[solved] Help with LDAP auth modifications

playSMS Help
1

I’m looking to implement a quick and dirty fix to allow LDAP logins. I’ve can successfully authenticate against LDAP seeing the below in the logs.

L2 auth_validate_login # valid login u:myusername uid:4 ip:172.30.1.74

but then the session fails to initialise

L2 login # unable to setup session u:myusername status:2 sid: ip:172.30.1.74

This user already exists in the database and I can login if I revert my changes.

I’m struggling to work out why the session is failing to initialise as all I’ve changed is lines 52-58 in plugins/core/auth/fn.php from

$db_query = "SELECT password,salt FROM " . _DB_PREF_ . "_tblUser WHERE flag_deleted='0' AND username='$username'";
	$db_result = dba_query($db_query);
	$db_row = dba_fetch_array($db_result);
	$res_password = trim($db_row['password']);
	$res_salt = trim($db_row['salt']);
	$password = md5($password . $res_salt);
	if ($password && $res_password && ($password == $res_password)) {

to

$ldapserver= "ldap://servername";
$ldap = ldap_connect($ldapserver);
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
$bind = @ldap_bind($ldap, $username . "@domainname", $password);
  
if ($bind) {

which should obviously act in exactly the same way returning the same TRUE/FALSE.

Any ideas before I drive myself crazy tracking down what I’ve done wrong? The LDAP bind is succeeding and credentials are validated, just the session setup is failing. I’ve had a good look through the code and my inexpert eyes can’t see why this change would make any difference to the session setup.

3

see this, I changed to this:

Screen Shot 2020-07-09 at 20.14.25
Screen Shot 2020-07-09 at 20.14.251204×600 133 KB

if I login with correct user such as admin then I can login with whatever password (because its always TRUE)

but then if I put non-existant user, I got same error that my login was valid but unable to setup session

its because auth_session_setup() is looking for uid from given username in playSMS tblUser
so the user, and some other mandatory data (uid, flag_deleted, status…), has to be exists on playSMS database

anton

4

oh I missed this, so your test username is already added in playSMS, hmm… couldn’t think why it failed to setup session

5

Thanks Anton, I’ll look further into this. The user already exists as I created it prior to making this change, if I revert to the original fn.php I can login as the same user (with playsms password) fine so I guess all the columns in the db are correctly populated. I added some log lines to auth_session_setup() and can see my correct uid is available inside the function.

Anyway, thanks for the pointers, I’ll do some further digging.

6

have you test the way I did, simple one like in my above screenshot ?

anton

7

I did and it still didn’t work. I ended up copying the original files back over the top of my installation, made my modifications again and it worked fine so I guess I’d screwed something up somewhere else whilst messing about.

Thanks for you help.