HOME Community Articles Code Library People Mail Archive My Account Contribute PHP Jobs

Open Source Database Feature Comparison Matrix Try Declarative Programming with Annotations and Aspects Locate All Stored Procedures and Their Objects/SQL Tables Building a Stored Procedure Generator Making Tables Read-only in Oracle

24-hour Support Daily Backup Dedicated Servers JSP/Java Servlets PHP MySQL Streaming Audio/Video Telnet/SSH Unix Hosting 24-hour Support

From: Kristian Koehntopp (kris <email protected>)
Date: 10/29/99

• Next message: Kristian Köhntopp: "Re: [PHPLIB] Self registration"
• Previous message: Massimiliano Masserelli: "Re: [PHPLIB] preauth problem.."
• In reply to: Sam C. Nicholson !!: "[PHPLIB] making an auth that uses LDAP"
• Next in thread: Sam C. Nicholson !!: "Re: [PHPLIB] making an auth that uses LDAP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Oct 28, 1999 at 10:59:31PM -0400, Sam C. Nicholson !! wrote:
> But as I read the code, the
> Auth class still depends upon an SQL accessed store for the
> auth details. Is that correct?

Not at all. Auth is prewired for SQL database access, but does
not actually use the internal db object at all itself. Your Auth
subclass can define a database_table slot in Auth and only then
an internal database object will be created.

Instead, you can create an Auth subclass of your own, with an
empty slot "database_table" and live without that internal db
object. You can then provide your own auth_loginform() and
auth_validatelogin() functions which authenticate against LDAP.
This has been done before on this list and is easy to do.

What you do is an anon bind against your LDAP server, get a
proper DN for your login name and then bind again
nonanonymously with that DN and the password. If this succeeds,
you can store the password in $auth->auth["passwd"] and the DN
in $auth->auth["dn"] to have them handy for later connects,
should your need to reconnect to LDAP again. If know know ahead
that you will not use LDAP except for authentication you might
as well forget them.

Also, if the named bind succeeds, you need to generate a UID
(for example using md5($this->$auth["dn"]) and return that from
your exit from auth_validatelogin(). If it fails, return false
as usual.

> Specifically, at what point does the Auth::auth[] array need to
> have extant (but not necessarily non-null) "perm", "uid", "username"
> elements?

$auth->auth[] contains "uid" and "exp" in any case. These are
maintained by Auth itself and you do not mess with them. It also
contains "perm", if you want to use a Perm subclass. To be able
to use a Perm subclass, you must properly set up a "perm" slot in
$auth->auth[] in $auth->auth_validatelogin() after the login
validates okay.

You may define additional slots in $auth->auth[] as you see fit.

Kristian

-
PHP3 Base Library Mailing List. Send messages to <phplib <email protected>>.
To unsubscribe, send "unsubscribe" to <phplib-request <email protected>> in
the body, not the subject, of your message.

• Next message: Kristian Köhntopp: "Re: [PHPLIB] Self registration"
• Previous message: Massimiliano Masserelli: "Re: [PHPLIB] preauth problem.."
• In reply to: Sam C. Nicholson !!: "[PHPLIB] making an auth that uses LDAP"
• Next in thread: Sam C. Nicholson !!: "Re: [PHPLIB] making an auth that uses LDAP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]