Microsoft Active Directory - LDAP

Dear All,

Does CumulusClips support Microsoft Active Directory - LDAP integration ?
Is there any plugin for this job ?

Best Regards,
Amir

Comments

  • Several people have developed their own LDAP plugins with success, but there is no official LDAP or AD support.
  • Hi Damian,

    Is there any documents or hints for doing this ?

    Best Regards,
  • edited September 2016
    There were a couple of great threads on here about creating a CumulusClips LDAP plugins for universities. The threads were accidentally deleted. I was able to recover some of the code from the threads using the Internet Archive. Here they are, hope they help.

    <?php

    class LDAP extends PluginAbstract
    {
    public $name = 'LDAP Plugin'; //Name of plugin
    public $description = 'LDAP Authentication'; //Plugin discription
    public $author = 'IS @ SCHOOL'; //Plugin author
    public $url = 'http://school.edu'; //Author's website
    public $version = '1.0.2'; //Current version of plugin

    /*
    Attaches the plugin methods to the hooks in the code base
    */
    public function load()
    {
    Plugin::attachEvent('login.end', array(__class__, 'LDAPCode'));
    }

    /*
    LDAPCode - Code to collect and user information and verify with AD authentication
    */
    public function LDAPCode()
    {
    /*
    Hook to grab the username and password from wpmedia
    */
    $view = View::getInstance();
    if (
    isset ($_POST['submitted_login'])
    && !empty($view->vars->username)
    && !empty($view->vars->password));
    {
    /*
    LDAP Variables
    */
    $ldaphost = "ip.ip.ip.ip"; //LDAP Server
    $ldapport = 389; //LDAP Port
    $basedn = "DC=school,DC=edu"; //AD structure
    $filter = "(sAMAccountName=[username])";
    $userdn = $filter;

    //ini_set("display_errors",1); //comment out for final production, uncomment for test purpose to get php error
    $username = $view->vars->username;

    $ldaprdn = $username."@school.edu";
    $ldappass = $view->vars->password;

    /*
    Connecting to LDAP
    */
    $ldapconn = ldap_connect($ldaphost, $ldapport)
    or die("Could not connect to authentication server.");

    ldap_set_option($ldapconn,LDAP_OPT_REFERRALS, 0); //These two lines of code needed for entire directory search
    ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3); //Code was pulled from http://blog.redbranch.net/2008/05/27/php-ldap-search-root-of-active-directory/

    /*
    Binding to LDAP Server
    */
    if ($ldapconn)
    {
    $ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass)
    //or die("Either you entered the wrong username or password, please try again or contact ishelpdesk@school.edu");
    or header('Refresh:3; url=https://school.edu'); //Redirects the page back to the main site after a set time
    echo "Either you entered the wrong username or password, please try again or contact ishelpdesk@school.edu"; //Message that is displayed before the redirect occurs
    }

    $search = str_replace("[username]", $username, $userdn);
    if (!preg_match('/\((.)*=(.)*\)/',$search))
    {
    throw new Exception("Failed: search has been used but '$search' is NOT a filter.");
    }

    $result = ldap_search($ldapconn,$basedn,$search)
    //or die ("Could not log you in, please try again.");
    or header('Refresh:3; url=https://school.edu'); //Redirects the page back to the main site after a set time
    echo "Could not log you in, please try again."; //Message that is displayed before the redirect occurs
    die();

    $entries = ldap_get_entries($ldapconn, $result);
    $binddn = $entries[0]["dn"];
    $ldapbind = ldap_bind($ldapconn, $binddn, $view->vars->password);
    if ($ldapbind)
    {
    if($entries)
    {
    $i=0;
    $_SESSION['user'] = $entries[$i]["samaccountname"][0]; // get CORE username from active directory and store in session
    $_SESSION['name'] = $entries[$i]["cn"][0];
    }

    $userMapper = new UserMapper();
    $userService = new UserService();

    /*
    Creation of local user account if one does not exist
    */
    if (!$userMapper->getUserByUsername($username))
    {
    //Code to create the new user
    $user = new User();
    $user->username = $username;
    $user->password = md5(SECRET_KEY.'PASSWORD');
    $user->email = $username."@school.edu";
    $newUser = $userService->create($user);

