Alpha Software Mobile Development Tools:   Alpha Anywhere    |   Alpha TransForm subscribe to our YouTube Channel  Follow Us on LinkedIn  Follow Us on Twitter  Follow Us on Facebook

Announcement

Collapse

The Alpha Software Forum Participation Guidelines

The Alpha Software Forum is a free forum created for Alpha Software Developer Community to ask for help, exchange ideas, and share solutions. Alpha Software strives to create an environment where all members of the community can feel safe to participate. In order to ensure the Alpha Software Forum is a place where all feel welcome, forum participants are expected to behave as follows:
  • Be professional in your conduct
  • Be kind to others
  • Be constructive when giving feedback
  • Be open to new ideas and suggestions
  • Stay on topic


Be sure all comments and threads you post are respectful. Posts that contain any of the following content will be considered a violation of your agreement as a member of the Alpha Software Forum Community and will be moderated:
  • Spam.
  • Vulgar language.
  • Quotes from private conversations without permission, including pricing and other sales related discussions.
  • Personal attacks, insults, or subtle put-downs.
  • Harassment, bullying, threatening, mocking, shaming, or deriding anyone.
  • Sexist, racist, homophobic, transphobic, ableist, or otherwise discriminatory jokes and language.
  • Sexually explicit or violent material, links, or language.
  • Pirated, hacked, or copyright-infringing material.
  • Encouraging of others to engage in the above behaviors.


If a thread or post is found to contain any of the content outlined above, a moderator may choose to take one of the following actions:
  • Remove the Post or Thread - the content is removed from the forum.
  • Place the User in Moderation - all posts and new threads must be approved by a moderator before they are posted.
  • Temporarily Ban the User - user is banned from forum for a period of time.
  • Permanently Ban the User - user is permanently banned from the forum.


Moderators may also rename posts and threads if they are too generic or do not property reflect the content.

Moderators may move threads if they have been posted in the incorrect forum.

Threads/Posts questioning specific moderator decisions or actions (such as "why was a user banned?") are not allowed and will be removed.

The owners of Alpha Software Corporation (Forum Owner) reserve the right to remove, edit, move, or close any thread for any reason; or ban any forum member without notice, reason, or explanation.

Community members are encouraged to click the "Report Post" icon in the lower left of a given post if they feel the post is in violation of the rules. This will alert the Moderators to take a look.

Alpha Software Corporation may amend the guidelines from time to time and may also vary the procedures it sets out where appropriate in a particular case. Your agreement to comply with the guidelines will be deemed agreement to any changes to it.



Bonus TIPS for Successful Posting

Try a Search First
It is highly recommended that a Search be done on your topic before posting, as many questions have been answered in prior posts. As with any search engine, the shorter the search term, the more "hits" will be returned, but the more specific the search term is, the greater the relevance of those "hits". Searching for "table" might well return every message on the board while "tablesum" would greatly restrict the number of messages returned.

When you do post
First, make sure you are posting your question in the correct forum. For example, if you post an issue regarding Desktop applications on the Mobile & Browser Applications board , not only will your question not be seen by the appropriate audience, it may also be removed or relocated.

The more detail you provide about your problem or question, the more likely someone is to understand your request and be able to help. A sample database with a minimum of records (and its support files, zipped together) will make it much easier to diagnose issues with your application. Screen shots of error messages are especially helpful.

When explaining how to reproduce your problem, please be as detailed as possible. Describe every step, click-by-click and keypress-by-keypress. Otherwise when others try to duplicate your problem, they may do something slightly different and end up with different results.

A note about attachments
You may only attach one file to each message. Attachment file size is limited to 2MB. If you need to include several files, you may do so by zipping them into a single archive.

If you forgot to attach your files to your post, please do NOT create a new thread. Instead, reply to your original message and attach the file there.

When attaching screen shots, it is best to attach an image file (.BMP, .JPG, .GIF, .PNG, etc.) or a zip file of several images, as opposed to a Word document containing the screen shots. Because Word documents are prone to viruses, many message board users will not open your Word file, therefore limiting their ability to help you.

Similarly, if you are uploading a zipped archive, you should simply create a .ZIP file and not a self-extracting .EXE as many users will not run your EXE file.
See more
See less

function for user logins (for LDAP password integration)

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    function for user logins (for LDAP password integration)

    Is there an xbasic function that will cause a user to be logged in to the alpha five security system, without needing to specify their password when invoking the function?

    I'm looking for an alternative to the a5ws_login_user() function, which I think does require a password to be supplied.

    This is for an "intranet" environment where we need to let employees use their existing passwords from LDAP or Active Directory. To summarize what I've found on the message board (many thanks!!): it sounds like we can bypass the built-in password system in Alpha Five while still taking advantage of all of the other built-in features in the security system; all we have to do is avoid using the "official" login web component. Instead we use a dialog to collect a username and password, and in its "validate" event we use a little xbasic script to check the password against LDAP or Active Directory, and then that invokes a function to tell Alpha Five that the person should now be considered to be logged in.

