LDAP password auth
Posted: Fri Feb 05, 2016 9:38 am
Hi,
I've written before about this and kind of dropped it. Now I have to pick it up again because in a company that uses a bunch of different software solutions, being able to change all of the passwords from one spot is suddenly important. TimeTrex allows for LDAP auth. But only SSL, not TLS. TimeTrex is using the adodb php library by john lim. And for some strange reason he doesn't implement a TLS connection option. Anyway, this is easy enough to implement it seems by adding a call to ldap_start_tls($connection_handle) to his code. But that will need to be addressed to John.
But what concerns me is when I followed the authentication chain for timetrex I ran across:
So ldap authentication expects the password to be in plaintext? Am I missing something here?
I've written before about this and kind of dropped it. Now I have to pick it up again because in a company that uses a bunch of different software solutions, being able to change all of the passwords from one spot is suddenly important. TimeTrex allows for LDAP auth. But only SSL, not TLS. TimeTrex is using the adodb php library by john lim. And for some strange reason he doesn't implement a TLS connection option. Anyway, this is easy enough to implement it seems by adding a call to ldap_start_tls($connection_handle) to his code. But that will need to be addressed to John.
But what concerns me is when I followed the authentication chain for timetrex I ran across:
Code: Select all
if ( $ldap_data[$this->password_attribute] == $password ) {
Debug::Text('LDAP authentication success! (z)', __FILE__, __LINE__, __METHOD__, 10);
$retval = TRUE;
} else {
Debug::Text('LDAP password comparison failed... LDAP Password attribute: '. $ldap_data[$this->password_attribute], __FILE__, __LINE__, __METHOD__, 10);
}