I’m looking to implement a quick and dirty fix to allow LDAP logins. I’ve can successfully authenticate against LDAP seeing the below in the logs.
L2 auth_validate_login # valid login u:myusername uid:4 ip:172.30.1.74
but then the session fails to initialise
L2 login # unable to setup session u:myusername status:2 sid: ip:172.30.1.74
This user already exists in the database and I can login if I revert my changes.
I’m struggling to work out why the session is failing to initialise as all I’ve changed is lines 52-58 in plugins/core/auth/fn.php from
$db_query = "SELECT password,salt FROM " . _DB_PREF_ . "_tblUser WHERE flag_deleted='0' AND username='$username'";
$db_result = dba_query($db_query);
$db_row = dba_fetch_array($db_result);
$res_password = trim($db_row['password']);
$res_salt = trim($db_row['salt']);
$password = md5($password . $res_salt);
if ($password && $res_password && ($password == $res_password)) {
to
$ldapserver= "ldap://servername";
$ldap = ldap_connect($ldapserver);
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
$bind = @ldap_bind($ldap, $username . "@domainname", $password);
if ($bind) {
which should obviously act in exactly the same way returning the same TRUE/FALSE.
Any ideas before I drive myself crazy tracking down what I’ve done wrong? The LDAP bind is succeeding and credentials are validated, just the session setup is failing. I’ve had a good look through the code and my inexpert eyes can’t see why this change would make any difference to the session setup.