check not only the cn of the user but also the gidnumber of the user please?

the required ldapsearch im after would be something like

# ldapsearch -h ldap1 -x -b ou=people,dc=office,dc=private "(&(uid=bigbadbob)(gidNumber=1001))"

im assuming id need to modify the ldap.plugin within my /var/www/FUDforum/plugins/ldap/ directory. Any line beginning $search would know doubt need changing...but im guessing at the syntax, i really do need to learn php dont I..

original: //$search = ldap_search($connection, $ini['LDAP_DN'], $ini['LDAP_UID'] .'='. $login);
idiots attempt: $search = ldap_search($connection, $ini['LDAP_DN'], '"(&(gidnumber=1001)(' . $ini['LDAP_UID'] .'='. $login . '))"');

Re: LDAP Plugin Enhancements (Updated!) [message #167910 is a reply to message #166921] Thu, 08 November 2012 13:25 Go to previous messageGo to next message
Multitool is currently offline  Multitool   United Kingdom
Messages: 47
Registered: February 2012
Karma: 1
Member
Incidentally, if anyone is having problems getting LDAPS (LDAP over SSL) to work properly, but normal LDAP works, I found that deleting the "plugin_cache" file from FUDforum's cache directory fixed the problem.

Hope this helps.
Aw: LDAP Plugin Enhancements (Updated!) [message #168747 is a reply to message #166921] Fri, 12 July 2013 16:13 Go to previous message
captain picard is currently offline  captain picard   Austria
Messages: 15
Registered: March 2013
Karma: 0
Junior Member
hi,

thanks for the plugin!

i've added a tweak to get out a nice ALIAS (it's easier to find users in this environment when username and real-name is displayed in usergroup-lists - REQUIRES 'use aliases'-setting in general settings), from our ugly AD-Names like "SURENAME Gname" automatically:

on adding the user:

//not sure about the 1st line but i changed it in case of weird chars given at the ldap-server
$uent->login = _esc($login);
$uent->name = ucwords(strtolower($info[0]['cn'][0]));
$uent->alias = _esc($login)." (".ucwords(strtolower($info[0]['cn'][0])).")";


and on syncing the following: - ALIAS = username (Surename Gname)
    // Sync user details, if enabled

    if (!empty($ini['LDAP_EMAIL'])) {
      q('UPDATE '. $GLOBALS['DBHOST_TBL_PREFIX'] .'users SET email='. _esc($info[0][ $ini['LDAP_EMAIL'] ][0]) .' WHERE login='. _esc($login));
    }
    
     //wl: 20130706 David Kikl - Names + Alias style: "netxxx (Surename Gname)"
    if (!empty($ini['LDAP_NAME'])) {
      q('UPDATE '. $GLOBALS['DBHOST_TBL_PREFIX'] .'users SET name='. _esc(ucwords(strtolower($info[0][$ini['LDAP_NAME']][0]))) .' WHERE login='. _esc($login));
    }
    if (!empty($ini['LDAP_ALIAS'])) {
      q('UPDATE '. $GLOBALS['DBHOST_TBL_PREFIX'] .'users SET alias='. _esc($login." (".ucwords(strtolower($info[0][$ini['LDAP_NAME']][0])).")").' WHERE login='. _esc($login));
      
      #dbg('REFRESH_ALIAS: UPDATE '. $GLOBALS['DBHOST_TBL_PREFIX'] .'users SET alias='. _esc($login." (".ucwords(strtolower($info[0][$ini['LDAP_NAME']][0])).")").' WHERE login='. _esc($login));
    }//else dbg("REFRESH_ALIAS: empty ALIAS?");


for the editing mask below i just mentioned the code i've inserted:
<p>HARDCODED LDAP Attributes for forum user alias:<br />
<b>username (Surename Gname)</b> (<- SURENAME GnAmE / surename GNAME / ect.)<br />
(wl/dk alias)</p>

<p>HARDCODED LDAP Attributes for forum user real name:<br />
<b>Surename Gname</b> (<- SURENAME GnAmE / surename GNAME / ect.)<br />
(wl/dk alias)</p>


i tried to get aroud some debugging troubles for using the fud-forum default debugging-functionality see post http://fudforum.org/forum/index.php?t=msg&goto=168746&#msg_168746

cheers david

[Updated on: Fri, 12 July 2013 16:16]

Report message to a moderator

  Switch to threaded view of this topic Create a new topic Submit Reply
Previous Topic: fudforum debugging output >>File
Next Topic: Adding References: header to mailing list emails
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sat Nov 23 10:03:28 GMT 2024

Total time taken to generate the page: 0.02507 seconds