Feature Request #551

LDAP Auth

Added by Felix Ehlers over 6 years ago. Updated over 4 years ago.

Status:RejectedStart date:
Priority:LowDue date:
Assignee:Kiall Mac Innes% Done:

0%

Category:-
Target version:-
Resolution:wontfix Points:

Description

Here's my contribution to use the auth module to authenticate against an LDAP directory server.

LDAP_Auth.php Magnifier - LDAP Auth library (1.53 KB) Felix Ehlers, 04/10/2008 03:05 PM

ldap_auth.php Magnifier - Demo controller (1.48 KB) Felix Ehlers, 04/10/2008 03:06 PM

LDAP.php Magnifier - LDAP Auth driver. (3.24 KB) Felix Ehlers, 04/28/2008 11:42 PM

History

#1 Updated by Woody Gilk over 6 years ago

Driver-based Auth implemented in r2471.

#2 Updated by Woody Gilk over 6 years ago

  • Status changed from New to Assigned

#3 Updated by Woody Gilk over 6 years ago

Please re-submit your LDAP_Auth.php file as an Auth driver, thanks!

#4 Updated by Felix Ehlers over 6 years ago

Please move the code creating of a salted hashed password from Auth_Core down to the ORM driver

#5 Updated by Woody Gilk about 6 years ago

Replying to [comment:5 fleximus]:

Please move the code creating of a salted hashed password from Auth_Core down to the ORM driver

Auth hashes are a very important part of Auth and do not belong in the driver.

#6 Updated by Woody Gilk about 6 years ago

Is LDAP_Auth required to use the LDAP driver? Or is it an alternative to the driver?

#7 Updated by Woody Gilk about 6 years ago

This has not been updated in a long time, moving to 2.2.1 as a potential addition.

#8 Updated by Woody Gilk almost 6 years ago

  • Status changed from Assigned to Closed
  • Resolution set to dilatory

Please reopen if your patch is still valid and will be maintained.

#9 Updated by Ilari Mäkimattila over 5 years ago

  • Status changed from Closed to Feedback

Woody Gilk wrote:

Please reopen if your patch is still valid and will be maintained.

I can provide a new LDAP Auth driver, but it really requires disabling password hashing in Auth_Core. There are many reasons behind this, but mainly because of:
1) LDAP can not authenticate against already hashed passwords,
2) LDAP provides its own hashing mechanisms,
3) LDAP is usually used when multiple applications need the same information, and those other applications just might not support Kohana hashes ;)

Anyways, in my opinion, salted hashes should be generated by the component that actually saves the password. In scenarios like this, the hash methods in Auth_Core are useless and will only cause problems.

#10 Updated by Kiall Mac Innes over 5 years ago

Great! I suggest that the Auth::hash_password() method is pushed back into the Driver (ala Auth::logout() just above it) - This would be an easy change to the lib and allow for multiple backends to use their own hashing (or none at all) if necessary.

#11 Updated by Kiall Mac Innes over 5 years ago

  • Target version changed from 2.2.1 to 2.4

#12 Updated by Kiall Mac Innes over 5 years ago

  • Assignee deleted (Woody Gilk)

#13 Updated by Jeremy Bush about 5 years ago

  • Status changed from Feedback to Assigned
  • Assignee set to Kiall Mac Innes
  • Priority changed from Normal to Low

Kiall, have fun! ;)

#14 Updated by Kiall Mac Innes about 5 years ago

Lol - time to setup an LDAP server to test this! I'll get to it today.

#15 Updated by Kiall Mac Innes about 5 years ago

Actually - Isaiah makes a good point, this should be pushed to a module.

I'll make the changes needed for PW hashing and leave it at that - If anyone's interested in dev'ing this as a module let zombor know.

#16 Updated by Jeremy Bush about 5 years ago

  • Status changed from Assigned to Rejected
  • Resolution set to wontfix

If someone wants to create this, I can make a project for them. We won't support it in core.

#17 Updated by Isaiah DeRose-Wilson over 4 years ago

  • Tracker changed from Bug Report to Feature Request
  • Project changed from Kohana v2.x to Auth Module for v2.x
  • Category deleted (Modules:Auth)
  • Target version deleted (2.4)

Also available in: Atom PDF