Wednesday, June 11, 2008

Mantis - Allow LDAP and Mantis login

Hello,

I wanted the feature for both logins LDAP and Mantis . In following way i managed to solve it -

1> I had applied patch for creating account in database for LDAP authentication as given in below URL
http://www.mantisbt.org/bugs/view.php?id=5595

2> In "config_defaults_inc.php" file set
$g_send_reset_password = OFF; // This will display password input while creating new account for admin login.
$g_allow_signup = OFF; // Sign up feature is disabbled

3>Change function "auth_does_password_match" in core/authentication_api.php File as below

function auth_does_password_match( $p_user_id, $p_test_password ) {
$t_configured_login_method = config_get( 'login_method' );

// Start => checking for LDAP and Mantis login users

//This is newly added loop for checking
if ( LDAP == $t_configured_login_method ) {
If(ldap_authenticate( $p_user_id, $p_test_password ))
return true;
else
{
// Checks if blank password is set
if ( is_blank( $p_user_id ) || is_blank( $p_test_password ) ) {
return false;
}
else
{
$t_password = user_get_field( $p_user_id, 'password' );
$t_login_methods = Array(MD5, CRYPT, PLAIN);
$t_configured_login_method = 0;
foreach ( $t_login_methods as $t_login_method )
{
# pass the stored password in as the salt
if ( auth_process_plain_password( $p_test_password, $t_password, $t_login_method ) == $t_password )
{
# Do not support migration to PLAIN, since this would be a crazy thing to do.
# Also if we do, then a user will be able to login by providing the MD5 value
# that is copied from the database. See #8467 for more details.
if ( $t_configured_login_method != PLAIN && $t_login_method == PLAIN )
{
continue;
}
# Check for migration to another login method and test whether the password was encrypted
# with our previously insecure implemention of the CRYPT method
if ( ( $t_login_method != $t_configured_login_method ) ||
( ( CRYPT == $t_configured_login_method ) && substr( $t_password, 0, 2 ) == substr( $p_test_password, 0, 2 ) ) )
{
user_set_password( $p_user_id, $p_test_password, true );
}
$t_configured_login_method = config_get( 'login_method' );
return true;
} // IF
} // for each
$t_configured_login_method = config_get( 'login_method' );
return false;
} //else
} // else
} // IF

}

NOTE - This function does not allow blank passwords
I have removed Reset button feature which sets blank password.

4>Now admin can set password while creating new user but edit password needs to be added
so on "manage_user_edit_page.php" page add "password" and "verify password" fields
These fields are populated on page load.

< !-- Password -- >

<>
< class="category">



< type="password" name="password" size="32" maxlength="32" value="">

< /tr >
<>
< class="category">

< /td>
<>
< type="password" name="password_verify" size="32" maxlength="32" value="">
< /td>
< /tr>


Note - I am displaying the password block only for Mantis user not LDAP users.
Here i am checking for specific pattern of email if it matches then it is LDAP user.
As we have LDAP users with company email account and other users created will not have this pattern.
This logic will change according to need. You can also add one more field in database to check this.


Updated "manage_user_update.php" file to save updated password in database.
$query = "UPDATE $t_user_table SET username='$c_username', email='$c_email',protected='$c_protected', realname='$c_realname',
password = '$c_password' WHERE id='$c_user_id'";


5>Applied validation check for blank password while creating / editting user account.

In this way i have configured to let LDAP as well as Mantis user login.
I hope this helps some one in need of this feature.