LDAP user authentication?

Manufrom Caribbean 2970 posts	on Jul. 28 2006 Hello, I'm sorry, i don't know very well about LDAP login. This function is not ready but maybe Bernard can tell you what to do for this.
Pietrzak Karl 19 posts	inspired from GnapZ on Jul. 28 2006 GnapZ: Thanks for the quick reply! I can help write the code if necessary. My PHP skills are pretty new, but with guidance I could do anything. Thanks!
Manufrom Caribbean 2970 posts	inspired from TheAlchemist on Jul. 28 2006 TheAlchemist : Fine, so take a look at the file users/login.php to adapt a LDAP authentification. Thanks.
Bernard Paquesfrom nearby-an-airport Associate, 8372 posts	on Mar. 23 2007 YACS version 7.3 adds LDAP authentication. The code is ready, yet not tested against a real server. Would you like to check it please?
Pietrzak Karl 19 posts	inspired from Bernard on Mar. 25 2007 Bernard: Hi there again! Glad to hear LDAP authentication made it! I'll give a test within the next few days and see whether it works with my university's LDAP server and I'll post back. =) Thanks!
Pietrzak Karl 19 posts	on Apr. 6 2007 TheAlchemist: Success! The YACS installation for my university now successfully authenticates against the university's LDAP server. Thanks, Bernard! Next step: SSO?
Bernard Paquesfrom nearby-an-airport Associate, 8372 posts	inspired from TheAlchemist on Apr. 6 2007 TheAlchemist: Thank you for the positive feed-back. Would you mind to document what you've done in a simple web page, maybe in the section for Guide d'installation et de mise à jour please? Of course we will move to SSO! After your homework, do not hesitate to suggest adequate technical standard for this, by creating another web page at the special space: Post your requirements here See you...
Vincentfrom on-a-few-hops-from-you 23 posts	on May 21 2008 Hi All, I am (also) trying to set up LDAP authentication with YACS, sofar no luck. My LDAP server allows for anonymous bind and when i read yacs/users/authenticators/ldap.php i think it suggests that leaving uname and passwd parameters out results in anonymous bind. in http://test.azu.nl/yacs/users/configure.php I write in the Authentication management -> Screening -> Use the authenticator : ldap test.azu.nl "dc=ribs,dc=azu,dc=nl" This results in "Impossible to bind to LDAP server test.azu.nl." when i try to log in with a valid name. A simple php script does the anonymous without trouble and returns what the LDAP contents. Can someone point out what goes wrong plz?
FRANCOIS Alexandre 25 posts	on May 21 2008 Vincent : Maybe is it a LDAP V2 protocol issue ? In this case, try adding the following code between at line Nr 120 (after ldap_connect() & before ldap_bind())in the file called users/authenticators/ldap.php: `@ldap_set_option($handle, LDAP_OPT_PROTOCOL_VERSION, 3);`
Vincentfrom on-a-few-hops-from-you 23 posts	inspired from alf83 on May 28 2008 Alf83: Thanks Alf, you got me going into the right direction. It stopped complaining about can't bind. However, when i start 'slapd -d 256' to see what acutally hits the ldap server, it seems that: I have to provide fields for parameters 3 and 4 (dn of user, password to bind to the ldap server.) i don't have to provide a password anymore for the user to be accepted I expected from the code that the cn was searched for and returned, but this is not the case. I'll dig some more ...
FRANCOIS Alexandre 25 posts	on June 3 2008 Vincent: The latest patch may help you : * You can now authenticate the user by binding to the LDAP server under a deduced login name (instead of doing a search in the LDAP tree) * LDAP v3 is now the default * A bug has been solved which allowed any user to enter the site if anonymous binding was activated. Isn't it related to your second point ?
Vincentfrom on-a-few-hops-from-you 23 posts	inspired from alf83 on Aug. 30 2008 Alf83: Sorry to leave the discussion go cold - for several reasons i was not able to handle the server anymore, nor to finish this post. I hope to be back on track with this server in a month or so.
Vincentfrom on-a-few-hops-from-you 23 posts	on Dec. 17 2008 Yet a newer and happier YACS Just installed the latest (RC30). Thanks Bernard and others, keeping yacs going! Back to LDAP With my server: ldap.example.com authentication works if i fill out this in http://example.com/yacs/users/configure.php -> 'tab authentication' -> 'use the authenticator' ldap ldap.example.com "cn=%u,ou=users,dc=ldap,dc=example,dc=com" %p Great! BUT this works only if plaintext passwords are stored in the LDAP directory. What if i would like to authenticate against passwords stored as {md5}?
FRANCOIS Alexandre 25 posts	inspired from Vincent on Dec. 27 2008 Unfortunately, I was not able to reproduce the bug : Yacs 8.11RC30 + OpenLdap 2.4.11 + passwords stored as MD5 = works fine Maybe an issue in your server configuration ? What do your server logs say ? Have you tried to bind with another software ?
Vincentfrom on-a-few-hops-from-you 23 posts	inspired from FRANCOIS Alexandre on Jan. 30 2009 The issue might be there then, we still run openldap 2.3.30 via debian/stable. Maybe a little wait until the latest debian goes stable. Thanks for the reply!
Bernard Paquesfrom nearby-an-airport Associate, 8372 posts	inspired from FRANCOIS Alexandre on Feb. 23 2009 FRANCOIS Alexandre : What is your setting on yacs side, in the configuration panel ? Thanks for your support.
Vincentfrom on-a-few-hops-from-you 23 posts	inspired from Bernard Paques on Feb. 24 2009 Hi Bernard, see the post above, from december 17, or did i miss something there? Anyway, all works fine with these settings, if only i store the passwords in plaintext...; MD5 hashes are not processed, I wait for the server to get ldap2.4 via debian stable, I cannot play with it too much, it is in production.
Bernard Paquesfrom nearby-an-airport Associate, 8372 posts	inspired from Vincent on Feb. 24 2009 Vincent : Ok ok I should have spent a little more time on this one. Thanks for your patience...