Feature Request - LDAP login

Blackout · Dec 26, 2011, 9:57 AM

Sure, shoot me the code

q16marvin · Jan 3, 2012, 2:05 PM

[url]http://adldap.sourceforge.net/[/url]

and then something like that:

[PHP]<?php
session_start ();
require_once(‘ldap/src/adLDAP.php’);

try {
$adldap = new adLDAP();
}
catch (adLDAPException $e) {
echo $e;
exit();
}

$loginUsername = $_REQUEST[‘loginUsername’];
$loginPassword = $_REQUEST[‘loginPassword’];
$loginUsername = strtolower($loginUsername);

if ($adldap->authenticate($loginUsername, $loginPassword)){
$result = $adldap->user()->inGroup($loginUsername,“XXXXXXXXX”);
if($result){
$info = $adldap->user()->info($loginUsername);
//var_dump($info);
$sql = sprintf(“SELECT u.id, u.username, u.name, u.firstname FROM user u WHERE (lower(u.username) like ‘%s’)”,$loginUsername);
$result = mysqli_query ($GLOBALS[“db”],$sql);
$data = mysqli_fetch_array ($result);
if (mysqli_num_rows ($result) > 0 and $data[‘status’]<>“0”)
{
$_SESSION[“user_id”] = $data[“id”];
$_SESSION[“user_nickname”] = $data[“username”];
$_SESSION[“user_nachname”] = $data[“name”];
$_SESSION[“user_vorname”] = $data[“firstname”];
echo “{success: true}”;
}else
{
echo “{success: false, errors: { reason: ‘Login fehlgeschlagen. Bitte erneut versuchen.’ }}”;
}
}else{
echo “{success: false, errors: { reason: ‘Login fehlgeschlagen. Bitte erneut versuchen.’ }}”;
}
}else{

echo "{success: false, errors: { reason: 'Login fehlgeschlagen. Bitte erneut versuchen.' }}";

}
?> [/PHP]

Blackout · Jan 4, 2012, 3:52 AM

Thanks marvin. I’ve used adldap in the past and it works well.

Implementing the code in to FOG is the hard part. After 0.33, the code will be in a more maintainable state and it will be much easier to implement various authentication schemes.

I also want to create a “Active Directory Explorer” that allows you to look through your OU’s by tree structure

q16marvin · Jan 4, 2012, 7:45 AM

yes thats a good idea to import all computers from the ad

Blackout · Jan 5, 2012, 1:02 AM

That is not exactly what i meant, more for AD OU placement options.

AD doesnt have enough information for FOG to use… things as simple as MAC Address are not held in AD.

Kevin · Jan 29, 2012, 6:00 PM

Ah, but SCCM does but that’s a whole other discussion right there.

Blackout · Jan 30, 2012, 11:31 PM

[quote=“Kevin, post: 869, member: 3”]Ah, but SCCM does but that’s a whole other discussion right there.[/quote]

AFAIK, SCCM does not have LDAP access and there is no easy way to connect to it’s database and pull information - please prove me wrong

Jtb · Feb 26, 2012, 10:39 AM

In my opinion there is no need for LDAP-Authentication in FOG itself. Apache does authentication really fine

I’ve quickly written a patch for svn trunk. Any comments? What should be improved to get this into trunk?

btw: we have all computers and groups in LDAP (with GOSA) and made every edit-option for hosts/groups in FOG readonly… A script transfers all the data from LDAP to mysql…

[url=“/_imported_xf_attachments/0/48_remoteuser-patch.txt?:”]remoteuser-patch.txt[/url]

Walter Wahlstedt · Aug 5, 2012, 3:06 AM

[quote=“Jtb, post: 1649, member: 582”]In my opinion there is no need for LDAP-Authentication in FOG itself. Apache does authentication really fine

I’ve quickly written a patch for svn trunk. Any comments? What should be improved to get this into trunk?

btw: we have all computers and groups in LDAP (with GOSA) and made every edit-option for hosts/groups in FOG readonly… A script transfers all the data from LDAP to mysql…[/quote]
Could you give a little more indepth information on how to implement your patch?

Jtb · Aug 5, 2012, 7:10 AM

[quote=“Walter Wahlstedt, post: 5448, member: 1441”]Could you give a little more indepth information on how to implement your patch?[/quote]

First you need some kind of http authentication with apache. After that everbody who logs in over apache needs a user in Fog with his username and the static password FogREMOTEUSER.

231

12.0k

17.3k

155.2k