matg Posted November 28, 2006 Posted November 28, 2006 Does 2.2 have better support for Active Directory/LDAP authentication and syncing?We us IPB on a corporate intranet, so better AD support would be very very nice!I'm currenlty using AD on my 2.1 install for authentication, but what I'd really like is for the board to sync with AD and pull in my AD users complete with first name and last name, email address, job title, department, phone number and even use there staff photogaph as their Avatar - that would be perfect. :thumbsup:
Luke Posted November 28, 2006 Posted November 28, 2006 If I'm not mistaken you can use IP.Converge (when it comes out of beta) to do this more flawlessly than the simple login manager included in IPB. With IP.Converge you can also link other IPS products together.
Guest Posted November 28, 2006 Posted November 28, 2006 Um... As far as I'm aware Luke, Converge does nothing at all to do with LDAP.. :unsure:
Luke Posted November 28, 2006 Posted November 28, 2006 Um... As far as I'm aware Luke, Converge does nothing at all to do with LDAP.. :unsure:Where that may be true, isn't it possible to create a module to make that happen? As far as I know Converge was designed to sync authentication across different software applications, whether it be other IPS products or third party (other than IPS) applications. If not, I stand corrected.
Guest Posted November 28, 2006 Posted November 28, 2006 I'm sure it'd be possible to sync login information via a custom converge app, but that's already possible with IPB itself.Problem being, none of the information the poster wanted will be synced by Converge ( first name, last name, job title, department, phone number and photograph ), so you're really no better off writing a converge app to do it than just using the IPB login manager. ;)
Luke Posted November 28, 2006 Posted November 28, 2006 Oops! Did not see that part >_< I suppose it may be possible for it to sync more, wouldn't it be? Would take some doing though.
ianhoyle Posted November 28, 2006 Posted November 28, 2006 I'm currenlty using AD on my 2.1 install for authentication, .....I don't suppose you can share your config (sanitised) for using AD? I too have an IPB on our internal network and want to use AD for auth but have struggled to get it working.A better interface for config & debug would be a lot better instead of having to hand edit .php config files in the bowels of the source code ... Ian
matg Posted November 30, 2006 Posted November 30, 2006 I don't suppose you can share your config (sanitised) for using AD? I too have an IPB on our internal network and want to use AD for auth but have struggled to get it working. IanI cant send you my files but i did foind it very easy to set up. You just the address of the AD serverThe port (usually its the default)An account on the AD server that lets you pull the information inAnd then the correct OU and DC settings and thats it.
matg Posted November 30, 2006 Posted November 30, 2006 Oops! Did not see that part >_< I suppose it may be possible for it to sync more, wouldn't it be? Would take some doing though.So in answer to my question, there is no AD/LDAP sync support in 2.2? If not there is a real openign here for someone to produce a commercial plugin/module to add this functionality - I'd buy it!What about future version? Whats the roadmap for development. If its not on the cards Invision is missing a great selling point here as alot of coporates are using forums but there users want single sign on (which is possible) but they also want access to other staff member details.
Management Matt Posted November 30, 2006 Management Posted November 30, 2006 There is LDAP/AD support via the log in modules for IPB 2.1 and IPB 2.2.
bfarber Posted November 30, 2006 Posted November 30, 2006 With a few easy modifications, you can pull whatever data you want from LDAP, including setting up the display name and email automatically (in fact, I've done these modifications for clients in the past). It is simply just not simple enough for an average user, which is who our product caters to.
ianhoyle Posted November 30, 2006 Posted November 30, 2006 With a few easy modifications, you can pull whatever data you want from LDAP, including setting up the display name and email automatically (in fact, I've done these modifications for clients in the past). It is simply just not simple enough for an average user, which is who our product caters to.Well then, I think you just gave a succinct explanation for why there is an opening for IPS to create a decent, functional integration module for AD. This would be a boon for running IPB in an enterprise intranet environment.In fact, if you've already done it for customers, the dev effort to produce such a beasty should be a lot smaller!I'd buy such a thing in a blink (even 2 if that would initiate development :)) IanPS to tell the truth, I've been contemplating ditching IPB (after 4 successful years) and moving to another platform (.NET, SQL server etc) since this has pre-built, rich integration into AD. If you could just nail this issue I could stay where I am.
ianhoyle Posted November 30, 2006 Posted November 30, 2006 What I'd be looking for is something like the "Microsoft Windows Authentication" module that is available for Community Server, a competing product for building bulletin boards and online communities.ian
Cybertimber2009 Posted November 30, 2006 Posted November 30, 2006 But he said its possible. I'm sure if you needed it (or wanted to know how) submit a ticket and he'll do it for you, and/or tell you.
ianhoyle Posted November 30, 2006 Posted November 30, 2006 But he said its possible. I'm sure if you needed it (or wanted to know how) submit a ticket and he'll do it for you, and/or tell you.If it was created as a plugin module that would be great.I wouldn't want it done as a set of mods to the main code since that only makes ongoing upgrades and support problematic (= extra cost). Ian
t-readyroc Posted May 23, 2007 Posted May 23, 2007 Any more news on this? In addition to the authentication being done via LDAP, we'd like to incorporate LDAP group synchronization as well, along the lines of what phpbb is doing....
bfarber Posted May 23, 2007 Posted May 23, 2007 That isn't something phpbb is doing - it's a custom modification. I've done the same thing before, on a case-by-case basis.While all of this stuff is indeed possible (I've done it, multiple times) the problem I run into is the extensibility of the login manager. It can be used for many many more types of login systems beyond ldap, and some things here are of course LDAP specific.I'll revisit this in a future version.
Djelibeybi Posted May 24, 2007 Posted May 24, 2007 With a few easy modifications, you can pull whatever data you want from LDAP, including setting up the display name and email automatically (in fact, I've done these modifications for clients in the past). It is simply just not simple enough for an average user, which is who our product caters to.I've got a login authentication module for our software and I'd love to pull extra information (names/email, etc) into IP.Board on create. Do you have any example code for auth.php to enable this?Edited to add: Is this something I should talk to you guys about via my Customer Interface?
bfarber Posted May 24, 2007 Posted May 24, 2007 We don't provide coding assistance via the client area I'm afraid. Truthfully, we don't provide coding or modification assistance here either. I'd recommend posting over at IPS Beyond for assistance, or seeking out a custom modification from someone.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.