I've been using phpScheduleIt for some time now (since 1.0.x something) ... and the one thing that has not changed (which I've never made a post about) is the ldap configuration. Every time I upgrade, I must "fix" the LDAPEngine class.
The way the system is written, it assumes the following:
- ldap server is not over ldaps (SSL)
- binding is anonymous OR to a specified account
I am in an environment where I need to connect via ssl, and non anon-bind ldap - essitaly by binding with the username/pw supplied I have authenticated the user
So currently (1.2.8), I've changed LDAPEngine as such:
Line 61:
$this->ldap = ldap_connect( "ldaps://ldap.foo.com:636/" ) or die ("Could not connect to LDAP server." );
Line 68: (the basedn is the same as $config['ldap']['basedn']
$bind = @ldap_bind( $this->ldap, "uid=$uid,ou=people,dc=foo,dc=com", $password );
This connects via SSL, then binds using the username/password supplied via the form. Provided the user/pw binds, I have verified the user ... if one really wanted to, one could futher add the user a group in ldap to permit/disallow them from logging in.
So as a new feature, I would recommend the $conf[] to allow for ldap urls (makes handling ssl/port stuff easier), and allowing authentication via ldap (as I did with the ldap_bind call).
-dave
