Received: by 10.224.223.77 with SMTP id ij13mr3374756qab.1.1345846082231;
Fri, 24 Aug 2012 15:08:02 -0700 (PDT)
X-BeenThere: omeka-dev@googlegroups.com
Received: by 10.229.106.201 with SMTP id y9ls2281931qco.8.gmail; Fri, 24 Aug
2012 15:08:01 -0700 (PDT)
Received: by 10.224.209.202 with SMTP id gh10mr3373328qab.2.1345846081333;
Fri, 24 Aug 2012 15:08:01 -0700 (PDT)
Received: by 10.224.209.202 with SMTP id gh10mr3373326qab.2.1345846081294;
Fri, 24 Aug 2012 15:08:01 -0700 (PDT)
Return-Path: <j...@zerocrates.org>
Received: from mail-qc0-f171.google.com (mail-qc0-f171.google.com [209.85.216.171])
by gmr-mx.google.com with ESMTPS id k34si2244496qcz.1.2012.08.24.15.08.01
(version=TLSv1/SSLv3 cipher=OTHER);
Fri, 24 Aug 2012 15:08:01 -0700 (PDT)
Received-SPF: neutral (google.com: 209.85.216.171 is neither permitted nor denied by best guess record for domain of j...@zerocrates.org) client-ip=209.85.216.171;
Authentication-Results: gmr-mx.google.com; spf=neutral (google.com: 209.85.216.171 is neither permitted nor denied by best guess record for domain of j...@zerocrates.org) smtp.mail=j...@zerocrates.org
Received: by qcad1 with SMTP id d1so715112qca.2
for <omeka-dev@googlegroups.com>; Fri, 24 Aug 2012 15:08:01 -0700 (PDT)
d=google.com; s=20120113;
h=from:mime-version:content-type:subject:date:in-reply-to:to
:references:message-id:x-mailer:x-gm-message-state;
bh=1LzYz9rs9Zv1kbcAQSCNrTHVMJm1VOmq+da4o27MC+I=;
b=d4dAAtOPsr9k7HNJkWWHSEI5z6vBkWUGpTtQMAOFqy7ffqMpi8ZAObzAely7+m0g3Y
Oq0wp8JYvHsO0+4bPnODXXnEduE/eNY2oYxDwmGuPI862qpvGqRGQjR8M0nfz38P80Qg
yqQvrP2rVHVYNIo0PXWLX/DKWOzspFOqKxInRkY3nzq3B4fSpe8YiWNayZZ4b1i2/m2S
X1H7v+S2Zp3kSTVdMmFPFTXEx3c1mZa6/u0thor/fKJtVLBZMVlv3xA1xPRccoavWqfC
OXMBdC41daCKODbv6/khAoGh614LhyZxarU4RMn4M8hiFBwvCK1BQbx8jIsx4Z48DP0x
MH5A==
Received: by 10.229.135.213 with SMTP id o21mr3204545qct.94.1345846080866;
Fri, 24 Aug 2012 15:08:00 -0700 (PDT)
Return-Path: <j...@zerocrates.org>
Received: from zerocrates.home (pool-173-79-138-136.washdc.fios.verizon.net. [173.79.138.136])
by mx.google.com with ESMTPS id gs8sm884179qab.10.2012.08.24.15.07.59
(version=TLSv1/SSLv3 cipher=OTHER);
Fri, 24 Aug 2012 15:07:59 -0700 (PDT)
From: John Flatness <j...@zerocrates.org>
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: multipart/alternative; boundary="Apple-Mail=_77C85ABF-2037-424D-9AA9-E5762F4D5B57"
Subject: Re: [omeka-dev] Re: Omeka / LDAP Plugin Dev. - I have a question
Date: Fri, 24 Aug 2012 18:07:59 -0400
In-Reply-To: <01fdf2b6-e69c-44cf-b25e-3f3e44ad850d@googlegroups.com>
To: omeka-dev@googlegroups.com
References: <816fcc52-6819-4f8c-a2ff-902823bd2...@o10g2000vbg.googlegroups.com> <622e6722-273e-4c0a-9d43-4f1d9f0a905d@googlegroups.com> <9841d192-f228-4026-813c-05bea3b08186@googlegroups.com> <01fdf2b6-e69c-44cf-b25e-3f3e44ad850d@googlegroups.com>
Message-Id: <04D06024-5D1D-4D39-B3A8-A0E9D873C...@zerocrates.org>
X-Mailer: Apple Mail (2.1278)
X-Gm-Message-State: ALoCoQk/qBngxV9DT4pUaLbWbgupEMI4/HsvwkwCCc3V7K7NRBcGWDPi7aC/KnfsCJyWOaje/3Mm
--Apple-Mail=_77C85ABF-2037-424D-9AA9-E5762F4D5B57
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=iso-8859-1
A few notes on omeka-dev etiquette:
Though the Google Groups web interface can make it look like a web =
forum, many or most of the people on the list are subscribed and receive =
every post by email. So, please try not to double-post, cross-post, or =
post similar messages in different threads, since it means many people =
are getting your messages twice.
If you'd like to communicate with someone in particular, or you don't =
think they're "listening," it's probably best to email them directly, =
instead of posting to the list. Even if you respond to "their" thread, =
individual subscribers don't really get a lot of notification other than =
the subject line of the message.
Finally, the list isn't a great place to post code, other than smallish =
snippets. Code posted only here is likely to get lost or forgotten, or =
garbled by the list software and people copying and pasting the code. If =
you're looking to share your code, I'd recommend something like GitHub, =
Bitbucket, or Google Code, all of which will let you post, share, and =
update code for free. If you want to share something more quickly with =
less setup, something like gist.github.com or pastebin.com is a good =
option.
