LDAP working with minor hack

Discussion for TimeTrex open source community developers.
Locked
joako
Posts: 15
Joined: Fri Sep 24, 2010 12:48 am

LDAP working with minor hack

Post by joako »

The issue seems that my LDAP server will not bind against the uid, it needs a full DN e.g givenName=John,sn=Doe,ou=Users,dc=something,dc=com and of course "TimeTrex doesn't support encrypted passwords" so I added one line of code that takes care of that.

In: classes/modules/core/TTLDAP.class.php
After: $password = trim($password);
Insert: $password = "{sha}" . base64_encode( pack( "H*", sha1( $password ) ) );
shaunw
Posts: 7839
Joined: Tue Sep 19, 2006 2:22 pm

Re: LDAP working with minor hack

Post by shaunw »

What LDAP setup are you using? Its interesting that your passwords aren't encrypted with some kind of salt. Seems to almost defeat the purpose of encryption.

Thats the primary reason why TimeTrex doesn't support encrypted passwords, because most of them should be salted and there is virtually no way for TimeTrex to know what the salt value is, so it has to be up to the LDAP server to do the authentication itself.

Unless you want to modify this code to attempt to detect sha1 encrypted passwords on its own and submit it to us for including into the mainline TimeTrex branch, I would recommend writing a plugin to handle it for you instead, that way it won't break everytime you upgrade to the next version of TimeTrex.
Locked