[geeklog-devel] The core of a very simple LDAP plugin, and an LDAP remote authentication class that uses it

Dirk Haun dirk at haun-online.de
Thu Mar 6 14:13:34 EST 2008

Blank, Jessica wrote:

>Please feel free to contact me on- or off-list with bug reports,
>comments, complaints and feature suggestions.

Okay, I had some limited success with it. Part of the problem is our
LDAP setup at work, which is a little ... weird.

Apparently, it sends some of the passwords in clear text and some are
encoded in SMD5, i.e. md5 with a salt. Neither of these work with the
LDAP class: It defaults to "des" for both the unencrypted and the smd5 ones.

I got the unencrypted case working and successfully logged in with one
such account. So that's nice :-) Need to figure out how smd5 is supposed
to work.

In the md5 case, the preg_match is missing the closing delimiter for the

  if (preg_match("/^\$/", $correct_cyphertext)) { ...

I also ran into what is apparently an oddity with OpenLDAP: It throws an
unhelpful "unwilling to perform" error when you try to do the ldap_bind
without a password. So you need to put a valid account name + password
into the config.php just to get a connection to the LDAP server.

That's just an FYI, in case anyone else runs into this sort of problem.

I'll see if I can find some more time to play with it tomorrow and post
any improvements I make.

Which reminds me: Jessica, you didn't put a license on this code. Would
you, your co-author, and your employer consider releasing this under the
GPL? I think it would make a useful addition to Geeklog and would, if
possible, like to bundle it with future versions.


bye, Dirk


More information about the geeklog-devel mailing list