New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WIP: enabled optional LDAP user login via RC-API (incomplete, needs a fix) #836

Closed
wants to merge 3 commits into
base: master
from

Conversation

Projects
None yet
3 participants
@gekkedev
Contributor

gekkedev commented Oct 18, 2017

No description provided.

@Shnoulle

This comment has been minimized.

Show comment
Hide comment
@Shnoulle

Shnoulle Oct 18, 2017

Collaborator

Hi,

Great idea BUT , not limited to LDAP please

1st solution :

  /*
  * @access public
  * @param string $username
  * @param string $password
  * @param string $plugin
  * @return string|array
  */
  public function get_session_key($username, $password, $plugin = null)
  {
  }

But i nmy point of view : _doLogin must test ALL activated plugin, maybe with a plugin settings Allow RC login (because webserver can allow RC login using user/password)

Collaborator

Shnoulle commented Oct 18, 2017

Hi,

Great idea BUT , not limited to LDAP please

1st solution :

  /*
  * @access public
  * @param string $username
  * @param string $password
  * @param string $plugin
  * @return string|array
  */
  public function get_session_key($username, $password, $plugin = null)
  {
  }

But i nmy point of view : _doLogin must test ALL activated plugin, maybe with a plugin settings Allow RC login (because webserver can allow RC login using user/password)

gekkedev added some commits Oct 24, 2017

rewrote api auth to support the plugins ldap & web
wrote this according to: https://manual.limesurvey.org/Authentication_plugin_development
the plugin parameter still remains optional and by default it authenticates with the previously used user-object(that object uses authdb by default)
@gekkedev

This comment has been minimized.

Show comment
Hide comment
@gekkedev

gekkedev Oct 24, 2017

Contributor

I implemented your changes, the $plugin variant looks way better. Still, I am afraid I still cannot succeed to debug & test this.

Contributor

gekkedev commented Oct 24, 2017

I implemented your changes, the $plugin variant looks way better. Still, I am afraid I still cannot succeed to debug & test this.

@c-schmitz

This comment has been minimized.

Show comment
Hide comment
@c-schmitz

c-schmitz Jan 12, 2018

Contributor

If nobody is willing to work on this I will have to close this PR.

Contributor

c-schmitz commented Jan 12, 2018

If nobody is willing to work on this I will have to close this PR.

@gekkedev

This comment has been minimized.

Show comment
Hide comment
@gekkedev

gekkedev Jan 12, 2018

Contributor

I didn't figure out yet what is missing, but for my use-case I might develop something external to create users.

Contributor

gekkedev commented Jan 12, 2018

I didn't figure out yet what is missing, but for my use-case I might develop something external to create users.

@c-schmitz c-schmitz requested a review from Shnoulle Jan 12, 2018

@Shnoulle Shnoulle self-assigned this Jan 12, 2018

@Shnoulle

This comment has been minimized.

Show comment
Hide comment
@Shnoulle

Shnoulle Jan 12, 2018

Collaborator

@gekkedev : can you open a feature request on bugs.limesurvey.org and assign it to me please.

Collaborator

Shnoulle commented Jan 12, 2018

@gekkedev : can you open a feature request on bugs.limesurvey.org and assign it to me please.

@Shnoulle

Think it's a really good idea.

But : maybe we can just use LSUserIdentitity because AuthDB is a plugin too (and then default is AuthDb : this don't change for actual call).

After : i think we can remove basic UserIdentity code excpet the one time password.

@Shnoulle

This comment has been minimized.

Show comment
Hide comment
@Shnoulle

Shnoulle Jan 12, 2018

Collaborator

@gekkedev : PS : in 2.73 current without update i use a new function for login. Then current workaround without update LS code : get_session_key_ldap in RemoteControlHandler .

But it's a great idea to have a common global way for this :).

Collaborator

Shnoulle commented Jan 12, 2018

@gekkedev : PS : in 2.73 current without update i use a new function for login. Then current workaround without update LS code : get_session_key_ldap in RemoteControlHandler .

But it's a great idea to have a common global way for this :).

@gekkedev

This comment has been minimized.

Show comment
Hide comment
@gekkedev

gekkedev Jan 12, 2018

Contributor

If the login by the LDAP plugin would work, we could use LDAP to autocreate the user, and then just use the LDAP username to search for the user and redeem his ID, etc.

Contributor

gekkedev commented Jan 12, 2018

If the login by the LDAP plugin would work, we could use LDAP to autocreate the user, and then just use the LDAP username to search for the user and redeem his ID, etc.

@Shnoulle

This comment has been minimized.

Show comment
Hide comment
@Shnoulle

Shnoulle Jan 12, 2018

Collaborator

Yes, but i don't want 2 different system for User creation and Plugin authentification : one must work with RC and GUI :)

Collaborator

Shnoulle commented Jan 12, 2018

Yes, but i don't want 2 different system for User creation and Plugin authentification : one must work with RC and GUI :)

@gekkedev

This comment has been minimized.

Show comment
Hide comment
@gekkedev

gekkedev Jan 12, 2018

Contributor

Yes, and something is different with ldapauth. It tells that username and password would be wrong, but they aren't. I remember that this also can come up when the LDAPsearch-user has a wrong password, so there might be the necessity to load up a config...sadly my limesurvey/yii understanding is too low; If i could find an example of how the ldap plugin is used when logging in, then it might be easy to port that into the api.

Contributor

gekkedev commented Jan 12, 2018

Yes, and something is different with ldapauth. It tells that username and password would be wrong, but they aren't. I remember that this also can come up when the LDAPsearch-user has a wrong password, so there might be the necessity to load up a config...sadly my limesurvey/yii understanding is too low; If i could find an example of how the ldap plugin is used when logging in, then it might be easy to port that into the api.

@Shnoulle

This comment has been minimized.

Show comment
Hide comment
@Shnoulle

Shnoulle Jan 15, 2018

Collaborator
Collaborator

Shnoulle commented Jan 15, 2018

@Shnoulle Shnoulle closed this Jan 15, 2018

@gekkedev gekkedev deleted the gekkedev:patch-3 branch Feb 22, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment