Zenphoto
The simpler media website CMS
ZenphotoThe simpler media website CMS
Forum search only. You might also want to search on the main site's user guide.
Your support helps pay for this server, and helps development of zenphoto. Thank you!
Visit the donations page
Comments
I would be interested in such an effort. If you have the knowledge of the LDAP side, create a ticket for this effort and we can continue the converstaion there.
I will submit a ticket, and see what we can get going.
i extended the checkLogon-function in the lib-auth.php to realize an LDAP-authentication.
The LDAP-properties (ServerIP,Port,Group,dc,ou,zenphoto-group cn) are supplied by an LDAP Zenphoto plugin (that i also wrote).
The autentication itself is done via LDAP, but all user properties are stored in the zenphoto-DB To distinguish between a local and a ldap-user i used the 'other-credentials' DB-field with the value 'ldap'.
At the moment i'm struggling with two issues:
- The replacement in the plugins/alt/ folder: When i take the original lib-auth.php script and change the require_once-statment at the beginning, i'm getting this error: "PHP Fatal error: Call to a member function checkCookieCredentials() on a non-object in /var/www/zen/zp-core/auth_zp.php on line 71" so i modified the original lib-auth.php.
- The second one is that the zp-core/zp-extensions/user-expiry.php at Line 161 overwrites the 'other-credentials'-field in the db after every successfull login and logout. It seems that the getCredentials-function (lib-auth.php) doesn't provide the correct value from the db-field, so i comment the line out at the moment.
The LDAP-authentication works fine, but what is missing is the ldap-user registration part on the admin->users page. I tried to modify the page, but my php-knowlegde is not as good as i wish.
The plan for the LDAP-user registration is to use normal user registration process/site, but list the users from the zenphoto ldap group on the admin->users page, use the provided name as username and set 'ldap' in the 'other_credentials' db-field.
I thought that a marked "Use LDAP"-Checkbox (that is only visible when the "Enable LDAP Logon"-Checkbox on the ldap-plugin page is marked) will enable the LDAP-userlist and set the original "New User:"- and the Password-Textbox disabled/invisible.
The ldap-plugin also provides a function that returns an array with the ldap-usernames that are in the zenphoto-ldap group.
So my question is, if anybody is interested to do the admin-users-page modification, but addition i have to mention that i also have no github-experience.
Also the admin-users.php has a filter to attach extra information via plugins (currently there are extra fields shown if the comment_form plugin is enabled though). See the plugin tutorial on the user guide.
I studied the lib-auth.php and admin-users.php today and wrote the GUI-component (extended the admin-users-page) to add LDAP-Users to the local DB, but authenticate them against the LDAP-Server at the Login. Maybe i will extend it to import the users from a whole ldap-group..
Well, a few changes need to be done regarding user-management, but i'm looking forward to complete these tasks during the next (2) week(s).
Can i contact sbillard in some way (pn,mail,ticket,..) to talk about this feature? I would like to contribute it.
Then there are basically two ways to contribute generally:
1) Provide the tools you create as 3rd party tools. This is actually the preferred way.
2) Use GitHub's issue tracker or a pull request. Be sure you use the 1.4.5 build for what you do. Sbillard will decided if this is added. But since it would be a new feature it will most likely not get in before 1.4.5 anway. (1.4.4.x are support builds only and do not introduce new things unless needed because of bugs or security issues).
In this case there are no Zenphoto users created in the database. All rights come from the external source which is preferable, since otherwise it violates the addage that if you have two copies of something then one of them will be wrong.
I think, i only have to change the "return NULL;" in the external_auth.php and make a few changes in my ldap-Plugin to get it working.
Thanks for the hint, my approach was a little bit more complex.
I will post here again when i'm finished.
after several hours of troubleshooting i replaced the return-statement at the end of the function:
`return $authorized;`
with these line (returns the admin-userobj and sets the admin-rights)
`$_zp_current_admin_obj = Zenphoto_Authority::getAnAdmin(array('``user`=' => 'admin','`valid`=' => 1));
$authorized = $_zp_current_admin_obj->getRights();
return $authorized;
But index.php is calling the password.php instead of calling setThemeColumn(), it basically isn't doing the checkAccess(..) function.
Maybe you can give me hint to get this done?
There are some filter hooks that you use to intercept the logon stuff.
`
zp_register_filter('authorization_cookie', 'MyBBcheck');
zp_register_filter('zp_logout', 'MyBB_auth::logout');
zp_register_filter('login_link', 'MyBB_auth::link');
zp_register_filter('alt_login_handler','MyBB_auth::alt_login_handler');
`
I guess I can share those methods from the proprietary implementation since they are pretty generic:
`
// Filter to provide an external login link
static function link() {
return '/'.trim(getOption('MyBB_auth_bb'),'/').'/member.php?action=login';
}
// filter to provide log out the user if he was authenticated by an external source
static function logout($location, $user) {
if(!is_bool($user->logout_link)) {
$location = '/'.trim(getOption('MyBB_auth_bb'),'/').'/member.php?action=logout&logoutkey='.$user->logout_link;
}
return $location;
}
/**
* Provides a link on the Zenphoto logon form for logging in via MyBB
* @param $handler_list
*/
static function alt_login_handler($handler_list) {
$handler_list[getOption('MyBB_auth_bb_name')] = array('script'=>'/'.trim(getOption('MyBB_auth_bb'),'/').'/member.php', 'params'=>array('action'=>'login'));
return $handler_list;
}
`
`
/**
* This is the cookie authorization filter function
* @param bit $authorization
*/
function MyBBcheck($authorization) {
$myBB = new MyBB_auth();
return $myBB->check($authorization);
}
`
I am sorry I am not very available at the moment. But I will try to check in from time to time.
It might help if you create an account on GitHub for this effort, then perhaps we can make it a collaborative effort.
I've emailed the full MyBB plugin to your mail address in your forum profile. If you do not get it let me know and we will find another way to deliver it.
I obtained permission from the person who contracted it to share it with you. An example always helps.
In addition i created a github account (same username), should i create my own project or is there a possibility to use the zenphoto project?
We usually prefer that the developer maintain code when we have not means for testing. So your GitHub repository account sounds the right way to go.
We can add a link on our site to your repository so that others will have an easy time finding it. If you would prefer we could instead link to a WEB page that you create describing the plugin.
Just let us know what you wish.
When it is activated the images won't be created in the cache and they are displayed as empty (i use an external datasource, with the few images in my test-environment i see all pics).
Can you give me a hint what is missing?