Comments (9)
commented on July 18, 2024
How do you feel about adLDAP?. I have downloaded and their example of auth works great out of the box. It is very AD specific but the support for non-MS ldap can come at a later time
from munkireport-php.
bochoven
commented on July 18, 2024
Yeah, I've been eyeballing adLDAP as well, but it is kind of convoluted for our purpose: we only need authentication and maybe a group lookup routine. But if you feel like setting up something with adLDAP, go ahead!
from munkireport-php.
commented on July 18, 2024
I got the user authentication working quite quickly but the group base access is giving me a hard time. It keeps taking me to a white screen and I've checked the documentation a dozen times.
Anyone is welcome to test it and criticize
https://github.com/nbalonso/munkireport-php/tree/ldap-auth
from munkireport-php.
bochoven
commented on July 18, 2024
Nice work!
I haven't looked closely enough to see why group based access is not working, but I think you should start by including the library unaltered. You don't want to change ADldap every time they come out with a new version.
from munkireport-php.
bochoven
commented on July 18, 2024
I have group based authentication working, I think the inGroup function is broken, so I used groups(). I also changed some other stuff that I thought would simplify things.
case 'AD': // Active Directory authentication
//prevent empty values
if ($login && $password)
{
//include the class and create a connection
//TODO wrap this include somewhere else?
include_once (APP_PATH . '/lib/adLDAP/adLDAP.php');
try {
$adldap = new adLDAP($auth_data);
}
catch (adLDAPException $e) {
$_SESSION['autherror'] = lang('error_contacting_AD');
//helpful for troubleshooting connections
//$_SESSION['autherror'] = $e;
break 2;
}
//authenticate user
if ($adldap->authenticate($login, $password))
{
//check user against users list
if(isset($auth_data['mr_admin_users']))
{
$admin_users = is_array($auth_data['mr_admin_users']) ? $auth_data['mr_admin_users'] : array($auth_data['mr_admin_users']);
if (in_array(strtolower($login), array_map('strtolower', $admin_users)))
{
$check = TRUE;
break 2;
}
}
//check user against group list
if(isset($auth_data['mr_admin_groups']))
{
// Set mr_admin_groups to array
$admin_groups = is_array($auth_data['mr_admin_groups']) ? $auth_data['mr_admin_groups'] : array($auth_data['mr_admin_groups']);
// Get groups from AD
$groups = $adldap->user()->groups($login);
foreach ($groups as $group)
{
if (in_array($group, $admin_groups))
{
$check = TRUE;
break 3;
}
}
}
$_SESSION['autherror'] = lang('not_authorized');
break;
}
$_SESSION['autherror'] = lang('wrong_user_or_pass');
break;
}
$_SESSION['autherror'] = lang('empty_not_allowed');
break;from munkireport-php.
commented on July 18, 2024
I got it working almost at the same time :) . I've noticed the recursive search is broken, but wasn't my target anyway so specifying non-recursive worked just fine.
I'll open a pull request and you choose whichever option you prefer
from munkireport-php.
commented on July 18, 2024
or maybe the right way of doing this in git is to change it on the fork
from munkireport-php.
bochoven
commented on July 18, 2024
Recursive groups are working on my end.
from munkireport-php.
bochoven
commented on July 18, 2024
Please send a pull request with your changes, so we can discuss them there. The https redirection in the auth view is broken on my side.
from munkireport-php.
Related Issues (20)
- PHP 8 is not supported HOT 2
- Missing Munkireport module HOT 4
- M2 Devices don't report their machine_name correctly HOT 2
- Battery status on Apple Silicon not correct HOT 2
- Using Munki to deploy MunkiReport client & Python 2.7 HOT 4
- Add CPU details to Hardware Listings and Reports
- make navbar scrollable HOT 1
- almost half of the reports are showing a null value error HOT 3
- WIP: It isnt possible to create an admin user after the initial seed
- local_users table group_memership field too short HOT 2
- WIP: Navigation menu lists all possible modules not just enabled ones HOT 3
- Error reported for missing /Library/Managed Installs/AppleUpdates.plist HOT 3
- Reflected cross site scripting in /report
- Please consider not setting BaseUrl via the postinstall script HOT 1
- Module Template HOT 1
- WIP: Reports and Listings navigation are not sorted alphabetically HOT 1
- WIP: Dropdown navigation overflows the screen, cant scroll down
- WIP: Regression in machines module, some actions not accessible HOT 1
- WIP: Freezing when submitting a Business Unit / Machine Group HOT 3
- WIP: Improve documentation on local user changes for v6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from munkireport-php.