    I suppose there probably isn't a function that allows us to log people in without knowing their alpha password, but it would make things simpler for us if it does exist. If the answer is "no" then I suppose we could make up one "master password" and assign it to every user in alpha five (the users themselves will never see that password) and then have the script use that when invoking a5ws_login_user().

    (To be complete, I suppose I should comment on how we'll create users in alpha five. For that we're taking advantage of the "using SQL tables in web security" technique that allows us to relocate the alpha five security tables so they exist in our Microsoft SQL Server database. We have scheduled a windows powershell script to run now and then to find any newly created Active Directory users that don't yet exist in our SQL table, and add them to the table.)

    #2
    Re: function for user logins (for LDAP password integration)

    Hello,

    Could you show/write for dummies like me "little xbasic script to check the password against LDAP or Active Directory" please?

    many thanks

    tekri

    Comment


      #3
      Re: function for user logins (for LDAP password integration)

      Sample vb for using LDAP, with comments on converting it to xbasic is in this other posting.

      Sample xbasic code for the validate event is in the middle of this other posting.

      At our site, I created a web component of the �dialog� type, that collects two pieces of data:
      txtUsername
      txtPassword

      All of our alpha five user accounts are set to have the same complicated password that the users do not know.

      In the web component's �validate� event, I put this xbasic code:

      Code:
      strUsername = ut(currentform.Controls.txtUsername.value)
      strPassword = currentform.Controls.txtPassword.value
      
      if (strUsername = "") .or. (strPassword = "") then
          currentform.has_error = .t.
          currentform.error_message = "User name or password cannot be blank."
      
      else
      	dim ADSObject as P
      	dim LDAPtest as p
      	LDAPtest = ole.GetObject("LDAP:")
      	on error goto Error_Handler
      	ADSObject = LDAPtest.OpenDSObject("LDAP://your_ldap_server_name.your_company.com","uid="+strUsername+",ou=employees,ou=people,dc=your_company,dc=com", strPassword, 0)
      	a5ws_login_user(strUsername,"complicated_password_that_the_users_do_not_know")
      
      end if
      
      End
      
      
      Error_Handler:
      
      currentform.has_error = .t.
      currentform.error_message = "Incorrect Username or Password"
      
      End
      In the above code, you'll have to heavily modify the "LDAP://" line to reflect your LDAP server configuration. For example, many LDAP servers use something other than "uid" for the username, and the "ou=" stuff needs to be changed to reflect your structure, etc.

      In the web component's "after validate" event you use code to tell it what page you want it to go to after a successful login. For example, to send them to a page called index.a5w you can do:

      Code:
      currentform.redirectTarget = "index.a5w"
      That's it.

      As a further enhancement, if you're using Alpha Five's ability to automatically redirect users to the login page, then after a successful login you might want to send the user to the page that they had originally tried to reach. Alpha Five apparently puts that value in the URL request under the name "np" so I think that might be done by putting something like the following in the "initialize" event (this has not been thoroughly tested yet):

      Code:
      if eval_valid("np") then
      session.np=np
      end if
      and replacing the "after validate" code with something like this:

      Code:
      if eval_valid("session.np") then
          Currentform.RedirectTarget = session.np
      else
          currentform.redirectTarget = "index.a5w"
      end if

      Comment


        #4
        Re: function for user logins (for LDAP password integration)

        I respect all these solutions for finding an answer for AC/LDAP.
        I don't believe in workarounds why? simple there is no support by the vendor. So why take risk security management is heavy stuff.

        Many request have been made to Alphasoftware to support AC/LDAP.
        We may hope that V11 will give the right answer to our needs, for the final outcome we just have wait.

        Agree, waiting is not easy we need it today, but thats how it works.

        BTW: Alphasofware already gave more answers "What is in the next release" that any other vendor would publish at that stage.

        V11 will make a lot of people very happy, at least me in person, that count+1

        Eric

        Just a notice.

        Comment


          #5
          Re: function for user logins (for LDAP password integration)

          Originally posted by sdkrahn View Post
          Sample vb for using LDAP, with comments on converting it to xbasic is in this other posting.

          Sample xbasic code for the validate event is in the middle of this other posting.

          At our site, I created a web component of the “dialog” type, that collects two pieces of data:
          txtUsername
          txtPassword

          All of our alpha five user accounts are set to have the same complicated password that the users do not know.

