I have been working away to get LDAP integration working with an OpenLDAP server. I managed fine (though I don't pretend to understand how it all works) on our test server, but now I am trying to switch to the production LDAP and although I think I have all the parameters right (and when I try the "Test" function on the LDAP authentication server I have set up this works), whenever I try to login as a new user with LDAP authentication to the live server, I get an error #49 returned.
Browsing the live server I discover that the password uses SSHA encryption. Does LDAP Integration handle this?
If not, how would I go about making it support it? I discovered this code on the php.net site, but whereabouts would I put it?

public function ValidatePassword($password, $hash)
{
  $hash = base64_decode(substr($hash, 6));
  $original_hash = substr($hash, 0, 20);
  $salt = substr($hash, 20);
  $new_hash = mhash(MHASH_SHA1, $password . $salt);
   if (strcmp($original_hash, $new_hash) == 0)
     ... do something because your password is valid ...
  else
    echo 'Unauthorized: Authorization has been refused for the credentials you provided. Please login with a valid username and password.';
    ... be sure to clear your session data ...
}

Comments

martink’s picture

martink commented
Status: Active » Closed (fixed)

I discovered that the problem was at my end - the password is indeed encrypted in SSHA however the real problem is that the font end application which runs the Directory automatically converts all passwords into upper case! Since my password contained lower-case characters I was not aware of this - it was enough to enter the password in upper-case and it worked!