[geeklog-devel] The core of a very simple LDAP plugin, and an LDAP remote authentication class that uses it

Blank, Jessica Jessica.Blank at mtvnmix.com
Thu Mar 6 14:47:32 EST 2008


Hello! To address your post point by point:

1) Can you provide some sample SMD5 hashes? I can make it auto-detect these and work appropriately with them. Our setup does not use MD5 hashes, so my MD5 hash code was untested...
2) ...which, as you noted, led to a broken regexp. I will fix this. :)
3) I will definitely ask if we can GPL this. I'd love to do so. :)

--Jessica

-----Original Message-----
From: geeklog-devel-bounces at lists.geeklog.net on behalf of Dirk Haun
Sent: Thu 3/6/2008 2:13 PM
To: geeklog-devel
Subject: Re: [geeklog-devel] The core of a very simple LDAP plugin, and an LDAP remote authentication class that uses it
 
Blank, Jessica wrote:

>Please feel free to contact me on- or off-list with bug reports,
>comments, complaints and feature suggestions.

Okay, I had some limited success with it. Part of the problem is our
LDAP setup at work, which is a little ... weird.

Apparently, it sends some of the passwords in clear text and some are
encoded in SMD5, i.e. md5 with a salt. Neither of these work with the
LDAP class: It defaults to "des" for both the unencrypted and the smd5 ones.

I got the unencrypted case working and successfully logged in with one
such account. So that's nice :-) Need to figure out how smd5 is supposed
to work.

In the md5 case, the preg_match is missing the closing delimiter for the
regexp:

  if (preg_match("/^\$/", $correct_cyphertext)) { ...
                      ^

I also ran into what is apparently an oddity with OpenLDAP: It throws an
unhelpful "unwilling to perform" error when you try to do the ldap_bind
without a password. So you need to put a valid account name + password
into the config.php just to get a connection to the LDAP server.

That's just an FYI, in case anyone else runs into this sort of problem.

I'll see if I can find some more time to play with it tomorrow and post
any improvements I make.

Which reminds me: Jessica, you didn't put a license on this code. Would
you, your co-author, and your employer consider releasing this under the
GPL? I think it would make a useful addition to Geeklog and would, if
possible, like to bundle it with future versions.

Thanks!

bye, Dirk


-- 
http://www.haun-online.de/accu/

_______________________________________________
geeklog-devel mailing list
geeklog-devel at lists.geeklog.net
http://eight.pairlist.net/mailman/listinfo/geeklog-devel

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist8.pair.net/pipermail/geeklog-devel/attachments/20080306/d5e746d8/attachment.html>


More information about the geeklog-devel mailing list