-John
On Aug 24, 2012, at 5:53 PM, omeka_ldap wrote:
> <?php
>=20
> //Define hooks
> add_plugin_hook('install', 'ldap_install');
> add_plugin_hook('initialize', 'ldap_initialize');
> add_plugin_hook('config', 'ldap_config');
> add_plugin_hook('config_form', 'ldap_config_form');
>=20
> ///Define filters
> add_filter('login_adapter', 'login');
> add_filter('admin_whitelist','addToWhitelist');
>=20
>=20
> //Pull values from form & create LDAP Auth Adapter Object:
> function login($authAdapter,$loginForm) {
>=20
> //retrieve username and password=20
> $username =3D $loginForm->getValue('username');
> $pwd =3D $loginForm->getValue('password');
> =20
> //get plugin settings:
> $server1 =3D array();
> //hard coding in the settings they do not need to change.=20
> $server1["host"] =3D get_option('ldap_server');
>=20
> $server1["baseDn"] =3D get_option('ldap_basedn');
>=20
> $server1["port"] =3D get_option('ldap_port');
>=20
> $server1["accountCanonicalForm"] =3D =
get_option('ldap_accountCanonicalForm') + 0;
>=20
> $server1["accountFilterFormat"] =3D =
get_option('ldap_accountFilterFormat');
>=20
> $server1["accountDomainName"] =3D =
get_option('ldap_accountDomainName');
>=20
> $server1["accountDomainNameShort"] =3D =
get_option('ldap_accountDomainNameShort');
>=20
> $server1["bindRequiresDn"] =3D =
get_option('ldap_bindRequiresDn');
>=20
> $server1["useSsl"] =3D get_option('ldap_useSsl');
> $server1["username"] =3D get_option('ldap_username');
> $server1["password"] =3D get_option('ldap_password');;
> $options =3D array($server1);
> =20
> $authAdapter =3D new =
Omeka_Auth_Adapter_Ldap($options,$username,$pwd);
> $authAdapter->setIdentity($username)->setCredential($pwd);
> =20
> return $authAdapter;
> =20
> }
>=20
>=20
>=20
> function addToWhitelist($adminWhiteList){
> =09
> array_push($adminWhiteList,array('controller' =3D> 'ldap', =
'action' =3D> 'forgot-password'));
> return $adminWhiteList;
> =20
> }
>=20
>=20
> function ldap_initialize(){
> =09
> $front =3D Zend_Controller_Front::getInstance();
> Zend_Controller_Front::getInstance()->registerPlugin(new =
LdapControllerPlugin);
> =20
> }
>=20
> function ldap_config() {
> =09
> set_option('ldap_server', =
trim($_POST['ldap_server']));
> set_option('ldap_port', trim($_POST['ldap_port']));
> set_option('ldap_basedn', =
trim($_POST['ldap_basedn']));
> //new in v .2
> set_option('ldap_accountCanonicalForm', =
trim($_POST['ldap_accountCanonicalForm']));
> =
set_option('ldap_accountFilterFormat',trim($_POST['ldap_accountFilterForma=
t']));
> =
set_option('ldap_accountDomainName',trim($_POST['ldap_accountDomainName'])=
);
> =
set_option('ldap_accountDomainNameShort',trim($_POST['ldap_accountDomainNa=
meShort']));
> =
set_option('ldap_bindRequiresDn',trim($_POST['ldap_bindRequiresDn'])); =09=
> set_option('ldap_useSsl',trim($_POST['ldap_useSsl']));=09=
> =
set_option('ldap_username',trim($_POST['ldap_username']));=09
> =
set_option('ldap_password',trim($_POST['ldap_password']));=09
> }
> =09
> function ldap_config_form() {
> =09
> echo '<div id =3D "ldap_server">';
> echo '<label for =3D "top_domain">Host (LDAP =
Server):</label>';
> echo text (array('name'=3D>'ldap_server'), =
get_option('ldap_server'), null);
> echo '<br />';
> echo '<div id =3D "ldap_port">';
> echo '<label for =3D "ldap_port">Port: </label>';
> echo text (array('name'=3D>'ldap_port'), =
get_option('ldap_port'), null);
> echo '<br />';
> echo '<div id =3D "ldap_basedn">';
> echo '<label for =3D "ldap_basedn">Base DN: </label>';
> echo text (array('name'=3D>'ldap_basedn'), =
get_option('ldap_basedn'), null);
> echo '<br />';
> //new in v .2
> echo '<div id =3D "ldap_accountCanonicalForm">';
> echo '<label for =3D "ldap_accountCanonicalForm">Account =
Canonical Form: </label>';
> echo text (array('name'=3D>'ldap_accountCanonicalForm'), =
get_option('ldap_accountCanonicalForm'), null);
> echo '<br />';
> echo '<div id =3D "ldap_accountFilterFormat">';
> echo '<label for =3D "ldap_accountFilterFormat">Account =
Filter Format: </label>';
> echo text (array('name'=3D>'ldap_accountFilterFormat'), =
get_option('ldap_accountFilterFormat'), null);
> echo '<br />';
> echo '<div id =3D "ldap_accountDomainName">';
> echo '<label for =3D "ldap_accountDomainName">Account =
Domain Name: </label>';
> echo text (array('name'=3D>'ldap_accountDomainName'), =
get_option('ldap_accountDomainName'), null);
> echo '<br />';
> echo '<div id =3D "ldap_accountDomainNameShort">';
> echo '<label for =3D =
"ldap_accountDomainNameShort">Account Domain Name Short: </label>';
> echo text (array('name'=3D>'ldap_accountDomainNameShort'),=
get_option('ldap_accountDomainNameShort'), null);
> echo '<br />';
> echo '<div id =3D "ldap_bindRequiresDn">';
> echo '<label for =3D "ldap_bindRequiresDn">Bind Requires =
DN (true or false): </label>';
> echo text (array('name'=3D>'ldap_bindRequiresDn'), =
get_option('ldap_bindRequiresDn'), null);
> echo '<br />';
> echo '<div id =3D "ldap_useSsl">';
> echo '<label for =3D "ldap_useSsl">Use SSL (true or =
false): </label>';
> echo text (array('name'=3D>'ldap_useSsl'), =
get_option('ldap_useSsl'), null);
> echo '<br />';
> echo '<div id =3D "ldap_username">';
> echo '<label for =3D "ldap_username">Username(usually a =
service account) to lookup actual dn with should be in dn format =
</label>';
> echo text (array('name'=3D>'ldap_username'), =
get_option('ldap_username'), null);
> echo '<br />';
> echo '<div id =3D "ldap_password">';
> echo '<label for =3D "ldap_password">Password for =
username: </label>';
> echo text (array('name'=3D>'ldap_password'), =
get_option('ldap_password'), null);
> =09
> }
>=20
> class Omeka_Auth_Adapter_Ldap extends Zend_Auth_Adapter_Ldap {
> =09
> private $omeka_userid;
> =09
> public function __construct($options,$username,$password) {
> parent::__construct($options,$username,$password);
> =09
> //The Zend_Auth_Result (returned from =
Zend_Auth_Adapter_Ldap)-- 'identity' attribute
> //does not hold the username needed for omeka user 'id' =
lookup so $omeka_userid will hold it
> $this->omeka_userid =3D $username;
> }
> =09
> public function authenticate() {
> $authResult =3D parent::authenticate();
> $log_path =3D LOGS_DIR . '/' . 'ldap.log';
> if ($log_path) {
> $messages =3D $authResult->getMessages();
>=20
> $logger =3D new Zend_Log();
> $logger->addWriter(new Zend_Log_Writer_Stream($log_path));
> $filter =3D new Zend_Log_Filter_Priority(Zend_Log::DEBUG);
> $logger->addFilter($filter);
>=20
> foreach ($messages as $i =3D> $message) {
> if ($i-- > 1) { // $messages[2] and up are log =
messages
> $message =3D str_replace("\n", "\n ", $message);
> $logger->log("Ldap: $i: $message", =
Zend_Log::DEBUG);
> }
> }
> }
>=20
> if (!$authResult->isValid()) {
> return $authResult;
> }
> // Omeka needs the user ID (not username)
> $omeka_user =3D =
get_db()->getTable('User')->findBySql("username =3D ?", =
array($this->omeka_userid), true);
> if ($omeka_user) {
> $id =3D $omeka_user->id;
> $correctResult =3D new =
Zend_Auth_Result($authResult->getCode(), $id , =
$authResult->getMessages());
> return $correctResult; =20
> }
> //if we can't find the user name in Omeka - return an error:
> //(The Omeka Admin should set up the LDAP username to match =
the Omeka Username)
> //Another alternative here 'could be' -- if needed -- creating =
a new Omeka User=20
> else {
> $messages =3D array();
> $messages[] =3D 'Login information incorrect. Please try =
again.';
> $authResult =3D new =
Zend_Auth_Result(Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND, =
$this->omeka_userid , $messages);
> return $authResult;
> }
> }
> =09
> }
> =09
> =09
>=20
> class LdapControllerPlugin extends Zend_Controller_Plugin_Abstract {
> =09
> public function routeStartup(Zend_Controller_Request_Abstract =
$request) {
> $router =3D =
Omeka_Context::getInstance()->getFrontController()->getRouter();
> =20
> $route =3D new Zend_Controller_Router_Route(
> 'users/forgot-password',
> array(
> 'module' =3D> 'ldap',=20
> 'controller' =3D> 'ldap',
> 'action' =3D> =
'forgot-password'
> ));
> =20
> $router->addRoute('forgot', $route);
