Re: Extending built-in Auth Component?
Nathaniel Price wrote:
>
> Anyway, here's the extension I came up with (saved in app/controllers/
> components/ldap_auth.php):
> App::import('Component', 'Auth');
>
> class LdapAuthComponent extends AuthComponent {
> var $ldapModel = 'LdapUser';
>
> function startup(&$controller) {
> if (isset($controller->data[$this->userModel])) {
> $username = $controller->data[$this->userModel][$this-
>>fields['username']];
> $password = $controller->data[$this->userModel][$this-
>>fields['password']];
> $res = $this->preauthUser($username, $password);
>
> if (!$res) {
> //set password to blank to ensure the auth fails
>
> $controller->data[$this->userModel][$this->fields['password']] =
> '';
> }
> }
> //Continue with standard auth process
> return parent::startup($controller);
> }
> ..
> ..
> ..
>
I think you're going to auth against LDAP and update your database on every
page load by doing it this way. Maybe that's the way you want to do it, but
another thing you could do is just add another condition to the if statement
in the startup method:
if ($controller->action == 'login' &&
isset($controller->data[$this->userModel])) {
In my application, I'm not going to worry too much about them changing
things on the LDAP server minute to minute, so I use the above if statement.
Thanks so much for volunteering all this code. It's been very helpful.
--
View this message in context:
http://n2.nabble.com/Extending-built-in-Auth-Component--tp1369764p2342959.html
Sent from the CakePHP mailing list archive at Nabble.com.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Re: Extending built-in Auth Component?
I've got it working, yes, though I'm still a bit dissatisfied with the
solution I came up with. For one, you can't refer to AuthComponent via
$this->Auth inside your controller anymore, it has to be $this-
>LdapAuth. Not sure how much that will affect things.
First an explanation of what this does. Basically, the
LdapAuthComponent sits on top of AuthComponent and intercepts login
form submissions. It then uses the LdapUser model to check to see if
the user exists, and if you can bind successfully with that username
and password combination. If so, it inserts (or updates) a user in the
users table with the username and password combination that was
submitted on login, and from there AuthComponent can use that data in
the table to log them in. This is ideal for me because I don't have
control over the data the LDAP server provides me, and I'd like to be
able to attach more data to a user than the LDAP server provides me.
Also note: this code is unsupported. Use it at your own risk. I may or
may not answer questions about it.
Anyway, here's the extension I came up with (saved in app/controllers/
components/ldap_auth.php):
data[$this->userModel])) {
$username = $controller->data[$this->userModel][$this-
>fields['username']];
$password = $controller->data[$this->userModel][$this-
>fields['password']];
$res = $this->preauthUser($username, $password);
if (!$res) {
//set password to blank to ensure the auth fails
$controller->data[$this->userModel][$this->fields['password']] =
'';
}
}
//Continue with standard auth process
return parent::startup($controller);
}
function preauthUser($username, $password) {
//TODO: un-hard-code the other database model fields.
$ldap =& $this->getLdapModel();
$model =& $this->getModel();
$res = $ldap->auth($username, $password);
if ($res !== false) {
//Successfull LDAP bind - update user database
$data = $model->findByUsername($username);
if (!$data) {
$data = array();
$data[$this->userModel][$this->fields['username']] = $username;
$data[$this->userModel]['created'] =
date('Y-m-d H:i:s');
}
//TODO: if data hasn't changed, avoid updating the
database
$data[$this->userModel][$this->fields['password']] =
$this-
>password($password);
$data[$this->userModel]['email'] =
$res[0][$this->ldapModel]
['mail'];
$model->save($data);
return true;
}
return false;
}
function &getLdapModel($name = null) {
$model = null;
if (!$name) {
$name = $this->ldapModel;
}
if (PHP5) {
$model = ClassRegistry::init($name);
} else {
$model =& ClassRegistry::init($name);
}
if (empty($model)) {
trigger_error(__('LdapAuth::getLdapModel() - Model is
not set or
could not be found', true), E_USER_WARNING);
return null;
}
return $model;
}
}
?>
I use the following model for Users - this is stored in the database
(app/models/user.php):
array('email'),
'password' => array('alphaNumeric'),
'active' => array('numeric')
);
}
/* database creation script:
CREATE TABLE `users` (
`id` int(10) unsigned NOT NULL auto_increment,
`username` varchar(50) NOT NULL,
`password` varchar(50) NOT NULL,
`email` varchar(128) default NULL,
`active` tinyint(4) NOT NULL default '0',
`created` datetime default NULL,
`modified` datetime NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
*/
?>
And the following model for LdapUsers (app/models/ldap_user.php)
I'm not sure where I got this code--I thought it was from the bakery,
but I can't seem to find it again. :( Regardless, it has been slightly
modified for my purposes.
ds = ldap_connect($this->host, $this->port);
ldap_set_option($this->ds, LDAP_OPT_PROTOCOL_VERSION, 3);
if ($this->user) {
ldap_bind($this->ds, $this->user, $this->pass);
} else {
//Do an anonymous bind.
ldap_bind($this->ds);
}
}
function __destruct()
{
ldap_close($this->ds);
}
function findAll($attribute = 'uid', $value = '*', $ba
Re: Extending built-in Auth Component?
