You are not logged in.
Pages: 1
I'm interesting in making an LDAP plugin for BigTree. Where might I find most of the authentication logic?
Or is there a better way to incorporate this so it doesn't get overwritten in future core updates?
EDIT: It looks like I could use http://www.bigtreecms.org/code-referenc … createUser for the user creation upon authentication with our servers, but I'm just not sure how hook such logic into BigTree.
Offline
It looks like I could extend the functionality of BigTreeAdmin#login to check for LDAP configuration with $bigtree["config"] and call an authentication function which would create a new user if the credentials pass/match group and re-call BigTreeAdmin#login with the generated credentials . (Assuming the login form uses the BigTreeAdmin#login method itself. My recursive grep can't find any instances of login(), so I'm not sure if you are xD) Would this extended functionality be something worthwhile in the core or would it need to be re-implemented with each core update?
Probably going into the issue of how to extend the admin functionality of BigTree again.
Offline
It looks like I can use "BIGTREE_CUSTOM_ADMIN_CLASS_PATH" to subclass BigTreeAdmin create an overriding login method under certain circumstances or just call super. Is LDAP authentication something worth adding to the core of BigTree though?
Offline
LDAP implementation always seems to be pretty specific to the client, so I don't think we plan to support it out of the box right now. You are correct in that you can extend the BigTree admin class to add or override any internal functions as you see fit.
Offline
Ah I see. Thanks for the info!
Offline
What I've done in the past is create an override of /core/admin/modules/login/default.php to integrate LDAP. I usually add an extra column to bigtree_users that is the user's LDAP account.
I do all the LDAP connection / auth logic above the BigTree login logic in the that file (/custom/admin/modules/login/default.php). If the LDAP authentication is successful I do a look-up in the bigtree_users table for that LDAP login. If there is one, I log them in as that user. If there isn't one, I fall back to BigTree's login system (normally for developer accounts since we don't necessarily have an LDAP account with our clients).
To input the LDAP account info you'll have to add custom overrides for the add/edit page on modules as well but it shouldn't be too hard.
Offline
Thanks for the advice. I'll let you know what implementation we go with.
Offline
I ended up using BIGTREE_CUSTOM_ADMIN_CLASS and setting a file within /custom/ for the overriding class. We're using LDAP to restrict login to the admin entirely. It looks sorta like this:
class LDAPLogin extends BigTreeAdmin {
function login() {
if ($passes_bigtree_auth) {
BigTreeAdmin::login();
} else {
$this->loginLDAP();
}
}
function loginLDAP() {
// check if user exists and has valid credentials and matches groups specified in $bigtree['config']['ldap']
BigTreeAdmin::createUser();
BigTreeAdmin::login();
}
}
It seems to be working well now. Hopefully it's future proof. xD
Offline
Pages: 1