Piwigo.org

You are not logged in. (Register / Login)

Announcement

#1 2014-10-04 13:50:07

22decembre
Member
Registered: 1970-01-01
Posts: 4

Ldap login to find a new dev'

Hello/Hi/Greetings,

I am the original dev' of ldap_login plugin.

First, I see this plugin seems usefull to a lot of people, and I am happy about it. Unfortunately, I have to stop working on it.

My motivation for this plugin was fullfild since the very first release (login with my ldap server and thus avoiding an n-th password, which I hate).

I have tried in the past time to release a new version but I am stuck on a bug and don't know why. At the same time my motivation is off, as said previously, and I have not the required ressources to work on (particulary, I don't have a big ldap server but only a small one, nor an AD, wich seems to be the one many request connection to).

So, I would like to know if any of the interested persons want to continue the dev'. The interesting would be two or three persons (one having openldap, the second AD, the third looking the two fighting each other and playing arbiter).

Obviously, I would help to start, explain the new people the code and why is it like this or that.

But then, yeah, if you want the plugin to work and continue, you'll have to hold it yourself a bit. Opensource (and the world, at a minor degree) works like this : if you want something and nobody has done before, you have to create it or build it ! That means if nobody continues it, nobody really wants it !

Thanks for reading and using the plugin.

Discussion begins now !

Offline

 

#2 2014-10-05 17:11:31

mark0n
Member
Registered: 2014-10-05
Posts: 3

Re: Ldap login to find a new dev'

Hi all,
please note that there might be different ways of attacking the LDAP authentication problem. I created a separate thread for discussion of these. Maybe that increases the number of people that are willing to contribute?

Regards,

Martin

Offline

 

#3 2015-01-26 09:13:58

leosw
Member
Registered: 2014-04-12
Posts: 2

Re: Ldap login to find a new dev'

Hello world

If somebody wants to begin a port for 2.7, I'll be 100% with him ;)

Léo

Offline

 

#4 2015-06-04 13:03:25

f1.4
Guest

Re: Ldap login to find a new dev'

Hi guys,
i enhanced the plugin-functionality a little bit to get it working with M$-AD under the current piwigo-release (2.7.4) to authenticate users of a given group.

i uploaded the whole plugin with my changes to https://github.com/spelth/Ldap_Login

WHAT IS MISSING: a did not find out how to get rid of the "not compatible"-warning on the piwigo plugin-page. but it actually works in my environment since January without any problems.

BUT NOTICE: i will not provide any support for this plugin, you'll find support here: [Github] Ldap_Login file README.md.
The only thing i'm interested in is to get rid of the "Not-supported" warning and maybe to port it back to the piwigo plugin repo to provide an easy way of installing it.

have fun.

 

#5 2015-06-04 13:33:26

xbgmsharp
Member
Registered: 1970-01-01
Posts: 213

Re: Ldap login to find a new dev'

The "not compatible"-warning  is because there is no compatible release of the plugin on the extensions page manager.
http://piwigo.org/ext/extension_view.php?eid=650

As soon as a new version is release on the extensions manager the message wil go away.
don't forget to increase the version number.

Offline

 

#6 2015-06-04 18:37:33

mistic100
Piwigo Team
Location: Lyon (FR)
Registered: 2008-09-27
Posts: 3261
Website

Re: Ldap login to find a new dev'

xbgmsharp wrote:

don't forget to increase the version number.

or replace by "Version: auto" in main.inc.php


» All my plugins  » My website
For an efficient support give the URL of your website

Offline

 

#7 2015-06-04 21:07:36

f1.4
Guest

Re: Ldap login to find a new dev'

a, great, thanks, i finally got rid of the warning/error.

Is there a simple way to commit my changes into the existing official repo?
i already tried to inform/talk to 22decembre about this matter, but he's only looking for a new dev.

 

#8 2015-07-19 12:24:31

jfl
Member
Registered: 2015-07-19
Posts: 1

Re: Ldap login to find a new dev'

Hi f1.4,

Great work! works also to authenticate against a OpenLDAP (Mac OS X Server) instance again.

