View Issue Details

Jump to NotesJump to History
This bug affects 1 person(s).
 2
IDProjectCategoryView StatusDate SubmittedLast Update
08493Feature requestsAuthenticationpublic2013-12-27 18:542013-12-27 21:55
Reporteraivokoger Assigned To 
PrioritynormalSeverityfeature 
Status newResolutionopen 
Summary08493: Enhancements for application/core/plugins/AuthLDAP/AuthLDAP.php
Description

AuthLDAP plugin should read LDAP parameters from config/ldap.php or they both should have central config db. Ldap.php has more options like filters and groups.

It would be nice to have also optional Kerberos support. Basically it means that before showing login form you check for logged in username given by your webserver: isset($_SERVER['REMOTE_USER']) and if set, you log it in. There is no need for password in that case, as authentication is made by Apache/IIS/nginx.
You can still make a LDAP query to get memberOf values (groups) for the user and check if the user is allowed to log in (LDAP group should be defined in settings by administator, example: CN=LimeAdmin,OU=groups,DC=company,DC=com).

I made the same functionality for Piwik, you can get ideas from:
https://github.com/tehnotronic/PiwikLdap/blob/master/LdapFunctions.php
and https://github.com/tehnotronic/PiwikLdap

Sadly I am not aware with limesurvey architecture to complete this request myself but I am glad to test and help finding bugs.

TagsNo tags attached.
Bug heat2
Story point estimate
Users affected %

Users monitoring this issue

There are no users monitoring this issue.

Activities

aivokoger

aivokoger

2013-12-27 21:55

reporter   ~27702

Also, is this a better solution for user auto-creation or not?

$iNewUID = User::model()->insertUser($sUser, $password, $name, 1, $mail);

Seen in: https://github.com/pitbulk/limesurvey-saml/blob/master/AuthSAML/AuthSAML.php

Issue History

Date Modified Username Field Change
2013-12-27 18:54 aivokoger New Issue
2013-12-27 21:55 aivokoger Note Added: 27702