 |
| << | August 2010 | >> |
| Su |
Mo |
Tu |
We |
Th |
Fr |
Sa |
| 1 |
2 |
3 |
4 |
5 |
6 |
7 |
| 8 |
9 |
10 |
11 |
12 |
13 |
14 |
| 15 |
16 |
17 |
18 |
19 |
20 |
21 |
| 22 |
23 |
24 |
25 |
26 |
27 |
28 |
| 29 |
30 |
31 |
|
|
|
|
|
 |
|
|
| Goto page 1, 2, 3 Next |
|
|
| Would you use LDAP or AD authentication? |
| Yes |
|
97% |
[ 46 ] |
| No |
|
2% |
[ 1 ] |
|
| Total Votes : 47 |
|
 djabbour Post subject: LDAP and Active Directory Support Patch
|
Fri Jul 01, 2005 9:19 pm
Posts: 5
|
| |
 |
Please note: The patch has been tested against OpenLDAP. I would like someone with AD access to let me know if AD authentication works.
This patch works against vTiger 4.0.1, 4.2 (alpha) and 4.2 CVS.
Usage:
After patching (directions below), you have an option in your config.php file to change $AUTHCFG['authType'] to SQL, AD, or LDAP. When running in SQL mode (the default) vTiger works as normal, and checks passwords against the database.
In LDAP or AD mode, vTiger will check users' passwords against the directory server. NOTE: ACCOUNTS MUST EXIST IN BOTH VTIGER AND THE DIRECTORY SERVER FOR THIS TO WORK. THE ACCOUNT NAMES MUCH MATCH. PASSWORDS, HOWEVER, NEED NOT BE SET IN VTIGER.
Once you switch the authType variable in config.php, this patch will only authenticate against the directory server. Please ensure you have created at least one admin user in vTiger that also exists in your directory before switching to AD or LDAP mode.
This patch will also remove the change password button in vTiger when using AD or LDAP authentication. You will change your password using your directory services.
Files modified by patch:
* install/4createConfigFile.php
* modules/Users/User.php
* modules/Users/DetailView.php
Files added by patch:
* modules/Users/authTypes/
* LDAP.php
* adLDAP.php
To patch (in Unix):
* Copy the authTypes directory to modules/Users/
* Copy the User.php.patch and DetailView.php.patch files to
modules/Users/
* CD to the modules/Users/ directory
* patch --verbose -p0 <DetailView.php.patch
* patch --verbose -p0 <User.php.patch
* Copy the 4createConfigFile.php.patch file to install/
* CD to install/
* patch --verbose -p0 <4createConfigFile.php.patch
The installer will now add the following lines to config.php. If you are installing a fresh copy, patch your installer and install. Then add users to vTiger (without setting passwords). Then edit config.php. If you are patching an existing installation, add the following lines to your config:
//AUTHCFG
$AUTHCFG['authType'] = 'SQL'; //Can either by LDAP, AD, or SQL
//Config Options for LDAP
$AUTHCFG['ldap_host'] = 'localhost';
$AUTHCFG['ldap_port'] = NULL;
$AUTHCFG['ldap_basedn'] = 'dc=localhost,dc=com';
$AUTHCFG['ldap_uid'] = 'uid'; //can be CN or UID depending on ldap install
$AUTHCFG['ldap_username'] = NULL;
$AUTHCFG['ldap_pass'] = NULL;
//Config Options for Active Directory
$AUTHCFG['ad_accountSuffix'] = '@mydomain.local';
$AUTHCFG['ad_basedn'] = 'DC=mydamin,DC=local';
$AUTHCFG['ad_dc'] = array ( "dc.mydomain.local" ); //array of domain controllers
$AUTHCFG['ad_username'] = NULL; //optional user/pass for searching
$AUTHCFG['ad_pass'] = NULL;
$AUTHCFG['ad_realgroup'] = true; //AD does not return the primary group. Setting this to false will fudge "Domain Users" and is much faster. True will resolve the real primary group, but may be resource intensive.
--
LDAP and AD patch for vTiger written by:
Daniel Jabbour
iWebPress Incorporated, www.iwebpress.com
djabbour - a t - iwebpress - d o t - com
| Description: |
| Patch files and directions |
|
Download |
| Filename: |
authLdapPatch.tar.gz |
| Filesize: |
6.89 KB |
| Downloaded: |
2055 Time(s) |
|
|
|
|
|
 |
delacx86 Post subject: Re: LDAP and Active Directory Support Patch
|
Mon Jul 25, 2005 11:46 am
Posts: 3
Location: Geneva (Switzerland)
|
| |
|
Hi,
I am really interested in what you did cause, I am testing vtiger for a client who would be running with IIS6.0/MYSQL/PHP and who would like integrated authentification, of course the integrated authentification would only work if the vtiger code would be ldap aware, would it be complicated to add to your code that is accepts the ntlm/kerberos authentification on the fly on the login page ??? if the vtiger login users the MSAD credentials it is already a good start, if authentification occurs by itself on the login page it would be even greater.
if i could do something to help this work...
thanks
|
|
|
|
djabbour Post subject: Re: LDAP and Active Directory Support Patch
|
Mon Jul 25, 2005 6:18 pm
Posts: 5
|
| |
|
My patch allows vtiger to authenticate to an LDAP or Active Directory. It does not implement single sign-on (kerberos). Users will still need to type their AD password a second time to login to vtiger (though at least the passwords would always been in sync). NTLM authentication and Kerberos, as far as I understand them, would be completely different topics, and require a lot of rewriting (I'm not entirely sure it'd be possible using php alone).
A far simpler solution would be to use this patch, upgrade your client to at least Windows 2000 server (preferably 2003) and simply have the vtiger authentication page use AD authentication to the active directory so user passwords will authenticate to the directory server. Good luck.
|
|
|
|
indigoleopard Post subject: Re: LDAP and Active Directory Support Patch
Senior Member
|
Tue Jul 26, 2005 4:32 am
Posts: 2111
Location: india,chennai
|
| |
|
Hello Team!
We are planning to integrate this in the product team.
So, please do share your views.
Richie
_________________
Between stimulus and response, there is a space. And the space is filled with our choice.
Team vtiger
|
|
|
|
mikecrowe Post subject: Re: LDAP and Active Directory Support Patch
Senior Member
|
Tue Jul 26, 2005 8:24 pm
Posts: 499
|
| |
|
Daniel,
Trying active directory. Get the following error:
Fatal error: Call to undefined function: ldap_connect() in /opt/vtigerCRM4_0_1/apache/htdocs/vtigerCRM/modules/Users/authTypes/adLDAP.php on line 81
_________________
Mike
Now a vTiger "developer"!!!
I'm blogging now too: http://mikecrowe.vtiger.com/
vTiger Forge: http://vtigerforge.com
|
|
|
|
mikecrowe Post subject: Re: LDAP and Active Directory Support Patch
Senior Member
|
Tue Jul 26, 2005 8:30 pm
Posts: 499
|
|
|
|
|
jamesmoey Post subject: Re: LDAP and Active Directory Support Patch
Senior Member
|
Fri Aug 12, 2005 7:16 am
Posts: 139
Location: Sydney, Australia
|
| |
|
Great Patch !!
There is just a minor bug. In the User.php.patch file:
+ case 'AD':
+ $this->log->debug("Using Active Directory authentication");
+ require_once('modules/Users/authTypes/adLDAP.php');
+ $adldap = new adLDAP();
+ if ($adldap->authenticate($this->user_names,$user_password)) {
+ return true;
+ } else {
+ return false;
+ }
+ break;
"$this->user_names" should be "$this->user_name".
|
|
|
|
|
