[Xerte] login_library.php Script Modifications Regarding LDAP
Vince Byfield
vince.byfield at gmail.com
Tue Mar 31 19:59:58 BST 2009
The 'xerte_author' account is temporary for development. Using dsa.msc to
access the Active Directory on the Windows 2008 Server I find the first and
last name fields populated ('Xerte' and 'Author' respectively). Upon
deployment we will have multiple users, ideally within multiple user groups,
maintained within Active Directory.
Presently we have several clients, each with multiple users, some of which
will be authorized to author content. These users are currently maintained
in a customized MSSQL database (i.e. not Active Directory). Originally I was
planning to bypass LDAP and auto-login to Xerte Toolkits via customized
MSSQL queries within a modified login_library.php. Then I ran into what
appeared to be additional LDAP queries coming from other script files and
that, combined with your comment about MSSQL and LDAP not being alternatives
and the additional benefits I've since read about since on LDAP encryption I
thought it best to stay within LDAP.
What do you think, Pat?
On Tue, Mar 31, 2009 at 11:18 AM, Patrick Lockley <
Patrick.Lockley at nottingham.ac.uk> wrote:
> When I used to do systems admin on a 2k server i used a tool called
> Active Directory to manage the active directory? You installed it from
> something call admin pack and it didn't need to be ran from the server (just
> from an account with suitable management rights on that part of the tree /
> forest).
>
> The only issue would be that the $entry array is what sets the firstname
> and surname attributes when a user is created - check you logindetails table
> in the database, I would assume there are two blank name fields?
>
> Could I ask why you are authenticating in this way - because you'll need to
> disable a few things as well because they only really work when there are
> multiple users - peer review, project sharing are two for examples.
>
> ------------------------------
> *From:* xerte-bounces at lists.nottingham.ac.uk on behalf of Vince Byfield
> *Sent:* Tue 31/03/2009 18:23
> *To:* Xerte discussion list
> *Subject:* [Xerte] login_library.php Script Modifications Regarding LDAP
>
> Thank you Julian and Patrick for your comments and advice.
>
> I've decided to follow Patrick's suggestion to work within LDAP and have
> created a dedicated user within the Windows active directory which only
> edits content ('xerte_author') -- this Windows user account is used for
> nothing else and has never been logged in or signed in to any system other
> that via Xerte/LDAP. (I will have to find some LDAP administration software
> that will allow me to manage LDAP/Active Directory users and groups in
> conjunction with a customized Microsoft ASP/MSSQL user database--your
> suggestions for the most appropriate software to accomplish this would be
> appreciated).
>
> Meanwhile, I was able to get the LDAP authentication working after
> commenting out the following section of code within login_library.php:
>
> // ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
> Setting this particular option generates an error response of 1 which
> according the MSDN/LDAP reference is LDAP_OPERATIONS_ERROR. Interestingly,
> if I replace the line with ldap_get_option I see that the
> LDAP_OPT_PROTOCOL_VERSION is already set to 3 so I commented the line out.
>
> and later on :
>
> //$entry = ldap_get_entries($ds, $sr);
> //if(! $entry or ! $entry[0]) {
> // receive_message($username, "USER", "CRITICAL", "Login failed for " .
> $username, "Login failed for " . $username);
> //return false;
> //}else {
> {
>
> $entry is presently returning an array of 0 elements.
>
> Once these two sections of code are commented out I am able to log in,
> create and edit templates with ease. Do you foresee any difficulties with
> keeping these customizations?
>
> Thanks :-)
>
> Vince.
>
>
> On Sat, Mar 28, 2009 at 12:02 PM, Patrick Lockley <
> Patrick.Lockley at nottingham.ac.uk> wrote:
>>
>>
>> I don't see ms sql and LDAP as alternatives to each other - but if you
>> wish to use another form of authentication then you would need to modify the
>> code in the login_library.php functions. It would be a matter of writing a
>> select query on the password and username variables, and then seeing what it
>> returns.
>>
>> Pat
>>
>
> _______________________________________________
> Xerte mailing list
> Xerte at lists.nottingham.ac.uk
> http://lists.nottingham.ac.uk/mailman/listinfo/xerte
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.nottingham.ac.uk/pipermail/xerte/attachments/20090331/e94adfc0/attachment.html
More information about the Xerte
mailing list