> =09
> $route =3D new Zend_Controller_Router_Route(
> 'users/add',
> array(
> 'module' =3D> 'ldap',=20
> 'controller' =3D> 'ldap',
> 'action' =3D> 'add'
> ));
> =20
> $router->addRoute('addLdapUser', $route);
> =09
> $route =3D new Zend_Controller_Router_Route(
> 'users/edit/:id',
> array(
> 'module' =3D> 'ldap',=20
> 'controller' =3D> 'ldap',
> 'action' =3D> 'edit'
> ));
> =20
> $router->addRoute('editLdapUser', $route);
> }
> =20
> }
>=20
>=20
> On Wednesday, August 22, 2012 12:32:01 PM UTC-4, omeka_ldap wrote:
> I am assume you are from lehigh and this is your plugin I am =
modifying?=20
>=20
> On Wednesday, August 22, 2012 11:28:47 AM UTC-4, omeka_ldap wrote:
> I got ssl working, but I am unable to add logging.=20
> <?php
>=20
> //Define hooks
> add_plugin_hook('install', 'ldap_install');
> add_plugin_hook('initialize', 'ldap_initialize');
> add_plugin_hook('config', 'ldap_config');
> add_plugin_hook('config_form', 'ldap_config_form');
>=20
> ///Define filters
> add_filter('login_adapter', 'login');
> add_filter('admin_whitelist','addToWhitelist');
>=20
>=20
> //Pull values from form & create LDAP Auth Adapter Object:
> function login($authAdapter,$loginForm) {
>=20
> //retrieve username and password=20
> $username =3D $loginForm->getValue('username');
> $pwd =3D $loginForm->getValue('password');
> =20
> //get plugin settings:
> $server1 =3D array();
> $server1["host"] =3D get_option('ldap_server');
> $server1["baseDn"] =3D get_option('ldap_basedn');
> $server1["port"] =3D get_option('ldap_port');
> $server1["accountCanonicalForm"] =3D =
get_option('ldap_accountCanonicalForm') + 0;
> $server1["accountFilterFormat"] =3D =
get_option('ldap_accountFilterFormat');
> $server1["accountDomainName"] =3D =
get_option('ldap_accountDomainName');
> $server1["accountDomainNameShort"] =3D =
get_option('ldap_accountDomainNameShort');
> $server1["bindRequiresDn"] =3D =
get_option('ldap_bindRequiresDn');
> $server1["useSsl"] =3D "true";
> $options =3D array($server1);
> =20
> $authAdapter =3D new =
Omeka_Auth_Adapter_Ldap($options,$username,$pwd);
> $authAdapter->setIdentity($username)->setCredential($pwd);
> =20
> return $authAdapter;
> =20
> }
>=20
>=20
>=20
> function addToWhitelist($adminWhiteList){
> =09
> array_push($adminWhiteList,array('controller' =3D> 'ldap', =
'action' =3D> 'forgot-password'));
> return $adminWhiteList;
> =20
> }
>=20
>=20
> function ldap_initialize(){
> =09
> $front =3D Zend_Controller_Front::getInstance();
> Zend_Controller_Front::getInstance()->registerPlugin(new =
LdapControllerPlugin);
> =20
> }
>=20
> function ldap_config() {
> =09
> set_option('ldap_server', trim($_POST['ldap_server']));
> set_option('ldap_port', trim($_POST['ldap_port']));
> set_option('ldap_basedn', trim($_POST['ldap_basedn']));
> //new in v .2
> set_option('ldap_accountCanonicalForm', =
trim($_POST['ldap_accountCanonicalForm']));
> =
set_option('ldap_accountFilterFormat',trim($_POST['ldap_accountFilterForma=
t']));
> =
set_option('ldap_accountDomainName',trim($_POST['ldap_accountDomainName'])=
);
> =
set_option('ldap_accountDomainNameShort',trim($_POST['ldap_accountDomainNa=
meShort']));
> =
set_option('ldap_bindRequiresDn',trim($_POST['ldap_bindRequiresDn']));
> =09
> }
> =09
> function ldap_config_form() {
> =09
> echo '<div id =3D "ldap_server">';
> echo '<label for =3D "top_domain">Host (LDAP =
Server):</label>';
> echo text (array('name'=3D>'ldap_server'), =
get_option('ldap_server'), null);
> echo '<br />';
> echo '<div id =3D "ldap_port">';
> echo '<label for =3D "ldap_port">Port: </label>';
> echo text (array('name'=3D>'ldap_port'), =
get_option('ldap_port'), null);
> echo '<br />';
> echo '<div id =3D "ldap_basedn">';
> echo '<label for =3D "ldap_basedn">Base DN: </label>';
> echo text (array('name'=3D>'ldap_basedn'), =
get_option('ldap_basedn'), null);
> echo '<br />';
> //new in v .2
> echo '<div id =3D "ldap_accountCanonicalForm">';
> echo '<label for =3D "ldap_accountCanonicalForm">Account =
Canonical Form: </label>';
> echo text (array('name'=3D>'ldap_accountCanonicalForm'), =
get_option('ldap_accountCanonicalForm'), null);
> echo '<br />';
> echo '<div id =3D "ldap_accountFilterFormat">';
> echo '<label for =3D "ldap_accountFilterFormat">Account =
Filter Format: </label>';
> echo text (array('name'=3D>'ldap_accountFilterFormat'), =
get_option('ldap_accountFilterFormat'), null);
> echo '<br />';
> echo '<div id =3D "ldap_accountDomainName">';
> echo '<label for =3D "ldap_accountDomainName">Account =
Domain Name: </label>';
> echo text (array('name'=3D>'ldap_accountDomainName'), =
get_option('ldap_accountDomainName'), null);
> echo '<br />';
> echo '<div id =3D "ldap_accountDomainNameShort">';
> echo '<label for =3D =
"ldap_accountDomainNameShort">Account Domain Name Short: </label>';
> echo text (array('name'=3D>'ldap_accountDomainNameShort'),=
get_option('ldap_accountDomainNameShort'), null);
> echo '<br />';
> echo '<div id =3D "ldap_bindRequiresDn">';
> echo '<label for =3D "ldap_bindRequiresDn">Bind Requires =
DN (true or false): </label>';
> echo text (array('name'=3D>'ldap_bindRequiresDn'), =
get_option('ldap_bindRequiresDn'), null);
> =09
> }
>=20
> class Omeka_Auth_Adapter_Ldap extends Zend_Auth_Adapter_Ldap {
> =09
> private $omeka_userid;
> =09
> public function __construct($options,$username,$password) {
> parent::__construct($options,$username,$password);
> =09
> //The Zend_Auth_Result (returned from =
Zend_Auth_Adapter_Ldap)-- 'identity' attribute
> //does not hold the username needed for omeka user 'id' =
lookup so $omeka_userid will hold it
> $this->omeka_userid =3D $username;
> }
> =09
> public function authenticate() {
> $authResult =3D parent::authenticate();
> $log_path =3D =
"/home/httpd/myuser/application/logs/ldap.log";
> if ($log_path) {
> $messages =3D $authResult->getMessages();
>=20
> $logger =3D new Zend_Log();
> $logger->addWriter(new Zend_Log_Writer_Stream($log_path));
> $filter =3D new Zend_Log_Filter_Priority(Zend_Log::DEBUG);
> $logger->addFilter($filter);
>=20
> foreach ($messages as $i =3D> $message) {
> if ($i-- > 1) { // $messages[2] and up are log =
messages
> $message =3D str_replace("\n", "\n ", $message);
> $logger->log("Ldap: $i: $message", =
Zend_Log::DEBUG);
> }
> }
> }
>=20
> if (!$authResult->isValid()) {
> return $authResult;
> }
> // Omeka needs the user ID (not username)
> $omeka_user =3D =
get_db()->getTable('User')->findBySql("username =3D ?", =
array($this->omeka_userid), true);
> if ($omeka_user) {
> $id =3D $omeka_user->id;
> $correctResult =3D new =
Zend_Auth_Result($authResult->getCode(), $id , =
$authResult->getMessages());
> return $correctResult;=09
> }
> //if we can't find the user name in Omeka - return an error:
> //(The Omeka Admin should set up the LDAP username to match =
the Omeka Username)
> //Another alternative here 'could be' -- if needed -- creating =
a new Omeka User=20
> else {
> $messages =3D array();
> $messages[] =3D 'Login information incorrect. Please try =
again.';
> $authResult =3D new =
Zend_Auth_Result(Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND, =
$this->omeka_userid , $messages);
> return $authResult;
> }
> }
> =09
> }
> =09
> =09
>=20
> class LdapControllerPlugin extends Zend_Controller_Plugin_Abstract {
> =09
> public function routeStartup(Zend_Controller_Request_Abstract =
$request) {
> $router =3D =
Omeka_Context::getInstance()->getFrontController()->getRouter();
> =20
> $route =3D new Zend_Controller_Router_Route(
> 'users/forgot-password',
> array(
> 'module' =3D> 'ldap',=20
> 'controller' =3D> 'ldap',
> 'action' =3D> =
'forgot-password'
> ));
> =20
> $router->addRoute('forgot', $route);
> =09
> $route =3D new Zend_Controller_Router_Route(
> 'users/add',
> array(
> 'module' =3D> 'ldap',=20
> 'controller' =3D> 'ldap',
> 'action' =3D> 'add'
> ));
> =20
> $router->addRoute('addLdapUser', $route);
> =09
> $route =3D new Zend_Controller_Router_Route(
> 'users/edit/:id',
> array(
> 'module' =3D> 'ldap',=20
> 'controller' =3D> 'ldap',
> 'action' =3D> 'edit'
> ));
> =20
> $router->addRoute('editLdapUser', $route);
> }