Hi Nathaniel, Did you get your AuthComponent extension working? If so, would you like to share it? :) I've been looking for LDAP authentication in cake for some time, but I'm not sure how to get to it. -- alx --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Extending built-in Auth Component?
I'm assuming you're talking about one of these (they were the only
results for a search on bakery for 'ldap' that I could find):
http://bakery.cakephp.org/articles/view/ldap-models-in-cakephp
http://bakery.cakephp.org/articles/view/using-ldap-as-a-datasource-basic-find-example
I looked at that and it doesn't seem to me like it will work. Have you
(or anyone else, for that matter) actually tried using Auth with one
of these as the model? The problem that I see is that LDAP (or at
least our ldap server) doesn't let me see even encrypted passwords, so
I can't do what auth tries to do, namely hash a password, then run
$model->find() on the username and hashed password. For authenticating
based on ldap, basically I have to run ldap_bind($ldap, $username,
$password) to authenticate against the server (this is simplified, but
that's the general idea). I can't use ldap_search() for that sort of
query. In other words, from what I can tell, LDAP as a model doesn't
map onto Auth's expectations of the model providing a table-like
mapping of usernames to passwords, a pretty fundamental limitation of
Auth, IMHO. I have also searched high and low for any concrete
information about using Auth with an LDAP model and I've come up empty-
handed--except for things that don't use Auth in the first place, or
where they do the same thing I do, namely extend Auth.
Now, I suppose I could modify things so that doing a find() that
contains a password tries to do a bind instead of/in addition to a
search... Part of the thing is that I still want to have a table that
stores user data for users that have logged in; might be able to hack
it so that the LdapUser model saves a User as well, but I'm not sure
how that'd work.
If there is anyone else who has dealt with this before, I'd love to
hear from them.
On Oct 24, 2:46 am, Penfold <[EMAIL PROTECTED]> wrote:
> Hi,
>
> there is a article on bakery about using ldap, in theory you would
> replace you users table with a link to ldap and you wont need to
> change anything in auth.
>
> and all user information will be store in ldap
>
> On 23 Oct, 22:10, Nathaniel Price <[EMAIL PROTECTED]> wrote:
>
> > I'd like to extend the Auth component in such a way as to be able to
> > use LDAP to log users in; basically, my approach would be to
> > authenticate the user via LDAP, then, if the user is valid and
> > properly authenticated, it would put them into the user database that
> > Auth uses and would hand control back to Auth from there. It looks
> > something like this:
>
> > > App::import('Component', 'Auth');
>
> > class LdapAuth extends Auth {
> > var $ldapModel = 'LdapUser';
>
> > function startup(&$controller) {
> > $username =
> > $controller->data[$this->userModel][$this->fields['username']];
>
> > $password = $controller->data[$this->userModel][$this-
>
> > >fields['password']];
>
> > $res = $this->preauthUser($username, $password);
>
> > if (!$res) {
> > //set password to blank to ensure the auth fails
> >
> > $controller->data[$this->userModel][$this->fields['password']] =
> > '';
> > }
> > //Continue with standard auth process
> > return parent::startup($controller);
> > }
>
> > //... rest of class here}
>
> > ?>
>
> > However, when I try to use this component in my pages, I get the
> > following error:
> > Fatal error: Class 'Auth' not found in C:\...\app\controllers
> > \components\ldap_auth.php on line 4
>
> > Is there something I'm doing wrong that makes it so that Auth isn't
> > included in my file? I thought App::import() would take care of that,
> > but apparently it's not.
>
> > Thanks!
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Re: Extending built-in Auth Component?
Doh! I realized that about 10 minutes after I posted. Thanks.
On Oct 23, 3:31 pm, "Jay Reeder" <[EMAIL PROTECTED]>
wrote:
> Nathaniel,
>
> We're doing something similar. Try:
>
> class LdapAuthComponent extends AuthComponent
>
> On Thu, Oct 23, 2008 at 5:10 PM, Nathaniel Price <[EMAIL PROTECTED]>wrote:
>
>
>
> > I'd like to extend the Auth component in such a way as to be able to
> > use LDAP to log users in; basically, my approach would be to
> > authenticate the user via LDAP, then, if the user is valid and
> > properly authenticated, it would put them into the user database that
> > Auth uses and would hand control back to Auth from there. It looks
> > something like this:
>
> > > App::import('Component', 'Auth');
>
> > class LdapAuth extends Auth {
> > var $ldapModel = 'LdapUser';
>
> > function startup(&$controller) {
> > $username = $controller->data[$this->userModel][$this-
> > >fields['username']];
> > $password = $controller->data[$this->userModel][$this-
> > >fields['password']];
>
> > $res = $this->preauthUser($username, $password);
>
> > if (!$res) {
> > //set password to blank to ensure the auth fails
>
> > $controller->data[$this->userModel][$this->fields['password']] =
> > '';
> > }
> > //Continue with standard auth process
> > return parent::startup($controller);
> > }
>
> > //... rest of class here
> > }
> > ?>
>
> > However, when I try to use this component in my pages, I get the
> > following error:
> > Fatal error: Class 'Auth' not found in C:\...\app\controllers
> > \components\ldap_auth.php on line 4
>
> > Is there something I'm doing wrong that makes it so that Auth isn't
> > included in my file? I thought App::import() would take care of that,
> > but apparently it's not.