          In the web component's “validate” event, I put this xbasic code:

          Code:
          strUsername = ut(currentform.Controls.txtUsername.value)
          strPassword = currentform.Controls.txtPassword.value
          
          if (strUsername = "") .or. (strPassword = "") then
              currentform.has_error = .t.
              currentform.error_message = "User name or password cannot be blank."
          
          else
          	dim ADSObject as P
          	dim LDAPtest as p
          	LDAPtest = ole.GetObject("LDAP:")
          	on error goto Error_Handler
          	ADSObject = LDAPtest.OpenDSObject("LDAP://your_ldap_server_name.your_company.com","uid="+strUsername+",ou=employees,ou=people,dc=your_company,dc=com", strPassword, 0)
          	a5ws_login_user(strUsername,"complicated_password_that_the_users_do_not_know")
          
          end if
          
          End
          
          
          Error_Handler:
          
          currentform.has_error = .t.
          currentform.error_message = "Incorrect Username or Password"
          
          End
          In the above code, you'll have to heavily modify the "LDAP://" line to reflect your LDAP server configuration. For example, many LDAP servers use something other than "uid" for the username, and the "ou=" stuff needs to be changed to reflect your structure, etc.

          In the web component's "after validate" event you use code to tell it what page you want it to go to after a successful login. For example, to send them to a page called index.a5w you can do:

          Code:
          currentform.redirectTarget = "index.a5w"
          That's it.

          As a further enhancement, if you're using Alpha Five's ability to automatically redirect users to the login page, then after a successful login you might want to send the user to the page that they had originally tried to reach. Alpha Five apparently puts that value in the URL request under the name "np" so I think that might be done by putting something like the following in the "initialize" event (this has not been thoroughly tested yet):

          Code:
          if eval_valid("np") then
          session.np=np
          end if
          and replacing the "after validate" code with something like this:

          Code:
          if eval_valid("session.np") then
              Currentform.RedirectTarget = session.np
          else
              currentform.redirectTarget = "index.a5w"
          end if
          Many thanks, now its working for me.

          Comment


            #6
            Re: function for user logins (for LDAP password integration)

            Hi,
            I'm trying to get LDAP authentication to work on our web apps. I have tried the above code on a dialog, but must be missing something. Do I need an LDAP client or something installed on the WAS? Thanks.
            Land of the Free, Because of the Brave
            Support our US Military

            Comment


              #7
              Re: function for user logins (for LDAP password integration)

              That script makes use of stuff that is typically already part of Windows, so you shouldn't need to install an additional LDAP client.

              That script assumes that the LDAP server uses "uid" to refer to the username, and assumes that the usernames are organized under a section called "employees" -- different LDAP servers do things differently, so you have to adjust the script to match how your LDAP server is configured.

              To test, make a file called "test1.vbs" and put something like the following in it:

              Set dso = GetObject("LDAP:")
              Set ou = dso.OpenDSObject("LDAP://ldap.yourplace.com","uid=your_username,ou=employees,ou=people,dc=yourplace,dc=com","your_password", 0)
              Then open up a command prompt and go to the directory where you put that file and type "test1" and see what kind of error you get. (If you don't get an error, then the login/password worked.)

              This other site seems to have some useful tips: http://www.selfadsi.org/bind.htm

              Originally posted by joannristau View Post
              Hi,
              I'm trying to get LDAP authentication to work on our web apps. I have tried the above code on a dialog, but must be missing something. Do I need an LDAP client or something installed on the WAS? Thanks.

              Comment


                #8
                Re: function for user logins (for LDAP password integration)

                Thanks. I will try the test and see what happens. I haven't had a chance to get back to this issue until today. Hopefully the test script will reveal the issue.
                Land of the Free, Because of the Brave
                Support our US Military

                Comment


                  #9
                  Re: function for user logins (for LDAP password integration)

                  Well, this is interesting. We use Novell eDirectory so the LDAP syntax is a little different. Since I work in the the Unix world all day, and know the syntax to bind and do ldapsearch against our directory from Oracle, I use that syntax in the test script. I got an error about invalid user ID or password until I removed the password. Then the script executes but no error displays.

                  I'm using V11. I created a dialog for ldaplogin using your code above and replacing it with our LDAP syntax. I'll take off the txtPassword in the ASDObject section and see what happens next.
                  Land of the Free, Because of the Brave
                  Support our US Military

                  Comment


                    #10
                    Re: function for user logins (for LDAP password integration)

                    Steve,
                    Thanks so much for your examples! I got it to work with our eDirectory LDAP. YAY!
                    Land of the Free, Because of the Brave
                    Support our US Military

                    Comment


                      #11
                      Re: function for user logins (for LDAP password integration)

                      Thanks guys fr all of the input, but I have another question in the script you mention:
                      strUsername = ut(currentform.Controls.txtUsername.value)
                      strPassword = currentform.Controls.txtPassword.value

                      Where do you fill these variables, I am still confused where you get these, or with what do you fill them

                      Comment


                        #12
                        Re: function for user logins (for LDAP password integration)

                        When you create a "dialog" in alpha five you are creating a web form with boxes to collect input from the user. If you create a dialog with one textbox called "txtUsername" and another textbox called "txtPassword" and you enter that script under Form / Properties / Server Events / Validate, then the script will run when the user fills in the boxes and clicks submit.

                        Comment

                        Working...
                        X