    //Local user activation
    $newUser->status = 'active';
    $userMapper->save($newUser);
    }

    /*
    Log the user into WPMedia
    */
    if ($userService->login($username, md5(SECRET_KEY . 'PASSWORD')))
    {
    header('Location: ' . HOST . '/account/');
    }
    else
    {
    exit('Local login failed');
    }

    }

    ldap_close($ldapconn);

    }
    }
    }
  • Here is the other
    <?php

    include 'Connect.php';

    class Ldap extends PluginAbstract
    {
    /**
    * @var string Name of plugin
    */
    public $name = 'LDAP Plugin';

    /**
    * @var string Description of plugin
    */
    public $description = 'LDAP Authentication';

    /**
    * @var string Name of plugin author
    */
    public $author = 'IT @ SCHOOL';

    /**
    * @var string URL to plugin's website
    */
    public $url = 'http://school.edu/';

    /**
    * @var string Current version of plugin
    */
    public $version = '1.0.1';

    /**
    * Attaches plugin methods to hooks in code base
    */
    public function load()
    {
    //Plugin::Attach('login.end', array(__CLASS__, 'LdapCode')); - changed to attachEvent
    Plugin::attachEvent('login.end', array(__CLASS__, 'LdapCode'));
    }

    /*
    * Executes custom code
    */
    public function LdapCode()
    {
    $view = View::getInstance();
    if (
    isset($_POST['submitted_login'])
    && !empty($view->vars->username)
    && !empty($view->vars->password))
    {

    $server = "ldap://##.##.##.##";
    $port = "389";
    $basedn = "OU=Anytown,DC=core,DC=school,DC=edu";
    $filter = "(sAMAccountName=[username])";
    $userdn = $filter;

    ini_set( "display_errors", 1);
    $username = $view->vars->username;

    // Set LDAP user & pass
    $connectrdn = $username . "@school.edu";
    $connectpass = $view->vars->password;

    // Connect to LDAP server
    $ldapconn = ldap_connect($server, $port) or die("Could not connect to " . $server . ":" . $port . ".");

    // Bind to LDAP server using given credentials
    $ldapbind = ldap_bind($ldapconn, $connectrdn, $connectpass);
    if (!$ldapbind) {
    echo ldap_error($ldapconn);
    die("Either you entered the wrong username or password, please try again or contact school@school.edu");
    }

    $search = str_replace('[username]', $username, $userdn);
    if (!preg_match('/\((.)*=(.)*\)/',$search)) {
    throw new Exception("Failed: search has been used but '$search' is NOT a filter. Check <a href=\"http://shmanic.com/tool/jmapmyldap/?id=4&doc=lib-jldap2-error-validation-filter\">this</a>; for more information.");
    }

    $result = ldap_search($ldapconn,$basedn,$search) or die ("Could not log you in, please try again.");
    $entries = ldap_get_entries($ldapconn, $result);
    $binddn = $entries[0]["dn"];
    $ldapbind = ldap_bind($ldapconn, $binddn, $view->vars->password);
    if ($ldapbind) {

    if($entries){
    $i=0;
    $_SESSION['user'] = $entries[$i]["samaccountname"][0]; // get CORE username from active directory and store in session
    $_SESSION['name'] = $entries[$i]["cn"][0];
    }

    $userMapper = new UserMapper();
    $userService = new UserService();

    // Create user locally if they don't exist
    if (!$userMapper->getUserByUsername($username)) {

    // Create new user
    $user = new User();
    $user->username = $username;
    $user->password = md5(SECRET_KEY . 'PASSWORD');
    $user->email = '{OPTIONAL LDAP EMAIL}';
    $newUser = $userService->create($user);

    // Activate user
    $newUser->status = 'active';
    $userMapper->save($newUser);
    }

    // Log user into CumulusClips
    if ($userService->login($username, md5(SECRET_KEY . 'PASSWORD'))) {
    header('Location: ' . HOST . '/account/');
    } else {
    exit('Local login failed');
    }
    }

    ldap_close($ldapconn);
    }
    }
    }
  • Thanks a lot !
  • I have a need for AD integration as well and am finally getting around to this. High five to the person(s) that developed the above listed code. It's been a great starting point but there are some bugs in the code. I'll post back the updated code once done.
This discussion has been closed.