{"id":305,"date":"2011-08-26T21:49:22","date_gmt":"2011-08-27T04:49:22","guid":{"rendered":"http:\/\/www.analogrithems.com\/rant\/?p=305"},"modified":"2011-10-03T16:35:52","modified_gmt":"2011-10-03T23:35:52","slug":"ldap-authentication-in-cakephp","status":"publish","type":"post","link":"https:\/\/www.analogrithems.com\/rant\/ldap-authentication-in-cakephp\/","title":{"rendered":"Ldap authentication in CakePHP"},"content":{"rendered":"

It’s been over a year since I wrote the first version of the CakePHP LdapAuth & Ldap Datasource. What I’ve learned over the last year is that a simple component & datasource is not enough and it should really be a full plugin. So I started working on Idbroker. The new plugin offers the following<\/p>\n

* A ldap Datasource that bad been tested with Iplanet, Netscape Directory Server, OpenLDAP & Active Directory<\/p>\n

* A revised Ldap Auth component that works with CakePHP 1.3<\/p>\n

* A simple application (Which is still in development) that uses both and will give great examples of how to use.<\/p>\n

Using this plugin you can get Ldap authentication in CakePHP.<\/p>\n

To get started place a copy of the plugin in your plugins directory. Simplest way is to clone it from github<\/p>\n

git clone https:\/\/github.com\/analogrithems\/idbroker<\/p>\n

Auth LDAP<\/h1>\n

To make use of the LDAPAuth,<\/p>\n

1) Add the following to either the controller you want to add LDAPAuth to or to app_controller to give all our controllers LDAPAuth<\/p>\n

[php]
\nvar $components = array( ‘Idbroker.LDAPAcl’=>array(‘groupType’=>’group’), ‘Idbroker.LDAPAuth’);
\n[\/php]<\/p>\n

For the groupType, this really has to do with how your LDAP group objectClass is. For active directory your groupType will be ‘group’ for most other LDAP v# implementations it will be either posixGroup (If the group stores membership info as memberUid=jdoe) or groupOfNames( if your group stores membership info as uniquemember=cn=jdoe,ou=people,dc=example,dc=com). If not set, it defaults to groupOfNames. If you are using Active Directory, set this to ‘group’<\/p>\n

2) Add the LDAP settings to your \/APP\/config\/database.php
\nNow we need to get the LDAP settings plugged into the database.php file. This hasn’t changed much since the last version.<\/p>\n

[php]
\n<?php
\nclass DATABASE_CONFIG {
\n\tvar $ldap = array (
\n\t\t\t‘datasource’ => ‘Idbroker.Ldap’,
\n\t\t\t‘host’ => ‘ldap.example.com’,
\n\t\t\t‘port’ => 389,
\n\t\t\t‘basedn’ => ‘DC=example,DC=com’,
\n\t\t\t‘login’ => ‘CN=authservice,CN=Users,DC=example,DC=com’, \/\/For Proxy Userdn Active Directory and sometimes iPlanet require this
\n\t\t\t‘password’ => ‘superSecretPassword’, \/\/For Proxy UserDN password
\n\t\t\t‘database’ => ”,
\n\t\t\t‘tls’ => false, \/\/If you are using TLS encryption set to true.
\n\t\t\t‘type’ => ‘ActiveDirectory’, \/\/Available types are ‘OpenLDAP’, ‘ActiveDirectory’, ‘Netscape’
\n\t\t\t‘version’ => 3
\n\t);
\n}
\n?>
\n[\/php]<\/p>\n

3) The last step is to setup the LDAP settings. Create a file called \/APP\/config\/ldap.php with the following. See comments for explanation of vars<\/p>\n

[php]
\n<?php
\n\/**
\n * LDAP Settings
\n *
\n *\/
\n\t$config[‘LDAP’][‘Db’][‘Config’] = ‘ldap’; \/\/What ever the config was called in the database.php file, defaults to ldap if not specified
\n\t$config[‘LDAP’][‘User’][‘Identifier’] = ‘samAccountName’; \/\/The LDAP attribute that holds the username, defaults to uid, use samaccountname for AD
\n\t$config[‘LDAP’][‘LdapAuth’][‘Model’] = ‘Idbroker.LdapAuth’; \/\/The model to use for the LDAPAuth Component, Should probably just set it to ‘Idbroker.LdapAuth for must users
\n\t$config[‘LDAP’][‘LdapACL’][‘Model’] = ‘Idbroker.LdapAcl’; \/\/The model to use for the developing LDAPAcl don’t change unless you know what your doing
\n\t$config[‘LDAP’][‘LdapACL’][‘groupType’] = ‘group’; \/\/group type refers to the group objectclass your ldap server uses. can also be overwriten in the components array
\n?>
\n[\/php]<\/p>\n

add the following to the bottom of \/APP\/config\/core.php<\/p>\n

[php]
\n\/\/Ldap Config
\nConfigure::load(‘ldap’);
\n[\/php]<\/p>\n","protected":false},"excerpt":{"rendered":"

It’s been over a year since I wrote the first version of the CakePHP LdapAuth & Ldap Datasource. What I’ve learned over the last year is that a simple component & datasource is not enough and it should really be a full plugin. So I started working on Idbroker. The new plugin offers the following […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8,44,3],"tags":[],"class_list":["post-305","post","type-post","status-publish","format-standard","hentry","category-cakephp","category-featured","category-ldap"],"_links":{"self":[{"href":"https:\/\/www.analogrithems.com\/rant\/wp-json\/wp\/v2\/posts\/305","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.analogrithems.com\/rant\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.analogrithems.com\/rant\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.analogrithems.com\/rant\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.analogrithems.com\/rant\/wp-json\/wp\/v2\/comments?post=305"}],"version-history":[{"count":16,"href":"https:\/\/www.analogrithems.com\/rant\/wp-json\/wp\/v2\/posts\/305\/revisions"}],"predecessor-version":[{"id":309,"href":"https:\/\/www.analogrithems.com\/rant\/wp-json\/wp\/v2\/posts\/305\/revisions\/309"}],"wp:attachment":[{"href":"https:\/\/www.analogrithems.com\/rant\/wp-json\/wp\/v2\/media?parent=305"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.analogrithems.com\/rant\/wp-json\/wp\/v2\/categories?post=305"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.analogrithems.com\/rant\/wp-json\/wp\/v2\/tags?post=305"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}