Alpha Video Training
Results 1 to 12 of 12

Thread: function for user logins (for LDAP password integration)

  1. #1
    Member
    Real Name
    Steve Krahn
    Join Date
    Oct 2009
    Posts
    20

    Default function for user logins (for LDAP password integration)

    Is there an xbasic function that will cause a user to be logged in to the alpha five security system, without needing to specify their password when invoking the function?

    I'm looking for an alternative to the a5ws_login_user() function, which I think does require a password to be supplied.

    This is for an "intranet" environment where we need to let employees use their existing passwords from LDAP or Active Directory. To summarize what I've found on the message board (many thanks!!): it sounds like we can bypass the built-in password system in Alpha Five while still taking advantage of all of the other built-in features in the security system; all we have to do is avoid using the "official" login web component. Instead we use a dialog to collect a username and password, and in its "validate" event we use a little xbasic script to check the password against LDAP or Active Directory, and then that invokes a function to tell Alpha Five that the person should now be considered to be logged in.

    I suppose there probably isn't a function that allows us to log people in without knowing their alpha password, but it would make things simpler for us if it does exist. If the answer is "no" then I suppose we could make up one "master password" and assign it to every user in alpha five (the users themselves will never see that password) and then have the script use that when invoking a5ws_login_user().

    (To be complete, I suppose I should comment on how we'll create users in alpha five. For that we're taking advantage of the "using SQL tables in web security" technique that allows us to relocate the alpha five security tables so they exist in our Microsoft SQL Server database. We have scheduled a windows powershell script to run now and then to find any newly created Active Directory users that don't yet exist in our SQL table, and add them to the table.)

  2. #2
    Member tekri's Avatar
    Real Name
    Alexander Krišš
    Join Date
    Oct 2010
    Location
    Bratislava, Slovakia
    Posts
    145

    Default Re: function for user logins (for LDAP password integration)

    Hello,

    Could you show/write for dummies like me "little xbasic script to check the password against LDAP or Active Directory" please?

    many thanks

    tekri

  3. #3
    Member
    Real Name
    Steve Krahn
    Join Date
    Oct 2009
    Posts
    20

    Default Re: function for user logins (for LDAP password integration)

    Sample vb for using LDAP, with comments on converting it to xbasic is in this other posting.

    Sample xbasic code for the validate event is in the middle of this other posting.

    At our site, I created a web component of the “dialog” type, that collects two pieces of data:
    txtUsername
    txtPassword

    All of our alpha five user accounts are set to have the same complicated password that the users do not know.

    In the web component's “validate” event, I put this xbasic code:

    Code:
    strUsername = ut(currentform.Controls.txtUsername.value)
    strPassword = currentform.Controls.txtPassword.value
    
    if (strUsername = "") .or. (strPassword = "") then
        currentform.has_error = .t.
        currentform.error_message = "User name or password cannot be blank."
    
    else
    	dim ADSObject as P
    	dim LDAPtest as p
    	LDAPtest = ole.GetObject("LDAP:")
    	on error goto Error_Handler
    	ADSObject = LDAPtest.OpenDSObject("LDAP://your_ldap_server_name.your_company.com","uid="+strUsername+",ou=employees,ou=people,dc=your_company,dc=com", strPassword, 0)
    	a5ws_login_user(strUsername,"complicated_password_that_the_users_do_not_know")
    
    end if
    
    End
    
    
    Error_Handler:
    
    currentform.has_error = .t.
    currentform.error_message = "Incorrect Username or Password"
    
    End
    In the above code, you'll have to heavily modify the "LDAP://" line to reflect your LDAP server configuration. For example, many LDAP servers use something other than "uid" for the username, and the "ou=" stuff needs to be changed to reflect your structure, etc.

    In the web component's "after validate" event you use code to tell it what page you want it to go to after a successful login. For example, to send them to a page called index.a5w you can do:

    Code:
    currentform.redirectTarget = "index.a5w"
    That's it.

