Multiple LDAP Authentication Sources

Request and discuss new features you would like to have.
Post Reply
User avatar
pricosoft
Posts: 1
Joined: 13 May 2016 15:37
Location: Germany
Contact:

Multiple LDAP Authentication Sources

Post by pricosoft » 13 May 2016 15:57

Hi,

as we're using the feature "Linked Mailbox" from MS Exchange we have the need to check the user across two LDAP forests.
Cause of this I've now modified some php files to realize this.

Maybe you want to include these changes in the public release.

Changes:

- Conf.php

Code: Select all

// LDAP settings
define('USE_LDAP',         true);
define('LDAP_SSL',         false); // set to true if using LDAP with SSL encryption
define('LDAP_PORT',        '389');
define('LDAP_DN',          'OU=Users,DC=Domain1,DC=local;OU=Users,DC=Domain2,DC=local');
define('LDAP_USER',        'LDAP UserName');
define('LDAP_PASS',        'LDAP UserPassword');
//define('LDAP_HOST',        'ldap.server.local');
//define('LDAP_SITE',        'default-site-name');
// can be set to 'proxyaddresses' or 'mail'. Please refer to your LDAP system manual for the right keyword
define('LDAP_EMAIL_FIELD', 'mail');
// Microsoft Active Directory compatibility support for searches from Domain Base DN
define('LDAP_MS_AD_COMPATIBILITY', true);
As you see I've commented some entries because I did not find any use in the functions.php.
LDAP_HOST is no longer requires as it uses the LDAP_DN to get correct LDAP-Server name. In Windows the domain name can be used to get (any) domain controller.

- functions.php

Code: Select all

function ldap_authenticate($user, $password, $ldapDN = NULL)
{
    $ldapDN = is_null($ldapDN) ? LDAP_DN : $ldapDN;
    $ldapDNArray = explode(';', $ldapDN);
    if (count($ldapDNArray) > 1){
      foreach ($ldapDNArray as $ldapDNItem){        
        if (!$ldapDNItem || $ldapDNItem == '') continue;
        try{
          $retVal = ldap_authenticate($user, $password, $ldapDNItem);
          if ($retVal) return $retVal;
        } catch (Exception $e) { /* ignore exceptions here */ };
      }
      return null;
    }
    
    $ldapServer = strtolower($ldapDN); 
    $temp = strpos($ldapServer, 'dc=');
    $ldapServer = substr($ldapServer, $temp);
    $ldapServer = str_replace('dc=', '.', $ldapServer);    
    $ldapServer = str_replace(',', '', $ldapServer);
    if ($ldapServer[0] == '.') $ldapServer = substr($ldapServer, 1);
    /* ... */
As you can maybe see all LDAP servers are contacted to verify the requesting user login.
At the first successfull login the function terminates and the script can continue. If no ldap server can authenticate the user the default authentication will continue.
With this kind of modification your're able to use multiple but also just one LDAP server for authentication.

So I think it's a nice feature and so maybe you want to include this in your public release.

Many thanks!
Attachments
functions.zip
(24.59 KiB) Downloaded 101 times

User avatar
shawniverson
Posts: 2803
Joined: 13 Jan 2014 23:30
Location: Rushville, Indiana, USA
Contact:

Re: Multiple LDAP Authentication Sources

Post by shawniverson » 14 May 2016 15:44

Version eFa 4.0.0 RC3 now available in testing repo. Come join us in advancing eFa!

dbrunt
Posts: 64
Joined: 28 Nov 2015 00:09

Re: Multiple LDAP Authentication Sources

Post by dbrunt » 25 Oct 2016 02:12

Added to and working in 3.0.0.8
:thumbup:
Next up... 3.0.1.5

Post Reply