#1 April 1, 2013 4:40pm

JeredOdegard
Member
Registered: March 29, 2013
Posts: 12

LDAP Authentication

I'm interesting in making an LDAP plugin for BigTree. Where might I find most of the authentication logic?

Or is there a better way to incorporate this so it doesn't get overwritten in future core updates?

EDIT: It looks like I could use http://www.bigtreecms.org/code-referenc … createUser for the user creation upon authentication with our servers, but I'm just not sure how hook such logic into BigTree.

Offline

#2 April 1, 2013 5:14pm

JeredOdegard
Member
Registered: March 29, 2013
Posts: 12

Re: LDAP Authentication

It looks like I could extend the functionality of BigTreeAdmin#login to check for LDAP configuration with $bigtree["config"] and call an authentication function which would create a new user if the credentials pass/match group and re-call BigTreeAdmin#login with the generated credentials . (Assuming the login form uses the BigTreeAdmin#login method itself. My recursive grep can't find any instances of login(), so I'm not sure if you are xD) Would this extended functionality be something worthwhile in the core or would it need to be re-implemented with each core update?

Probably going into the issue of how to extend the admin functionality of BigTree again.

Offline

#3 April 1, 2013 6:51pm

JeredOdegard
Member
Registered: March 29, 2013
Posts: 12

Re: LDAP Authentication

It looks like I can use "BIGTREE_CUSTOM_ADMIN_CLASS_PATH" to subclass BigTreeAdmin create an overriding login method under certain circumstances or just call super. Is LDAP authentication something worth adding to the core of BigTree though?

Offline

#4 April 1, 2013 7:30pm

benplum
Administrator
Registered: March 30, 2012
Posts: 54

Re: LDAP Authentication

LDAP implementation always seems to be pretty specific to the client, so I don't think we plan to support it out of the box right now. You are correct in that you can extend the BigTree admin class to add or override any internal functions as you see fit.

Offline

#5 April 1, 2013 7:35pm

JeredOdegard
Member
Registered: March 29, 2013
Posts: 12

Re: LDAP Authentication

Ah I see. Thanks for the info!

Offline

#6 April 1, 2013 9:22pm

timbuckingham
Administrator
From: Baltimore, MD
Registered: April 2, 2012
Posts: 970

Re: LDAP Authentication

What I've done in the past is create an override of  /core/admin/modules/login/default.php to integrate LDAP. I usually add an extra column to bigtree_users that is the user's LDAP account.

I do all the LDAP connection / auth logic above the BigTree login logic in the that file (/custom/admin/modules/login/default.php). If the LDAP authentication is successful I do a look-up in the bigtree_users table for that LDAP login. If there is one, I log them in as that user. If there isn't one, I fall back to BigTree's login system (normally for developer accounts since we don't necessarily have an LDAP account with our clients).

To input the LDAP account info you'll have to add custom overrides for the add/edit page on modules as well but it shouldn't be too hard.

Offline

#7 April 2, 2013 1:37pm

JeredOdegard
Member
Registered: March 29, 2013
Posts: 12

Re: LDAP Authentication

Thanks for the advice. I'll let you know what implementation we go with.

Offline

#8 April 2, 2013 5:44pm

JeredOdegard
Member
Registered: March 29, 2013
Posts: 12

Re: LDAP Authentication

I ended up using BIGTREE_CUSTOM_ADMIN_CLASS and setting a file within /custom/ for the overriding class. We're using LDAP to restrict login to the admin entirely. It looks sorta like this:

class LDAPLogin extends BigTreeAdmin {
  function login() {
    if ($passes_bigtree_auth) {
      BigTreeAdmin::login();
    } else {
      $this->loginLDAP();
    }
  }
  
  function loginLDAP() {
    // check if user exists and has valid credentials and matches groups specified in $bigtree['config']['ldap']
    BigTreeAdmin::createUser();
    BigTreeAdmin::login();
  }
}

It seems to be working well now. Hopefully it's future proof. xD

Offline

Board footer

Powered by FluxBB

The Discussion Forum is not available on displays of this size.