View Issue Details

IDProjectCategoryView StatusLast Update
0019919mantisbtauthenticationpublic2022-05-05 15:02
Reporterblindside Assigned Todregad  
PrioritynormalSeverityfeatureReproducibilityN/A
Status closedResolutionno change required 
Summary0019919: New Authentication Method HTTP_AUTH_LDAP
Description

I'm using a custom method of authentication based on HTTP_AUTH. The point is that we don't have all the user created on mantis by default, but we do have a valid user for everyone on Active Directory, so I'm using the Kerberos Authentication at the webserver but creating the user based on the LDAP query.
It, wold be nice to have that option by default.

Steps To Reproduce

Changed the following source code:
core/authentication_api.php

...
function auth_attempt_login( $p_username, $p_password, $p_perm_login = false ) {
...
                } else if ( ( LDAP == $t_login_method || ON == config_get('ldap_try_first'))
                                    && ldap_authenticate_by_username( $p_username, $p_password ) ) {
                        $t_auto_create = true;
                        $t_password = '';
                        $t_email = ldap_email_from_username($p_username);
                        $t_realname = ldap_realname_from_username($p_username);
                }else if ( HTTP_AUTH_LDAP == $t_login_method ) {
                    $t_auto_create = true;
                }
                if ( $t_auto_create ) {
                        # attempt to create the user
                        if ( HTTP_AUTH_LDAP == $t_login_method ) {
                            $t_cookie_string = user_create( $p_username, 'empty?!', ldap_email_from_username($p_username), null, false, true, ldap_realname_from_username($p_username) );
                        }else{
                            $t_cookie_string = user_create( $p_username, $t_password , $t_email, null, false, true, $t_realname);
                        }
                        if ( false === $t_cookie_string ) {
                                # it didn't work
                                return false;
                        }
...
function auth_does_password_match( $p_user_id, $p_test_password ) {
...
    if( LDAP == $t_configured_login_method ) {
        return ldap_authenticate( $p_user_id, $p_test_password );
    }
    if( HTTP_AUTH_LDAP == $t_configured_login_method ) {
        return true ;
    }
TagsNo tags attached.

Relationships

related to 0004235 closedvboctor Support Generic Authentication through Plug-ins 

Activities

dregad

dregad

2015-07-10 02:58

developer   ~0051041

Hello

Thanks for your report and proposal. I would suggest you submit your code changes as a pull request against the master branch on Github, and include in your changeset all the relevant changes, including

  • the new constant
  • update docblock in config_defaults_inc.php
  • documentation (admin guide) for the new mode
dregad

dregad

2022-04-25 05:57

developer   ~0066483

Since there never was any feedback on this, I'm resolving the issue. Feel free to reopen if necessary.

Note that, nowadays, it would probably be better to handle this using an Authentication plugin.