yes, the config object is here:
Code: Select all
$this->_config
Code: Select all
$this->_config->get('security.ssoSupport')
bye
Thorsten
Moderator: Thorsten
Code: Select all
$this->_config
Code: Select all
$this->_config->get('security.ssoSupport')
Code: Select all
// Main LDAP server
$PMF_LDAP['ldap_server'] = 'active directory domain server name';
$PMF_LDAP['ldap_port'] = 389;
$PMF_LDAP['ldap_user'] = 'AD_username@domain_name';
$PMF_LDAP['ldap_password'] = 'password';
$PMF_LDAP['ldap_base'] = 'DC=sdf,DC=privad,DC=net';
Code: Select all
$PMF_LDAP['ldap_use_domain_prefix'] = false;
Code: Select all
public function checkPassword($login, $pass, Array $optionalData = null)
{
if ($this->_config->get('security.ssoSupport') && isset($_SERVER['REMOTE_USER'])) { // SSO is enabled
$this->ldap = new PMF_Ldap($this->_config);
$this->ldap->connect(
$this->_ldapConfig['ldap_server'],
$this->_ldapConfig['ldap_port'],
$this->_ldapConfig['ldap_base'],
$this->_ldapConfig['ldap_user'],
$this->_ldapConfig['ldap_password']
);
} else { // SSO is disabled
if ('' === trim($pass)) {
$this->errors[] = PMF_User::ERROR_USER_INCORRECT_PASSWORD;
return false;
}
$bindLogin = $login;
if ($this->_ldapConfig['ldap_use_domain_prefix']) {
if (array_key_exists('domain', $optionalData)) {
$bindLogin = $optionalData['domain'] . '\\' . $login;
}
} else {
$this->ldap = new PMF_Ldap($this->_config);
$this->ldap->connect(
$this->_ldapConfig['ldap_server'],
$this->_ldapConfig['ldap_port'],
$this->_ldapConfig['ldap_base'],
$this->_ldapConfig['ldap_user'],
$this->_ldapConfig['ldap_password']
);
if ($this->ldap->error) {
$this->errors[] = $this->ldap->error;
}
$bindLogin = $this->ldap->getDn($login);
}
// Check user in LDAP
$this->ldap = new PMF_Ldap($this->_config);
$this->ldap->connect(
$this->_ldapConfig['ldap_server'],
$this->_ldapConfig['ldap_port'],
$this->_ldapConfig['ldap_base'],
$bindLogin,
$pass
);
}
if ($this->ldap->error) {
$this->errors[] = $this->ldap->error;
return false;
} else {
$this->add($login, $pass);
return true;
}
}
Code: Select all
if (isset($this->_ldapConfig['ldap_use_domain_prefix'])) {
Code: Select all
if ($this->_ldapConfig['ldap_use_domain_prefix']) {
Code: Select all
if (isset($this->_ldapConfig['ldap_use_domain_prefix']) && $this->_ldapConfig['ldap_use_domain_prefix']) {
Code: Select all
// Additional code for LDAP: user\\domain
if ($this->config->get('security.ldapSupport') && function_exists('ldap_connect') && isset($this->_ldapConfig['ldap_use_domain_prefix']) && $this->_ldapConfig['ldap_use_domain_prefix'] && $password!='') { // if LDAP configuration is enabled, and ldap_use_domain_prefix is available (in file constants_ldap.php) and ldap_use_domain_prefix is set to true and LDAP data are provided (password is not empty)
if (($pos = strpos($login, '\\')) !== false) {
if ($pos !== 0) {
$optData['domain'] = substr($login, 0, $pos);
}
$login = substr($login, $pos + 1);
}
}
// Additional code for SSO
if ($this->config->get('security.ssoSupport') && isset($_SERVER['REMOTE_USER']) && $password=='') { // if SSO configuration is enabled, REMOTE_USER is provided and we try to login using SSO (password is empty)
if (($pos = strpos($login, '@')) !== false) {
if ($pos !== 0) {
$login = substr($login, 0, $pos);
}
}
if (($pos = strpos($login, '\\')) !== false) {
if ($pos !== 0) {
$login = substr($login, $pos + 1);
}
}
}
Code: Select all
if ($user === $login) {
$this->add($login, $pass);
return true;
} else {
return false;
}
Code: Select all
public function add($login, $pass)
{
if ($this->_config->get('security.ldapSupport') && function_exists('ldap_connect')) { // LDAP enabled
$authLdap = new PMF_Auth_Ldap($this->_config);
$result = $authLdap->add($login, $pass);
return $result;
} else { // LDAP disabled
$user = new PMF_User($this->_config);
$result = $user->createUser($login, null);
if ($result) {
$user->setStatus('active');
}
// Update user information
$user->setUserData(
array(
'display_name' => $login
)
);
return $result;
}
}
Code: Select all
$user = $remoteUser[1];
or
$user = $remoteUser[0];
or
$user = $_SERVER['REMOTE_USER'];
Hi Maciej, Thorstennawiiwan wrote: I upload both modified files sso.php and CurrentUser.php please review both files and decide how to implement my proposal.
Regards,
Maciej
nawiiwan wrote: 1. Login as Admin to phpMyFAQ
2. enable menu Administration/Configuration/Security Configuration/Enable LDAP support? (default: disabled)
3. login as domain user
4. login as Admin and give rights to domain user which you use in point 3 (in other case after enable SSO you will not be able to login as local admin user and you will not be admin in the system)
5. In IIS on the folder with phpMyFAQ set authentication to:
a. Windows authenticateion - enabled
b. Anonymous authentication - disabled
6. Login as domain user or admin
7. enable menu Administration/Configuration/Security Configuration/Single Sign On Support (default: deactivated)
8. logout from phpMyFAQ and open main phpMyFAQ page, you shgould be logged automatically with your domain account.