developer.jelix.org is not used any more and exists only for history. Post new tickets on the Github account.
developer.jelix.org n'est plus utilisée, et existe uniquement pour son historique. Postez les nouveaux tickets sur le compte github.

Opened 10 years ago

Closed 10 years ago

Last modified 10 years ago

#1145 closed enhancement (fixed)

Specify UID attribute in LDAP auth driver

Reported by: fatbeard Owned by:
Priority: normal Milestone: Jelix 1.2RC1
Component: jelix:plugins:auth Version: 1.2b1
Severity: minor Keywords: ldap auth driver
Cc: Blocked By:
Blocking: Documentation needed: no
Hosting Provider: Php version:

Description

I beg to differ concerning the CN attribute discussion in #787... WSAD is ONE implementation of LDAP protocol that uses CN as the user identifier, but RFC4514 specifies that LDAP servers are required to recognize CN and UID attributes in RDN's, but that they may also recognize other attributes as such.

Hence the need to refactor all "cn=" strings into a property that can be overloaded in config files. Some organizations, including the one I actually work for, use uid instead of cn for example, and I'm pretty (but not absolutely) sure that implementations like OpenLDAP allow you to define what attribute to use for unique user identification.

Attached is a patch to take the specs into account in the driver.

  • Refactors ldap_connect and ldap_set_option in _getLinkId()
  • Refactors construction of user RDN in _buildUserDn($login)
  • Allows to specify uidProperty='attributeName' in config files, but falls back to using cn if uidProperty not provided in configuration.

PS. Sorry for not creating a new ticket "

Attachments (3)

ldap.auth.diff (8.6 KB) - added by fatbeard 10 years ago.
ldap.auth.2.diff (6.6 KB) - added by fatbeard 10 years ago.
ldap.auth.3.diff (6.6 KB) - added by fatbeard 10 years ago.
Fixes missing parenthesis

Download all attachments as: .zip

Change History (11)

Changed 10 years ago by fatbeard

comment:1 Changed 10 years ago by fatbeard

Additionnal refactoring could be done to also allow to specify LDAP Protocol version... even though v2 is officially deprecated, there may be some servers out there still using it... What do you think ?

comment:2 Changed 10 years ago by fatbeard

  • Component changed from jelix to jelix:plugins:auth
  • Severity changed from normal to minor
  • Type changed from bug to enhancement

comment:3 Changed 10 years ago by fatbeard

  • Version changed from 1.1.6 to 1.2b1

comment:4 Changed 10 years ago by laurentj

  • Milestone set to Jelix 1.2

Although I don't know anything about LDAP, changes seem ok for me. However, you should fix one thing: _buildUserDn should return a value in all case.

(you should also update the lib/jelix/CREDITS file and the header of modified files)

comment:5 Changed 10 years ago by fatbeard

Ok, new patch :)

  • Fixes missing return value for _buildUserDn
  • Allows to specify protocol version in config with 'protocolVersion=%version%'
  • Refactored parameter checks in constructor with foreach loop

As soon as I have enough time to reinstall an OpenLDAP on my dev station, I will test it thoroughly... but it probably won't be until end of this week.

Changed 10 years ago by fatbeard

Changed 10 years ago by fatbeard

Fixes missing parenthesis

comment:6 Changed 10 years ago by fatbeard

Ooops... Sorry, but the patches provided were not created with the svn version ! Will fix that tonight.

comment:7 Changed 10 years ago by laurentj

  • Documentation needed set
  • Resolution set to fixed
  • review set to review+
  • Status changed from new to closed

patch landed. thank you. http://bitbucket.org/jelix/jelix-trunk/changeset/94e8ec87167e

The next time, please provide a patch with hg diff.

Note: See TracTickets for help on using tickets.