[Work In Progress] LDAP Authentication

This is a forum to suggest new features for mojoPortal. 

This thread is closed to new posts. You must sign in to post in the forums.
9/30/2005 11:38:12 AM
TJ Fontaine
Gravatar
Total Posts 36
View Posts

[Patch] LDAP Authentication (Finally)

Sorry, took longer to rip out dead code and manage life at the same time. You can find the patch here. There is still some left over code in LdapManagement.cs that's been commented out that may in some form or another come back to life in a Ldap management module, or in a pure Ldap based backend.

This patch assumes:
  1. You have a properly setup Ldap for user authentication (for instance like this tutorial)
  2. That each desired user have an entry in the UserBaseDN and a mail attribute to be identified from (if more than one entry have the same email the first returned will be used).
  3. A CN attribute exists for use as a display name.
  4. If you specify an AdminEmail and admin@admin.com exists in the DB, the first time the user with AdminEmail logs in the Admin account will be migrated to AdminEmail.
How to use this patch:
  1. Create a new test database (migration to Ldap hasn't been tested, nor reccomended (one could Deploy a new site and then use Ldap auth))
  2. Log in as the default admin@admin.com user
  3. Go to site settings click Use Ldap Auth and specify Ldap Server, Ldap Port, Bind Credentials (in the form "cn=admin,dc=example,dc=org"), User Base DN, and Admin Email. Save.
  4. Logout, and log in as the AdminEmail you specified... Tadah you are the site administrator
  5. Any one else that exists in the UserBaseDN is able to log in.
What you can do with this patch:
  1. Login and authenticate via Ldap
  2. Change User Name, Email* (actually you can't do any of these yet as it isn't supported by MojoPortal yet)
What you can't do with this patch:
  1. Add new users to Ldap database (If a user is added via the memberlist their profile information is used if a user logs in with the specified email)
  2. Delete users from Ldap (If you delete a user from the member list their information will be readded when the log back in)
  3. Change users passwords (This is a bug on my part)

Comments on my terrible coding style welcomed, along with any thoughts, concerns, or ideas of things to change in the patch.
9/30/2005 11:48:40 AM
TJ Fontaine
Gravatar
Total Posts 36
View Posts

Re: [Work In Progress] LDAP Authentication

Also one quick note to add, I've only added the extra pieces for Postgres, though adding mysql/mssql shouldn't be difficult.

In the future depending on how involved any Ldap authentication may be, there may be the addition of an Ldap table to handle attribute mapping, along with the corresponding stored procedures. Though I thought the creation of a table for this revision of Ldap auth to be a bit over the top.
9/30/2005 3:52:23 PM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: [Work In Progress] LDAP Authentication

Cool,

I'll try to schedule some time on sunday to try and get the ldap working on my Suse 9.3 machine.

Thanks,

Joe
9/30/2005 4:55:33 PM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: [Work In Progress] LDAP Authentication

TJ,

The patch looks like a diff file. Can you make a patch with TortoiseSVN against the latest mojoPortal?
Right click the root folder and choose SVNUpdate then, after the update, right click the root folder and choose TortoiseSVN > Create Patch to create the patch against svn.

Thanks,

Joe
10/1/2005 4:43:44 AM
TJ Fontaine
Gravatar
Total Posts 36
View Posts

Re: [Work In Progress] LDAP Authentication

Apologies the link has been updated as an svnpatch, didn't realize the subtle differences between a standard diff and one from svn
10/1/2005 5:16:24 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: [Work In Progress] LDAP Authentication

Thanks TJ,

I think the linux svn client can actually work with diff files but Tortoise needs the patch. This one looks good. I'll apply it on a copy of mojoportal and then as soon as I can get the ldap working on my machine I'll give it a try.

I'll post again when I have more to report.
10/1/2005 5:27:46 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: [Work In Progress] LDAP Authentication

Oops the patch is missing your new files for ldap. You need to right click the new files and choose TortoiseSVN > Add
after that re-create the patch and it should be good. Also can you provide a link to download your Novell.Directory.Ldap.dll I',m sure its going to need that to build.

Thanks!
10/1/2005 5:57:04 AM
TJ Fontaine
Gravatar
Total Posts 36
View Posts

Re: [Work In Progress] LDAP Authentication

heh, ya I noticed that the svn diff missed my ldap files and I already updated the patch, the dll is there now as well
10/1/2005 5:58:15 AM
TJ Fontaine
Gravatar
Total Posts 36
View Posts

Re: [Work In Progress] LDAP Authentication

10/1/2005 6:33:01 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: [Work In Progress] LDAP Authentication

I applied the  patch and put the dll in the bin folder but when I try to compile I get this error:

c:\__Projects\Contributors\TJFontaine\mojoportal\Business\bin\Debug\Novell.Directory.Ldap.dll Referenced class 'Novell.Directory.Ldap.LdapAttributeSet' has base class or interface 'AbstractSetSupport' defined in an assembly that is not referenced. You must add a reference to assembly 'Novell.Directory.Ldap, Version=2.1.3.0, Culture=neutral'.

I do have a reference to the assembly so not sure what the problem is, any ideas?
10/1/2005 6:37:41 AM
TJ Fontaine
Gravatar
Total Posts 36
View Posts

Re: [Work In Progress] LDAP Authentication

I got this error when I moved from my old tree into a tree that was just trunk+ldap I believe what I did to resolve the situation was to remove the reference, delete the dll from the debug directory and readd the reference. I'll try locally to see what I can do.
You must sign in to post in the forums. This thread is closed to new posts.