> =20
> }
>=20
>=20
> On Friday, February 4, 2011 10:40:38 AM UTC-5, Michelle wrote:
> Hi All,=20
>=20
> I am a new member to the group and this is my first time posting.=20
>=20
> I'm working on a Plugin which will allow users to log into Omeka via=20=
> LDAP.=20
>=20
> I think I've figured out the filters and am using them where I can. I=20=
> also think I've figured out how to intercept the routes where I think=20=
> I will need to using Zend_Controller_Router_Routes to direct them to=20=
> the LDAP controller I am writing.=20
>=20
> In my attempt to replace (re-route) the page that allows a user to=20
> request a password reset I ran into an issue. The issue is the=20
> "_adminWhitelist" in Admin.php. It limits the controllers/actions for=20=
> 'admin' actions before a user is signed in. I wanted to route the=20
> users/forgot-password request through my controller to my view - which=20=
> would show a message explaining that since LDAP is used for=20
> authentication the password cannot be reset here.=20
>=20
> I tried multiple avenues to work around this with no success including=20=
> attempting to unregister the Omeka_Controller_Plugin_Admin temporarily=20=
> for this specific action. (Duplicating your technique in=20
> Upgrade.php). Unfortunately...I could not get it to work - maybe a=20
> matter of timing or my coding.=20
>=20
> What did work (but I don't think it is a good approach) was to create=20=
> a copy of the Omeka_Controller_Plugin_Admin class within my plugin=20
> directory adding my controller name - ldap and action - forgot-=20
> password to the whitelist. This seems to work - It allows me to route=20=
> the request through my controller without kicking me back to the login=20=
> page. Although I'm not sure, I don't think this is the best=20
> approach. Can anyone provide any thoughts/suggestions on this issue?=20=
> Any thoughts on an alternative approach?=20
>=20
> Thanks so much!=20
> Michelle=20
>=20
>=20
> --=20
> You received this message because you are subscribed to the Google =
Groups "Omeka Dev" group.
> To view this discussion on the web visit =
https://groups.google.com/d/msg/omeka-dev/-/upDLqMur89IJ.
> To post to this group, send email to omeka-dev@googlegroups.com.
> To unsubscribe from this group, send email to =
omeka-dev+unsubscribe@googlegroups.com.
> For more options, visit this group at =
http://groups.google.com/group/omeka-dev?hl=3Den.
--Apple-Mail=_77C85ABF-2037-424D-9AA9-E5762F4D5B57
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=iso-8859-1
<html><head></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">A few =
notes on omeka-dev etiquette:<div><br></div><div>Though the Google =
Groups web interface can make it look like a web forum, many or most of =
the people on the list are subscribed and receive every post by email. =
So, please try not to double-post, cross-post, or post similar messages =
in different threads, since it means many people are getting your =
messages twice.</div><div><br></div><div>If you'd like to communicate =
with someone in particular, or you don't think they're "listening," it's =
probably best to email them directly, instead of posting to the list. =
Even if you respond to "their" thread, individual subscribers don't =
really get a lot of notification other than the subject line of the =
message.</div><div><br></div><div>Finally, the list isn't a great place =
to post code, other than smallish snippets. Code posted only here is =
likely to get lost or forgotten, or garbled by the list software and =
people copying and pasting the code. If you're looking to share your =
code, I'd recommend something like GitHub, Bitbucket, or Google Code, =
all of which will let you post, share, and update code for free. If you =
want to share something more quickly with less setup, something like <a =
href=3D"http://gist.github.com">gist.github.com</a> or <a =
href=3D"http://pastebin.com">pastebin.com</a> is a good =
option.</div><div><br></div><div>-John</div><div><br><div><div>On Aug =
24, 2012, at 5:53 PM, omeka_ldap wrote:</div><br =
class=3D"Apple-interchange-newline"><blockquote =
type=3D"cite"><div><?php</div><div><br></div><div> =
//Define hooks</div><div> add_plugin_hook('install', =
'ldap_install');</div><div> add_plugin_hook('initialize', =
'ldap_initialize');</div><div> add_plugin_hook('config', =
'ldap_config');</div><div> add_plugin_hook('config_form', =
'ldap_config_form');</div><div><br></div><div> ///Define =
filters</div><div> add_filter('login_adapter', =
'login');</div><div> =
add_filter('admin_whitelist','addToWhitelist');</div><div><br></div>=
<div><br></div><div> //Pull values from form & create =
LDAP Auth Adapter Object:</div><div> function =
login($authAdapter,$loginForm) {</div><div><br></div><div> =
//retrieve username and password </div><div> =
$username =3D =
$loginForm->getValue('username');</div><div> =
$pwd =3D $loginForm->getValue('password');</div><div> =
</div><div> //get =
plugin settings:</div><div> $server1 =3D =
array();</div><div> //hard coding in the =
settings they do not need to change. </div><div> =
$server1["host"] =3D =
get_option('ldap_server');</div><div><br></div><div> =
$server1["baseDn"] =3D =
get_option('ldap_basedn');</div><div><br></div><div> =
$server1["port"] =3D =
get_option('ldap_port');</div><div><br></div><div> =
<span class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span>$server1["accountCanonicalForm"] =3D =
get_option('ldap_accountCanonicalForm') + =
0;</div><div><br></div><div> =
$server1["accountFilterFormat"] =3D =
get_option('ldap_accountFilterFormat');</div><div><br></div><div> =
<span class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span>$server1["accountDomainName"] =3D =
get_option('ldap_accountDomainName');</div><div><br></div><div> =
<span class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span>$server1["accountDomainNameShort"] =3D =
get_option('ldap_accountDomainNameShort');</div><div><br></div><div> =
<span class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span>$server1["bindRequiresDn"] =3D =
get_option('ldap_bindRequiresDn');</div><div><br></div><div> =
$server1["useSsl"] =3D =
get_option('ldap_useSsl');</div><div> =
$server1["username"] =3D get_option('ldap_username');</div><div> =
$server1["password"] =3D =
get_option('ldap_password');;</div><div> =
$options =3D array($server1);</div><div> =
</div><div> $authAdapter =3D new =
Omeka_Auth_Adapter_Ldap($options,$username,$pwd);</div><div> =
=
$authAdapter->setIdentity($username)->setCredential($pwd);</div><div=
> </div><div> =
return $authAdapter;</div><div> =
</div><div> =
}</div><div><br></div><div><br></div><div><br></div><div> =
function addToWhitelist($adminWhiteList){</div><div> =
<span class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span></div><div><span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span> =
array_push($adminWhiteList,array('controller' =3D> 'ldap', 'action' =
=3D> 'forgot-password'));</div><div><span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span> return =
$adminWhiteList;</div><div><span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span> </div><div> =
}</div><div><br></div><div><br></div><div> function =
ldap_initialize(){</div><div><span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span></div><div><span =
class=3D"Apple-tab-span" style=3D"white-space:pre"> </span> =
$front =3D Zend_Controller_Front::getInstance();</div><div> =
Zend_Controller_Front::getInstance()->registerPlugin(new =
LdapControllerPlugin);</div><div> </div><div> =
}</div><div><br></div><div><span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span>function ldap_config() =
{</div><div><span class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span></div><div> =
set_option('ldap_server', =
trim($_POST['ldap_server']));</div><div> =
set_option('ldap_port', =
trim($_POST['ldap_port']));</div><div> =
set_option('ldap_basedn', =
trim($_POST['ldap_basedn']));</div><div> =
//new in v .2</div><div> =
=
set_option('ldap_accountCanonicalForm', =
