[ZendTo] Re: Multiple domains
Naz Snidanko
NSnidanko at wajax.com
Fri Mar 14 15:19:00 GMT 2014
Hi Kevin,
We have it in place already, for 5 domains. You need to adjust config and functions in lib\NSSADAuthenticator.php file.
There is a nicer way of doing it but it's simplest way without rewriting to much code
public function __construct(
$prefs, $db
)
{
if ( $prefs['authLDAPAdmins'] && (! $prefs['authAdmins']) ) {
$prefs['authAdmins'] = $prefs['authLDAPAdmins'];
}
parent::__construct($prefs, $db);
$this->_ldapServers1 = $prefs['authLDAPServers1'];
$this->_ldapBase1 = $prefs['authLDAPBaseDN1'];
$this->_ldapAccountSuffix1 = $prefs['authLDAPAccountSuffix1'];
$this->_ldapUseSSL1 = $prefs['authLDAPUseSSL1'];
$this->_ldapBindUser1 = $prefs['authLDAPBindUser1'];
$this->_ldapBindPass1 = $prefs['authLDAPBindPass1'];
$this->_ldapOrg1 = $prefs['authLDAPOrganization1'];
$this->_ldapServers2 = $prefs['authLDAPServers2'];
$this->_ldapBase2 = $prefs['authLDAPBaseDN2'];
$this->_ldapAccountSuffix2 = $prefs['authLDAPAccountSuffix2'];
$this->_ldapUseSSL2 = $prefs['authLDAPUseSSL2'];
$this->_ldapBindUser2 = $prefs['authLDAPBindUser2'];
$this->_ldapBindPass2 = $prefs['authLDAPBindPass2'];
$this->_ldapOrg2 = $prefs['authLDAPOrganization2'];
//CUSTOM CODE STARTS HERE
// Created by Naz Snidanko Oct 02, 2012
$this->_ldapServers3 = $prefs['authLDAPServers3'];
$this->_ldapBase3 = $prefs['authLDAPBaseDN3'];
$this->_ldapAccountSuffix3 = $prefs['authLDAPAccountSuffix3'];
$this->_ldapUseSSL3 = $prefs['authLDAPUseSSL3'];
$this->_ldapBindUser3 = $prefs['authLDAPBindUser3'];
$this->_ldapBindPass3 = $prefs['authLDAPBindPass3'];
$this->_ldapOrg3 = $prefs['authLDAPOrganization3'];
$this->_ldapServers4 = $prefs['authLDAPServers4'];
$this->_ldapBase4 = $prefs['authLDAPBaseDN4'];
$this->_ldapAccountSuffix4 = $prefs['authLDAPAccountSuffix4'];
$this->_ldapUseSSL4 = $prefs['authLDAPUseSSL4'];
$this->_ldapBindUser4 = $prefs['authLDAPBindUser4'];
$this->_ldapBindPass4 = $prefs['authLDAPBindPass4'];
$this->_ldapOrg4 = $prefs['authLDAPOrganization4'];
$this->_ldapServers5 = $prefs['authLDAPServers5'];
$this->_ldapBase5 = $prefs['authLDAPBaseDN5'];
$this->_ldapAccountSuffix5 = $prefs['authLDAPAccountSuffix5'];
$this->_ldapUseSSL5 = $prefs['authLDAPUseSSL5'];
$this->_ldapBindUser5 = $prefs['authLDAPBindUser5'];
$this->_ldapBindPass5 = $prefs['authLDAPBindPass5'];
$this->_ldapOrg5 = $prefs['authLDAPOrganization5'];
// CUSTOM CODE ENDS HERE
$this->_ldapMemberKey = strtolower($prefs['authLDAPMemberKey']);
$this->_ldapMemberRole= strtolower($prefs['authLDAPMemberRole']);
}
public function validUsername(
$uname,
&$response
)
{
$result = FALSE;
$this->_ldapServers = $this->_ldapServers1;
$this->_ldapUseSSL = $this->_ldapUseSSL1;
$this->_ldapBindUser = $this->_ldapBindUser1;
$this->_ldapBindPass = $this->_ldapBindPass1;
$this->_ldapBase = $this->_ldapBase1;
