Categories
Uncategorized

Quick and dirty PlaySMS LDAP auth

PlaySMS is some awesome Open Souce SMS software but it lacks a couple of features for our use case, one of which was some form of centralised auth. Ultimately I’d like to write a proper plugin to allow SAML auth so we can front this with AzureAD but for now, as it’s at on premise anyway, we’ll have to make do with this bodgey LDAP integration.

Bear in mind that with this in place you’ll no longer be able login with any internal PlaySMS credentials so ensure that you create a user that matches your LDAP username and grant it admin permission before you apply this modification. It would of course be a trivial change to make this try to auth via the DB, then fail back to LDAP or vice versa if that’s what you’d prefer.

Anyway, open up plugins/core/auth/fn.php and replace

$db_query = "SELECT password,salt FROM " . _DB_PREF_ . "_tblUser WHERE flag_deleted='0' AND username='$username'";
	$db_result = dba_query($db_query);
	$db_row = dba_fetch_array($db_result);
	$res_password = trim($db_row['password']);
	$res_salt = trim($db_row['salt']);
	$password = md5($password . $res_salt);
	if ($password && $res_password && ($password == $res_password)) {

with

$ldapserver= "ldaps://ldapservername";
$ldap = ldap_connect($ldapserver);
$bind = @ldap_bind($ldap, $username . "@domainname.tld", $password);
if ($bind) {

Told you it was quick and dirty, but it works. Obviously you’ll need to ensure that you create users within PlaySMS that match the users in LDAP, we’re currently shoving this directly into the MySQL database.

You’ll also need to install the PHP LDAP extension.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s