Network and LDAP Authentication

zalez

I decided to not use any type of CAPTCHA for spam but I needed something. After much consideration I choose to limit the posting of new tickets if you are off my network. I also wanted to give our users the option to post if they weren't on our network, so I added ldap authentication. The reason I didn't just go with ldap all around was to not bother anyone inside our network.

So in open.php around line 38-39 after require(CLIENTINC_DIR.'header.inc.php');

//grab client ip address and split it in to an array

$ipaddress = explode(".", $_SERVER);

/* check first two numbers of address and see if it is in our network (you can check the third if you are

dealing with only one subnet */

if ($ipaddress == "192" && $ipaddress == "168"){

//the address matches our network, show the open ticket page.

require(CLIENTINC_DIR.$inc);

} else {

//the address is outside our network, check and see if we have our ldap session

if (!isset($_SESSION)) {

//ldap session not set, let's prompt the error and give the opportunity to use ldap to authenticate

print " <center><h2>Out of network error</h2> Our support system requires you to be on our network in order to submit a ticket. You may choose to authenticate using your Novell credentials. <a href=\"ldap.php?referer=open\" style=\"font-weight; font-size;\">Novell Login</a>. If Novell authentication fails, please call tech support.</center> ";

} else {

//our ldap authentication succeeded, proceed

require(CLIENTINC_DIR.$inc);

}

The code above replaced this line (line 40ish) require(CLIENTINC_DIR.$inc);

I also am including the ldap.php file with images as an attachment. Most likely this will not work by just dropping it in and will need to be altered significantly to work with your ldap server. It does give you the idea on how to use php to access ldap. Be sure that you have the php_ldap.dll in your php extensions folder and it must also be an enabled extension in your php.ini file.

There is also a sql file for the database that I use to store my container info for my ldap server.

On a side note, if you don't know what "O", "OU" or "CN" means, than most likely you will not be able to implement this. I am not trying to be mean, just honest.

[ldap.zip](https://forum.osticket.com/assets/files/migrated/9/548d672924a7ce7cecd965a0df40b6b.zip)

cgrossko

care to elaborate? I know what "O", "OU" and "CN" means. What I don't know is where to configure these. I'm guessing you have to change line 108 in the ldap.php to reflect you database settings, as well as line 163 to reflect an ldap source. But how do I define the organizational units to look at? And how do you configure the database source? I changed the localhost, db_username, and db_password and I still get an error "No database selected".

Any hints would be appreciated!

The ldap source is a Netware 6.5 master.

Tom Wilson

Has anyone tweaked the above for windows ldap instead of novell? Or expanded on it any? I'd like to attempt to implement it but I haven't quite interpreted everything that needs to be changed yet.

--Tommie

juampablo13

Help

I`m trying to implement that on a windows active directory but after configuring the ldap.php to contact my active directory server, i test the configuration on the osticket page but after i tried to validate my user i only get a white page.. I don't know what I'm doing wrong.. Any help is appreciated!

Thanks!

Juan Pablo Amador

xrat

Enable all logging for PHP, see e.g. http://osticket.com/wiki/Installation#Self-Help_Troubleshooting(http://osticket.com/wiki/Installation#Self-Help_Troubleshooting)