$this->_ldapAccountSuffix = $this->_ldapAccountSuffix1;
$this->_ldapOrg = $this->_ldapOrg1;
$result = $this->Tryvalid($uname, $response);
if ($result !== -70 && $result !== -69) {
return TRUE;
}
// Bail out quietly if there isn't a 2nd AD forest
if (empty($this->_ldapServers2)) {
return FALSE;
}
$this->_ldapServers = $this->_ldapServers2;
$this->_ldapUseSSL = $this->_ldapUseSSL2;
$this->_ldapBindUser = $this->_ldapBindUser2;
$this->_ldapBindPass = $this->_ldapBindPass2;
$this->_ldapBase = $this->_ldapBase2;
$this->_ldapAccountSuffix = $this->_ldapAccountSuffix2;
$this->_ldapOrg = $this->_ldapOrg2;
$result = $this->Tryvalid($uname, $response);
if ($result !== -70 && $result !== -69) {
return TRUE;
}
// CUSTOM CODE STARTS HERE
// Created by Naz Snidanko Oct 02, 2012
// Bail out quietly if there isn't a 3rd AD forest
if (empty($this->_ldapServers3)) {
return FALSE;
}
$this->_ldapServers = $this->_ldapServers3;
$this->_ldapUseSSL = $this->_ldapUseSSL3;
$this->_ldapBindUser = $this->_ldapBindUser3;
$this->_ldapBindPass = $this->_ldapBindPass3;
$this->_ldapBase = $this->_ldapBase3;
$this->_ldapAccountSuffix = $this->_ldapAccountSuffix3;
$this->_ldapOrg = $this->_ldapOrg3;
$result = $this->Tryvalid($uname, $response);
if ($result !== -70 && $result !== -69) {
return TRUE;
}
// Bail out quietly if there isn't a 4th AD forest
if (empty($this->_ldapServers4)) {
return FALSE;
}
$this->_ldapServers = $this->_ldapServers4;
$this->_ldapUseSSL = $this->_ldapUseSSL4;
$this->_ldapBindUser = $this->_ldapBindUser4;
$this->_ldapBindPass = $this->_ldapBindPass4;
$this->_ldapBase = $this->_ldapBase4;
$this->_ldapAccountSuffix = $this->_ldapAccountSuffix4;
$this->_ldapOrg = $this->_ldapOrg4;
$result = $this->Tryvalid($uname, $response);
if ($result !== -70 && $result !== -69) {
return TRUE;
}
// Bail out quietly if there isn't a 5th AD forest
if (empty($this->_ldapServers5)) {
return FALSE;
}
$this->_ldapServers = $this->_ldapServers5;
$this->_ldapUseSSL = $this->_ldapUseSSL5;
$this->_ldapBindUser = $this->_ldapBindUser5;
$this->_ldapBindPass = $this->_ldapBindPass5;
$this->_ldapBase = $this->_ldapBase5;
$this->_ldapAccountSuffix = $this->_ldapAccountSuffix5;
$this->_ldapOrg = $this->_ldapOrg5;
$result = $this->Tryvalid($uname, $response);
if ($result === -70) {
NSSError('Check User: Unable to connect to any of the LDAP servers; could not authenticate user.','LDAP Error');
return FALSE;
} else if ($result === -69) {
// NSSError('Check User: Incorrect username or password.','LDAP Error');
return FALSE;
}
// return $result;
return TRUE;
}
public function authenticate(
&$uname,
$password,
&$response
)
{
$result = FALSE;
// The username should not be their email address.
// So remove everything after any @ sign.
// And remove any domain name on the front, separated by \
// Passed by reference so should change what is stored in the calling code.