trim($_POST['ldap_accountCanonicalForm']));</div><div> =
=
set_option('ldap_accountFilterFormat',trim($_POST['ldap_accountFilterForma=
t']));</div><div> =
set_option('ldap_accountDomainName',trim($_POST['ldap_accountDomainName'])=
);</div><div> =
set_option('ldap_accountDomainNameShort',trim($_POST['ldap_accountDomainNa=
meShort']));</div><div> =
=
set_option('ldap_bindRequiresDn',trim($_POST['ldap_bindRequiresDn']));<spa=
n class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span></div><div> =
set_option('ldap_useSsl',trim($_POST['ldap_useSsl']));<span =
class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span></div><div> =
set_option('ldap_username',trim($_POST['ldap_username']));<span =
class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span></div><div> =
set_option('ldap_password',trim($_POST['ldap_password']));<span =
class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span></div><div> }</div><div><span class=3D"Apple-tab-span"=
style=3D"white-space:pre"> </span></div><div><span =
class=3D"Apple-tab-span" style=3D"white-space:pre"> </span>function =
ldap_config_form() {</div><div><span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span></div><div><span =
class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span>echo '<div id =3D "ldap_server">';</div><div><span =
class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span>echo '<label for =3D "top_domain">Host (LDAP =
Server):</label>';</div><div><span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span>echo text =
(array('name'=3D>'ldap_server'), get_option('ldap_server'), =
null);</div><div><span class=3D"Apple-tab-span" style=3D"white-space:pre">=
</span>echo '<br />';</div><div><span =
class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span>echo '<div id =3D "ldap_port">';</div><div><span =
class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span>echo '<label for =3D "ldap_port">Port: =
</label>';</div><div><span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span>echo text =
(array('name'=3D>'ldap_port'), get_option('ldap_port'), =
null);</div><div><span class=3D"Apple-tab-span" style=3D"white-space:pre">=
</span>echo '<br />';</div><div><span =
class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span>echo '<div id =3D "ldap_basedn">';</div><div><span =
class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span>echo '<label for =3D "ldap_basedn">Base DN: =
</label>';</div><div><span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span>echo text =
(array('name'=3D>'ldap_basedn'), get_option('ldap_basedn'), =
null);</div><div><span class=3D"Apple-tab-span" style=3D"white-space:pre">=
</span>echo '<br />';</div><div><span =
class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span>//new in v .2</div><div><span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span>echo '<div id =3D =
"ldap_accountCanonicalForm">';</div><div><span class=3D"Apple-tab-span"=
style=3D"white-space:pre"> </span>echo '<label for =3D =
"ldap_accountCanonicalForm">Account Canonical Form: =
</label>';</div><div><span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span>echo text =
(array('name'=3D>'ldap_accountCanonicalForm'), =
get_option('ldap_accountCanonicalForm'), null);</div><div><span =
class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span>echo '<br />';</div><div><span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span>echo '<div id =3D =
"ldap_accountFilterFormat">';</div><div><span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span>echo '<label for =3D =
"ldap_accountFilterFormat">Account Filter Format: =
</label>';</div><div><span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span>echo text =
(array('name'=3D>'ldap_accountFilterFormat'), =
get_option('ldap_accountFilterFormat'), null);</div><div><span =
class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span>echo '<br />';</div><div><span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span>echo '<div id =3D =
"ldap_accountDomainName">';</div><div><span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span>echo '<label for =3D =
"ldap_accountDomainName">Account Domain Name: =
</label>';</div><div><span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span>echo text =
(array('name'=3D>'ldap_accountDomainName'), =
get_option('ldap_accountDomainName'), null);</div><div><span =
class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span>echo '<br />';</div><div><span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span>echo '<div id =3D =
"ldap_accountDomainNameShort">';</div><div><span =
class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span>echo '<label for =3D "ldap_accountDomainNameShort">Account =
Domain Name Short: </label>';</div><div><span =
class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span>echo text (array('name'=3D>'ldap_accountDomainNameShort'), =
get_option('ldap_accountDomainNameShort'), null);</div><div><span =
class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span>echo '<br />';</div><div><span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span>echo '<div id =3D =
"ldap_bindRequiresDn">';</div><div><span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span>echo '<label for =3D =
"ldap_bindRequiresDn">Bind Requires DN (true or false): =
</label>';</div><div><span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span>echo text =
(array('name'=3D>'ldap_bindRequiresDn'), =
get_option('ldap_bindRequiresDn'), null);</div><div><span =
class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span>echo '<br />';</div><div><span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span>echo '<div id =3D =
"ldap_useSsl">';</div><div><span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span>echo '<label for =3D =
"ldap_useSsl">Use SSL (true or false): =
</label>';</div><div><span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span>echo text =
(array('name'=3D>'ldap_useSsl'), get_option('ldap_useSsl'), =
null);</div><div> =
echo '<br />';</div><div><span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span>echo '<div id =3D =
"ldap_username">';</div><div><span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span>echo '<label for =3D =
"ldap_username">Username(usually a service account) to lookup actual =
dn with should be in dn format </label>';</div><div><span =
class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span>echo text (array('name'=3D>'ldap_username'), =
get_option('ldap_username'), null);</div><div><span =
class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span>echo '<br />';</div><div><span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span>echo '<div id =3D =
"ldap_password">';</div><div><span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span>echo '<label for =3D =
"ldap_password">Password for username: =
</label>';</div><div><span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span>echo text =
(array('name'=3D>'ldap_password'), get_option('ldap_password'), =
null);</div><div><span class=3D"Apple-tab-span" style=3D"white-space:pre">=
</span></div><div>}</div><div><br></div><div> class =
Omeka_Auth_Adapter_Ldap extends Zend_Auth_Adapter_Ldap {</div><div><span =
class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span></div><div><span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span>private =
$omeka_userid;</div><div><span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span></div><div><span =
class=3D"Apple-tab-span" style=3D"white-space:pre"> </span>public =
function __construct($options,$username,$password) {</div><div><span =
class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span>parent::__construct($options,$username,$password);</div><div><span =
class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span></div><div><span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span>//The Zend_Auth_Result =
(returned from Zend_Auth_Adapter_Ldap)-- 'identity' =
attribute</div><div><span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span>//does not hold the =
