Hi,
I’ve been playing with LDAP authentication and I’d like to submit this.
Insert this into “login.php” after line 51, make the LDAP DC changes and it should work.
It probably could be prettied up with system config settings and the like.
Enjoy
Mr Zooty
Hi Mr. Zooty,
Thanks for this, it looks interesting, and could be a real boon.
Hi @ross,
Can I leave you to look into this as and when time allows?
Thanks!
Ross
Hi Mr Zooty,
Can you explain a little further, what this authentication method is doing and when it can be used?
Kind regards,
Roman
Roman,
It enables LDAP authentication, like Active Directory and the like. So you can have a centralized authentication system and not have usernames & passwords all over the place.
Mr Z
If you change the LDAP group lookup to something like this you can enable admin/staff accounts as well.
// check to see which/if any GIBBON group they are in
$ldapfind = ldap_search($ldapconn, "cn=gibbon-admin,dc=raziel,dc=com", "(memberUid=*$username*)", ["memberUid"]);
$valid = ldap_count_entries($ldapconn, $ldapfind);
if ($valid) { $roleid = 001;
} else {
$ldapfind = ldap_search($ldapconn, "cn=gibbon-staff,dc=raziel,dc=com", "(memberUid=*$username*)", ["memberUid"]);
$valid = ldap_count_entries($ldapconn, $ldapfind);
if ($valid) { $roleid = 002;
} else {
$ldapfind = ldap_search($ldapconn, "cn=gibbon,dc=raziel,dc=com", "(memberUid=*$username*)", ["memberUid"]);
$valid = ldap_count_entries($ldapconn, $ldapfind);
if ($valid) { $roleid = 003;}
}
}
Hi Mr Z,
Sounds great!
Debian Edu uses ldap as well. Seems this is a great way to make things easier on the kids. It may end their struggle to keep separate credentials for user accounts and Gibbon.
I’ll be having a closer look at this.
Thanks again!
Roman
Hi Mr Zoot, welcome to the Gibbon community and thanks for sharing your changes! This definitely looks like a useful addition.
Hi Roman,
Are you interested in testing this out and letting us know what you find? I don’t have an LDAP system to test with, but I’d be interested in hearing about this, because it’s a common authentication gateway and something that could certainly make logging in easier for a number of schools.
Thanks!
Hi Sandra,
I’m so swamped with work these days. I’ll definitely have a closer look at it. I think it’s a great addition.
Kind regards,
Roman
Not a problem.
I hope you get time to test it out. I’ve been using debian, gibbon v20.0 & openldap.
If you want a web based interface into ldap try webmin. It makes it alot easier to try & test.
Hi Mr Z,
Debian Edu comes with JXplorer, which is working well for us. I never actually heard of webmin but having a web based interface sounds very cool. I’ll check that out too. Thanks.
Kind regards,
Roman
Hi Mr Zooty,
Funnily enough I’ve spent this week trying to do exactly this with allowing LDAP logins, and came onto the forums to check something else, only to find your post.
Do you have a github repo that you’ve been working on with this that I could build on from?
Our LDAP server is only accessible when on site, so I can’t test what you’ve already shared until tomorrow, though the code certainly looks promising, but it’s definitely something of interest that I’d be looking to help work on, if Roman and Sandra don’t mind.
Great to hear Ash! Yep, if you’re able to check this out and share you’re findings I think that’d be a huge boon to the community. Thanks 
Sorry, no repo.
Here’s a small update, set $use_ldap_groups to either 1 or 0 depending if you want the group checking/levels etc.
Mr Z