Feature Request #551
LDAP Auth
| Status: | Rejected | Start date: | ||
|---|---|---|---|---|
| Priority: | Low | Due date: | ||
| Assignee: |  Kiall Mac Innes |
% Done: | 0% |
|
| Category: | - | |||
| Target version: | - | |||
| Resolution: | wontfix | Points: |
Description
Here's my contribution to use the auth module to authenticate against an LDAP directory server.
History
Updated by Woody Gilk about 5 years ago
Driver-based Auth implemented in r2471.
Updated by Woody Gilk about 5 years ago
- Status changed from New to Assigned
Updated by Woody Gilk about 5 years ago
Please re-submit your LDAP_Auth.php file as an Auth driver, thanks!
Updated by Felix Ehlers - about 5 years ago
Please move the code creating of a salted hashed password from Auth_Core down to the ORM driver
Updated by Woody Gilk almost 5 years ago
Replying to [comment:5 fleximus]:
Please move the code creating of a salted hashed password from Auth_Core down to the ORM driver
Auth hashes are a very important part of Auth and do not belong in the driver.
Updated by Woody Gilk almost 5 years ago
Is LDAP_Auth required to use the LDAP driver? Or is it an alternative to the driver?
Updated by Woody Gilk almost 5 years ago
This has not been updated in a long time, moving to 2.2.1 as a potential addition.
Updated by Woody Gilk over 4 years ago
- Status changed from Assigned to Closed
- Resolution set to dilatory
Please reopen if your patch is still valid and will be maintained.
Updated by Ilari Mäkimattila almost 4 years ago
- Status changed from Closed to Feedback
Woody Gilk wrote:
Please reopen if your patch is still valid and will be maintained.
I can provide a new LDAP Auth driver, but it really requires disabling password hashing in Auth_Core. There are many reasons behind this, but mainly because of:
1) LDAP can not authenticate against already hashed passwords,
2) LDAP provides its own hashing mechanisms,
3) LDAP is usually used when multiple applications need the same information, and those other applications just might not support Kohana hashes ;)
Anyways, in my opinion, salted hashes should be generated by the component that actually saves the password. In scenarios like this, the hash methods in Auth_Core are useless and will only cause problems.
Updated by Kiall Mac Innes almost 4 years ago
Great! I suggest that the Auth::hash_password() method is pushed back into the Driver (ala Auth::logout() just above it) - This would be an easy change to the lib and allow for multiple backends to use their own hashing (or none at all) if necessary.
Updated by Kiall Mac Innes almost 4 years ago
- Target version changed from 2.2.1 to 2.4
Updated by Kiall Mac Innes almost 4 years ago
- Assignee deleted (
Woody Gilk)
Updated by Jeremy Bush almost 4 years ago
- Status changed from Feedback to Assigned
- Assignee set to Kiall Mac Innes
- Priority changed from Normal to Low
- 11 set to 2.3.4
Kiall, have fun! ;)
Updated by Kiall Mac Innes almost 4 years ago
Lol - time to setup an LDAP server to test this! I'll get to it today.
Updated by Kiall Mac Innes almost 4 years ago
Actually - Isaiah makes a good point, this should be pushed to a module.
I'll make the changes needed for PW hashing and leave it at that - If anyone's interested in dev'ing this as a module let zombor know.
Updated by Jeremy Bush over 3 years ago
- Status changed from Assigned to Rejected
- Resolution set to wontfix
If someone wants to create this, I can make a project for them. We won't support it in core.
Updated by Isaiah DeRose-Wilson over 3 years ago
- Tracker changed from Bug Report to Feature Request
- Project changed from Kohana v2.x to Auth Module for v2.x
- Category deleted (
Modules:Auth) - Target version deleted (
2.4)