Ich habe folgendes Problem:
Mantis ist per LDAP-Authentifizierung ans AD angeschlossen und prüft dort die Zugangsdaten des Benutzers (Login_method = LDAP). Nun gibt es aber Benutzer, die nicht im AD erfasst, aber dennoch auf Mantis zugreifen sollen (Externe Pojektmitarbeiter, für die wir dann ein eigenes Projekt erstellen beispielsweise).
Was ich nun möchte ist, dass Mantis nicht nur eine Prüfung gegen das AD durchführt, sondern auch, falls diese Prüfung fehlschlägt, in seiner eigenen Datenbank nach diesem Benutzer sucht. Also eine Kombination aus LDAP und Mantis Authentifizierung.
Gibt es dafür schon eine Einstellungsmöglichkeit? Weil gefunden habe ich bisher nur das hier, allerdings ist das eine harte Anpassung der Mantis-Corefiles :
Code: Select all
Hello,
I wanted the feature for both logins LDAP and Mantis . In following way i managed to solve it -
1> I had applied patch for creating account in database for LDAP authentication as given in below URL
http://www.mantisbt.org/bugs/view.php?id=5595
2> In "config_defaults_inc.php" file set
$g_send_reset_password = OFF; // This will display password input while creating new account for admin login.
$g_allow_signup = OFF; // Sign up feature is disabbled
3>Change function "auth_does_password_match" in core/authentication_api.php File as below
function auth_does_password_match( $p_user_id, $p_test_password ) {
$t_configured_login_method = config_get( 'login_method' );
// Start => checking for LDAP and Mantis login users
//This is newly added loop for checking
if ( LDAP == $t_configured_login_method ) {
If(ldap_authenticate( $p_user_id, $p_test_password ))
return true;
else
{
// Checks if blank password is set
if ( is_blank( $p_user_id ) || is_blank( $p_test_password ) ) {
return false;
}
else
{
$t_password = user_get_field( $p_user_id, 'password' );
$t_login_methods = Array(MD5, CRYPT, PLAIN);
$t_configured_login_method = 0;
foreach ( $t_login_methods as $t_login_method )
{
# pass the stored password in as the salt
if ( auth_process_plain_password( $p_test_password, $t_password, $t_login_method ) == $t_password )
{
# Do not support migration to PLAIN, since this would be a crazy thing to do.
# Also if we do, then a user will be able to login by providing the MD5 value
# that is copied from the database. See #8467 for more details.
if ( $t_configured_login_method != PLAIN && $t_login_method == PLAIN )
{
continue;
}
# Check for migration to another login method and test whether the password was encrypted
# with our previously insecure implemention of the CRYPT method
if ( ( $t_login_method != $t_configured_login_method ) ||
( ( CRYPT == $t_configured_login_method ) && substr( $t_password, 0, 2 ) == substr( $p_test_password, 0, 2 ) ) )
{
user_set_password( $p_user_id, $p_test_password, true );
}
$t_configured_login_method = config_get( 'login_method' );
return true;
} // IF
} // for each
$t_configured_login_method = config_get( 'login_method' );
return false;
} //else
} // else
} // IF
}
NOTE - This function does not allow blank passwords
I have removed Reset button feature which sets blank password.
4>Now admin can set password while creating new user but edit password needs to be added
so on "manage_user_edit_page.php" page add "password" and "verify password" fields
These fields are populated on page load.
< !-- Password -- >
<>
< class="category">
< type="password" name="password" size="32" maxlength="32" value="">
< /tr >
<>
< class="category">
< /td>
<>
< type="password" name="password_verify" size="32" maxlength="32" value="">
< /td>
< /tr>
Note - I am displaying the password block only for Mantis user not LDAP users.
Here i am checking for specific pattern of email if it matches then it is LDAP user.
As we have LDAP users with company email account and other users created will not have this pattern.
This logic will change according to need. You can also add one more field in database to check this.
Updated "manage_user_update.php" file to save updated password in database.
$query = "UPDATE $t_user_table SET username='$c_username', email='$c_email',protected='$c_protected', realname='$c_realname',
password = '$c_password' WHERE id='$c_user_id'";
5>Applied validation check for blank password while creating / editting user account.
In this way i have configured to let LDAP as well as Mantis user login.
I hope this helps some one in need of this feature.
Danke für jeden Tipp in die Richtung...
Mit freundlichem Gruss
Benjamin Mock