[SOLVED] chained authentication

Post about your customizations to share with others.

Moderators: Developer, Contributor

Post Reply
alienpenguin
Posts: 2
Joined: 20 Apr 2018, 16:50

[SOLVED] chained authentication

Post by alienpenguin »

Hi all, i was trying to set up mantis (2.23.1) with some sort of chained authentication that would allow to authenticate both local and active directory users.

I partially succeded doing the following:
1) i set up ldap authentication (in config/config_inc.php) towards an AD controller (so far so good)
2) changed the file core/authentication.php with the following code (seen on the forums) from

Code: Select all

if ( LDAP == $t_configured_login_method ) {
    return ldap_authenticate( $p_user_id, $p_test_password );
}
to

Code: Select all

if ( LDAP == $t_configured_login_method ) {
    if ( ldap_authenticate( $p_user_id, $p_test_password ) ) {
        return true;
    }
}
3) created the local users via webgui
4) setup the local users passwords directly from within mysql with the query:

Code: Select all

update mantis_user_table set password=md5('yourpassword') where username='the_username_created_via_gui';
with the above steps i was able to do what i want :D but then, after the local users log in for the first time, the passwords on db are reset to the plain version of themselves and so following logins fail.

what should i do to avoid the password update?

thanks in advance
Last edited by alienpenguin on 24 Apr 2018, 07:38, edited 1 time in total.
alienpenguin
Posts: 2
Joined: 20 Apr 2018, 16:50

Re: chained authentication

Post by alienpenguin »

Ok I managed to solve it by myself so i'll post my solution in case it might help other people

basically i noticed that mantis was updating the password each time a login is done because of some sort of "migration" procedure from bad crypt to better one (if i understood correctly) however the LDAP option was not considered in the auth_process_plain_password() function
so adding a

Code: Select all

case LDAP:
just above the MD5 switch label in the auth_process_plain_password() function solved my issue and now i can allow logins both from AD and local users. :D
Post Reply