Ldap authentication

RedhatTux

Joined: 2009-09-22
Posts: 10
Posted: Thu, 2009-10-08 12:01

I have been trying to get ldap working on my gallery. I have been following the instructions in http://codex.gallery2.org/Ldap for Gallery 2.3

Sadly it keeps saying my username/password are incorrect. It is connecting to the ldap server, but I can't find anything obviously wrong there.

Is there any other way I can set ldap up? I notice there is a module on svn, but there's not a lot of info on that?

 
RedhatTux

Joined: 2009-09-22
Posts: 10
Posted: Thu, 2009-10-08 15:55

It's partially working now. It logs you in and creates a user account on gallery. When you logout and try to log back in again it won't let you. Once you remove the account created on gallery you can log back in again.

I suppose it must be creating a local account and when you try to log in again, it trys to go directly into the local account. Not sure how to fix this at all. Any suggestions?

 
antichoc

Joined: 2006-10-21
Posts: 2
Posted: Sat, 2009-12-19 11:12

I have the same error when I try the tutoriel on http://codex.gallery2.org/Ldap for Gallery 2.3

The Login is OK but the table USER is not correctly written.

My LDAP Structure is "inetOrgPerson" and with the debug option, i have this :

Quote:
(mysqli): INSERT INTO g2_User (g_fullName, g_hashedPassword, g_email,
g_id) VALUES ('USER FULLNAME ','hash passwoed','mail',23)

The SQL Statement doesn't seems to insert the username in the field g_userName

It's seems to be into the handleRequest function in UserLogin.inc :

Quote:
function handleRequest($form) {
global $gallery;

$results = array();
$error = array();
if (isset($form['action']['login'])) {
if (empty($form['username'])) {
$error[] = 'form[error][username][missing]';
}

if (empty($form['password'])) {
$error[] = 'form[error][password][missing]';
}

if (empty($error)) {
list ($ret, $isDisabled) = GalleryCoreApi::isDisabledUsername($form['username']);
if ($ret) {
return array($ret, null);
}
if ($isDisabled) {
$error[] = 'form[error][username][disabled]';
}
}

if (empty($error)) {
list ($ret, $user) = GalleryCoreApi::fetchUserByUsername($form['username']);
if ($ret && !($ret->getErrorCode() & ERROR_MISSING_OBJECT)) {
return array($ret, null);
}
/* LDAP Code begin */

$ldapRet = $this->ldapAuthentication($form['username'],$form['password']);
if ($ldapRet && !is_array($ldapRet)) {
// any error with LDAP connection.
$error[] = "form[error]$ldapRet";
}
else if(is_array($ldapRet)){ // User found:
// At first login, create new User
if (!isset($user)) {
list ($ret, $user) = GalleryCoreApi::newFactoryInstance('GalleryEntity', 'GalleryUser');
if ($ret) {
return array($ret, null);
}
if (!isset($user)) {
return array(GalleryCoreApi::error(ERROR_MISSING_OBJECT), null);
}

$ret = $user->create($username);
if ($ret) { // this should never happen:
if (!($ret->getErrorCode() & ERROR_COLLISION)) {
return array($ret, null);
}
// Set our error status and fall back to the view
$error[] = 'form[error][userName][exists]';
}
}
// set the users properties and save them:
$user->setEmail($ldapRet['email']);
$user->setFullName($ldapRet['fullName']);
$user->changePassword($ldapRet['password']);

GalleryCoreApi::acquireWriteLock($user->getId());
$ret = $user->save();
GalleryCoreApi::releaseLocks($user->getId());

if ($ret) {
return array($ret, null);
}
}
else {
// User not found in LDAP should not be a problem: normal user autentication
}
/* LDAP Code end */
GalleryUtilities::unsanitizeInputValues($form['password'], false);
$isCorrect = (isset($user) && $user->isCorrectPassword($form['password']));

/* Prepare for validation */
$options = array('pass' => $isCorrect);
list ($ret, $options['level']) =
GalleryCoreApi::getPluginParameter('module', 'core', 'validation.level');
if ($ret) {
return array($ret, null);
}
if ($options['level'] == 'MEDIUM') {
$options['key'] = 'core.UserLogin.' . $form['username'];
}
if ($options['level'] == 'OFF') {
$pluginInstances = array();
} else if (isset($this->_pluginInstances)) {
$pluginInstances = $this->_pluginInstances;
} else {
list ($ret, $pluginInstances) =
GalleryCoreApi::getAllFactoryImplementationIds('GalleryValidationPlugin');
if ($ret) {
return array($ret, null);
}

foreach (array_keys($pluginInstances) as $pluginId) {
list ($ret, $pluginInstances[$pluginId]) =
GalleryCoreApi::newFactoryInstanceById('GalleryValidationPlugin',
$pluginId);
if ($ret) {
return array($ret, null);
}
}
}

/* Let each plugin do its verification */
foreach ($pluginInstances as $plugin) {
list ($ret, $pluginErrors, $continue) =
$plugin->performValidation($form, $options);
if ($ret) {
return array($ret, null);
}

$error = array_merge($error, $pluginErrors);
if (!$continue) {
break;
}
}
}

if (empty($error)) {
if ($isCorrect) {
$gallery->setActiveUser($user);

$event = GalleryCoreApi::newEvent('Gallery::Login');
$event->setEntity($user);
list ($ret, $redirect) = GalleryCoreApi::postEvent($event);
if ($ret) {
return array($ret, null);
}

/* Redirect if requested by event listener, otherwise return */
if (!empty($redirect)) {
$results['redirect'] = array_shift($redirect);
} else {
$results['return'] = 1;
}
} else {
$error[] = 'form[error][invalidPassword]';
}
}

if (!empty($error)) {
if (!empty($form['username'])) {
$event = GalleryCoreApi::newEvent('Gallery::FailedLogin');
$event->setData(array('userName' => $form['username']));
list ($ret, $ignored) = GalleryCoreApi::postEvent($event);
if ($ret) {
return array($ret, null);
}
}
}

} else if (isset($form['action']['cancel'])) {
$results['return'] = 1;
}

if (!empty($error)) {
$results['delegate']['view'] = 'core.UserAdmin';
$results['delegate']['subView'] = 'core.UserLogin';
}
$results['status'] = array();
$results['error'] = $error;

return array(null, $results);

The $username doesn't exist ...

Can you help me ?