Re: Zendx_Auth_Adapter_Ldap

Wonderful news!


Michael B Allen-3 wrote:
> 
> Hello Zend_Auth List,
> 
> Clearly Zend Framework is in need of an LDAP authentication adapter. I
> have a strong background doing this sort of thing so I thought I would
> whip one up. The zf-ldap package may be obtained here:
> 
>   http://www.ioplex.com/code/
> 
> The code should be considered beta but I have tested it fairly well
> with OpenLDAP and Microsoft Active Directory and I expect it to
> perform well.
> 
> In the following weeks I will look into the ZF proposal process in
> anticipation of submitting this adapter for inclusion into Zend
> Framework as a standard package.
> 
> Inlined below is the README.txt from the package. It doesn't describe
> some of the more advanced features like username canonicalization but
> I will document things properly in time.
> 
> Mike
> 
> -- 
> Michael B Allen
> PHP Active Directory SPNEGO SSO
> http://www.ioplex.com/
> 
> --8<-- README.txt --8<--
> 
> zf-ldap-0.1.0
> 
> This package contains an LDAP authentication adapter for Zend Framework.
> 
> The LDAP adapter consists of three classes. The Zendx prefix serves to
> isolate the code until it is determined whether or not the adapter
> will be accepted into ZF.
> 
> The Zendx_Auth_Adapter_Ldap class is the bulk of the adapter code.
> 
> The Zendx_Auth_Adapter_AdsLdap class extends Zend_Auth_Adapter_Ldap
> and is optimized for Microsoft Active Directory Server. Specifically,
> it eliminates the user DN "probe" lookup and supports username
> canonicalization.
> 
> Zendx_Auth_Adapter_LdapException is just an exception class (but it
> actually contains some code).
> 
> This package is also a stand alone application that uses
> Zend_Controller to provide a simple login form and an index page that
> prints the user's identity.
> 
> INSTALLATION
> ------------
> 
> Just add the library/Zendx directory to your path (or move it into
> your app's library directory).
> 
> To run the demo, export the html directory and adjust html/.htaccess
> as necessary. See the Zend_Controller documentation for details
> regarding setting up and running a Zend_Controller app.
> 
> USAGE
> -----
> 
> To get started quickly, just copy the
> application/controllers/UserController.php code. Your code should
> looks something like the following:
> 
>   $auth = Zend_Auth::getInstance();
> 
>   require_once 'Zendx/Auth/Adapter/Ldap.php';
>   $adapter = new Zendx_Auth_Adapter_Ldap();
>   $adapter->setLogPath('/tmp/ldap.log')
>           ->setHost('s0.foo.net')
>           ->setProbeUsername('CN=user1,DC=foo,DC=net')
>           ->setProbePassword('pass1')
>           ->setBaseDn('OU=Sales,DC=foo,DC=net')
>           ->setUsername($username)
>           ->setPassword($password);
> 
>   $result = $auth->authenticate($adapter);
> 
>   if (!$result->isValid()) {
>       // FAILURE
>       // Send user back to login form
>       $controller_name = $this->getRequest()->getControllerName();
>      
> $this->_helper->redirector->gotoUrl("$controller_name/index/username/$username");
>   } else {
>       // SUCCESS
>       $this->_redirect('/');
>   }
> 
> If you're using Microsoft Active Directory Server, use the AdsLdap
> class instead. The initialization part is a little different:
> 
>   require_once 'Zendx/Auth/Adapter/AdsLdap.php';
>   $adapter = new Zendx_Auth_Adapter_AdsLdap();
>   $adapter->setLogPath('/tmp/ldap.log')
>           ->setHost('dc1.w.net')
>           ->setBaseDn('CN=Users,DC=w,DC=net')
>           ->addDomain('w.net', 'W')
>           ->setUsername($username)
>           ->setPassword($password);
> 
> API
> ---
> 
> Most of the initialization methods return $this so that methods may be
> chained (as shown above).
> 
> setHost($host)
> required
> Sets the LDAP server hostname or IP address.
> 
> setPort($port)
> default is 389
> Sets the LDAP server port
> 
> LDAP servers (other than ADS) require usernames in simple binds to be
> in DN form like CN=Alice Baker,OU=Sales,DC=foo,DC=net. Therefore, the
> adapter must "probe" the directory to lookup the DN of the user with
> the supplied username. The setProbeUsername and setProbePassword
> methods set the credentials of the account used to perform these
> lookups. The account does not need to be privileged. Lowly read-only
> credentials will do.
> 
> setProbeUsername($probeUsername)
> required (but not by Zendx_Auth_Adapter_AdsLdap)
> 
> setProbePassword($probePassword)
> required (but not by Zendx_Auth_Adapter_AdsLdap)
> 
> setBaseDn($baseDn)
> required
> Sets the LDAP path under which user accounts reside. This will be used
> when searching for accounts being authenticated.
> 
> addDomain($dnsRoot, $nETBIOSName)
> required
> This is a Zendx_Auth_Adapter_AdsLdap method. The DNS / NetBIOS name
> mapping is used to canonicalize usernames which allows bypassing the
> user DN "probe" lookup as well as normalizing usernames returned by
> Zend_Auth::getIdentity(). The default name form returned by
> getIdentity() is NetBIOSName\sAMAccountName (e.g. ACME\abaker).
> 
> The credentials being authenticated are set with the setUsername and
> setPassword methods.
> 
> setUsername($username)
> required
> 
> setPassword($password)
> required
> 
> setSearchFilterFormat($searchFilterFormat)
> defaults is (&(objectClass=posixAccount)(uid=%s))
> This sets an sprintf format string used to build the LDAP search
> filter for searching accounts. The format string must have one %s
> format specifier to accomodate the username. It should only be
> necessary to change this setting when using a custom schema. The
> Zendx_Auth_Adapter_AdsLdap class overloads getSearchFilter to return
> the product of (&(objectClass=user)(sAMAccountName=%s)) instead.
> 
> setLogPath($logPath)
> default is /tmp/ldap.log
> Sets the path of a log file into which Zend_Log messages will be sent.
> To set your own logger do Zend_Registry::set('ldap_logger', $logger)
> or overload the getLogger and log methods.
> 
> 

-- 
View this message in context: 
http://www.nabble.com/Zendx_Auth_Adapter_Ldap-tf4625049s16154.html#a13432790
Sent from the Zend Auth mailing list archive at Nabble.com.