    As a further enhancement, if you're using Alpha Five's ability to automatically redirect users to the login page, then after a successful login you might want to send the user to the page that they had originally tried to reach. Alpha Five apparently puts that value in the URL request under the name "np" so I think that might be done by putting something like the following in the "initialize" event (this has not been thoroughly tested yet):

    Code:
    if eval_valid("np") then
    session.np=np
    end if
    and replacing the "after validate" code with something like this:

    Code:
    if eval_valid("session.np") then
        Currentform.RedirectTarget = session.np
    else
        currentform.redirectTarget = "index.a5w"
    end if

  4. #4
    "Certified" Alphaholic
    Real Name
    eric
    Join Date
    Mar 2009
    Location
    Amsterdam
    Posts
    1,284

    Default Re: function for user logins (for LDAP password integration)

    I respect all these solutions for finding an answer for AC/LDAP.
    I don't believe in workarounds why? simple there is no support by the vendor. So why take risk security management is heavy stuff.

    Many request have been made to Alphasoftware to support AC/LDAP.
    We may hope that V11 will give the right answer to our needs, for the final outcome we just have wait.

    Agree, waiting is not easy we need it today, but thats how it works.

    BTW: Alphasofware already gave more answers "What is in the next release" that any other vendor would publish at that stage.

    V11 will make a lot of people very happy, at least me in person, that count+1

    Eric

    Just a notice.

  5. #5
    Member tekri's Avatar
    Real Name
    Alexander Krišš
    Join Date
    Oct 2010
    Location
    Bratislava, Slovakia
    Posts
    145

    Default Re: function for user logins (for LDAP password integration)

    Quote Originally Posted by sdkrahn View Post
    Sample vb for using LDAP, with comments on converting it to xbasic is in this other posting.

    Sample xbasic code for the validate event is in the middle of this other posting.

    At our site, I created a web component of the “dialog” type, that collects two pieces of data:
    txtUsername
    txtPassword

    All of our alpha five user accounts are set to have the same complicated password that the users do not know.

    In the web component's “validate” event, I put this xbasic code:

    Code:
    strUsername = ut(currentform.Controls.txtUsername.value)
    strPassword = currentform.Controls.txtPassword.value
    
    if (strUsername = "") .or. (strPassword = "") then
        currentform.has_error = .t.
        currentform.error_message = "User name or password cannot be blank."
    
    else
    	dim ADSObject as P
    	dim LDAPtest as p
    	LDAPtest = ole.GetObject("LDAP:")
    	on error goto Error_Handler
    	ADSObject = LDAPtest.OpenDSObject("LDAP://your_ldap_server_name.your_company.com","uid="+strUsername+",ou=employees,ou=people,dc=your_company,dc=com", strPassword, 0)
    	a5ws_login_user(strUsername,"complicated_password_that_the_users_do_not_know")
    
    end if
    
    End
    
    
    Error_Handler:
    
    currentform.has_error = .t.
    currentform.error_message = "Incorrect Username or Password"
    
    End
    In the above code, you'll have to heavily modify the "LDAP://" line to reflect your LDAP server configuration. For example, many LDAP servers use something other than "uid" for the username, and the "ou=" stuff needs to be changed to reflect your structure, etc.

    In the web component's "after validate" event you use code to tell it what page you want it to go to after a successful login. For example, to send them to a page called index.a5w you can do:

    Code:
    currentform.redirectTarget = "index.a5w"
    That's it.

    As a further enhancement, if you're using Alpha Five's ability to automatically redirect users to the login page, then after a successful login you might want to send the user to the page that they had originally tried to reach. Alpha Five apparently puts that value in the URL request under the name "np" so I think that might be done by putting something like the following in the "initialize" event (this has not been thoroughly tested yet):

    Code:
    if eval_valid("np") then
    session.np=np
    end if
    and replacing the "after validate" code with something like this:

    Code:
    if eval_valid("session.np") then
        Currentform.RedirectTarget = session.np
    else
        currentform.redirectTarget = "index.a5w"
    end if
    Many thanks, now its working for me.

  6. #6
    Member
    Real Name
    JoAnn Ristau
    Join Date
    Jul 2001
    Location
    Texas
    Posts
    188

    Default Re: function for user logins (for LDAP password integration)

    Hi,
    I'm trying to get LDAP authentication to work on our web apps. I have tried the above code on a dialog, but must be missing something. Do I need an LDAP client or something installed on the WAS? Thanks.
    Land of the Free, Because of the Brave
    Support our US Military

  7. #7
    Member
    Real Name
    Steve Krahn
    Join Date
    Oct 2009
    Posts
    20

    Default Re: function for user logins (for LDAP password integration)

    That script makes use of stuff that is typically already part of Windows, so you shouldn't need to install an additional LDAP client.

