Re: [PHPLIB] making an auth that uses LDAP From: Sam C. Nicholson !! (scion <email protected>)
Date: 10/29/99

Thanks Kristian and Massimiliano,

You both have said the same thing, and that agrees with my reading of the
documentation, and the code. My assertion about Auth needing SQL was a
way of wondering if there was something I had missed.

I started afresh with 7.2;
I made the following changes to set-up for my shop:

php/prepend.inc:

#require($_PHPLIB["libdir"] . "db_mysql.inc"); /* Change this to match your database. */
require($_PHPLIB["libdir"] . "ct_shm.inc"); /* Change this to match your data storage co
ntainer */

php/local.inc:

class Example_Auth extends Auth {
  var $classname = "Example_Auth";
  var $lifetime = 15;
  function auth_loginform() {
    global $sess;
    global $_PHPLIB;
    include($_PHPLIB["libdir"] . "loginform.ihtml");
  }
  function auth_validatelogin() {
    global $username, $password;

    if(isset($username)) {
      $this->auth["uname"]=$username; ## provides access for "loginform.ihtml"
    }
    $uid = 10;
    $this->auth["perm"] = "admin";
    
    return $uid;
  }
}

When I attempt either of the auth links on index.php3, Apache wanders
off into the weeds, only returning when the maximum time for a script
to run has passed. And then returning with nothing.

I get the following messages in the Apache logs (php is set for maximum logging):

[Fri Oct 29 14:22:21 1999] [error] PHP 3 Warning: Bad escape sequence: \' in session.inc on line 265
[Fri Oct 29 14:22:24 1999] [error] PHP 3 Warning: Uninitialized variable or array index or property (uid) in auth.inc on line 236

I can make both go away: [s/\\//] and if ( isset($this->auth["uid"]) && ...
at the respective places in each file. But this will bring up a few new
items, and won't make the problem go away.

Massimiliano Masserelli <negro <email protected>>:
 MM>auth.inc has no dependencies on SQL. The only methods which are tied to
 MM>a "storage container" are those that must be overridden by the user,
 MM>such as auth_validatelogin(), auth_refreshlogin() and so on. They must
 MM>return a valid uid or false.
 MM>
 MM>Bye.

Kristian Koehntopp <kris <email protected>>:
 KK>Not at all. Auth is prewired for SQL database access, but does
 KK>not actually use the internal db object at all itself. Your Auth
 KK>subclass can define a database_table slot in Auth and only then
 KK>an internal database object will be created.

 KK>Instead, you can create an Auth subclass of your own, with an
 KK>empty slot "database_table" and live without that internal db
 KK>object. You can then provide your own auth_loginform() and
 KK>auth_validatelogin() functions which authenticate against LDAP.
 KK>This has been done before on this list and is easy to do.

 KK>...

 KK>$auth->auth[] contains "uid" and "exp" in any case. These are
 KK>maintained by Auth itself and you do not mess with them. It also
 KK>contains "perm", if you want to use a Perm subclass. To be able
 KK>to use a Perm subclass, you must properly set up a "perm" slot in
 KK>$auth->auth[] in $auth->auth_validatelogin() after the login
 KK>validates okay.

-
PHP3 Base Library Mailing List. Send messages to <phplib <email protected>>.
To unsubscribe, send "unsubscribe" to <phplib-request <email protected>> in
the body, not the subject, of your message.