$uname = preg_replace('/@.*$/', '', $uname);
$uname = preg_replace('/^.*\\\/', '', $uname);
$this->_ldapServers = $this->_ldapServers1;
$this->_ldapUseSSL = $this->_ldapUseSSL1;
$this->_ldapBindUser = $this->_ldapBindUser1;
$this->_ldapBindPass = $this->_ldapBindPass1;
$this->_ldapBase = $this->_ldapBase1;
$this->_ldapAccountSuffix = $this->_ldapAccountSuffix1;
$this->_ldapOrg = $this->_ldapOrg1;
$result = $this->Tryauthenticate($uname, $password, $response);
if ($result !== -69 && $result !== -70) {
return TRUE;
}
$this->_ldapServers = $this->_ldapServers2;
$this->_ldapUseSSL = $this->_ldapUseSSL2;
$this->_ldapBindUser = $this->_ldapBindUser2;
$this->_ldapBindPass = $this->_ldapBindPass2;
$this->_ldapBase = $this->_ldapBase2;
$this->_ldapAccountSuffix = $this->_ldapAccountSuffix2;
$this->_ldapOrg = $this->_ldapOrg2;
$result = $this->Tryauthenticate($uname, $password, $response);
if ($result !== -69 && $result !== -70) {
return TRUE;
}
$this->_ldapServers = $this->_ldapServers3;
$this->_ldapUseSSL = $this->_ldapUseSSL3;
$this->_ldapBindUser = $this->_ldapBindUser3;
$this->_ldapBindPass = $this->_ldapBindPass3;
$this->_ldapBase = $this->_ldapBase3;
$this->_ldapAccountSuffix = $this->_ldapAccountSuffix3;
$this->_ldapOrg = $this->_ldapOrg3;
$result = $this->Tryauthenticate($uname, $password, $response);
if ($result !== -69 && $result !== -70) {
return TRUE;
}
$this->_ldapServers = $this->_ldapServers4;
$this->_ldapUseSSL = $this->_ldapUseSSL4;
$this->_ldapBindUser = $this->_ldapBindUser4;
$this->_ldapBindPass = $this->_ldapBindPass4;
$this->_ldapBase = $this->_ldapBase4;
$this->_ldapAccountSuffix = $this->_ldapAccountSuffix4;
$this->_ldapOrg = $this->_ldapOrg4;
$result = $this->Tryauthenticate($uname, $password, $response);
if ($result !== -69 && $result !== -70) {
return TRUE;
}
$this->_ldapServers = $this->_ldapServers5;
$this->_ldapUseSSL = $this->_ldapUseSSL5;
$this->_ldapBindUser = $this->_ldapBindUser5;
$this->_ldapBindPass = $this->_ldapBindPass5;
$this->_ldapBase = $this->_ldapBase5;
$this->_ldapAccountSuffix = $this->_ldapAccountSuffix5;
$this->_ldapOrg = $this->_ldapOrg5;
$result = $this->Tryauthenticate($uname, $password, $response);
if ($result === -70) {
// Failed because we couldn't connect to any auth servers
NSSError('Check User: Unable to connect to any of the LDAP servers; could not authenticate user.','LDAP Error');
return FALSE;
} else if ($result === -69) {
// Failed because the user failed authentication tests
// NSSError('Check User: Incorrect username or password.','LDAP Error');
return FALSE;
}
return TRUE;
}
Cheers,
[Description: Description: Wajax Corporation Logo-signature]Naz Snidanko, Junior IT Network Analyst
Information Technology | Wajax Industrial Componenets | Wajax.com | nsnidanko at wajax.com<mailto:nsnidanko at wajax.com> |
Dir 905.212.3383 | Cell 416.937.0172 | Fax 905.212.3350
3280 Wharton Way, Mississauga, Ontario, Canada L4X 2C5
CONFIDENTIALITY: This message and any attachments may contain information that is confidential. If you have received this message in error, please advise the sender immediately by e-mail and delete this message and any copy. Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20140314/1f01c6fb/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 8575 bytes
Desc: image001.jpg
Url : http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20140314/1f01c6fb/attachment-0002.jpg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.jpg
Type: image/jpeg
Size: 2109 bytes
Desc: image003.jpg
Url : http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20140314/1f01c6fb/attachment-0003.jpg
More information about the ZendTo
mailing list