[horde] Authentication guidance required.
ANANT S ATHAVALE
asa at isac.gov.in
Tue Jul 28 06:29:09 UTC 2015
----- Message from Jens Wahnes <wahnes at uni-koeln.de> ---------
Date: Sat, 18 Jul 2015 22:12:43 +0200
From: Jens Wahnes <wahnes at uni-koeln.de>
Subject: Re: [horde] Authentication guidance required.
To: horde at lists.horde.org
> On Sat, Jul 18 2015, at 18:48:54 +0530, ANANT S ATHAVALE wrote:
>
>> I also have an attribute attached with every user ldap entry, namely
>> staffnumber and I need to give users to login using their staffnumber,
>> but, it should display their original mailbox (uid).
>
>> Can this requirement be met with existing Horde application?
>
> Yes, it can be done though one or more hooks. If I understand your
> requirements correctly, using just the preauthenticate hook will
> probably suffice.
>
> First of all, set Horde's "uid" LDAP setting back to uid. Then, you'll
> have to write some code to determine if the $userId passed to the
> preauthenticate function is in fact a username (uid) or if it is a
> staffnumber. If it is a staffnumber, your code will have to search the
> LDAP to find out the corresponding uid. Then, return the newly found
> uid like this:
>
> return array('userId' => $uidFromLdap, 'credentials' => $credentials);
>
> If I didn't get all your requirements correctly, you may have to
> implement an authusername function as well to translate usernames back
> and forth.
>
> However, apart from the question which hooks to use, there is another
> thing you should consider, from my point of view: If your users don't
> know their uid to login and will want to use their staffnumber because
> of that instead, how will you make sure they know the password that
> goes along with that uid (or staffnumber, for that matter)?
>
>
> Jens
> --
> Horde mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
----- End message from Jens Wahnes <wahnes at uni-koeln.de> -----
Dear Jens,
Thanks. It worked. Please see the preauthenticate hook. Please
suggest, if it can be still improved.
public function preauthenticate($userId, $credentials)
{
$ldapServer = 'x.x.x.x';
$ldapPort = '389';
$searchBase = 'dc=xxxx,dc=xxx';
$binddn = 'cn=Manager,' . $searchBase;
$bindpw = 'xyz';
$ds = ldap_connect($ldapServer, $ldapPort);
$searchResult = ldap_search($ds, $searchBase, 'staffnumber='
. $userId);
$information = ldap_get_entries($ds, $searchResult);
// Horde::debug($information[0]['uid'][0], "/logs/horde-debug.log");
if (($information !== false) && ($information['count'] > 0)) {
$userId = $information[0]['uid'][0];
}
ldap_close($ds);
return array(
'userId' => $userId,
'credentials' => $credentials
);
}
--
सादर धन्यवाद/ Thanks & Regards
अनंत / Anant
------------------------------------------------------------------------------
Confidentiality Notice: This e-mail message, including any attachments, is for
the sole use of the intended recipient(s) and may contain confidential and
privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original
message.
------------------------------------------------------------------------------
More information about the horde
mailing list