StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
text
Body
copied!<p>Assuming you are simply binding against LDAP and are storing/retrieving User data from MySQL, this approach will work as a "bridge" which will automatically create accounts for successful logins:</p> <pre><code>// app/controllers/components/ldap_auth.php <?php App::import('Component', 'Auth'); class LdapAuthComponent extends AuthComponent { /** * Don't hash passwords */ function hashPasswords($data){ return $data; } /** * We will initially identify the user */ function identify($user=null, $conditions=null) { // bind credentials against ldap $ldapUser = $this->_ldapAuth($user); // do your stuff if (!$ldapUser) { return null; // if bind fails, then return null (as stated in api) } // get the cake model you would normally be authenticating against $model =& $this->getModel(); // default is User // check for existing User in mysql $user = $model->find('first', array('conditions' => array( 'username' => $ldapUser['cn'] )); // if no existing User, create a new User if (!$user) { $user = $model->save(array('User' => array( 'username' => $ldapUser['cn'], // .. map needed ldap fields to mysql fields .. ))); if (!$user) { $this->cakeError('ldapCreateUser'); } // pass the id of the newly created User to Auth's identify return parent::identify($model->id, $conditions); } // pass the id of the existing User to Auth's identify return parent::identify($user[$this->userModel][$model->primaryKey], $conditions); } /** * Lets check LDAP * * @return mixed Array of user data from ldap, or false if bind fails */ function _ldapAuth($user) { $username = $user[$this->userModel][$this->fields['username']]; $password = $user[$this->userModel][$this->fields['password']]; // use the php ldap functions here return $ldapUser; } } ?> </code></pre> <p>To use, replace all references to <code>Auth</code> with <code>LdapAuth</code> in your application or follow the <a href="http://cakebaker.42dh.com/2009/09/08/extending-cakephps-core-components/" rel="noreferrer">instructions here</a>.</p> <p>Note that although the protected <code>_ldapAuth()</code> method <em>could</em> be abstracted out to an <code>LdapUser</code> model, and that model <em>should</em> read from an <code>LdapSource</code>, and the LDAP server connection settings <em>should</em> be in the <code>database.php</code> config, and the <code>LdapAuthComponent</code> <em>should</em> be adapted to use configurable field mappings, these aren't requirements to "just get it done". :)</p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload