Feature Request - LDAP login
-
Can we add mapping accounts to LDAP/AD/eDir for single sign-on support to the feature request list?
-
Sure, shoot me the code
-
[url]http://adldap.sourceforge.net/[/url]
and then something like that:
[PHP]<?php
session_start ();
require_once(‘ldap/src/adLDAP.php’);try {
$adldap = new adLDAP();
}
catch (adLDAPException $e) {
echo $e;
exit();
}$loginUsername = $_REQUEST[‘loginUsername’];
$loginPassword = $_REQUEST[‘loginPassword’];
$loginUsername = strtolower($loginUsername);if ($adldap->authenticate($loginUsername, $loginPassword)){
$result = $adldap->user()->inGroup($loginUsername,“XXXXXXXXX”);
if($result){
$info = $adldap->user()->info($loginUsername);
//var_dump($info);
$sql = sprintf(“SELECT u.id, u.username, u.name, u.firstname FROM user u WHERE (lower(u.username) like ‘%s’)”,$loginUsername);
$result = mysqli_query ($GLOBALS[“db”],$sql);
$data = mysqli_fetch_array ($result);
if (mysqli_num_rows ($result) > 0 and $data[‘status’]<>“0”)
{
$_SESSION[“user_id”] = $data[“id”];
$_SESSION[“user_nickname”] = $data[“username”];
$_SESSION[“user_nachname”] = $data[“name”];
$_SESSION[“user_vorname”] = $data[“firstname”];
echo “{success: true}”;
}else
{
echo “{success: false, errors: { reason: ‘Login fehlgeschlagen. Bitte erneut versuchen.’ }}”;
}
}else{
echo “{success: false, errors: { reason: ‘Login fehlgeschlagen. Bitte erneut versuchen.’ }}”;
}
}else{echo "{success: false, errors: { reason: 'Login fehlgeschlagen. Bitte erneut versuchen.' }}";
}
?> [/PHP] -
Thanks marvin. I’ve used adldap in the past and it works well.
Implementing the code in to FOG is the hard part. After 0.33, the code will be in a more maintainable state and it will be much easier to implement various authentication schemes.
I also want to create a “Active Directory Explorer” that allows you to look through your OU’s by tree structure
-
yes thats a good idea to import all computers from the ad
-
That is not exactly what i meant, more for AD OU placement options.
AD doesnt have enough information for FOG to use… things as simple as MAC Address are not held in AD.
-
Ah, but SCCM does but that’s a whole other discussion right there.
-
[quote=“Kevin, post: 869, member: 3”]Ah, but SCCM does but that’s a whole other discussion right there.[/quote]
AFAIK, SCCM does not have LDAP access and there is no easy way to connect to it’s database and pull information - please prove me wrong
-
In my opinion there is no need for LDAP-Authentication in FOG itself. Apache does authentication really fine
I’ve quickly written a patch for svn trunk. Any comments? What should be improved to get this into trunk?
btw: we have all computers and groups in LDAP (with GOSA) and made every edit-option for hosts/groups in FOG readonly… A script transfers all the data from LDAP to mysql…
[url=“/_imported_xf_attachments/0/48_remoteuser-patch.txt?:”]remoteuser-patch.txt[/url]
-
[quote=“Jtb, post: 1649, member: 582”]In my opinion there is no need for LDAP-Authentication in FOG itself. Apache does authentication really fine
I’ve quickly written a patch for svn trunk. Any comments? What should be improved to get this into trunk?
btw: we have all computers and groups in LDAP (with GOSA) and made every edit-option for hosts/groups in FOG readonly… A script transfers all the data from LDAP to mysql…[/quote]
Could you give a little more indepth information on how to implement your patch? -
[quote=“Walter Wahlstedt, post: 5448, member: 1441”]Could you give a little more indepth information on how to implement your patch?[/quote]
First you need some kind of http authentication with apache. After that everbody who logs in over apache needs a user in Fog with his username and the static password FogREMOTEUSER.