I have been using for some years with success the LDAP authentication applying the trick as explained in thread viewtopic.php?f=4&t=2707&p=10215&hilit=LDAP#p10215: the procedure involves replacing the function "logInMember()" in incCommon.php with the new function:
--------------------------------------------------------
function logInMember(){
$redir = 'index.php';
if($_POST['signIn'] != ''){
if($_POST['username'] != '' && $_POST['password'] != ''){
$username = makeSafe(strtolower($_POST['username']));
$password = md5($_POST['password']);
$ldap_username = 'mydomain\\'.$_POST['username']; //FDC\ is needed for the FDC ad depends on your ad setup
$ldap_password = $_POST['password'];
$link = ldap_connect('dc2.mydomain'); // Your domain or domain server
if ($link){ // The bind to domain was sucessfull
ldap_set_option($link, LDAP_OPT_PROTOCOL_VERSION, 3); // Recommended for AD
if (ldap_bind($link, $ldap_username, $ldap_password)) { // Now try to authenticate with credentials provided by user
$ldap_authorized = true;
$_POST['rememberMe']=0; // do not want to keep ad info in cookies
}
}
if ($ldap_authorized) { //if ldap_authorized carry on to see if registered in the program
//if(sqlValue("select count(1) from membership_users where lcase(memberID)='$username' and passMD5='$password' and isApproved=1 and isBanned=0")==1){
if(sqlValue("select count(1) from membership_users where lcase(memberID)='$username' and isApproved=1 and isBanned=0")==1){
$_SESSION['memberID']=$username;
$_SESSION['memberGroupID']=sqlValue("select groupID from membership_users where lcase(memberID)='$username'");
if($_POST['rememberMe']==1){
@setcookie('helpdesk_rememberMe', md5($username.$password), time()+86400*30);
}else{
@setcookie('helpdesk_rememberMe', '', time()-86400*30);
}
// hook: login_ok
if(function_exists('login_ok')){
$args=array();
if(!$redir=login_ok(getMemberInfo(), $args)){
$redir='index.php';
}
}
redirect($redir);
exit;
}
} //authorized ldap
}
// hook: login_failed
if(function_exists('login_failed')){
$args=array();
login_failed(array(
'username' => $_POST['username'],
'password' => $_POST['password'],
'IP' => $_SERVER['REMOTE_ADDR']
), $args);
}
if(!headers_sent()) header('HTTP/1.0 403 Forbidden');
redirect("index.php?loginFailed=1");
exit;
}elseif((!$_SESSION['memberID'] || $_SESSION['memberID']==$adminConfig['anonymousMember']) && $_COOKIE['helpdesk_rememberMe']!=''){
$chk=makeSafe($_COOKIE['helpdesk_rememberMe']);
if($username=sqlValue("select memberID from membership_users where convert(md5(concat(memberID, passMD5)), char)='$chk' and isBanned=0")){
$_SESSION['memberID']=$username;
$_SESSION['memberGroupID']=sqlValue("select groupID from membership_users where lcase(memberID)='$username'");
}
}
}
--------------------------------------------------------
Unfortunately after upgrading AppGini to new 5.98 (rev.1216) it seems that the logInMember() function is disappeared, so I cant't use LDAP anymore.
For now I reverted to Ver. 5.97, but I'd like to return to use LDAP also in the new versions, some ideas ?
ALex.