username needed for omeka user 'id' lookup so $omeka_userid will hold =
it</div><div><span class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span>$this->omeka_userid =3D $username;</div><div><span =
class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span>}</div><div><span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span></div><div><span =
class=3D"Apple-tab-span" style=3D"white-space:pre"> </span>public =
function authenticate() {</div><div><span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span>$authResult =3D =
parent::authenticate();</div><div> =
$log_path =3D LOGS_DIR . '/' . =
'ldap.log';</div><div> if ($log_path) =
{</div><div> $messages =3D =
$authResult->getMessages();</div><div><br></div><div> =
$logger =3D new Zend_Log();</div><div> =
$logger->addWriter(new =
Zend_Log_Writer_Stream($log_path));</div><div> =
$filter =3D new =
Zend_Log_Filter_Priority(Zend_Log::DEBUG);</div><div> =
=
$logger->addFilter($filter);</div><div><br></div><div> =
foreach ($messages as $i =3D> $message) =
{</div><div> if =
($i-- > 1) { // $messages[2] and up are log messages</div><div> =
$message =
=3D str_replace("\n", "\n ", $message);</div><div> =
=
$logger->log("Ldap: $i: $message", Zend_Log::DEBUG);</div><div> =
}</div><div> =
}</div><div> =
}</div><div><br></div><div><span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span>if =
(!$authResult->isValid()) {</div><div> =
return $authResult;</div><div> =
}</div><div> // Omeka needs the user ID (not =
username)</div><div> $omeka_user =3D =
get_db()->getTable('User')->findBySql("username =3D ?", =
array($this->omeka_userid), true);</div><div> =
if ($omeka_user) {</div><div> <span =
class=3D"Apple-tab-span" style=3D"white-space:pre"> </span>$id =3D =
$omeka_user->id;</div><div> <span =
class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span>$correctResult =3D new =
Zend_Auth_Result($authResult->getCode(), $id , =
$authResult->getMessages());</div><div> =
<span class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span>return $correctResult;<span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span> =
</div><div> =
}</div><div> //if we can't find the user name =
in Omeka - return an error:</div><div> //(The =
Omeka Admin should set up the LDAP username to match the Omeka =
Username)</div><div> //Another alternative =
here 'could be' -- if needed -- creating a new Omeka =
User </div><div> else {</div><div> =
<span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span>$messages =3D =
array();</div><div> <span =
class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span>$messages[] =3D 'Login information incorrect. Please try =
again.';</div><div> <span =
class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span>$authResult =3D new =
Zend_Auth_Result(Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND, =
$this->omeka_userid , $messages);</div><div> =
<span class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span>return $authResult;</div><div> =
}</div><div><span class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span>}</div><div><span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> =
</span></div><div> }</div><div><span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span></div><div><span =
class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span></div><div><br></div><div> class LdapControllerPlugin =
extends Zend_Controller_Plugin_Abstract {</div><div><span =
class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span></div><div> public function =
routeStartup(Zend_Controller_Request_Abstract $request) =
{</div><div> <span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span> $router =3D =
Omeka_Context::getInstance()->getFrontController()->getRouter();</di=
v><div> </div><div> =
$route =3D new =
Zend_Controller_Router_Route(</div><div> <span =
class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span>'users/forgot-password',</div><div> <span =
class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span>array(</div><div> <span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span> =
'module' =3D> 'ldap', </div><div> =
<span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span> =
'controller' =3D> 'ldap',</div><div> =
<span class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span> 'action' =3D> =
'forgot-password'</div><div> <span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span> =
));</div><div> </div><div><span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> =
</span>$router->addRoute('forgot', $route);</div><div><span =
class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span></div><div> $route =3D new =
Zend_Controller_Router_Route(</div><div> <span =
class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span> 'users/add',</div><div> <span =
class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span>array(</div><div> <span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> =
</span>'module' =3D> 'ldap', </div><div> =
<span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> =
</span>'controller' =3D> 'ldap',</div><div> =
<span class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span>'action' =3D> =
'add'</div><div> <span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span> =
));</div><div> </div><div><span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> =
</span>$router->addRoute('addLdapUser', $route);</div><div><span =
class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span></div><div><span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span>$route =3D new =
Zend_Controller_Router_Route(</div><div> <span =
class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span> 'users/edit/:id',</div><div> <span =
class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span>array(</div><div> <span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> =
</span>'module' =3D> =
'ldap', </div><div> <span =
class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span>'controller' =3D> 'ldap',</div><div> =
<span class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span>'action' =3D> =
'edit'</div><div> <span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span> =
));</div><div> </div><div><span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> =
</span>$router->addRoute('editLdapUser', $route);</div><div> =
}</div><div> =
</div><div> }</div><div><br></div><br>On Wednesday, August =
22, 2012 12:32:01 PM UTC-4, omeka_ldap wrote:<blockquote =
class=3D"gmail_quote" style=3D"margin: 0;margin-left: 0.8ex;border-left: =
1px #ccc solid;padding-left: 1ex;">I am assume you are from lehigh and =
this is your plugin I am modifying? <br><br>On Wednesday, =
August 22, 2012 11:28:47 AM UTC-4, omeka_ldap wrote:<blockquote =
class=3D"gmail_quote" style=3D"margin:0;margin-left:0.8ex;border-left:1px =
#ccc solid;padding-left:1ex"><div>I got ssl working, but I am unable to =
add logging. </div><div><?php</div><div><br></div><div> =
//Define hooks</div><div> add_plugin_hook('install', =
'ldap_install');</div><div> add_plugin_hook('initialize', =
'ldap_initialize');</div><div> add_plugin_hook('config', =
'ldap_config');</div><div> =
add_plugin_hook('config_form'<wbr>, =
'ldap_config_form');</div><div><br></div><div> ///Define =
filters</div><div> add_filter('login_adapter', =
'login');</div><div> =
add_filter('admin_whitelist',<wbr>'addToWhitelist');</div><div><br><=
/div><div><br></div><div> //Pull values from form & =
create LDAP Auth Adapter Object:</div><div> function =
login($authAdapter,$loginForm) {</div><div><br></div><div> =
//retrieve username and password </div><div> =
$username =3D =
$loginForm->getValue('<wbr>username');</div><div> =
$pwd =3D =
$loginForm->getValue('<wbr>password');</div><div> =
</div><div> //get plugin =
settings:</div><div> $server1 =3D =
array();</div><div> $server1["host"] =3D =
get_option('ldap_server');</div><div> =
$server1["baseDn"] =3D get_option('ldap_basedn');</div><div> =
$server1["port"] =3D =
get_option('ldap_port');</div><div> <span =
style=3D"white-space:pre"> =
</span>$server1["<wbr>accountCanonicalForm"] =3D =
