[SOLVED] LDAP Auth for Campsite...Where do I Start? - Newscoop Development Discussions on Sourcefabric Forum

Joe Chrysler

Hi,

Background
I work for a mid-sized University in Michigan and am trying to implement Campsite as the CMS for our on-campus ITS News publication. Everyone here has an LDAP username and password, so I'd like to let them login to the new publication site with that combo, but I can't find a facility for LDAP authentication in Campsite.

Trouble
My plan was to dig into the Campsite code a bit and replace the default password-checking routine with a call to a custom login script that I built for another project, but I'm having a spot of trouble finding the routine that needs to be replaced.

Query
Could someone please point me to either the function/method/routine that I need to swap out? If I'm completely wrongheaded and should be doing something completely different to enable LDAP login, please point me in the right direction.

Incentive
I'm more than happy to do a bit of work on a fork of Campsite and submit patches for my solution (eventually), but I don't know where to get started.

Any help would be most appreciated.
Thanks!
Joe
from SVSU

Andrey Podshivalov

hi Joe,

Campsite uses Pear::Liveuser package for user handling but Liveuser has no natively LDAP support and it could be implemented via Pear::Auth container wrapper.

The current liveuser configuration you can find in Campsite conf folder: liveuser_configuration.php

Paul Baranowski

Andrey, you implement this for our current corp setup didnt you? If not,
what SSO tech did you use?

On Sun, Aug 1, 2010 at 4:26 PM, Andrey Podshivalov <
campsite-dev@lists.sourcefabric.org> wrote:

> hi Joe,
>
> Campsite uses Pear::Liveuser package for user handling but Liveuser has no
> natively LDAP support and it could be implemented via Pear::Auth container
> wrapper.
>
> The current liveuser configuration you can find in Campsite conf folder:
> liveuser_configuration.php
>
>
>

Andrey Podshivalov

for SSO I implemented own Auth container. It's based on DB container with modification in login/pass checking function. I attached the Ldap auth container basic structure. It misses just implementation of login/pass checking functionality. Look at include/pear/LiveUser/Auth/Ldap.php:12

Joe Chrysler

Thanks for the help Andrey,

I'll look at that implementation and see if I can't get it working in my setup.

Will report back.

Andrey Podshivalov

hi Joe,

I'd like to inform you that LDAP authentication plugin will be introduced on the next week with next 3.4.2 Campsite release. I hope it will help you.

Andrey Podshivalov

Campsite LDAP add-on package is accessible now on sourceforge: https://sourceforge.net/projects/campsite/files/campsite%20a dd-on/campsite_ldap_addon.tar.gz/download

Joe Chrysler

Thanks Andrey!

I'm testing it out today.

Joe Chrysler

I installed the addon, as per the README instructions, but it didn't appear to do anything. When I try logging into the site with my LDAP credentials, I get an Invalid User Credentials error. Is there something else I need to do, beyond what's in the README?

If I add a local subscriber login, I can login no problem. Do I need to add a local record for every LDAP user?

Thanks,
Joe

Andrey Podshivalov

Joe Chrysler wrote on Thu, 23 September 2010 18:55

If I add a local subscriber login, I can login no problem. Do I need to add a local record for every LDAP user?

Yes you need to create campsite users who would like to get access. Auto registration was not implemented for security reason. LDAP is used for password verification.

Joe Chrysler

That explains my situation.

Thanks again!

Joe Chrysler

I finally got LDAP configured and working, with just one hitch.

I created a test user inside Campsite's admin panel that shares the same name as my test user in our LDAP directory. When I log out, then log in via. the admin page (campsiteURL/admin), I can login using either my local campsite password or my ldap password. However, when I try to login from the login form on the user-facing campsite pages (campsiteURL/en/fall2010/, etc.) I can only login with my local campsite password, using my ldap password results in an invalid user credentials error message.

I threw a couple quick trigger_error statements throughout the LiveUser Auth path, and they only fire when I attempt to login through the admin interface, not from the user-facing login form. Where do I go to rewire the user-facing login form to also authenticate through LiveUser?

Thanks for all your help!
Joe

Andrey Podshivalov

the fronend and backend has different authentication handler. The frontend handler you can find in template_engine/metaclasses/MetaActionLogin.php:21

Let me think about hook injecting into user object.

As temporary solution you can replace the string #37:

if (is_null($user) || !$user->isValidPassword($p_input['f_login_password'])) {

with

global $LiveUser;
if (!$LiveUser->login($p_input['f_login_uname'], $p_input['f_login_password'], false)) {

Andrey Podshivalov

I just checked: it works fine. Please look at previous message. I've updated the code.

Joe Chrysler

That was remarkably easy. Thanks for your help!

Howdy, Stranger!

Categories

Poll

Top Posters