2 This patch from AllianceTec modifies the users_ldap authentication backend,
3 and fixes caching problems for the HTTP login module (in the core). It has
4 not yet been applied because the ewiki_auth() interface is going to get
5 overhauled considerably anyhow.
8 patch -p1 < .../auth_ldap.patch
11 --- ewiki-R1.02a+dev3/ewiki.php 2004-09-29 14:14:48.000000000 -0500
12 +++ at_patches/ewiki.php 2005-03-01 10:42:45.883229728 -0600
17 -#echo "_a($id,dat,$action,$ring,$request_auth)<br />\n";
18 +#echo "_a($id,$data,$action,$ring,$request_auth)<br />\n";
20 if (EWIKI_PROTECTED_MODE) {
22 @@ -3337,6 +3337,13 @@
23 if ($username || $password) {
24 ewiki_log("_auth_userdb: wrong password supplied for user '$username', not verified against any userdb", 3);
25 $ewiki_errmsg = "wrong username and/or password";
26 + // Alliance Technologies addition
27 + #-- If the ewiki_auth_query_http plugin is loaded, we need the following to prevent the HTTP auth from being cached by the browser
28 + if ($ewiki_plugins["auth_query"][0] == "ewiki_auth_query_http") {
29 + header('HTTP/1.1 401 Authentication Required');
30 + header('Status: 401 Authentication Required');
31 + header('WWW-Authenticate: Basic realm="Login incorrect"');
33 # ewiki_auth($uu, $uu, $uu, $uu, 2);
41 \ No newline at end of file
44 --- ewiki-R1.02a+dev3/plugins/auth/users_ldap.php 2003-12-01 11:14:05.000000000 -0600
45 +++ at_patches/users_ldap.php 2005-03-01 10:42:46.022208600 -0600
47 Check username and password by connecting to LDAP server.
52 -define("EWIKI_LDAP_SERVER", "ldap.example.com");
53 -define("EWIKI_LDAP_RDN", 'cn=$USER,ou=users,dc=example,dc=com');
54 -define("EWIKI_LDAP_FILTER", ""); // sn=* ???
55 -define("EWIKI_LDAP_RING", 2);
59 $ewiki_plugins["auth_userdb"][] = "ewiki_auth_userdb_ldap";
63 -function ewiki_auth_userdb_ldap($username, $password=NULL) {
66 - if ($conn = ldap_connect(EWIKI_LDAP_SERVER)) {
69 - $rdn = preg_replace('/[$%_]+\{USER\}|[$%]+USER[$%]?/i', $username, EWIKI_LDAP_RDN);
70 - $search = EWIKI_LDAP_SEARCH;
73 - if (ldap_bind($conn, $rdn, $password)) {
75 - #-- connected == authenticated
76 - if (!$search || ldap_count_entries($conn, ldap_search($conn, $rdn, $search)) ) {
80 - #-- return password array() as true value for userdb plugins
81 - return(array($password, EWIKI_LDAP_RING));
89 +function ewiki_auth_userdb_ldap($username, $password) {
90 +// Modified for Alliance Technologies
91 + //return(array($password, EWIKI_LDAP_RING)); // Added by Josh on 2005-02-25 to disable edirectory check for PM
94 + if ($conn = ldap_connect(EWIKI_LDAP_SERVER)) {
95 + // -- Begin Alliance Technologies Add
96 + // TODO: make this conditionalized
97 + if (!ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3)) {
98 + fatal_error("Failed to set LDAP Protocol version to 3, TLS not supported.");
100 + if (!ldap_start_tls($conn)) {
101 + fatal_error("Ldap_start_tls failed");
103 + // -- End Alliance Technologies Add
106 + $rdn = preg_replace('/[$%_]+\{USER\}|[$%]+USER[$%]?/i', $username, EWIKI_LDAP_RDN);
107 + // -- Alliance Technologies - Changed SEARCH to FILTER
108 + $search = EWIKI_LDAP_FILTER;
111 + error_reporting(E_ERROR);
112 + if (ldap_bind($conn, $rdn, $password)) {
113 + #-- connected == authenticated
114 + if ($rdn == 'cn=morej,o=alliance') {
116 + return(array($password, EWIKI_LDAP_ADMIN_RING));
118 + if (!$search || ldap_count_entries($conn, ldap_search($conn, $rdn, $search)) ) {
120 + #-- return password array() as true value for userdb plugins
121 + return(array($password, EWIKI_LDAP_RING));
126 + header('HTTP/1.1 401 Authentication Required');
127 + header('Status: 401 Authentication Required');
128 + header('WWW-Authenticate: Basic realm="Login incorrect"');
129 + $redir = 'http://' . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"] ;
130 + $redir = ereg_replace('=.+/','=',$redir);
131 + #header("Location: $redir");
134 + var_dump($_SERVER);
138 + error_reporting(E_ALL & ~E_NOTICE);
146 \ No newline at end of file