Most recent edit on 2008-06-28 06:49:29 by DomBonj [1.1.6.5 compatibility]
Additions:
- Wikka 1.1.6.3 & 1.1.6.4 & 1.1.6.5
1. In actions/usersettings.php, go to line 82 [version 1.1.6.3 only] or 100 [versions 1.1.6.4 & 1.1.6.5 only] and replace the following code block:
2. Go to line 389 [version 1.1.6.3 only] or 417 [versions 1.1.6.4 & 1.1.6.5 only] and replace the following code block:
Deletions:
- Wikka 1.1.6.3 & 1.1.6.4
1. In actions/usersettings.php, go to line 82 [version 1.1.6.3 only] or 100 [version 1.1.6.4 only] and replace the following code block:
2. Go to line 389 [version 1.1.6.3 only] or 417 [version 1.1.6.4 only] and replace the following code block:
Edited on 2008-06-07 17:10:57 by DomBonj [1.1.6.4 compatibility]
Additions:
- Documentation: LDAPauthenticationInfo
- Wikka 1.1.6.3 & 1.1.6.4
- Add the two code blocks below to actions/usersettings.php
- Add the three lines below to wikka.config.php
- Make sure PHP is compiled with LDAP support∞
1. In actions/usersettings.php, go to line 82 [version 1.1.6.3 only] or 100 [version 1.1.6.4 only] and replace the following code block:
(php)
return strtolower($name);
$success = false;
if ($ldapconn = ldap_connect($LDAPserver))
put here any LDAP option you may want to set
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
if ($result = ldap_bind($ldapconn, sprintf($LDAPreq, LDAP_wikiname_to_login($login)), $pwd))
$success = true;
ldap_close($ldapconn);
return $success;
2. Go to line 389 [version 1.1.6.3 only] or 417 [version 1.1.6.4 only] and replace the following code block:
case (strlen($_POST['password']) ==
0):
$error = ERROR_EMPTY_PASSWORD;
$password_highlight = INPUT_ERROR_STYLE;
break;
case (md5($_POST['password']) !=
$existingUser['password']):
(php)
case (strlen($_POST['password'])
'ldap') && LDAP_auth($this->config['ldap_server'], $this->config['ldap_name'], $_POST['name'], $_POST['password'])):
authenticated by the LDAP directory
$this->SetUser($existingUser);
$this->Redirect($url, );
break;
case (md5($_POST['password']) != $existingUser['password']):
3. Add the following lines (with the appropriate values for the second and third lines) to wikka.config.php:
%%(php)
'user_identification' => 'ldap',
'ldap_server' => 'myldapserver',
'ldap_name' => '%s',
Deletions:
- Documentation: LDAPauthenticationInfo
- Wikka 1.1.6.3
- Add the two code blocks below to actions/usersettings.php
- Add the three lines below to wikka.config.php
- Make sure PHP is compiled with LDAP support∞
1. In actions/usersettings.php, go to line 82 and replace the following code block:
return strtolower($name);
$success =
false;
if ($ldapconn = ldap_connect
($LDAPserver))
{
// put here any LDAP option you may want to set
//ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
if ($result = ldap_bind
($ldapconn,
sprintf($LDAPreq, LDAP_wikiname_to_login
($login)),
$pwd))
{
$success =
true;
}
ldap_close
($ldapconn);
}
return $success;
2. Go to line
389 and replace the following code block:
(php)
case (strlen($_POST['password'])
0):
$error = ERROR_EMPTY_PASSWORD;
$password_highlight = INPUT_ERROR_STYLE;
break;
case (md5($_POST['password']) != $existingUser['password']):
(php)
case (strlen($_POST['password'])
0):
$error = ERROR_EMPTY_PASSWORD;
$password_highlight = INPUT_ERROR_STYLE;
break;
case (isset($this->config['user_identification']) && ($this->config['user_identification']
'ldap') && LDAP_auth($this->config['ldap_server'], $this->config['ldap_name'], $_POST['name'], $_POST['password'])):
authenticated by the LDAP directory
$this->Redirect($url, );
break;
case (md5($_POST['password']) != $existingUser['password']):
3. Add the following lines (with the appropriate values for lines 2 and 3) to wikka.config.php:
'user_identification' => 'ldap',
'ldap_server' => 'myldapserver',
'ldap_name' => '%s',
Edited on 2008-01-28 00:15:40 by DomBonj [Modified links pointing to docs server]
No differences.
Edited on 2007-10-28 09:48:09 by DomBonj [v0.90: first upload]
Additions:
LDAPauthentication
works with:
NOT included in any Wikka version
This is the development page for the LDAPauthentication extension.
Installation
- Add the two code blocks below to actions/usersettings.php
- Add the three lines below to wikka.config.php
- Make sure PHP is compiled with LDAP support∞
Code
1. In
actions/usersettings.php, go to line 82 and replace the following code block:
if (!
defined('TEMP_PASSWORD_LABEL')) define('TEMP_PASSWORD_LABEL',
"Password reminder:");
//initialize variables
$params =
'';
with the following code block:
if (!
