[geeklog-devel] The core of a very simple LDAP plugin, and an LDAP remote authentication class that uses it
Blank, Jessica
Jessica.Blank at mtvnmix.com
Thu Mar 6 14:47:32 EST 2008
Hello! To address your post point by point:
1) Can you provide some sample SMD5 hashes? I can make it auto-detect these and work appropriately with them. Our setup does not use MD5 hashes, so my MD5 hash code was untested...
2) ...which, as you noted, led to a broken regexp. I will fix this. :)
3) I will definitely ask if we can GPL this. I'd love to do so. :)
--Jessica
-----Original Message-----
From: geeklog-devel-bounces at lists.geeklog.net on behalf of Dirk Haun
Sent: Thu 3/6/2008 2:13 PM
To: geeklog-devel
Subject: Re: [geeklog-devel] The core of a very simple LDAP plugin, and an LDAP remote authentication class that uses it
Blank, Jessica wrote:
>Please feel free to contact me on- or off-list with bug reports,
>comments, complaints and feature suggestions.
Okay, I had some limited success with it. Part of the problem is our
LDAP setup at work, which is a little ... weird.
Apparently, it sends some of the passwords in clear text and some are
encoded in SMD5, i.e. md5 with a salt. Neither of these work with the
LDAP class: It defaults to "des" for both the unencrypted and the smd5 ones.
I got the unencrypted case working and successfully logged in with one
such account. So that's nice :-) Need to figure out how smd5 is supposed
to work.
In the md5 case, the preg_match is missing the closing delimiter for the
regexp:
if (preg_match("/^\$/", $correct_cyphertext)) { ...
^
I also ran into what is apparently an oddity with OpenLDAP: It throws an
unhelpful "unwilling to perform" error when you try to do the ldap_bind
without a password. So you need to put a valid account name + password
into the config.php just to get a connection to the LDAP server.
That's just an FYI, in case anyone else runs into this sort of problem.
I'll see if I can find some more time to play with it tomorrow and post
any improvements I make.
Which reminds me: Jessica, you didn't put a license on this code. Would
you, your co-author, and your employer consider releasing this under the
GPL? I think it would make a useful addition to Geeklog and would, if
possible, like to bundle it with future versions.
Thanks!
bye, Dirk
--
http://www.haun-online.de/accu/
_______________________________________________
geeklog-devel mailing list
geeklog-devel at lists.geeklog.net
http://eight.pairlist.net/mailman/listinfo/geeklog-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist8.pair.net/pipermail/geeklog-devel/attachments/20080306/d5e746d8/attachment.html>
More information about the geeklog-devel
mailing list