View Issue Details

IDProjectCategoryView StatusLast Update
0011470mantisbtfeaturepublic2013-03-02 14:56
Reporterrrp Assigned Todregad  
PrioritynormalSeverityfeatureReproducibilityN/A
Status closedResolutionno change required 
Summary0011470: auto-create mantis account for LDAP users
Description

When use LDAP autentication mantis don't allows login user who haven't mantis account. IMHO better solution is let to automatically create mantis account after first login into mantis.

Patch attached ...

TagsNo tags attached.
Attached Files
mantis.diff (2,809 bytes)   
diff -C3 core-org/authentication_api.php core/authentication_api.php
*** core-org/authentication_api.php	2010-02-04 19:12:14.000000000 +0000
--- core/authentication_api.php	2010-02-04 19:31:45.000000000 +0000
***************
*** 101,106 ****
--- 101,123 ----
  
  					return false;
  				}
+ 			} else if ( LDAP == $t_login_method ) {
+ 				if (ldap_authenticate( -1, $p_password, $p_username )) {
+ 					$t_email = ldap_email_from_username($p_username);
+ 					if (user_create( $p_username, $p_password, $t_email ) ) {
+ 						$t_user_id = user_get_id_by_name( $p_username );
+ 						if ( false === $t_user_id ) {
+ 							# @@@ trigger an error here?
+ 							return false;
+ 						}
+ 						
+ 					} else {
+ 						# @@@ trigger an error here?
+ 						return false;
+ 					}
+ 				} else {
+ 					return false;
+ 				}
  			} else {
  				return false;
  			}
Wspólne podkatalogi: core-org/disposable i core/disposable
diff -C3 core-org/ldap_api.php core/ldap_api.php
*** core-org/ldap_api.php	2010-02-04 19:12:14.000000000 +0000
--- core/ldap_api.php	2010-02-04 19:13:14.000000000 +0000
***************
*** 119,125 ****
  	# --------------------
  	# Attempt to authenticate the user against the LDAP directory
  	#  return true on successful authentication, false otherwise
! 	function ldap_authenticate( $p_user_id, $p_password ) {
  		# if password is empty and ldap allows anonymous login, then
  		# the user will be able to login, hence, we need to check
  		# for this special case.
--- 119,125 ----
  	# --------------------
  	# Attempt to authenticate the user against the LDAP directory
  	#  return true on successful authentication, false otherwise
! 	function ldap_authenticate( $p_user_id, $p_password, $p_username='' ) {
  		# if password is empty and ldap allows anonymous login, then
  		# the user will be able to login, hence, we need to check
  		# for this special case.
***************
*** 130,136 ****
  		$t_ldap_organization	= config_get( 'ldap_organization' );
  		$t_ldap_root_dn			= config_get( 'ldap_root_dn' );
  
! 		$t_username      	= user_get_field( $p_user_id, 'username' );
  		$t_ldap_uid_field	= config_get( 'ldap_uid_field', 'uid' ) ;
  		$t_search_filter 	= "(&$t_ldap_organization($t_ldap_uid_field=$t_username))";
  		$t_search_attrs  	= array( $t_ldap_uid_field, 'dn' );
--- 130,140 ----
  		$t_ldap_organization	= config_get( 'ldap_organization' );
  		$t_ldap_root_dn			= config_get( 'ldap_root_dn' );
  
! 		if ($p_user_id == -1) {
! 			$t_username		= $p_username;
! 		} else {
! 			$t_username      	= user_get_field( $p_user_id, 'username' );
! 		}
  		$t_ldap_uid_field	= config_get( 'ldap_uid_field', 'uid' ) ;
  		$t_search_filter 	= "(&$t_ldap_organization($t_ldap_uid_field=$t_username))";
  		$t_search_attrs  	= array( $t_ldap_uid_field, 'dn' );
mantis.diff (2,809 bytes)   
mantis.autocreate_from_ldap.for_1.2.5.diff (2,321 bytes)   
*** core/authentication_api.php.orig	2010-04-23 18:28:34.000000000 +0000
--- core/authentication_api.php	2010-05-10 10:34:41.000000000 +0000
***************
*** 184,191 ****
  	if ( false === $t_user_id ) {
  		if ( BASIC_AUTH == $t_login_method ) {
  			$t_auto_create = true;
! 		} else if ( LDAP == $t_login_method && ldap_authenticate_by_username( $p_username, $p_password ) ) {
! 			$t_auto_create = true;
  		} else {
  			$t_auto_create = false;
  		}
--- 184,206 ----
  	if ( false === $t_user_id ) {
  		if ( BASIC_AUTH == $t_login_method ) {
  			$t_auto_create = true;
! 		} else if ( LDAP == $t_login_method ) {
! 			if (ldap_authenticate( -1, $p_password, $p_username )) {
! 				$t_email = ldap_email_from_username($p_username);
! 				if (user_create( $p_username, $p_password, $t_email ) ) {
! 					$t_user_id = user_get_id_by_name( $p_username );
! 					if ( false === $t_user_id ) {
! 						# @@@ trigger an error here?
! 						return false;
! 					}
! 					
! 				} else {
! 					# @@@ trigger an error here?
! 					return false;
! 				}
! 			} else {
! 				return false;
! 			}
  		} else {
  			$t_auto_create = false;
  		}
*** core/ldap_api.php.orig	2011-07-22 11:54:07.000000000 +0000
--- core/ldap_api.php	2011-04-05 18:24:17.000000000 +0000
***************
*** 323,329 ****
   * @param string $p_password
   * @return bool
   */
! function ldap_authenticate( $p_user_id, $p_password ) {
  	# if password is empty and ldap allows anonymous login, then
  	# the user will be able to login, hence, we need to check
  	# for this special case.
--- 323,329 ----
   * @param string $p_password
   * @return bool
   */
! function ldap_authenticate( $p_user_id, $p_password, $p_username='' ) {
  	# if password is empty and ldap allows anonymous login, then
  	# the user will be able to login, hence, we need to check
  	# for this special case.
***************
*** 331,337 ****
  		return false;
  	}
  
! 	$t_username = user_get_field( $p_user_id, 'username' );
  
  	return ldap_authenticate_by_username( $t_username, $p_password );
  }
--- 331,342 ----
  		return false;
  	}
  
! 	if ($p_user_id == -1) {
! 		$t_username		= $p_username;
! 	} else {
! 		$t_username      	= user_get_field( $p_user_id, 'username' );
! 	}
! 
  
  	return ldap_authenticate_by_username( $t_username, $p_password );
  }

Relationships

related to 0011488 closeddregad LDAP group based autentication 

Activities

dhx

dhx

2010-02-07 19:05

reporter   ~0024341

Paul: any comments? I seem to remember you wanting to change/fix LDAP user account creation?

dregad

dregad

2013-02-18 06:39

developer   ~0035208

Accounts are automatically created in the user table with LDAP, since 1.2.0rc2 (commit 639629e9)