Comments on: LDAP Enabling The Eventum Defect Tracking System http://www.bieberlabs.com/archives/2007/10/20/ldap-enabling-the-eventum-defect-tracking-system/ Looking for the practical in a world full of cruft Mon, 13 Oct 2008 11:51:46 +0000 http://wordpress.org/?v=2.6.2 By: R.H. Hartman http://www.bieberlabs.com/archives/2007/10/20/ldap-enabling-the-eventum-defect-tracking-system/#comment-43349 R.H. Hartman Mon, 29 Sep 2008 06:40:42 +0000 http://www.bieberlabs.com/wordpress/archives/2007/10/20/ldap-enabling-the-eventum-defect-tracking-system/#comment-43349 Thanks for this. Works like a charm. I took the liberty of making a few mods: 1) Instead of replacing the function isCorrectPassword I just replaced the existing authentication-failed return: if ($passwd != Auth::hashPassword($password)) { return false; } else { return true; } by your module call: if ($passwd != Auth::hashPassword($password)) { return(LDAPAuthenticator::ldap_authenticate($email, $password)); } else { return true; } so it now attempts local authentication before LDAP. I also modified the LDAPAuthenticator by taking out the BIND_DN and BIND_PASSWORD bits, as my LDAP server allows anonymous lookup of the user's dn (OpenLDAP on RHEL5/Centos5). I suspect this will be valid for most implementations. And I found I do not need the LDAP_PORT setting: ldap:// will use port 389, ldaps:// will use port 636. Tip: When using multiple, synchronized LDAP servers, you can specify those in the LDAP_HOST parameter like: define("LDAP_HOST", 'ldaps://ldapserver1.example.com,ldaps://ldapserver2.example.com'); If ldapserver1 is down, automatic failover to ldapserver2 will occur (use 'bind_policy soft' in ldap.conf). Thanks for this. Works like a charm.
I took the liberty of making a few mods:
1) Instead of replacing the function isCorrectPassword I just replaced the existing authentication-failed return:

if ($passwd != Auth::hashPassword($password)) {
return false;
} else {
return true;
}

by your module call:

if ($passwd != Auth::hashPassword($password)) {
return(LDAPAuthenticator::ldap_authenticate($email, $password));
} else {
return true;
}

so it now attempts local authentication before LDAP.

I also modified the LDAPAuthenticator by taking out the BIND_DN and BIND_PASSWORD bits, as my LDAP server allows anonymous lookup of the user’s dn (OpenLDAP on RHEL5/Centos5). I suspect this will be valid for most implementations. And I found I do not need the LDAP_PORT setting: ldap:// will use port 389, ldaps:// will use port 636.

Tip: When using multiple, synchronized LDAP servers, you can specify those in the LDAP_HOST parameter like:

define(”LDAP_HOST”, ‘ldaps://ldapserver1.example.com,ldaps://ldapserver2.example.com’);

If ldapserver1 is down, automatic failover to ldapserver2 will occur (use ‘bind_policy soft’ in ldap.conf).

]]> By: Jose Ernesto Suarez http://www.bieberlabs.com/archives/2007/10/20/ldap-enabling-the-eventum-defect-tracking-system/#comment-43330 Jose Ernesto Suarez Fri, 12 Sep 2008 16:24:05 +0000 http://www.bieberlabs.com/wordpress/archives/2007/10/20/ldap-enabling-the-eventum-defect-tracking-system/#comment-43330 Hi! I try to use your piece of code with some headaches.. now, I run this with two modifications: LDAP_BIND_DN wiritten in Netbios form "DOMAIN\Administrator" setting option ldap_set_option($server, LDAP_OPT_REFERRALS, 0); in order to search from the root DN (usually, in small domains one user is searched in the entire domain) I´m thinking the manner to add "automagically" the users in the database... if finally i do that, don´t worry , I´ll send you the mods. Thanks for all! Hi!

I try to use your piece of code with some headaches.. now, I run this with two modifications:
LDAP_BIND_DN wiritten in Netbios form “DOMAIN\Administrator”

setting option ldap_set_option($server, LDAP_OPT_REFERRALS, 0);
in order to search from the root DN (usually, in small domains one user is searched in the entire domain)

I´m thinking the manner to add “automagically” the users in the database… if finally i do that, don´t worry , I´ll send you the mods.

Thanks for all!

]]> By: Ron Bieber http://www.bieberlabs.com/archives/2007/10/20/ldap-enabling-the-eventum-defect-tracking-system/#comment-43214 Ron Bieber Tue, 24 Jun 2008 13:03:13 +0000 http://www.bieberlabs.com/wordpress/archives/2007/10/20/ldap-enabling-the-eventum-defect-tracking-system/#comment-43214 Raghu, Yep, you got me. Thanks for pointing this out. I have corrected it in both the post and the tarball. Glad you found it useful. Raghu,

Yep, you got me. Thanks for pointing this out. I have corrected it in both the post and the tarball.

Glad you found it useful.

]]> By: Raghu Prasad http://www.bieberlabs.com/archives/2007/10/20/ldap-enabling-the-eventum-defect-tracking-system/#comment-43213 Raghu Prasad Tue, 24 Jun 2008 12:48:42 +0000 http://www.bieberlabs.com/wordpress/archives/2007/10/20/ldap-enabling-the-eventum-defect-tracking-system/#comment-43213 The content of line 60 in class.LDAPAuthenticator.php is shown to be "return($returnDN);". It should be replaced with "return($returnValue);" as variable $returnDN doesn't exist in function or global scope at that point. Seems to be a problem caused by cut/paste of code :) Thanks for this hack. It was a useful one indeed. The content of line 60 in class.LDAPAuthenticator.php is shown to be “return($returnDN);”. It should be replaced with “return($returnValue);” as variable $returnDN doesn’t exist in function or global scope at that point. Seems to be a problem caused by cut/paste of code :)

Thanks for this hack. It was a useful one indeed.

]]> By: ben http://www.bieberlabs.com/archives/2007/10/20/ldap-enabling-the-eventum-defect-tracking-system/#comment-42926 ben Thu, 03 Apr 2008 21:39:00 +0000 http://www.bieberlabs.com/wordpress/archives/2007/10/20/ldap-enabling-the-eventum-defect-tracking-system/#comment-42926 I also glad for the trabajo that tu did aqui. Yo espero (hope)that Yo can use it in mi Eventum. I also glad for the trabajo that tu did aqui. Yo espero (hope)that Yo can use it in mi Eventum.

]]> By: Ron Bieber http://www.bieberlabs.com/archives/2007/10/20/ldap-enabling-the-eventum-defect-tracking-system/#comment-40030 Ron Bieber Mon, 12 Nov 2007 13:42:12 +0000 http://www.bieberlabs.com/wordpress/archives/2007/10/20/ldap-enabling-the-eventum-defect-tracking-system/#comment-40030 No hay problema. Glad I podría ayudar. (Cortesía de Google Translate) No hay problema. Glad I podría ayudar.

(Cortesía de Google Translate)

]]> By: Nicolas Bohorquez http://www.bieberlabs.com/archives/2007/10/20/ldap-enabling-the-eventum-defect-tracking-system/#comment-40027 Nicolas Bohorquez Mon, 12 Nov 2007 05:36:22 +0000 http://www.bieberlabs.com/wordpress/archives/2007/10/20/ldap-enabling-the-eventum-defect-tracking-system/#comment-40027 Muchisimas gracias, es justo lo que estaba buscando. Saludos desde Colombia Muchisimas gracias,
es justo lo que estaba buscando.
Saludos desde Colombia

]]>