I’ve scoured the expression engine world for extensions allowing authentication/user creation via LDAP. However, with my particular application, I also needed to allow authentication/user creation through the default expression engine registration method.
I came across this extension: http://devot-ee.com/add-ons/ldap and tried using it.
However, by default, this extension will override the expression engine log in and only allow authentication via LDAP.
The developer did add a method allowing users to input specific usernames that will bypass the LDAP authentication and continue to the expression engine authentication. But I needed to bypass dynamically. About 1/2 of our users are external users and need to bypass LDAP altogether.
I modified the extension to flag a user that authenticates with LDAP. Then, in the method mentioned above, I query the database to see if the authenticating user is LDAP or not. And if not, I return TRUE to bypass LDAP.
Here’s the code:
/**
* Is this a special user that we don't check in LDAP for?
* @param $username
* @return bool
*/
function is_non_ldap_user($username)
{
//$non_ldap_users = $this->settings['non_ldap_users'];
$results = $this->EE->db->query("SELECT exp_members.username FROM exp_members INNER JOIN exp_member_data ON exp_members.member_id = exp_member_data.member_id WHERE exp_member_data.m_field_id_2 = 'No' AND exp_members.username = '$username'");
$non_ldap_users = array();
if ($results->num_rows() > 0)
{
foreach($results->result_array() as $row)
{
$non_ldap_users[] = $row['username'];
}
}
//foreach (explode(',', $non_ldap_users) as $user)
foreach ($non_ldap_users as $user)
{
if ($username === $user)
{
$this->debug_print("Found non-ldap user: " . $user);
return TRUE;
}
}
return FALSE;
}I know it could be optimized a bit, and as time allows, I’ll update it. But mostly, for those that need LDAP and regular authentication, try this.