Trace:

Differences

This shows you the differences between the selected revision and the current version of the page.

en:autoauthenticateapache2suseserverv0.68 2015/07/03 09:46 current
Line 1: Line 1:
 +====== Automatic authentication v0.68 - SUSE ======
 +Article written by Cuty
 +Translation by jcoleman
 +==== Introduction ====
 +The goal of this tip is to make it possible to the users of GLPI to be able to be identified in the application without having to repair their name of user like their password IF and ONLY IF waiter GLPI is a Linux waiter.
 +
 +This easy way functions with ** Apache 2 ** and GLPI configured with an external authentication with ** Active Directory. ** The user must use Internet Explorer.
 +
 +The configuration on which this handling was validated is this one:
 +
 +- GLPI: 0.68.3-2 and AD on W2k3 - Internet Explorer 6sp2/- Waiter Suse_Linux/9.3 Apache/2.0.59 (Unix) mod_ssl/2.0.59 OpenSSL/0.9.7e PHP/4.4.6 mod_perl/2.0.2 Perl/v5.8.6
 +
 +Consequently if you test on another configuration and that functions do not hesitate to supplement.
 +
 +Small precision, the modifications as well as the code provided in this article are not ego besides some lines thus large a thank you with those which will be recognized.
 +==== Installation ====
 +=== Modification in Glpi ===
 +It is necessary to start by copying the files ** index.php ** and ** login.php ** to safeguard the files of origin of Glpi, to be able to retrogress in the event of problem. Personally I add to them the extension ** .orig ** for more clearness. Then it is necessary to insert or modify code in ** index.php ** and ** login.php. **
 +
 +*>: Symbolize code to be added.
 +
 +*: Symbolize a modification of the code. In our case replace 1st star by 2nd.
 +
 +
 +== index.php ==
 +<code>
 +48:    // Using CASE server
 + 49:    yew (! empty ($cfg_glpi [“cas_host”]) &&! isset ($_GET [“noCAS”])) {
 + 50:        glpi_header (“login.php”);
 + 51:    }
 + *>    $ip = $_SERVER [“REMOTE_ADDR”];
 + *>    $commande = “nmblookup - has”. $ip;
 + *>    exec ($commande, $tableau);
 + *>    foreach ($tableau ace $colone)
 + *>        {
 + *>        yew (strpos ($colone, “<03>”))
 + *>                {
 + *>                $login = strtok ($colone, “T”);
 + *>                }
 + *>      }
 + *>    $ident = strtolower ($login);
 + *>    yew ($ident! = '') {
 + *>        header (“Hiring: login.php? login_name=”. $ident);
 + *>    }     
 + 52:    // Send UTF8 Headers
 + 53:    header (“Content-Type: text/HTML; charset=UTF-8”);
 + 54:    // Start the page
 +</code>
 +== login.php ==
 +
 +<code>
 + 54:    yew (isset ($_POST [“login_password”])){
 + 55:    $_POST [“login_password”] =unclean_cross_side_scripting_deep ($_POST [“login_password”]);
 + *>    $http_auth = false;
 + *>    }
 + *>    else yew (! isset ($_POST [“login_password”])){
 + *>    $_POST [“login_password”] =unclean_cross_side_scripting_deep ($_POST [“login_password”]);
 + *>        $http_auth = false;
 + *>        $ip = $_SERVER [“REMOTE_ADDR”];
 + *>        $commande = “nmblookup - has”. $ip;
 + *>        exec ($commande, $tableau);
 + *>        foreach ($tableau ace $colone)
 + *>                {
 + *>                yew (strpos ($colone, “<03>”))
 + *>                    {
 + *>                    $login = strtok ($colone, “T”);
 + *>                    }
 + *>              }
 + *>        $ident = strtolower ($login);
 + *>         
 + *>        yew ($ident! = '') {
 + *>              $_POST [“login_name”] = $ident;
 + *>              $http_auth = true;
 + *>        }
 + *>    }
 + 56:    yew (! isset ($_POST [“noCAS”]) &&! empty ($cfg_glpi [“cas_host”])) {
 +</code>
 +<code>
 + 72:    yew (! $auth_succeded) // No tests in configuration CASE
 + 73:    yew (empty ($_POST [“login_name”])||empty ($_POST [“login_password”])){
 + 73 *:    yew ((empty ($_POST [“login_name”])||empty ($_POST [“login_password”])) &&! $http_auth) {   
 + 74:        $identificat->err=$lang [“login”] [8];
 + 75:        } else {
 +</code>
 +<code>
 + 94:        //if ($auth_succeded) $user_present = $identificat->user->getFromDBbyName (utf8_decode ($_POST [“login_name”]));
 + 95:   
 + 96:        }
 + *>        // try HTTP authentication
 + *>        yew ($http_auth) {
 + *>         
 + *>          $found_dn=false;
 + *>          $auth_succeded=0;
 + *>          $found_dn=$identificat->ldap_get_dn_active_directory ($cfg_glpi [“ldap_host”], $cfg_glpi [“ldap_basedn”], $_POST [“login_name”], $cfg_glpi [“ldap_rootdn”], $cfg_glpi [“ldap_pass”], $cfg_glpi [“ldap_port”]);
 + *>          yew ($found_dn! =false) {
 + *>            $auth_succeded = true;
 + *>            $identificat->extauth=1;
 + *>            $user_present = $identificat->user->getFromDBbyName ($_POST [“login_name”]);
 + *>            $identificat->user->getFromLDAP_active_directory ($cfg_glpi [“ldap_host”], $cfg_glpi [“ldap_port”], $found_dn, $cfg_glpi [“ldap_rootdn”], $cfg_glpi [“ldap_pass”], $cfg_glpi [“ldap_fields”], $_POST [“login_name”], $cfg_glpi [“ldap_condition”]);        }
 + *>   
 + *>   
 + *>        }
 + 97:
 + 98:        // Second try IMAP/POP
 + 99:        yew (! $auth_succeded&&! empty ($cfg_glpi [“imap_auth_server”])) {
 +</code>
 +Also available on the forum: http://www.glpi-project.org/forum/viewtopic.php?id=1397&p=5
 +
 +=== Per Internet Browser ===
 +
 +== Internet Explorer ==
 +
 +It should well be checked that ** “To activate the integrated authentification of Windows” ** in the advanced options of Internet Explorer is well notched.
 +
 +It is necessary to think of adding the URL of GLPI in the list of the sites of the ** local Intranet ** under the ** Security Tab ** in the options of Internet Explorer.
 +
 +== Mozilla Firefox ==
 +I do not have Firefox in the company where I am, so people can go up infos, Ca would be sympathetic! :)
 +
 +==== With you to play ====
 +
 +Here about all that I could gather on this addition of function but so some among you wants to improve the tip then do not hesitate, I am also taking!!!! ^_^
 +
 +Addresses post on the forum at the origin of the article: http://www.glpi-project.org/forum/viewtopic.php?id=1397&p=1
 +
 +