Feature Request - LDAP login



  • Can we add mapping accounts to LDAP/AD/eDir for single sign-on support to the feature request list?



  • [quote=“Walter Wahlstedt, post: 5448, member: 1441”]Could you give a little more indepth information on how to implement your patch?[/quote]

    First you need some kind of http authentication with apache. After that everbody who logs in over apache needs a user in Fog with his username and the static password FogREMOTEUSER.



  • [quote=“Jtb, post: 1649, member: 582”]In my opinion there is no need for LDAP-Authentication in FOG itself. Apache does authentication really fine ;)

    I’ve quickly written a patch for svn trunk. Any comments? What should be improved to get this into trunk?

    btw: we have all computers and groups in LDAP (with GOSA) and made every edit-option for hosts/groups in FOG readonly… A script transfers all the data from LDAP to mysql…[/quote]
    Could you give a little more indepth information on how to implement your patch?



  • In my opinion there is no need for LDAP-Authentication in FOG itself. Apache does authentication really fine ;)

    I’ve quickly written a patch for svn trunk. Any comments? What should be improved to get this into trunk?

    btw: we have all computers and groups in LDAP (with GOSA) and made every edit-option for hosts/groups in FOG readonly… A script transfers all the data from LDAP to mysql…

    [url="/_imported_xf_attachments/0/48_remoteuser-patch.txt?:"]remoteuser-patch.txt[/url]


  • Developer

    [quote=“Kevin, post: 869, member: 3”]Ah, but SCCM does :) but that’s a whole other discussion right there.[/quote]

    AFAIK, SCCM does not have LDAP access and there is no easy way to connect to it’s database and pull information - please prove me wrong :D


  • group:cid:13:privileges:mods:members

    Ah, but SCCM does :) but that’s a whole other discussion right there.


  • Developer

    That is not exactly what i meant, more for AD OU placement options.

    AD doesnt have enough information for FOG to use… things as simple as MAC Address are not held in AD.



  • yes thats a good idea to import all computers from the ad :)


  • Developer

    Thanks marvin. I’ve used adldap in the past and it works well.

    Implementing the code in to FOG is the hard part. After 0.33, the code will be in a more maintainable state and it will be much easier to implement various authentication schemes.

    I also want to create a “Active Directory Explorer” that allows you to look through your OU’s by tree structure



  • [url]http://adldap.sourceforge.net/[/url]

    and then something like that:

    [PHP]<?php
    session_start ();
    require_once(‘ldap/src/adLDAP.php’);

    try {
    $adldap = new adLDAP();
    }
    catch (adLDAPException $e) {
    echo $e;
    exit();
    }

    $loginUsername = $_REQUEST[‘loginUsername’];
    $loginPassword = $_REQUEST[‘loginPassword’];
    $loginUsername = strtolower($loginUsername);

    if ($adldap->authenticate($loginUsername, $loginPassword)){
    $result = $adldap->user()->inGroup($loginUsername,“XXXXXXXXX”);
    if($result){
    $info = $adldap->user()->info($loginUsername);
    //var_dump($info);
    $sql = sprintf(“SELECT u.id, u.username, u.name, u.firstname FROM user u WHERE (lower(u.username) like ‘%s’)”,$loginUsername);
    $result = mysqli_query ($GLOBALS[“db”],$sql);
    $data = mysqli_fetch_array ($result);
    if (mysqli_num_rows ($result) > 0 and $data[‘status’]<>“0”)
    {
    $_SESSION[“user_id”] = $data[“id”];
    $_SESSION[“user_nickname”] = $data[“username”];
    $_SESSION[“user_nachname”] = $data[“name”];
    $_SESSION[“user_vorname”] = $data[“firstname”];
    echo “{success: true}”;
    }else
    {
    echo “{success: false, errors: { reason: ‘Login fehlgeschlagen. Bitte erneut versuchen.’ }}”;
    }
    }else{
    echo “{success: false, errors: { reason: ‘Login fehlgeschlagen. Bitte erneut versuchen.’ }}”;
    }
    }else{

    echo "{success: false, errors: { reason: 'Login fehlgeschlagen. Bitte erneut versuchen.' }}";
    

    }
    ?> [/PHP]


  • Developer

    Sure, shoot me the code ;)


Log in to reply
 

445
Online

39.3k
Users

11.0k
Topics

104.5k
Posts

Looks like your connection to FOG Project was lost, please wait while we try to reconnect.