[dokuwiki] Re: Mixed / chained authentication (LDAP + plain)



DennisV wrote:

Hi. This intrigued me so I wrote something really simple -
http://wiki.splitbrain.org/wiki:tips:chainedauth


Thanks a lot!

I tried it and it seems to work with ldap:plain as well. One small
problem I found that it gives an error when you try to log on using a
non-existing user. I solved it by replacing:

 function checkPass($user,$pass) {
   return $this->getAuthFromUser($user)->checkPass($user,$pass);
 }

with

 function checkPass($user,$pass) {
   $result = false;
   $auth = $this->getAuthFromUser($user);
   if($auth != null) {
     $result = $auth->checkPass($user,$pass);
   }
   return $result;
 }

I did notice something else however. If I turn LDAP debug on:
$conf['auth']['ldap']['debug']         = true;
I notice a lot of calls to the LDAP after logging on. 3 in the page
header and 1 where the admin button is located. Consequent page clicks
have an LDAP call on each page near the admin button. This doesn't
happen when using pure LDAP authentication. Is there any way to
optimize this?

Regards,
Dennis
Oops. Leaving the null check out was poor. Sorry. There might be a few more of these...
The multiple calls will be the "canDo" checks. eg The one near admin is checking whether it should display the Profile button.
In a normal backend these are fixed properties but in the chained case whether or not the Profile button can be displayed depends on which auth backend the current user belongs to. In your case users in the ldap store can't update their profile but users in the plain store probably can. I'll try and find a way to see if this can be cached somehow. 

Cheers,
       Grant
--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist

Other related posts: