Ldap Authentication Mod

Started by psa, July 02, 2008, 05:53:13 AM

Previous topic - Next topic

jfederer

Is there a current version of this -- I have searched and search and cant' seem to find it.

ziycon

Still hasn't been approved due to nothing but my own fault and being busy with RL, I'll see if I can dig it up and get the wheels moving again.

ispanec

ziycon, is it possible to get a test version?

ziycon

Quote from: ispanec on March 04, 2015, 02:25:44 PM
ziycon, is it possible to get a test version?
I'm actually talking to another team member about getting this mod cleaned up and available as soon as possible, I'll post back once it's available.

I don't like giving out code until I know it works and has been checked.

tinoest

Hi,

As I couldn't find anything I made some minor modification to my copy of SMF and got LDAP working in my scenario. The code is attached. It's not got the level of checking I would put in if it was a Modification, but if there is enough interest. I'll look to tidy it up and make it available for that release.

I had to modify Themes/default/scripts/script.js and change the hashLoginPassword to the following;

function hashLoginPassword(doForm, cur_session_id)
{
  // Compatibility.
  if (cur_session_id == null)
    cur_session_id = smf_session_id;

  if (typeof(hex_sha1) == 'undefined')
    return;
  // Are they using an email address?
  if (doForm.user.value.indexOf('@') != -1)
    return;

  // Unless the browser is Opera, the password will not save properly.
  if (!('opera' in window))
    doForm.passwrd.autocomplete = 'off';

  doForm.hash_passwrd.value = hex_sha1(hex_sha1(doForm.user.value.php_to8bit().php_strtolower() + doForm.passwrd.value.php_to8bit()) + cur_session_id);

  // It looks nicer to fill it with asterisks, but Firefox will try to save that.
  //if (is_ff != -1)
  //  doForm.passwrd.value = '';
  //else
  //  doForm.passwrd.value = doForm.passwrd.value.replace(/./g, '*');
}



You also need to modify your Settings.php and add the following, applicable to your domain.

// LDAP Settings
$ldapSettings['host']   = 'ldap.host';
$ldapSettings['pass']   = 'ladp.password';
$ldapSettings['rdn']    = 'cn=admin,dc=domain,dc=lan';
$ldapSettings['dn']     = "dc=domain,dc=lan";


It will query the LDAP server for a login, if one is found it will check against the SMF database and if the user doesn't exist it will create the user. If the LDAP auth fails, it currently doesn't do anything it just checks the SMF database for the user, but I can modify it to fail at this point if required.

It doesn't handle a changing password on the LDAP side for those that have 30 day logins etc. Again if required it can be modified to do so.

I've tried to make the change/check as minimal as possible so a few features could be missing. It assumes you look up the user details and it matches there uid or login name.

hyrsky

Here is something I wrote for SMF 2.0.7 and used on a small hidden forum I manage. I have updated to SMF 2.0.11 through package manager and it is still working. Buggy as hell but if anyone is interested feel free to build on this. :)

**
Apparently I'm not allowed to post external links but /hyrsky/SMF-Ldap on github(dot)com

vbgamer45

Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

it9

How to use it? The instruction is incomprehensible there, is there a step by step? What do we have to do?

shadav

Quote from: it9 on July 29, 2021, 04:58:49 AM
How to use it? The instruction is incomprehensible there, is there a step by step? What do we have to do?
well first off, are you using smf 1.1 as that is what this mod was made to work with
and if you are then you really, really should upgrade as you are 43 versions behind. The current stable version is 2.0.18

although it seems hyrsky may have made it work with 2.0.11, which they wrote on their github how to install their updated version....

so which part are you having troubles with?

Advertisement: