News:

SMF 2.1.4 has been released! Take it for a spin! Read more.

Main Menu

Ldap Authentication Mod

Started by psa, July 02, 2008, 05:53:13 AM

Previous topic - Next topic

ziycon

Yup, you have my interest, I've been looking for a proper LDAP mod that's actively supported. I know of a lot of people that would like this mod also.

psa

So far as I know, this mod still works on current versions of 1.1.x.  I tried to make it as upgradable as I could.

For SMF 2 it looks like all the database calls will need to be rewritten, and the configuration screens will need to be entirely redone.  I'm not even sure how to do this second part in SMF 2, so I'll have to do some research.

Mr. Jinx

#102
I have recently installed this on a SMF 1.1.11 install with AD. Works perfect.
Now I hope development of this mod continues to SMF 2!
Shouldn't this mod be submitted as an official ldap mod in the modification-section?

psa

There's an explanation in one of the first few pages that they rejected this mod because it depends on third party systems (the LDAP server).  While I disagree very strongly with this assessment both of the situation (an LDAP server is no more an external dependency than the webserver, PHP engine, or the browsers that users access SMF with) and with the small mindedness of discouraging larger systems integration like this, SMF is not an open source project and has no obligation to the community.  I respect their right to make these decisions for themselves, even when they shoot themselves in the foot.

I pursued it further than that, but they were very clear that this was considered an unsupported "bridge", and they wouldn't discuss it further.

Still researching SMF 2 mods.

Arantor

Note that that was 2 years ago, times and attitudes can and do change.

There are mods that rely on third party services currently available; most of the anti spam ones do, so there is definitely precedent for it.

psa

Arantor-
Yes, and there was a previous, less-thorough ldap mod accepted, which was still available on the mod site when I submitted, so I don't expect any particular level of consistency in these decisions.

If you think it is worth resubmitting this mod, I will do so.

Arantor

I would, folks can make use of it.

Certainly when I was on the cust team I wouldn't have thrown it out on the basis of a third party requirement, and if there's an argument I can find you multiple mods that have dependencies outside of the basic SMF+server environment.

The one problem is that it is harder to test and validate the mod for security and performance because few team members (if any) will have an LDAP environment to test against.

psa

There is still a mod entry for it, number 1283: "Warning: This mod has been removed from the approval queue".  Should I make a new one, or somehow ask that the old one get reviewed?

I notice that the very old (2005) mod for SMF 1.0 is still present, even now.

Arantor

You can send the SMF Customization Team (account #1) a PM and they can reopen the mod, including you updating it if you wanted to.

Dark//Virus

Just would like to add, i have been running this mod for about 18 months now, and i havent had to touch it since, once setup does everything we could ever want
(15:10) <@DV> !ban Ard-Choille
(15:10) -ChanServ- Banned Ard-Choille from #deluxe.
(15:10) <@DV> Man that felt good

Mr. Jinx

#110
Some extra input for the (possible) next vesion.

First I tried LDAP with AD, this worked without problems.
Then I tried to connect to our global LDAP server which doesn't run AD. This time it couldn't bind to the server.
After modifying the code with this patch from jcwatson11 : http://www.simplemachines.org/community/index.php?topic=247449.msg1810973#msg1810973 everything works smooth!
So it might be worth to take a look at that.

Finally we have a corporate forum thanks to this mod 8)

sibobbler

First time here. Just started using SMF as a staff community forum at an Educational establishment here in the UK. We really want this to talk to AD so that our teachers don't have to remember yet another username and password!

I have a budget waiting if somebody wants to get this working in 2 RC3. It will be shared with the community if done.  :)

Please PM me if you are interested in undertaking this work.

Thanks,
S.

psa


elsim04

Hello, where I can download the latest version of your algorithm LdapAuth?
Mr. Jinx

Mr. Jinx

First of all, I didn't make it (read this post: http://www.simplemachines.org/community/index.php?topic=247449.msg1810973#msg1810973)
But here is the modified file I use to get LDAP (non AD) working. It contains all the changes from jcwatson11's post.

ysmdm1

Quote from: Mr. Jinx on June 16, 2010, 11:01:47 AM
First of all, I didn't make it (read this post: http://www.simplemachines.org/community/index.php?topic=247449.msg1810973#msg1810973)
But here is the modified file I use to get LDAP (non AD) working. It contains all the changes from jcwatson11's post.

This LDAP working on latest version right ??

Thank youi

Mr. Jinx

No, this is for latest smf 1.x.x

asko

Hello,

I used it on smf 1.1.11/Linux mandriva 2010.1 and OpenLdap
It works fine !
But, manually installed because package seems corrupted by package manager

Before (smf 1.0.5) I used another mod, but it doesn't work with 1.1.11

So thanks for this great job !

lmsdefense

Anyone make any progress with the port to 2.x?

lewism

I definitely have use for LDAP integrations.

I think one reason that you were hearing crickets is because most users have small one man sites or fairly simple sites, perhaps using a bridge, what ever. Not many would want to run a separate LDAP server is my guess.

Also, something even more important is that there are so many products which come to light, people start using them then the dev gives up on it and now that we are depending on this, are SOL for security and other updates.

I myself prefer to pay for these types of things and have some sort of promise that it'll be around for a while.

So, we're using SMF 2.0 RC4 I believe, what's the status on your product?

Thanks.

Advertisement: