[SOLVED] LDAP Auth for Campsite...Where do I Start?
  • Hi,

    Background
    I work for a mid-sized University in Michigan and am trying to implement Campsite as the CMS for our on-campus ITS News publication. Everyone here has an LDAP username and password, so I'd like to let them login to the new publication site with that combo, but I can't find a facility for LDAP authentication in Campsite.

    Trouble
    My plan was to dig into the Campsite code a bit and replace the default password-checking routine with a call to a custom login script that I built for another project, but I'm having a spot of trouble finding the routine that needs to be replaced.

    Query
    Could someone please point me to either the function/method/routine that I need to swap out? If I'm completely wrongheaded and should be doing something completely different to enable LDAP login, please point me in the right direction.

    Incentive
    I'm more than happy to do a bit of work on a fork of Campsite and submit patches for my solution (eventually), but I don't know where to get started.

    Any help would be most appreciated.
    Thanks!
    Joe
    from SVSU
  • 14 Comments sorted by
  • Vote Up0Vote Down Andrey PodshivalovAndrey Podshivalov
    Posts: 1,526Member, Administrator, Sourcefabric Team
    hi Joe,

    Campsite uses Pear::Liveuser package for user handling but Liveuser has no natively LDAP support and it could be implemented via Pear::Auth container wrapper.

    The current liveuser configuration you can find in Campsite conf folder: liveuser_configuration.php

  • Vote Up0Vote Down Paul BaranowskiPaul Baranowski
    Posts: 389Member, Administrator, Sourcefabric Team
    Andrey, you implement this for our current corp setup didnt you? If not,
    what SSO tech did you use?


    On Sun, Aug 1, 2010 at 4:26 PM, Andrey Podshivalov <
    campsite-dev@lists.sourcefabric.org> wrote:

    > hi Joe,
    >
    > Campsite uses Pear::Liveuser package for user handling but Liveuser has no
    > natively LDAP support and it could be implemented via Pear::Auth container
    > wrapper.
    >
    > The current liveuser configuration you can find in Campsite conf folder:
    > liveuser_configuration.php
    >
    >
    >

  • Vote Up0Vote Down Andrey PodshivalovAndrey Podshivalov
    Posts: 1,526Member, Administrator, Sourcefabric Team
    for SSO I implemented own Auth container. It's based on DB container with modification in login/pass checking function. I attached the Ldap auth container basic structure. It misses just implementation of login/pass checking functionality. Look at include/pear/LiveUser/Auth/Ldap.php:12
  • Thanks for the help Andrey,

    I'll look at that implementation and see if I can't get it working in my setup.

    Will report back.
  • Vote Up0Vote Down Andrey PodshivalovAndrey Podshivalov
    Posts: 1,526Member, Administrator, Sourcefabric Team
    hi Joe,

    I'd like to inform you that LDAP authentication plugin will be introduced on the next week with next 3.4.2 Campsite release. I hope it will help you.
  • Vote Up0Vote Down Andrey PodshivalovAndrey Podshivalov
    Posts: 1,526Member, Administrator, Sourcefabric Team
  • Thanks Andrey!

    I'm testing it out today.
  • I installed the addon, as per the README instructions, but it didn't appear to do anything. When I try logging into the site with my LDAP credentials, I get an Invalid User Credentials error. Is there something else I need to do, beyond what's in the README?

    If I add a local subscriber login, I can login no problem. Do I need to add a local record for every LDAP user?

    Thanks,
    Joe
  • Vote Up0Vote Down Andrey PodshivalovAndrey Podshivalov
    Posts: 1,526Member, Administrator, Sourcefabric Team
    Joe Chrysler wrote on Thu, 23 September 2010 18:55

    If I add a local subscriber login, I can login no problem. Do I need to add a local record for every LDAP user?


    Yes you need to create campsite users who would like to get access. Auto registration was not implemented for security reason. LDAP is used for password verification.
  • That explains my situation.

    Thanks again!
  • I finally got LDAP configured and working, with just one hitch.

    I created a test user inside Campsite's admin panel that shares the same name as my test user in our LDAP directory. When I log out, then log in via. the admin page (campsiteURL/admin), I can login using either my local campsite password or my ldap password. However, when I try to login from the login form on the user-facing campsite pages (campsiteURL/en/fall2010/, etc.) I can only login with my local campsite password, using my ldap password results in an invalid user credentials error message.

    I threw a couple quick trigger_error statements throughout the LiveUser Auth path, and they only fire when I attempt to login through the admin interface, not from the user-facing login form. Where do I go to rewire the user-facing login form to also authenticate through LiveUser?

    Thanks for all your help!
    Joe
  • Vote Up0Vote Down Andrey PodshivalovAndrey Podshivalov
    Posts: 1,526Member, Administrator, Sourcefabric Team
    the fronend and backend has different authentication handler. The frontend handler you can find in template_engine/metaclasses/MetaActionLogin.php:21

    Let me think about hook injecting into user object.

    As temporary solution you can replace the string #37:
    if (is_null($user) || !$user->isValidPassword($p_input['f_login_password'])) {
    with
    global $LiveUser;
    if (!$LiveUser->login($p_input['f_login_uname'], $p_input['f_login_password'], false)) {


  • Vote Up0Vote Down Andrey PodshivalovAndrey Podshivalov
    Posts: 1,526Member, Administrator, Sourcefabric Team
    I just checked: it works fine. Please look at previous message. I've updated the code.
  • That was remarkably easy. Thanks for your help!