get_option('ldap_<wbr>accountCanonicalForm') + 0;</div><div> =
$server1["accountFilterFormat"<wbr>] =3D =
get_option('ldap_<wbr>accountFilterFormat');</div><div> =
<span style=3D"white-space:pre"> =
</span>$server1["accountDomainName"] =3D =
get_option('ldap_<wbr>accountDomainName');</div><div> =
<span style=3D"white-space:pre"> =
</span>$server1["<wbr>accountDomainNameShort"] =3D =
get_option('ldap_<wbr>accountDomainNameShort');</div><div> =
<span style=3D"white-space:pre"> =
</span>$server1["bindRequiresDn"] =3D =
get_option('ldap_<wbr>bindRequiresDn');</div><div> =
$server1["useSsl"] =3D "true";</div><div> =
$options =3D array($server1);</div><div> =
</div><div> $authAdapter =3D new =
Omeka_Auth_Adapter_Ldap($<wbr>options,$username,$pwd);</div><div> =
=
$authAdapter->setIdentity($<wbr>username)->setCredential($pwd)<wbr>;=
</div><div> </div><div> =
return $authAdapter;</div><div> =
</div><div> =
}</div><div><br></div><div><br></div><div><br></div><div> =
function addToWhitelist($<wbr>adminWhiteList){</div><div> =
<span style=3D"white-space:pre"> </span></div><div><span =
style=3D"white-space:pre"> </span> =
array_push($adminWhiteList,<wbr>array('controller' =3D> 'ldap', =
'action' =3D> 'forgot-password'));</div><div><span =
style=3D"white-space:pre"> </span> return =
$adminWhiteList;</div><div><span style=3D"white-space:pre"> </span> =
</div><div> =
}</div><div><br></div><div><br></div><div> function =
ldap_initialize(){</div><div><span style=3D"white-space:pre"> =
</span></div><div><span style=3D"white-space:pre"> </span> =
$front =3D Zend_Controller_Front::<wbr>getInstance();</div><div> =
=
Zend_Controller_Front::<wbr>getInstance()->registerPlugin(<wbr>ne=
w LdapControllerPlugin);</div><div> </div><div> =
}</div><div><br></div><div><span style=3D"white-space:pre"> =
</span>function ldap_config() {</div><div><span style=3D"white-space:pre">=
</span></div><div><span style=3D"white-space:pre"> =
</span>set_option('ldap_server', =
trim($_POST['ldap_server']));</div><div><span style=3D"white-space:pre"> =
</span>set_option('ldap_port', =
trim($_POST['ldap_port']));</div><div><span style=3D"white-space:pre"> =
</span>set_option('ldap_basedn', =
trim($_POST['ldap_basedn']));</div><div><span style=3D"white-space:pre"> =
</span>//new in v .2</div><div><span style=3D"white-space:pre"> =
</span>set_option('ldap_<wbr>accountCanonicalForm', =
trim($_POST['ldap_<wbr>accountCanonicalForm']));</div><div><span =
style=3D"white-space:pre"> =
</span>set_option('ldap_<wbr>accountFilterFormat',trim($_<wbr>POST['ldap_<=
wbr>accountFilterFormat']));</div><div><span style=3D"white-space:pre"> =
</span>set_option('ldap_<wbr>accountDomainName',trim($_<wbr>POST['ldap_acc=
ountDomainName']<wbr>));</div><div><span style=3D"white-space:pre"> =
</span>set_option('ldap_<wbr>accountDomainNameShort',trim($<wbr>_POST['lda=
p_<wbr>accountDomainNameShort']));</div><div><span =
style=3D"white-space:pre"> =
</span>set_option('ldap_<wbr>bindRequiresDn',trim($_POST['<wbr>ldap_bindRe=
quiresDn']));</div><div><span style=3D"white-space:pre"> =
</span></div><div> }</div><div><span =
style=3D"white-space:pre"> </span></div><div><span =
style=3D"white-space:pre"> </span>function ldap_config_form() =
{</div><div><span style=3D"white-space:pre"> =
</span></div><div><span style=3D"white-space:pre"> =
</span>echo '<div id =3D "ldap_server">';</div><div><span =
style=3D"white-space:pre"> </span>echo '<label for =3D =
"top_domain">Host (LDAP Server):</label>';</div><div><span =
style=3D"white-space:pre"> </span>echo text =
(array('name'=3D>'ldap_server'), get_option('ldap_server'), =
null);</div><div><span style=3D"white-space:pre"> =
</span>echo '<br />';</div><div><span style=3D"white-space:pre"> =
</span>echo '<div id =3D "ldap_port">';</div><div><span =
style=3D"white-space:pre"> </span>echo '<label for =3D =
"ldap_port">Port: </label>';</div><div><span =
style=3D"white-space:pre"> </span>echo text =
(array('name'=3D>'ldap_port'), get_option('ldap_port'), =
null);</div><div><span style=3D"white-space:pre"> =
</span>echo '<br />';</div><div><span style=3D"white-space:pre"> =
</span>echo '<div id =3D "ldap_basedn">';</div><div><span =
style=3D"white-space:pre"> </span>echo '<label for =3D =
"ldap_basedn">Base DN: </label>';</div><div><span =
style=3D"white-space:pre"> </span>echo text =
(array('name'=3D>'ldap_basedn'), get_option('ldap_basedn'), =
null);</div><div><span style=3D"white-space:pre"> =
</span>echo '<br />';</div><div><span style=3D"white-space:pre"> =
</span>//new in v .2</div><div><span style=3D"white-space:pre"> =
</span>echo '<div id =3D =
"ldap_accountCanonicalForm">';</div><div><span =
style=3D"white-space:pre"> </span>echo '<label for =3D =
"ldap_accountCanonicalForm"><wbr>Account Canonical Form: =
</label>';</div><div><span style=3D"white-space:pre"> =
</span>echo text (array('name'=3D>'ldap_<wbr>accountCanonicalForm'), =
get_option('ldap_<wbr>accountCanonicalForm'), null);</div><div><span =
style=3D"white-space:pre"> </span>echo '<br =
/>';</div><div><span style=3D"white-space:pre"> =
</span>echo '<div id =3D =
"ldap_accountFilterFormat">';</div><div><span =
style=3D"white-space:pre"> </span>echo '<label for =3D =
"ldap_accountFilterFormat"><wbr>Account Filter Format: =
</label>';</div><div><span style=3D"white-space:pre"> =
</span>echo text (array('name'=3D>'ldap_<wbr>accountFilterFormat'), =
get_option('ldap_<wbr>accountFilterFormat'), null);</div><div><span =
style=3D"white-space:pre"> </span>echo '<br =
/>';</div><div><span style=3D"white-space:pre"> =
</span>echo '<div id =3D =
"ldap_accountDomainName">';</div><div><span style=3D"white-space:pre"> =
</span>echo '<label for =3D =
"ldap_accountDomainName"><wbr>Account Domain Name: =
</label>';</div><div><span style=3D"white-space:pre"> =
</span>echo text (array('name'=3D>'ldap_<wbr>accountDomainName'), =
get_option('ldap_<wbr>accountDomainName'), null);</div><div><span =
style=3D"white-space:pre"> </span>echo '<br =
/>';</div><div><span style=3D"white-space:pre"> =
</span>echo '<div id =3D =
"ldap_accountDomainNameShort"><wbr>';</div><div><span =
style=3D"white-space:pre"> </span>echo '<label for =3D =
"ldap_accountDomainNameShort"><wbr>Account Domain Name Short: =
</label>';</div><div><span style=3D"white-space:pre"> =
</span>echo text (array('name'=3D>'ldap_<wbr>accountDomainNameShort'), =
get_option('ldap_<wbr>accountDomainNameShort'), null);</div><div><span =
style=3D"white-space:pre"> </span>echo '<br =
/>';</div><div><span style=3D"white-space:pre"> =
</span>echo '<div id =3D "ldap_bindRequiresDn">';</div><div><span =
style=3D"white-space:pre"> </span>echo '<label for =3D =
"ldap_bindRequiresDn">Bind Requires DN (true or false): =
</label>';</div><div><span style=3D"white-space:pre"> =
</span>echo text (array('name'=3D>'ldap_<wbr>bindRequiresDn'), =
get_option('ldap_<wbr>bindRequiresDn'), null);</div><div><span =
style=3D"white-space:pre"> =
</span></div><div>}</div><div><br></div><div> class =
Omeka_Auth_Adapter_Ldap extends Zend_Auth_Adapter_Ldap {</div><div><span =
style=3D"white-space:pre"> </span></div><div><span =
style=3D"white-space:pre"> </span>private =
$omeka_userid;</div><div><span style=3D"white-space:pre"> =
</span></div><div><span style=3D"white-space:pre"> </span>public =
function __construct($options,$<wbr>username,$password) =
{</div><div><span style=3D"white-space:pre"> =
</span>parent::__construct($options,$<wbr>username,$password);</div><div><=
span style=3D"white-space:pre"> </span></div><div><span =
style=3D"white-space:pre"> </span>//The Zend_Auth_Result =
(returned from Zend_Auth_Adapter_Ldap)-- 'identity' =
attribute</div><div><span style=3D"white-space:pre"> =
</span>//does not hold the username needed for omeka user 'id' lookup so =
$omeka_userid will hold it</div><div><span style=3D"white-space:pre"> =
</span>$this->omeka_userid =3D $username;</div><div><span =
style=3D"white-space:pre"> </span>}</div><div><span =
style=3D"white-space:pre"> </span></div><div><span =
style=3D"white-space:pre"> </span>public function authenticate() =