>
> > Thanks!
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Re: Extending built-in Auth Component?
Hi,
there is a article on bakery about using ldap, in theory you would
replace you users table with a link to ldap and you wont need to
change anything in auth.
and all user information will be store in ldap
On 23 Oct, 22:10, Nathaniel Price <[EMAIL PROTECTED]> wrote:
> I'd like to extend the Auth component in such a way as to be able to
> use LDAP to log users in; basically, my approach would be to
> authenticate the user via LDAP, then, if the user is valid and
> properly authenticated, it would put them into the user database that
> Auth uses and would hand control back to Auth from there. It looks
> something like this:
>
> App::import('Component', 'Auth');
>
> class LdapAuth extends Auth {
> var $ldapModel = 'LdapUser';
>
> function startup(&$controller) {
> $username =
> $controller->data[$this->userModel][$this->fields['username']];
>
> $password = $controller->data[$this->userModel][$this-
>
> >fields['password']];
>
> $res = $this->preauthUser($username, $password);
>
> if (!$res) {
> //set password to blank to ensure the auth fails
>
> $controller->data[$this->userModel][$this->fields['password']] =
> '';
> }
> //Continue with standard auth process
> return parent::startup($controller);
> }
>
> //... rest of class here}
>
> ?>
>
> However, when I try to use this component in my pages, I get the
> following error:
> Fatal error: Class 'Auth' not found in C:\...\app\controllers
> \components\ldap_auth.php on line 4
>
> Is there something I'm doing wrong that makes it so that Auth isn't
> included in my file? I thought App::import() would take care of that,
> but apparently it's not.
>
> Thanks!
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Re: Extending built-in Auth Component?
Nathaniel,
We're doing something similar. Try:
class LdapAuthComponent extends AuthComponent
On Thu, Oct 23, 2008 at 5:10 PM, Nathaniel Price <[EMAIL PROTECTED]>wrote:
>
> I'd like to extend the Auth component in such a way as to be able to
> use LDAP to log users in; basically, my approach would be to
> authenticate the user via LDAP, then, if the user is valid and
> properly authenticated, it would put them into the user database that
> Auth uses and would hand control back to Auth from there. It looks
> something like this:
>
> App::import('Component', 'Auth');
>
> class LdapAuth extends Auth {
>var $ldapModel = 'LdapUser';
>
>function startup(&$controller) {
>$username = $controller->data[$this->userModel][$this-
> >fields['username']];
>$password = $controller->data[$this->userModel][$this-
> >fields['password']];
>
>$res = $this->preauthUser($username, $password);
>
>if (!$res) {
>//set password to blank to ensure the auth fails
>
> $controller->data[$this->userModel][$this->fields['password']] =
> '';
>}
>//Continue with standard auth process
>return parent::startup($controller);
>}
>
> //... rest of class here
> }
> ?>
>
> However, when I try to use this component in my pages, I get the
> following error:
> Fatal error: Class 'Auth' not found in C:\...\app\controllers
> \components\ldap_auth.php on line 4
>
> Is there something I'm doing wrong that makes it so that Auth isn't
> included in my file? I thought App::import() would take care of that,
> but apparently it's not.
>
> Thanks!
>
> >
>
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Extending built-in Auth Component?
I'd like to extend the Auth component in such a way as to be able to
use LDAP to log users in; basically, my approach would be to
authenticate the user via LDAP, then, if the user is valid and
properly authenticated, it would put them into the user database that
Auth uses and would hand control back to Auth from there. It looks
something like this:
data[$this->userModel][$this-
>fields['username']];
$password = $controller->data[$this->userModel][$this-
>fields['password']];
$res = $this->preauthUser($username, $password);
if (!$res) {
//set password to blank to ensure the auth fails
$controller->data[$this->userModel][$this->fields['password']] =
'';
}
//Continue with standard auth process
return parent::startup($controller);
}
//... rest of class here
}
?>
However, when I try to use this component in my pages, I get the
following error:
Fatal error: Class 'Auth' not found in C:\...\app\controllers
\components\ldap_auth.php on line 4
Is there something I'm doing wrong that makes it so that Auth isn't
included in my file? I thought App::import() would take care of that,
but apparently it's not.
Thanks!
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
