playSMS Forum

[solved] Help with LDAP auth modifications

I’m looking to implement a quick and dirty fix to allow LDAP logins. I’ve can successfully authenticate against LDAP seeing the below in the logs.

L2 auth_validate_login # valid login u:myusername uid:4 ip:172.30.1.74

but then the session fails to initialise

L2 login # unable to setup session u:myusername status:2 sid: ip:172.30.1.74

This user already exists in the database and I can login if I revert my changes.

I’m struggling to work out why the session is failing to initialise as all I’ve changed is lines 52-58 in plugins/core/auth/fn.php from

$db_query = "SELECT password,salt FROM " . _DB_PREF_ . "_tblUser WHERE flag_deleted='0' AND username='$username'";
	$db_result = dba_query($db_query);
	$db_row = dba_fetch_array($db_result);
	$res_password = trim($db_row['password']);
	$res_salt = trim($db_row['salt']);
	$password = md5($password . $res_salt);
	if ($password && $res_password && ($password == $res_password)) {

to

$ldapserver= "ldap://servername";
$ldap = ldap_connect($ldapserver);
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
$bind = @ldap_bind($ldap, $username . "@domainname", $password);
  
if ($bind) {

which should obviously act in exactly the same way returning the same TRUE/FALSE.

Any ideas before I drive myself crazy tracking down what I’ve done wrong? The LDAP bind is succeeding and credentials are validated, just the session setup is failing. I’ve had a good look through the code and my inexpert eyes can’t see why this change would make any difference to the session setup.

see this, I changed to this:

if I login with correct user such as admin then I can login with whatever password (because its always TRUE)

but then if I put non-existant user, I got same error that my login was valid but unable to setup session

its because auth_session_setup() is looking for uid from given username in playSMS tblUser
so the user, and some other mandatory data (uid, flag_deleted, status…), has to be exists on playSMS database

anton

oh I missed this, so your test username is already added in playSMS, hmm… couldn’t think why it failed to setup session

Thanks Anton, I’ll look further into this. The user already exists as I created it prior to making this change, if I revert to the original fn.php I can login as the same user (with playsms password) fine so I guess all the columns in the db are correctly populated. I added some log lines to auth_session_setup() and can see my correct uid is available inside the function.

Anyway, thanks for the pointers, I’ll do some further digging.

have you test the way I did, simple one like in my above screenshot ?

anton

I did and it still didn’t work. I ended up copying the original files back over the top of my installation, made my modifications again and it worked fine so I guess I’d screwed something up somewhere else whilst messing about.

Thanks for you help.