In Zend authentication how do i check additional column along with authentication?

Question

I have a scenario where i need to check some additional columns while doing the authentication. This is because, the application stores some usernames in database and some in LDAP. the authentication precedence is for usernames in database. If username exist in database, we will not check in LDAP else we will check it in LDAP.

For LDAP users, we are keeping a copy of there usernames in same "user" table with a blank password column. To disgusting both group of users, there is an additional column called userDirectory with values "LDAP and INTERNAL". we have to keep a copy of LDAP usernames for application specific settings and all.

Also username+userDirectory is a uniqueKey

Now my problem is, sometimes there will be multiple users with same username but in different userDirectory. as mentioned above LDAP users will not have a password stored in database and that authentication is a separate code snippet.

I am using the below code for DB authentication. Even though i am adding a condition setCredentialTreatment('md5(?) AND userDirectory="internal"'), it is searching LDAP users also. HOW do i restrict this for userDirectory='internal'

$dbAdapter = Zend_Db_Table::getDefaultAdapter();
$authAdapter = new Zend_Auth_Adapter_DbTable($dbAdapter);
$authAdapter->setTableName('users')
            ->setIdentityColumn('username')
            ->setCredentialColumn('password')
            ->setCredentialTreatment('md5(?) AND userDirectory="internal"');
$authAdapter->setIdentity($username);
$authAdapter->setCredential($password);

Answer 1

I have changed your code:

$dbAdapter = Zend_Db_Table::getDefaultAdapter();
$authAdapter = new Zend_Auth_Adapter_DbTable($dbAdapter);
$authAdapter->setTableName('users')
            ->setIdentityColumn('username')
            ->setCredentialColumn('password')
            ->setCredentialTreatment('MD5(?)'); // changed
$authAdapter->setIdentity($username);
$authAdapter->setCredential($password);

$authAdapter->getDbSelect()->where('userDirectory = "internal"'); // added

Answer 2

http://framework.zend.com/manual/1.12/en/zend.auth.adapter.dbtable.html

check the last code under Advanced Usage By Example, code is as follows

    $registry       =   Zend_Registry::getInstance();
    $DB             =   $registry['DB'];
    $authAdapter    =   new Zend_Auth_Adapter_DbTable($DB,'usertable','username','password');

    $authAdapter->setIdentity($request->getParam('username'));
    $authAdapter->setCredential($request->getParam('password'));

    $select         =   $authAdapter->getDbSelect();
    $select->where('`active` = 1');
    $result         =   $authAdapter->authenticate();

    if($result->isValid()){
            //set user proper to zend instance
            $this->_redirect('/index');
    }
    else
    {
       //logout or redirect to same page
    }

Answer 3

Extends Zend_Auth_Adapter_DbTable and override _authenticateCreateSelect() method like this

protected function _authenticateCreateSelect()
    {
        $select = parent::_authenticateCreateSelect();
        return $select->where('userDirectory = ?','internal');
    }