Using ActiveDirectory to identify the users
Last edited by AndreasHeintze:
Modified links pointing to docs server
Mon, 28 Jan 2008 00:13 UTC [diff]
Modified links pointing to docs server
Mon, 28 Jan 2008 00:13 UTC [diff]
A solution
Using wikka as an Intranet knowledge management system, I don't want my user to signin in wikka because they already are known since they signed when booting their computer. However, we want to secure some pages through ACLs and we want to keep track of the modifications...So here is a quick and dirty solution that works but still as a prototype and it is only checking the computer name for now.
Prerequisites
You must allow php_ldapThe code
1) Add a new field in the users database:
ALTER TABLE `wikka_users` ADD `alias` VARCHAR(75) NOT NULL
1) Add the following code in wikka.config.php
"user_identification" => "active_directory",
- how about an entry like "user_identification" with the values "wikka" and "active_directory"? Would make it easier to add other systems --NilsLindenberg
- I agree - LDAP would be another option to add (some time) --JavaWoman
- Truly true - and it is done, good idea --ChristianBarthelemy
1) in wikka.php, just after:
Shouldn't it be Wakka.class.php now??? /AndreasHeintze
// THE BIG EVIL NASTY ONE!
function Run($tag, $method = "")
{
// do our stuff!
if (!$this->method = trim($method)) $this->method = "show";
if (!$this->tag = trim($tag)) $this->Redirect($this->Href("", $this->config["root_page"]));
function Run($tag, $method = "")
{
// do our stuff!
if (!$this->method = trim($method)) $this->method = "show";
if (!$this->tag = trim($tag)) $this->Redirect($this->Href("", $this->config["root_page"]));
Add the following code:
// Check if active_directory is on and Active Directory user known
if (($this->config["user_identification"]=="active_directory") && (!$this->GetUser()))
{
$idAD = $this->GetUserName();
$sql = "SELECT name"
. " FROM ".$this->config["table_prefix"]."users"
. " WHERE alias = '"
. mysql_real_escape_string($idAD)
. "' limit 1";
$hisname = $this->LoadSingle($sql);
if ($hisname) {
$this->SetUser($this->LoadUser($hisname["name"]));
}
}
if (($this->config["user_identification"]=="active_directory") && (!$this->GetUser()))
{
$idAD = $this->GetUserName();
$sql = "SELECT name"
. " FROM ".$this->config["table_prefix"]."users"
. " WHERE alias = '"
. mysql_real_escape_string($idAD)
. "' limit 1";
$hisname = $this->LoadSingle($sql);
if ($hisname) {
$this->SetUser($this->LoadUser($hisname["name"]));
}
}
- Christian, I changed
-
if (($this->config["user_identification"]="active_directory") && (!$this->GetUser()))to
-
if (($this->config["user_identification"]=="active_directory") && (!$this->GetUser()))
- I found that in my intranet environment I needed to modify the function GetUserName() in wikka.php to use the AUTH_USER server variable:
-
function GetUserName() {
if ($user = $this->GetUser())
$name = $user["name"];
// start of new code
else if (!$name = $_SERVER["AUTH_USER"])
$name = $_SERVER["AUTH_USER"];
//end of new code
else if (!$name = gethostbyaddr($_SERVER["REMOTE_ADDR"]))
$name = $_SERVER["REMOTE_ADDR"];
return $name;
}
How to use it?
The current system of registration will still work for the users out of the ActiveDirectory with no alias in the users database . The capabilities can be set off by putting "user_identification" => "wikka" (default value) in the wikka.config.php.First, the users have to be somehow created (I would expect this do be done through a batch import of an ActiveDirectory). To test it quickly, simply fill the alias field with your computer name alias and its done. You will not have to sign again and the system will recognise your machine.
To Do
Deliver a way to feed the users database with an export from an ActiveDirectory (it is easy).Identify the ActiveDirectory ID of the user (not only the computer).
CategoryUserContributions
I would like to restrict (http-) access to my Wikka-site by integrating tttp-auth with the wikka_user credentials.
Thanks for your comment,
- Mark