    That script assumes that the LDAP server uses "uid" to refer to the username, and assumes that the usernames are organized under a section called "employees" -- different LDAP servers do things differently, so you have to adjust the script to match how your LDAP server is configured.

    To test, make a file called "test1.vbs" and put something like the following in it:

    Set dso = GetObject("LDAP:")
    Set ou = dso.OpenDSObject("LDAP://ldap.yourplace.com","uid=your_username,ou=employees,ou=people,dc=yourplace,dc=com","your_password", 0)
    Then open up a command prompt and go to the directory where you put that file and type "test1" and see what kind of error you get. (If you don't get an error, then the login/password worked.)

    This other site seems to have some useful tips: http://www.selfadsi.org/bind.htm

    Quote Originally Posted by joannristau View Post
    Hi,
    I'm trying to get LDAP authentication to work on our web apps. I have tried the above code on a dialog, but must be missing something. Do I need an LDAP client or something installed on the WAS? Thanks.

  8. #8
    Member
    Real Name
    JoAnn Ristau
    Join Date
    Jul 2001
    Location
    Texas
    Posts
    188

    Default Re: function for user logins (for LDAP password integration)

    Thanks. I will try the test and see what happens. I haven't had a chance to get back to this issue until today. Hopefully the test script will reveal the issue.
    Land of the Free, Because of the Brave
    Support our US Military

  9. #9
    Member
    Real Name
    JoAnn Ristau
    Join Date
    Jul 2001
    Location
    Texas
    Posts
    188

    Default Re: function for user logins (for LDAP password integration)

    Well, this is interesting. We use Novell eDirectory so the LDAP syntax is a little different. Since I work in the the Unix world all day, and know the syntax to bind and do ldapsearch against our directory from Oracle, I use that syntax in the test script. I got an error about invalid user ID or password until I removed the password. Then the script executes but no error displays.

    I'm using V11. I created a dialog for ldaplogin using your code above and replacing it with our LDAP syntax. I'll take off the txtPassword in the ASDObject section and see what happens next.
    Land of the Free, Because of the Brave
    Support our US Military

  10. #10
    Member
    Real Name
    JoAnn Ristau
    Join Date
    Jul 2001
    Location
    Texas
    Posts
    188

    Default Re: function for user logins (for LDAP password integration)

    Steve,
    Thanks so much for your examples! I got it to work with our eDirectory LDAP. YAY!
    Land of the Free, Because of the Brave
    Support our US Military

  11. #11
    Member
    Real Name
    Roelof
    Join Date
    Jul 2008
    Location
    Seattle, WA
    Posts
    763

    Default Re: function for user logins (for LDAP password integration)

    Thanks guys fr all of the input, but I have another question in the script you mention:
    strUsername = ut(currentform.Controls.txtUsername.value)
    strPassword = currentform.Controls.txtPassword.value

    Where do you fill these variables, I am still confused where you get these, or with what do you fill them

  12. #12
    Member
    Real Name
    Steve Krahn
    Join Date
    Oct 2009
    Posts
    20

    Default Re: function for user logins (for LDAP password integration)

    When you create a "dialog" in alpha five you are creating a web form with boxes to collect input from the user. If you create a dialog with one textbox called "txtUsername" and another textbox called "txtPassword" and you enter that script under Form / Properties / Server Events / Validate, then the script will run when the user fills in the boxes and clicks submit.

Similar Threads

  1. LDAP Connection for logins
    By parri2bd in forum Archived Wishlist
    Replies: 0
    Last Post: 03-03-2010, 11:58 AM
  2. Concurrent Logins of same User ID's?
    By csda1 in forum Application Server Version 8
    Replies: 15
    Last Post: 08-11-2007, 11:41 AM
  3. is there a built command/function to replace this user Function?
    By Graham Wickens in forum Alpha Five Version 6
    Replies: 4
    Last Post: 12-07-2005, 11:54 AM
  4. Using LDAP for logins
    By Howard G. Cornett in forum Web Application Server v6
    Replies: 1
    Last Post: 06-15-2005, 10:50 AM
  5. Password function doesn't work. Windows XP
    By Richard Christiansen in forum Alpha Five Version 1
    Replies: 2
    Last Post: 05-23-2002, 08:54 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •