With CakePHP 2.0 the authentication system has been completely redesigned to allow for extending the Auth component to allow other methods of authentication and authorization. I finally sat down last weekend and updated my LDAPAuth component to work with the new version. While I was doing it I added a few new features that people had been asking for. Also by updating this component I ended up also updating the Ldap Datasource. This included a lot of code cleanup as well. You can get the new code at https://github.com/analogrithems/idbroker/tree/dev_cake2.0 To get things going download the idbroker code from github and place it...
Read More
Here is an awesome script I found to change the admin password on all the computers in your domain. It uses a simple visual basic object to search for all the computers in your domain's Active Directory then loops through each computer and sets a new password for the Administrator account. On Error Resume Next rem http://blogs.technet.com/b/heyscriptingguy/archive/2007/07/03/how-can-i-change-the-local-administrator-password-on-all-my-computers.aspx Const ADS_SCOPE_SUBTREE = 2 Set objConnection = CreateObject("ADODB.Connection") Set objCommand = CreateObject("ADODB.Command") objConnection.Provider = "ADsDSOObject" objConnection.Open "Active Directory Provider" Set objCommand.ActiveConnection = objConnection objCommand.CommandText = _ "Select Name From 'LDAP://DC=hilohattie,DC=com' Where objectClass='computer'" objCommand.Properties("Page Size") = 1000 objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE Set objRecordSet = objCommand.Execute objRecordSet.MoveFirst Do Until objRecordSet.EOF ...
Read More
It's been over a year since I wrote the first version of the CakePHP LdapAuth & Ldap Datasource. What I've learned over the last year is that a simple component & datasource is not enough and it should really be a full plugin. So I started working on Idbroker. The new plugin offers the following * A ldap Datasource that bad been tested with Iplanet, Netscape Directory Server, OpenLDAP & Active Directory * A revised Ldap Auth component that works with CakePHP 1.3 * A simple application (Which is still in development) that uses both and will give great examples of how to...
Read More
So I've been trying to find a good way to discover the schema path in LDAP that would work across Netscape style ldap servers as well as Active Directory. See the problem is each one hides their schema path in a different place. Netscap style servers (Redhat-DS, Project 389, iPlanet, Sun One, etc) use 'cn=schema', while openldap has been known to use 'cn=subschema' and Active Directory uses 'CN=Schema, CN= Configuration, DC=forest_root_domain' this makes it really difficult to create a universal tool that can find any schema path. In the past I would lift code from the PhpLDAPAdmin tool, but even...
Read More
So I was looking for a way to authenticate against LDAP with cake but I've found that it doesn't support it by default. I found one that checks the auth against ldap then creates a local mysql account. This also didn't use a actual ldap data sourc e either, it just handeled it's own ldap connection. After I read through the standard cakphp auth component I saw that it wouldn't be that hard to write an LDAP based auth component. First you need to download this file ldap_auth.php to your 'app/controllers/components/' directory. Then just like the original auth...
Read More
I've been using CakePHP for a while now and I've been thinking for a while it was time to see if I could give something back. As an IT leader I'm in love with LDAP. It makes life so simple for me and my team. The big downside to LDAP is it's not very easy to learn how all the objectClasses and attributes work with various applications. Microsoft has eliminated this with the Microsoft Management Console (MMC). It amazes me that no open source project has developed a tools such as this before. ...
Read More
The name service cache daemon has some serious flaws. One that I notice pretty often in Linux arises when you are using LDAP. It seems that nscd will crash and burn when/if ldap is unavailable. Unfortunately when nscd bombs, it usually takes the entire system with it. Actually what will happen is nscd sockets will start getting broken pipe's and becoming stale until you have several nscd. Eventually your system will slow to a halt. Mind you the box hasn't crashed, but the box is in a dos state. If you do an '$# netstat -an' you'll notice several entries...
Read More
LDAP has been around for over a decade, and yet it is still considered a newer technology. Many modern vendors have added LDAP authentication. This document is a brief generic howto for configuring linux to use LDAP. This will be a fairly detailed recipe as most of my docs are. Linux Name Services Name Server Switch is the engine that really enables Linux to harness LDAP. In linux you have two different ldap.conf files that the modules and services use to configure their ldap communications '/etc/ldap.conf' and '/etc/openldap/ldap.com'. The first gives the dn's for passwd, group and sudoers. You can also specify...
Read More
Readers
56 Followers