defined('TEMP_PASSWORD_LABEL')) define('TEMP_PASSWORD_LABEL',
"Password reminder:");
function LDAP_wikiname_to_login
($name)
{
return strtolower($name);
}
function LDAP_auth
($LDAPserver,
$LDAPreq,
$login,
$pwd)
{
$success =
false;
if ($ldapconn = ldap_connect
($LDAPserver))
{
// put here any LDAP option you may want to set
//ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
if ($result = ldap_bind
($ldapconn,
sprintf($LDAPreq, LDAP_wikiname_to_login
($login)),
$pwd))
{
$success =
true;
}
ldap_close
($ldapconn);
}
return $success;
}
//initialize variables
$params =
'';
2. Go to line 389 and replace the following code block:
case (strlen($_POST['password']) ==
0):
$error = ERROR_EMPTY_PASSWORD;
$password_highlight = INPUT_ERROR_STYLE;
break;
case (md5($_POST['password']) !=
$existingUser['password']):
with the following code block:
case (strlen($_POST['password']) ==
0):
$error = ERROR_EMPTY_PASSWORD;
$password_highlight = INPUT_ERROR_STYLE;
break;
case (isset($this->
config['user_identification']) &&
($this->
config['user_identification']==
'ldap') && LDAP_auth
($this->
config['ldap_server'],
$this->
config['ldap_name'],
$_POST['name'],
$_POST['password'])):
// authenticated by the LDAP directory
$this->
SetUser($existingUser);
$this->
Redirect($url,
'');
break;
case (md5($_POST['password']) !=
$existingUser['password']):
3. Add the following lines (with the appropriate values for lines 2 and 3) to
wikka.config.php:
'user_identification' => 'ldap',
'ldap_server' => 'myldapserver',
'ldap_name' => '%s',
CategoryUserContributions
Deletions:
LDAPauthentication Documentation
Not included in official Wikka version
Development: LDAPauthenticationThis is the documentation page for LDAPauthentication.
Documentation
Short description
Authenticates a user against a LDAP directory.
Parameters and configuration
Three configuration parameters have been added to wikka.config.php:
| name | type | required? | default | description |
|---|
| user_identification | string | required | wikka | Set to 'ldap' to enable LDAP authentication |
| ldap_server | string | required | | Name or IP address of the LDAP server |
| ldap_name | string | required | | LDAP Relative Distinguished Name (RDN) to use in the bind() operation. Its value depends on your directory's structure |
Long description
With this extension, it is possible to add to the built-in authentication of
WikkaWiki an alternative authentication method: the lookup of the user's credentials (login/password) into a LDAP-compliant directory. The main benefit is that it is not necessary for users to remember a specific password in order to log into the wiki.
Notes
- If the LDAP authentication fails, there is a fallback to the standard built-in authentication. Therefore, LDAP-authenticated and wiki-authenticated users can coexist
- To accomodate differences in naming schemes between the wiki and the LDAP directory, one can modify the function LDAP_wikiname_to_login() which defines an algorithmical mapping between the two types of identifiers (i.e. it translates a wiki name into a LDAP user name)
- its default version simply turns the WikiName into lowercase
- Users still need to sign-up into the wiki and to define their settings (in other words, the full set of user settings is not obtained from the LDAP directory)
- this is a bit clumsy, but it avoids changing the data model and the native authentication scheme
- To turn off the feature and go back to the native authentication scheme, set "user_identification" => "wikka" in wikka.config.php
- In an Active Directory environment, it seems a good value for ldap_name is: 'mydomain\\%s' where mydomain is the Windows server domain name
- A main difference with the existing ActiveDirectory extension is that the latter authenticates the user's computer, and not the user herself, and requires to configure manually the association between WikiName and LDAP user name
To-do, bugs and limitations
- To-do: test code with OpenLDAP∞ (was only tested against Active Directory on Windows 2003)
- Limitation: communication between the web server and the LDAP host is not encrypted and passwords are sent in clear text. This is a potential security breach.
Author
DomBonj
CategoryDocumentation
Oldest known version of this page was edited on 2007-10-28 09:44:32 by DomBonj [v0.90: first upload]
Page view:
LDAPauthentication Documentation
Not included in official Wikka version
See also:
Development: LDAPauthenticationThis is the documentation page for LDAPauthentication.
Documentation
Short description
Authenticates a user against a LDAP directory.
Parameters and configuration
Three configuration parameters have been added to wikka.config.php:
| name | type | required? | default | description |
|---|
| user_identification | string | required | wikka | Set to 'ldap' to enable LDAP authentication |
| ldap_server | string | required | | Name or IP address of the LDAP server |
| ldap_name | string | required | | LDAP Relative Distinguished Name (RDN) to use in the bind() operation. Its value depends on your directory's structure |
Long description
With this extension, it is possible to add to the built-in authentication of
WikkaWiki an alternative authentication method: the lookup of the user's credentials (login/password) into a LDAP-compliant directory. The main benefit is that it is not necessary for users to remember a specific password in order to log into the wiki.
Notes
- If the LDAP authentication fails, there is a fallback to the standard built-in authentication. Therefore, LDAP-authenticated and wiki-authenticated users can coexist
- To accomodate differences in naming schemes between the wiki and the LDAP directory, one can modify the function LDAP_wikiname_to_login() which defines an algorithmical mapping between the two types of identifiers (i.e. it translates a wiki name into a LDAP user name)
- its default version simply turns the WikiName into lowercase
- Users still need to sign-up into the wiki and to define their settings (in other words, the full set of user settings is not obtained from the LDAP directory)
- this is a bit clumsy, but it avoids changing the data model and the native authentication scheme
- To turn off the feature and go back to the native authentication scheme, set "user_identification" => "wikka" in wikka.config.php
- In an Active Directory environment, it seems a good value for ldap_name is: 'mydomain\\%s' where mydomain is the Windows server domain name
- A main difference with the existing ActiveDirectory extension is that the latter authenticates the user's computer, and not the user herself, and requires to configure manually the association between WikiName and LDAP user name
To-do, bugs and limitations
- To-do: test code with OpenLDAP∞ (was only tested against Active Directory on Windows 2003)
- Limitation: communication between the web server and the LDAP host is not encrypted and passwords are sent in clear text. This is a potential security breach.
Author
DomBonj
CategoryDocumentation