I've already checked in a LDAP plugin into CVS, but without the LDAP authentification yet.

It is planned to work this way:
When a login and password is posted (from the login page for example), a plugin event 'LoginAttempt' gets triggered.
The ldap_plugin listens on this event and tries authenticating the user against the LDAP, if it doe not exist yet locally. If this is sucessful, the user gets created locally and a login cookie is set.
I'll finish this the next days.

About what you seem to have problems with:
the two setcookie() calls set cookies for the username and the hashed password - these cookies are taken into account to login the user automatically.

Does the password get stored in the cookie on the local machine, in MD5 hash? So, if I make it cleartext, would that then show up in the cookie, too?

Yes. And you should never store clear passwords on the user side. Cookies hold the actual data you say them to hold.

Thank you, Blueyed. Some questions:

Concerning your plans, if you authenticate against the ldap, and the user is made locally, what happens if the user changes their password either on the b2evolution or the ldap side? Also, what do you set the password within the cookie to, because if you need to reverify the cookie password against ldap, and its in MD5, it's not going to fly. (i think)

You've given me some idea, though - and I thank you for it!! --Bill

If the user changes his password on the b2evo side, there has to be an event triggered that the plugin listens for, too (I've not thought about this yet).
If it's changed on the LDAP side, it's being recognized and updated for the local user.

This is the code from the plugins 'LoginAttempt' function:

		if( $LocalUser =& $UserCache->get_by_login( $params['login'] )
			&& $LocalUser->pass == $params['pass_md5'] )
			{ // User exist (with this password), do nothing
				return true;
		}
		else
		{ // authenticate against LDAP

			// TODO: implement.. :)
			$ldap_answer = 0;

			if( !$ldap_answer )
			{
				return false;
			}

			if( $LocalUser )
			{ // User exists already locally, but password does not match
				$LocalUser->set( 'pass', $params['pass_md5'] );
				$LocalUser->dbupdate();
			}
			else
			{ // create this user locally
				$NewUser = new User();
				$NewUser->set( 'login', $params['login'] );
				$NewUser->set( 'nickname', $params['login'] );
				$NewUser->set( 'pass', $params['pass_md5'] );
				...
				$NewUser->dbinsert();

				$UserCache->add( $NewUser );
			}
		}

The LoginAttempt action gets triggered, when the user sends login/pwd with POST/GET (logins right now):

	$Plugins->trigger_event( 'LoginAttempt', array( 'login' => $login, 'pass' => $pass, 'pass_md5' => $pass_md5 ) );

After this the normal login takes place (all this is currently in the function veriflog()), where the user_pass_ok() is used.

There's no authentication from a cookie against LDAP - because if the cookie is set the user is supposed to be logged in.

I'm trying to authenticate against an LDAP server as well.
I found the _ldap.plugin.php in the CVS, but I'm having some trouble implementing it.

This is the first plugin I'm installing, so this has something to do with it. But not everything, as far as I can tell.

Where is the trigger_event function defined? In plugin.class.php of version 0.9.2 on the CVS? I'm having some trouble finding this version, but from what I gather from other threads, I should read the CVS manual before asking where it is. ;)

thanks for your help,

onegen

the LDAP-plugin needs the new plugin-system that will be introduced with the next version of b2evo. this version is more or less a complete rewrite, so you have to wait for the release or - if you are an experienced user and coder - grab the version from cvs (that means grab all the files there and replace your existing ones. but be aware, it's a work-in-progress-version without support and sometimes with errors)

hi all.

kiesow wrote:

the LDAP-plugin needs the new plugin-system that will be introduced with the next version of b2evo. [...]

is "next version" the current 0.9.1 from september?

can you post a short status report of the ldap plugin?
is it working now?
if not: when du you think, it will be completed?

sorry, lots of questions. but i need a ldap-blog very urgent. and b2evolution is one of the only weblogs where ldap support is in progress.

bye

i see that there haven't been many updates to this forumn lately, but hoepfully i can still get some help.
i'm hoping that the ldap plugin has been finished or is close to finished.
if it isn't, is there a post somewhere explaining how to install the current _ldap.plugin.php and get it running (nearly) correctly?