LDAP配置在testlink中（mark一下） ldap testlink 

was able to add this feature by making the following changes:

in user.class.php I eliminated the self::isPasswordMgmtExternal test in comparePassword and encryptPassword

in doAuthorize.php I changed the auth_does_password_match function

function auth_does_password_match(&$user,$cleartext_password)
{
    $authCfg = config_get('authentication');
      $ret = new stdClass();
    $ret->status_ok = true;
    $ret->msg = 'ok';

    if ('LDAP' == $authCfg['method'])
    {
        $msg[ERROR_LDAP_AUTH_FAILED] = lang_get('error_ldap_auth_failed');
        $msg[ERROR_LDAP_SERVER_CONNECT_FAILED] = lang_get('error_ldap_server_connect_failed');
        $msg[ERROR_LDAP_UPDATE_FAILED] = lang_get('error_ldap_update_failed');
        $msg[ERROR_LDAP_USER_NOT_FOUND] = lang_get('error_ldap_user_not_found');
        $msg[ERROR_LDAP_BIND_FAILED] = lang_get('error_ldap_bind_failed');
       
        $xx = ldap_authenticate($user->login, $cleartext_password);
        // if the LDAP fails for any reason then check the local
        if($xx->status_ok)
        {
            // LDAP authenticated
            $ret->status_ok = $xx->status_ok;
            $ret->msg = $msg[$xx->status_code];
        }
        else
        {
            //LDAP failed - try the local DB
            if ($user->comparePassword($cleartext_password) != tl::OK)
            {
                // LDAP pass back the original LDAP error if the local db does not authenticate
                $ret->status_ok = $xx->status_ok;
                $ret->msg = $msg[$xx->status_code];
            }
        }

    }

    else // normal database password compare
    {
        if ($user->comparePassword($cleartext_password) != tl::OK)
            $ret->status_ok = false;
    }
   
    return $ret;
}


//////////////////////////////////////////////////////
In our environment we use LDAP for our general users and we create special administrative users using local ids. I have noticed a few requests for this in the forums.

I have updated the code below to support checking only when the LDAP user is not found.

function auth_does_password_match(&$user,$cleartext_password)
{
    $authCfg = config_get('authentication');
      $ret = new stdClass();
    $ret->status_ok = true;
    $ret->msg = 'ok';

    if ('LDAP' == $authCfg['method'])
    {
        $msg[ERROR_LDAP_AUTH_FAILED] = lang_get('error_ldap_auth_failed');
        $msg[ERROR_LDAP_SERVER_CONNECT_FAILED] = lang_get('error_ldap_server_connect_failed');
        $msg[ERROR_LDAP_UPDATE_FAILED] = lang_get('error_ldap_update_failed');
        $msg[ERROR_LDAP_USER_NOT_FOUND] = lang_get('error_ldap_user_not_found');
        $msg[ERROR_LDAP_BIND_FAILED] = lang_get('error_ldap_bind_failed');
       
        $xx = ldap_authenticate($user->login, $cleartext_password);
        // if the LDAP fails for any reason then check the local
        if($xx->status_ok)
        {
            // LDAP authenticated
            $ret->status_ok = $xx->status_ok;
            $ret->msg = $msg[$xx->status_code];
        }
        else
        {
            // user not found in LDAP - try the local DB
        if($xx->status_code == ERROR_LDAP_USER_NOT_FOUND)
        {
                if ($user->comparePassword($cleartext_password) != tl::OK)
                {
                    // LDAP pass back the original LDAP error if the local db does not authenticate
                    $ret->status_ok = $xx->status_ok;
                    $ret->msg = $msg[$xx->status_code];
                }
        }
        else
        {
                // LDAP pass back the original LDAP error if the local db does not authenticate
                $ret->status_ok = $xx->status_ok;
                $ret->msg = $msg[$xx->status_code];
        }
        }

    }
    else // normal database password compare
    {
        if ($user->comparePassword($cleartext_password) != tl::OK)
            $ret->status_ok = false;
    }
   
    return $ret;
}