However, the function ldap_search_dn required a minor fix (which I expect to work against AD as well as it's now consistent with other search patterns:

Code:

diff --git a/class.ldap.php b/class.ldap.php
index 530f8d7..0113d4b 100644
--- a/class.ldap.php
+++ b/class.ldap.php
@@ -167,7 +167,7 @@ class Ldap {
        // return userdn (and username) for authentication
        public function ldap_search_dn($value_to_search){
                $this->write_log("[function]> ldap_search_dn(".$value_to_search.")");
-               $filter = '(&(objectCategory=person)('.$this->config['ld_attr'].'='.$value_to_search.'))';
+               $filter = '(&(objectClass=person)('.$this->config['ld_attr'].'='.$value_to_search.'))';

                // connection handling
                $this->write_log("[ldap_search_dn]> Connecting to server");

I did not get the check on group working yet and also don't see any properties set when creating new users, will look at that later as well as how I can implement some other changes I need.

As per 22decembre's request, I would be willing to take over this plugin if that's still required. So far I have been a happy user of Piwigo and the LDAP plugin on 2.6 (only recently upgraded to 2.7 due to the lack of its support). I would need someone with AD to test it for me as I am mainly using OpenLDAP.

Let me know if this would be helpful and in case you can test AD integration for me.


Edit: Looked further in the code and noticed that the group check is not compliant with a standard POSIX LDAP structure so won't work like this. There are also some issues with the way the DN is treated by the plugin (assumptions made on BaseDN) that will require some rework.

Edit #2: I made some progress with the group support, which now works with OpenLDAP. Also added it to the main login code as it did not appear to be used yet. Updated version (also including the patch provided above) can be found at: https://gitlab.lindenaar.net/piwigo/Ldap_Login

Last edited by jfl (2015-07-19 23:53:27)

Offline

 

#9 2015-07-27 14:37:27

f1.4
Guest

Re: Ldap login to find a new dev'

Hi jfl,
great that you take over!
I know, my code is not best, it is.. lets say: solution oriented ;)
Maybe you are able to do a new official release on the official piwigo repo. I'm sure there are more people interested in this work!

 

#10 2015-09-28 03:04:04

drsimmo
Guest

Re: Ldap login to find a new dev'

Hi everyone,

It would be great if this plugin was in the official repo! I'm trying to get it to work at the moment and having no luck. I've installed it in the plugins directory and all I get is a white screen when I go to the admin page. Any advice would be appreciated.

Currently running 2.7.4.

Thanks!

 

#11 2015-12-02 23:48:45

thefc
Guest

Re: Ldap login to find a new dev'

I ran into the same issue as drsimmo.  However I was able to get past that by installing php5-ldap. (apt-get php5-ldap)

I used https://gitlab.lindenaar.net/piwigo/Ldap_Login as my base, but there is an error in the admin/newusers.php code.  It is missing a bracket on the final else.

Once I corrected these errors, it appears to be working well.

Thanks all!

 

#12 2016-01-16 21:56:04

phl1p
Member
Registered: 2016-01-16
Posts: 1

Re: Ldap login to find a new dev'

@ jfl:

I am running an AD based LDAP (Samba4) and I am very interested in piwigo with full LDAP auth. I could deliver testing and feedback.

Did you take over from 22decembre already?

cheers

Offline

 

#13 2017-09-10 05:48:44

raregtp
Member
Registered: 2017-09-10
Posts: 1

Re: Ldap login to find a new dev'

Not trying to revive an old post intentionally, but I've been working on a new Piwigo site and wanted to implement the Ldap plugin.  Couple minor errors when first configuring it but got it to work just fine with 2.9.1.  Some of the initial config errors I believe I can resolve by modifying the code, but they were minor annoyances at most.  However, one BIG issue I ran into was the in the default behavior of ldap_bind and Active Directory.  Basically, entering a valid AD user but leaving the password field blank would still allow the user to log in.  Has to do with how AD (and LDAP following established specs) will bind anonymously if no password is provided but the username is valid.

After researching on several sites, the conclusion I came to in order to resolve this was to modify a bit of the code.....

In the Ldap_Login directory, I modified line 144 in class.ldap.php

Original line
if($bind){

Modified line
if($bind && !(strlen(trim($user_passwd)) == 0)){

This seems to have resolved the issue and now blank passwords, including passwords that are all spaces, do not authenticate the user.

I'm using the latest version of the code from https://gitlab.lindenaar.net/piwigo/Ldap_Login, with the bracket fix that thefc posted about on 12-2-2015.

With the above info, if anyone has a more graceful fix or suggestion on a better way to handle blank passwords, I'm all ears.  I'm a systems guy (engineer) at heart but have a decent programming background, and am working with PHP more and more.....but by no means smooth at it yet.  Always willing to learn some pointers.

Thanks!

Offline

 

Board footer

Powered by FluxBB

github twitter facebook google+ newsletter Donate Piwigo.org © 2002-2017 · Contact