Coppermine LDAP Bridging Coppermine LDAP Bridging
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Coppermine LDAP Bridging

Started by twanfox, August 29, 2007, 10:06:27 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

twanfox

While I admit, it sounds weird to bridge LDAP and Coppermine, since it isn't exactly a BBS, I figured it was the easiest and most portable way to allow authentication between Coppermine and a backend LDAP Directory. For the moment, it's a work in progress, but after seeing some requests, I figured I'd drop the line that I had something working and (for the most part) it works. The sad part is that while it is designed as a bridge, it doesn't exactally store things like Group information in the LDAP directory but Coppermine doesn't use it's internal groups if bridging is enabled. It's caused some interesting issues. If someone knows more about Coppermine's interaction and requirements for bridging, I do accept help to figure it out. ;)

At any rate, here is the bridge file as I have it so far.

gosforth

Would be great if at last we could have Coppermine - LDAP integration (not Active Directory even, AD is not a real LDAP in fact).

twanfox

I would tend to agree with LDAP integration being a nice feature. However, at least as a starting measure, this seemed to be the easiest way to enable such functionality within the guidelines of the system. I've seen how other hacks and add-ons muddle the original codebase and, when it comes time to upgrade, those hacks prevent that. In this case, even Coppermine handles it's own internal user/group handling as a special-case bridge module.

This bridge could lead into that very easily. Some functionality that mirrors the coppermine "bridge" requires hacks in order to tell the gallery to treat the LDAP bridge like the Coppermine one. If the Coppermine devs feel that this bridge merits such integral revisions, I'd be love to investigate that possibility.

Joachim Müller

Quote from: twanfox on September 27, 2007, 03:49:14 AM
If the Coppermine devs feel that this bridge merits such integral revisions, I'd be love to investigate that possibility.
Sounds very interessting. I'd love to see an integration of this bridge into the core. LDAP integration is the key to Coppermine being used in company's intranets or extranets.
So it would be great if you could look into this.

florismouwen

I created a new version of the LDAP Bridge with these features:
- Added CACHE_PASSWORD to prevent password caching in the database
- Update e-mailaddress from LDAP users to the Database

Maybe in the near future i create another update with the possibility to use LDAP groups and synchronise them to Coppermine.

Joachim Müller

Thanks for your contribution. The Coppermine version you designed this for is reaching it's end of life. Ideally, you might consider designing a new version for the upcoming cpg1.5.x stable release (currently, a release candidate is out).

blumer

Hello. I have white screen after login to cpg with this LDAP hack. LDAP connection is bind to server and users are created in db after first login to gallery. Second and all next logins - white screen without any errors. Thanks for your ideas.

cpg 1.4.25
win XP
Vertrigo server with
Apache 2.0.63
PHP 5.2.6
Mysql 5.0.51b

phill104

It is a mistake to think you can solve any major problems just with potatoes.

Joachim Müller

In fact you should start a new thread and do as suggested in When requesting bridge support - mandatory!