I was happily surprised at how easy this was to do, so thought I'd share it in case there was any chance a similar change might make it into a future release of Mantis.
To implement, you just need to modify a few lines in core/authentication_api.php for the function auth_does_password_match().
Change:
Code: Select all
if ( LDAP == $t_configured_login_method ) {
return ldap_authenticate( $p_user_id, $p_test_password );
}
Code: Select all
if ( LDAP == $t_configured_login_method ) {
if ( ldap_authenticate( $p_user_id, $p_test_password ) ) {
return true;
}
}
Code already exists in auth_does_password_match() that then tries to authenticate via the user's mantis db password using MD5, CRYPT, and PLAIN.
Kudos to the Mantis developers for making this so easy.
P.S. This change was done on version 1.0.7