Here's a status update on the LDAP/AD login stuff I've been working on for php-syslog-ng....
I've posted a work in progress patch that I'll update as I finish things up. Please don't merge it just yet, I need to finish the configuration page and get some user feedback. More details below. The URL is: http://tomcort.com/patches/php-syslog-ng-2.9.3c-tcort.patch I made some changes to the LDAP/AD code I'd written to allow you to define multiple authentication servers if you want. For example, you could have user 'foo' authenticate against server 'ldap00' and user 'bar' could authenticate against 'ldap01'. As a result, I didn't have quite enough time to finish the configuration page. I thought I'd post the patch to show that some progress is being made and that it really isn't vaporware. My patch requires some database changes. An update script is available here: http://tomcort.com/patches/php-syslog-ng-2.9.3c-tcort.sql Since the configuration page isn't done yet, you'll need to manually set things up in the database if you want to do any testing with my patch. The configuration file (config.php) also needs to be updated. I've tested the code successfully with IBM Tivoli Directory Server on AIX 5.3 and Active Directory running on Win2k (I think). Here are the instructions... config.php changes ================= add these 4 lines: define('AUTHSERVERSTABLENAME', 'auth_servers'); define('USERSAUTHSERVERSTABLENAME', 'users_auth_servers'); define('AUTHTYPESTABLENAME', 'auth_types'); define('USERSAUTHTYPESTABLENAME', 'users_auth_types'); Database changes ================ Run the SQL linked to above. For an active directory user ======================= Setup the server... INSERT INTO auth_servers (host,binddn,user,passwd) VALUES ('DOMAIN_CONTROLLER_HOSTNAME_HERE','WINDOWS_DOMAIN_NAME_HERE','',''); Look up the user's id from the 'users' table and the server's id from the auth_servers table... SELECT id FROM users WHERE username = 'INSERT_USERNAME_HERE'; SELECT id FROM auth_servers WHERE host = 'DOMAIN_CONTROLLER_HOSTNAME_HERE' and binddn = 'WINDOWS_DOMAIN_NAME_HERE'; Set the user's server INSERT INTO users_auth_servers (userid, serverid) VALUES ('USERID_FROM_ABOVE', 'SERVERID_FROM_ABOVE'); Look up the user's id and the "AD" auth type id... SELECT id FROM users WHERE username = 'INSERT_USERNAME_HERE'; SELECT id FROM auth_types WHERE method = "AD"; Set the user's authentication type INSERT INTO users_auth_types (userid,typeid) VALUES ('USERID_FROM_ABOVE', 'TYPEID_FROM_ABOVE'); For an ldap user ============== Setup the server... INSERT INTO auth_servers (host,binddn,user,passwd) VALUES ('LDAP_SERVER_HOSTNAME_HERE','BINDDN_HERE','LDAP_USER','LDAP_PASS'); Look up the user's id from the 'users' table and the server's id from the auth_servers table... SELECT id FROM users WHERE username = 'INSERT_USERNAME_HERE'; SELECT id FROM auth_servers WHERE host = 'LDAP_SERVER_HOSTNAME_HERE' and binddn = 'BINDDN_HERE'; Set the user's server INSERT INTO users_auth_servers (userid, serverid) VALUES ('USERID_FROM_ABOVE', 'SERVERID_FROM_ABOVE'); Look up the user's id and the "AD" auth type id... SELECT id FROM users WHERE username = 'INSERT_USERNAME_HERE'; SELECT id FROM auth_types WHERE method = "LDAP"; Set the user's authentication type INSERT INTO users_auth_types (userid,typeid) VALUES ('USERID_FROM_ABOVE', 'TYPEID_FROM_ABOVE'); ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Php-syslog-ng-support mailing list Php-syslog-ng-support@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/php-syslog-ng-support
