Announcement

Collapse
No announcement yet.

Fallback authentication mechanism when LDAP fails

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Fallback authentication mechanism when LDAP fails

    Is there a way to make the Espo authentication mechanism the fallback method for the times when LDAP fails? I'm also interested in this so I can separate some of my users from the LDAP configuration. The majority of my users are part of the main LDAP configuration because they are internal employees, but we also allow subcontractors to access our CRM system and adding them to the LDAP system is not a possibility. It would be really helpful if the authentication mechanism would say "I didn't find anything in LDAP... let me try Espo".

    This is the relevant code. Could the other implementation be used if the first one fails?

    PHP Code:
    229 $authenticationImpl $this->getAuthenticationImpl($authenticationMethod);
    230
    231 $params 
    = [
    232 'isPortal' => $this->isPortal(),
    233 ];
    234
    235 $loginResultData 
    = [];
    236
    237 $user 
    $authenticationImpl->login($username$password$authToken$params$this->request$loginResultData); 

  • #2
    This is not a long term solution at all, but it solved my most immediate issue:
    Code:
    diff --git a/application/Espo/Core/Utils/Auth.php b/application/Espo/Core/Utils/Auth.php
    index 03c8a24b..626c14db 100644
    --- a/application/Espo/Core/Utils/Auth.php
    +++ b/application/Espo/Core/Utils/Auth.php
    @@ -243,7 +243,18 @@ class Auth
    }
    
    if (!$user) {
    -   return;
    +   $authenticationImpl = $this->getAuthenticationImpl("Espo");
    +   $params = [ 'isPortal' => $this->isPortal(), ];
    +   $loginResultData = [];
    +   $user = $authenticationImpl->login($username, $password, $authToken, $params, $this->request, $loginResultData);
    +   $authLogRecord = null;
    +   if (!$authTokenIsFound) {
    +     $authLogRecord = $this->createAuthLogRecord($username, $user, $authenticationMethod);
    +   }
    +
    +   if (!$user) {
    +     return;
    +   }
    }
    Basically, if LDAP authentication fails, it will use the Espo method. If that fails, it will do what it did before - return.

    Comment

    Working...
    X