Jump to content

Authentication: is AD/LDAP better supported


Guest matg

Recommended Posts

Posted

Does 2.2 have better support for Active Directory/LDAP authentication and syncing?

We us IPB on a corporate intranet, so better AD support would be very very nice!

I'm currenlty using AD on my 2.1 install for authentication, but what I'd really like is for the board to sync with AD and pull in my AD users complete with first name and last name, email address, job title, department, phone number and even use there staff photogaph as their Avatar - that would be perfect.


:thumbsup:

Posted

If I'm not mistaken you can use IP.Converge (when it comes out of beta) to do this more flawlessly than the simple login manager included in IPB. With IP.Converge you can also link other IPS products together.

Posted

Um... As far as I'm aware Luke, Converge does nothing at all to do with LDAP.. :unsure:

Posted

Um... As far as I'm aware Luke, Converge does nothing at all to do with LDAP.. :unsure:



Where that may be true, isn't it possible to create a module to make that happen? As far as I know Converge was designed to sync authentication across different software applications, whether it be other IPS products or third party (other than IPS) applications. If not, I stand corrected.
Posted

I'm sure it'd be possible to sync login information via a custom converge app, but that's already possible with IPB itself.

Problem being, none of the information the poster wanted will be synced by Converge ( first name, last name, job title, department, phone number and photograph ), so you're really no better off writing a converge app to do it than just using the IPB login manager. ;)

Posted

Oops! Did not see that part >_<

I suppose it may be possible for it to sync more, wouldn't it be? Would take some doing though.

Posted

I'm currenlty using AD on my 2.1 install for authentication, .....


I don't suppose you can share your config (sanitised) for using AD? I too have an IPB on our internal network and want to use AD for auth but have struggled to get it working.

A better interface for config & debug would be a lot better instead of having to hand edit .php config files in the bowels of the source code ...

Ian
Posted

I don't suppose you can share your config (sanitised) for using AD? I too have an IPB on our internal network and want to use AD for auth but have struggled to get it working.





Ian



I cant send you my files but i did foind it very easy to set up.

You just the address of the AD server
The port (usually its the default)
An account on the AD server that lets you pull the information in
And then the correct OU and DC settings and thats it.
Posted

Oops! Did not see that part >_<



I suppose it may be possible for it to sync more, wouldn't it be? Would take some doing though.



So in answer to my question, there is no AD/LDAP sync support in 2.2? If not there is a real openign here for someone to produce a commercial plugin/module to add this functionality - I'd buy it!

What about future version? Whats the roadmap for development. If its not on the cards Invision is missing a great selling point here as alot of coporates are using forums but there users want single sign on (which is possible) but they also want access to other staff member details.
Posted

With a few easy modifications, you can pull whatever data you want from LDAP, including setting up the display name and email automatically (in fact, I've done these modifications for clients in the past). It is simply just not simple enough for an average user, which is who our product caters to.

Posted

With a few easy modifications, you can pull whatever data you want from LDAP, including setting up the display name and email automatically (in fact, I've done these modifications for clients in the past). It is simply just not simple enough for an average user, which is who our product caters to.


Well then, I think you just gave a succinct explanation for why there is an opening for IPS to create a decent, functional integration module for AD. This would be a boon for running IPB in an enterprise intranet environment.

In fact, if you've already done it for customers, the dev effort to produce such a beasty should be a lot smaller!

I'd buy such a thing in a blink (even 2 if that would initiate development :))

Ian

PS to tell the truth, I've been contemplating ditching IPB (after 4 successful years) and moving to another platform (.NET, SQL server etc) since this has pre-built, rich integration into AD. If you could just nail this issue I could stay where I am.
Posted

But he said its possible. I'm sure if you needed it (or wanted to know how) submit a ticket and he'll do it for you, and/or tell you.


If it was created as a plugin module that would be great.

I wouldn't want it done as a set of mods to the main code since that only makes ongoing upgrades and support problematic (= extra cost).

Ian
  • 5 months later...
Posted

That isn't something phpbb is doing - it's a custom modification. I've done the same thing before, on a case-by-case basis.

While all of this stuff is indeed possible (I've done it, multiple times) the problem I run into is the extensibility of the login manager. It can be used for many many more types of login systems beyond ldap, and some things here are of course LDAP specific.

I'll revisit this in a future version.

Posted

With a few easy modifications, you can pull whatever data you want from LDAP, including setting up the display name and email automatically (in fact, I've done these modifications for clients in the past). It is simply just not simple enough for an average user, which is who our product caters to.



I've got a login authentication module for our software and I'd love to pull extra information (names/email, etc) into IP.Board on create. Do you have any example code for auth.php to enable this?

Edited to add: Is this something I should talk to you guys about via my Customer Interface?
Posted

We don't provide coding assistance via the client area I'm afraid. Truthfully, we don't provide coding or modification assistance here either. I'd recommend posting over at IPS Beyond for assistance, or seeking out a custom modification from someone.

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...