Authentication against active directory

[CaCtus491]

I'm trying to use the active directory provided by SBS2003 to authenticate ZM users so that users of the system can use a single password for all network services.

I have added an extra 'if' block around the existing authentication code which authenticates the supplied credentials against the active directory (using the ntlm_auth command).
I then took the password criteria out of the SQL statement. (see code below)

I have done things this way as it required minimal changes, allowing me to continue using the permissions system of ZM.

Can anyone suggest a better way to achieve this? I've really just made a quick hack to get it going.

Cheers,
-Kent

The following code was modified around line 40 of zm_funcs.php:

Code: Select all

exec('/usr/bin/ntlm_auth --username=' . escapeshellarg($username) . ' --password=' . escapeshellarg($password), $stdOut, $result);
        if ($result == 0) {
                $sql = "select * from Users where Username = '".mysql_escape_string($username)."' and Enabled = 1";
                $result = mysql_query( $sql );

[zoneminder]

If you can get a username into the HTTP_REMOTE_USER environment variable you can use ZM remote authentication. But other than that what you have done seem sensible. If I can think of a generic way to include this then I will include it in the main distro.

Phil

[theorganloft]

If you can get a username into the HTTP_REMOTE_USER environment variable you can use ZM remote authentication. But other than that what you have done seem sensible. If I can think of a generic way to include this then I will include it in the main distro.

Phil

Have any improvements been made on this?

[wasabi]

You can use mod_auth_kerb to accomplish this.