Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@526 f5dc347c-c33d-0410-90a0-b07cc1902cb9
- Loading branch information
Kenzaburo Ito
committed
Nov 27, 2001
1 parent
a35437a
commit a0e7462
Showing
3 changed files
with
151 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,69 @@ | ||
------------------------------------------------------------------------------- | ||
Mantis - LDAP capabilities documentation leighm@linuxbandwagon.com | ||
------------------------------------------------------------------------------- | ||
|
||
Here is my attempt at providing Mantis with LDAP capabilities. | ||
|
||
=== Outline | ||
|
||
Functionality is provided by using the php-ldap module (/usr/lib/php4/ldap.so) | ||
An extra login method is defined within core_user_API.php inside of | ||
function is_password_match ( $f_username, $p_test_password, $p_password ) | ||
|
||
This has a simple, non encrypted (yet) test of the LDAP directory for that user | ||
by asking for an entry with uid=username and password=test_password, if this | ||
exists, it is presumed that the user should be granted access. | ||
|
||
== Configuration basics | ||
|
||
the LDIF format I use and have tested this with is as follows : | ||
|
||
dn: uid=tests, dc=test, dc=com, dc=au | ||
department: testdep | ||
organizationname: Testing Organization | ||
cn: Test Smith | ||
assignedgroup: users | ||
givename: Test | ||
sn: Smith | ||
mail: tests@test.com.au | ||
uid: tests | ||
userPassword: password | ||
objectclass: testPerson | ||
|
||
It is also required to add the following configuration items to the | ||
config_inc.php | ||
|
||
|
||
############################# | ||
### Mantis LDAP Settings ### | ||
############################# | ||
|
||
# --- using openldap ------------- | ||
$g_ldap_server="127.0.0.1"; | ||
$g_ldap_root_dn="dc=test,dc=com,dc=au"; | ||
$g_use_ldap_email=1; ## Should we send to the LDAP email address or what MySql tells us | ||
# $g_ldap_organisation="(organizationname=*Traffic)"; ## optional | ||
|
||
|
||
Dont forget to change your $g_login_method to $g_login_method = LDAP; | ||
|
||
=== Creating new accounts | ||
|
||
I guess there is still a bit of problem when you want to create a new user | ||
to Mantis using LDAP, you must create the LDIF entry to LDAP, and also | ||
sign up for a new account, if both of these line up correctly, authentication | ||
will proceed. | ||
|
||
=== email issues | ||
|
||
Email address is queried from the LDAP database if the authentication is set | ||
to use LDAP instead of the mySql entry. | ||
|
||
|
||
Hope it works as good for you as it does for me. | ||
|
||
Leigh Morresi | ||
|
||
------------------------------------------------------------------------------- | ||
Mantis - LDAP capabilities documentation leighm@linuxbandwagon.com | ||
------------------------------------------------------------------------------- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,80 @@ | ||
<? | ||
# Mantis - a php based bugtracking system | ||
# Copyright (C) 2000, 2001 Kenzaburo Ito - kenito@300baud.org | ||
# This program is distributed under the terms and conditions of the GPL | ||
# See the files README and LICENSE for details | ||
|
||
########################################################################### | ||
# LDAP API | ||
########################################################################### | ||
|
||
# Some simple LDAP stuff that makes the work go 'round | ||
# Leigh Morresi <leighm@linuxbandwagon.com> | ||
|
||
# -------------------- | ||
# Find someone email address based on their login name | ||
function ldap_emailaddy($worker) { | ||
global $g_ldap_organisation,$g_ldap_server,$g_ldap_root_dn; | ||
|
||
$search_dn = "(&$g_ldap_organisation(uid=$worker))"; | ||
$ds = ldap_connect( "$g_ldap_server" ); | ||
|
||
if ( $ds ) { | ||
$r = ldap_bind( $ds ); | ||
$sr = ldap_search( $ds, $g_ldap_root_dn, $search_dn ); | ||
$info = ldap_get_entries( $ds, $sr ); | ||
ldap_close( $ds ); | ||
return ($info[0]["mail"][0]); | ||
} else { | ||
echo "<h4>Unable to connect to LDAP server</h4>"; | ||
die; | ||
} | ||
} | ||
|
||
# -------------------- | ||
# Return true if the $uid has an assigngroup=$group tag | ||
function ldap_has_group($uid,$group) { | ||
global $g_ldap_organisation,$g_ldap_server,$g_ldap_root_dn; | ||
|
||
$search_dn = "(&$g_ldap_organisation(uid=$uid)(assignedgroup=$group))"; | ||
$ds = ldap_connect( "$g_ldap_server" ); | ||
|
||
if ( $ds ) { | ||
$r = ldap_bind( $ds ); # bind to server | ||
$sr = ldap_search( $ds, $g_ldap_root_dn, $search_dn ); # query | ||
$entries = ldap_count_entries( $ds, $sr ); | ||
ldap_close( $ds ); # clean up | ||
return $entries; | ||
} else { | ||
echo "<h4>Unable to connect to LDAP server</h4>"; | ||
die; | ||
} | ||
} | ||
# -------------------- | ||
# Return true if the $uid has $password (salt soon!) | ||
function ldap_uid_pass($uid, $pass) { | ||
global $g_ldap_organisation,$g_ldap_server,$g_ldap_root_dn; | ||
|
||
# @@@ Add MD5/SALT/OTHER one-way-encryption support for the password <leighm@linuxbandwagon.com> | ||
|
||
$search_dn = "(&$g_ldap_organisation(uid=$uid)(userpassword=$pass))"; | ||
$ds = ldap_connect( "$g_ldap_server" ); | ||
|
||
if ( $ds ) { | ||
$r = ldap_bind( $ds ); # bind to server | ||
$sr = ldap_search( $ds, $g_ldap_root_dn, $search_dn ); # query | ||
$entries = ldap_count_entries( $ds, $sr ); | ||
|
||
ldap_close( $ds ); # clean up | ||
if ( $entries >= 1 ) { | ||
return true; | ||
} else { | ||
return false; | ||
} | ||
} else { | ||
echo "<h4>Unable to connect to LDAP server</h4>"; | ||
die; | ||
} | ||
} | ||
# -------------------- | ||
?> |