{</div><div><span style=3D"white-space:pre"> =
</span>$authResult =3D parent::authenticate();</div><div> =
$log_path =3D =
"/home/httpd/myuser/<wbr>application/logs/ldap.log";</div><div> =
if ($log_path) {</div><div> =
$messages =3D =
$authResult->getMessages();</div><div><br></div><div> =
$logger =3D new Zend_Log();</div><div> =
$logger->addWriter(new =
Zend_Log_Writer_Stream($log_<wbr>path));</div><div> =
$filter =3D new =
Zend_Log_Filter_Priority(Zend_<wbr>Log::DEBUG);</div><div> =
=
$logger->addFilter($filter);</div><div><br></div><div> =
foreach ($messages as $i =3D> $message) =
{</div><div> if =
($i-- > 1) { // $messages[2] and up are log messages</div><div> =
$message =
=3D str_replace("\n", "\n ", $message);</div><div> =
=
$logger->log("Ldap: $i: $message", Zend_Log::DEBUG);</div><div> =
}</div><div> =
}</div><div> =
}</div><div><br></div><div><span style=3D"white-space:pre"> =
</span>if (!$authResult->isValid()) {</div><div> =
return $authResult;</div><div> =
}</div><div> // Omeka needs the user =
ID (not username)</div><div> $omeka_user =3D =
get_db()->getTable('User')-><wbr>findBySql("username =3D ?", =
array($this->omeka_userid), true);</div><div> =
if ($omeka_user) {</div><div> <span =
style=3D"white-space:pre"> </span>$id =3D =
$omeka_user->id;</div><div> <span =
style=3D"white-space:pre"> </span>$correctResult =3D new =
Zend_Auth_Result($authResult-><wbr>getCode(), $id , =
$authResult->getMessages());</div><div> =
<span style=3D"white-space:pre"> </span>return =
$correctResult;<span style=3D"white-space:pre"> </span></div><div> =
}</div><div> //if we =
can't find the user name in Omeka - return an error:</div><div> =
//(The Omeka Admin should set up the LDAP username =
to match the Omeka Username)</div><div> =
//Another alternative here 'could be' -- if needed -- creating a new =
Omeka User </div><div> else =
{</div><div> <span style=3D"white-space:pre"> =
</span>$messages =3D array();</div><div> =
<span style=3D"white-space:pre"> </span>$messages[] =3D 'Login =
information incorrect. Please try again.';</div><div> =
<span style=3D"white-space:pre"> </span>$authResult =3D =
new =
Zend_Auth_Result(Zend_Auth_<wbr>Result::FAILURE_IDENTITY_NOT_<wbr>FOUND, =
$this->omeka_userid , $messages);</div><div> =
<span style=3D"white-space:pre"> </span>return =
$authResult;</div><div> }</div><div><span =
style=3D"white-space:pre"> </span>}</div><div><span =
style=3D"white-space:pre"> =
</span></div><div> }</div><div><span style=3D"white-space:pre"> =
</span></div><div><span style=3D"white-space:pre"> =
</span></div><div><br></div><div> class LdapControllerPlugin =
extends Zend_Controller_Plugin_<wbr>Abstract {</div><div><span =
style=3D"white-space:pre"> </span></div><div> public =
function routeStartup(Zend_Controller_<wbr>Request_Abstract $request) =
{</div><div> <span style=3D"white-space:pre"> </span> =
$router =3D =
Omeka_Context::getInstance()-><wbr>getFrontController()-><wbr>getRou=
ter();</div><div> </div><div> =
$route =3D new =
Zend_Controller_Router_Route(</div><div> <span =
style=3D"white-space:pre"> =
</span>'users/forgot-password',</div><div> <span =
style=3D"white-space:pre"> =
</span>array(</div><div> <span style=3D"white-space:pre"> =
</span> 'module' =3D> =
'ldap', </div><div> <span =
style=3D"white-space:pre"> </span> =
'controller' =3D> 'ldap',</div><div> =
<span style=3D"white-space:pre"> </span> =
'action' =3D> 'forgot-password'</div><div> =
<span style=3D"white-space:pre"> </span> =
));</div><div> </div><div><span style=3D"white-space:pre"> =
</span>$router->addRoute('forgot', $route);</div><div><span =
style=3D"white-space:pre"> </span></div><div> =
$route =3D new =
Zend_Controller_Router_Route(</div><div> <span =
style=3D"white-space:pre"> </span> =
'users/add',</div><div> <span style=3D"white-space:pre"> =
</span>array(</div><div> <span =
style=3D"white-space:pre"> =
</span>'module' =3D> 'ldap', </div><div> =
<span style=3D"white-space:pre"> =
</span>'controller' =3D> 'ldap',</div><div> =
<span style=3D"white-space:pre"> =
</span>'action' =3D> 'add'</div><div> <span =
style=3D"white-space:pre"> </span> =
));</div><div> </div><div><span style=3D"white-space:pre"> =
</span>$router->addRoute('<wbr>addLdapUser', $route);</div><div><span =
style=3D"white-space:pre"> </span></div><div><span =
style=3D"white-space:pre"> </span>$route =3D new =
Zend_Controller_Router_Route(</div><div> <span =
style=3D"white-space:pre"> </span> =
'users/edit/:id',</div><div> <span style=3D"white-space:pre">=
</span>array(</div><div> =
<span style=3D"white-space:pre"> =
</span>'module' =3D> =
'ldap', </div><div> <span =
style=3D"white-space:pre"> =
</span>'controller' =3D> 'ldap',</div><div> =
<span style=3D"white-space:pre"> =
</span>'action' =3D> 'edit'</div><div> =
<span style=3D"white-space:pre"> </span> =
));</div><div> </div><div><span style=3D"white-space:pre"> =
</span>$router->addRoute('<wbr>editLdapUser', =
$route);</div><div> }</div><div> =
</div><div> }</div><div><br></div><br>On Friday, February 4, =
2011 10:40:38 AM UTC-5, Michelle wrote:<blockquote class=3D"gmail_quote" =
style=3D"margin:0;margin-left:0.8ex;border-left:1px #ccc =
solid;padding-left:1ex">Hi All,
<br>
<br>I am a new member to the group and this is my first time posting.
<br>
<br>I'm working on a Plugin which will allow users to log into Omeka via
<br>LDAP.
<br>
<br>I think I've figured out the filters and am using them where I can. =
I
<br>also think I've figured out how to intercept the routes where I =
think
<br>I will need to using Zend_Controller_Router_Routes to direct them to
<br>the LDAP controller I am writing.
<br>
<br>In my attempt to replace (re-route) the page that allows a user to
<br>request a password reset I ran into an issue. The issue is the
<br>"_adminWhitelist" in Admin.php. It limits the =
controllers/actions for
<br>'admin' actions before a user is signed in. I wanted to route =
the
<br>users/forgot-password request through my controller to my view - =
which
<br>would show a message explaining that since LDAP is used for
<br>authentication the password cannot be reset here.
<br>
<br>I tried multiple avenues to work around this with no success =
including
<br>attempting to unregister the Omeka_Controller_Plugin_Admin =
temporarily
<br>for this specific action. (Duplicating your technique in
<br>Upgrade.php). Unfortunately...I could not get it to work - =
maybe a
<br>matter of timing or my coding.
<br>
<br>What did work (but I don't think it is a good approach) was to =
create
<br>a copy of the Omeka_Controller_Plugin_Admin class within my plugin
<br>directory adding my controller name - ldap and action - forgot-
<br>password to the whitelist. This seems to work - It allows me =
to route
<br>the request through my controller without kicking me back to the =
login
<br>page. Although I'm not sure, I don't think this is the best
<br>approach. Can anyone provide any thoughts/suggestions on this =
issue?
<br>Any thoughts on an alternative approach?
<br>
<br>Thanks so much!
<br>Michelle
<br>
<br></blockquote></blockquote></blockquote><div><br =
class=3D"webkit-block-placeholder"></div>
-- <br>
You received this message because you are subscribed to the Google =
Groups "Omeka Dev" group.<br>
To view this discussion on the web visit <a =
href=3D"https://groups.google.com/d/msg/omeka-dev/-/upDLqMur89IJ">https://=
groups.google.com/d/msg/omeka-dev/-/upDLqMur89IJ</a>.<br>=20
To post to this group, send email to <a =
href=3D"mailto:omeka-dev@googlegroups.com">omeka-dev@googlegroups.com</a>.=
<br>
To unsubscribe from this group, send email to <a =
href=3D"mailto:omeka-dev+unsubscribe@googlegroups.com">omeka-dev+unsubscri=
be@googlegroups.com</a>.<br>
For more options, visit this group at <a =
href=3D"http://groups.google.com/group/omeka-dev?hl=3Den">http://groups.go=
ogle.com/group/omeka-dev?hl=3Den</a>.<br>
</blockquote></div><br></div></body></html>=
--Apple-Mail=_77C85ABF-2037-424D-9AA9-E5762F4D5B57--
Message from discussion Omeka / LDAP Plugin Dev. - I have a question
| Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy |
| ©2013 Google |