Active Directory authentication provider
Page: 1, 2
Recent posts in this topic
Staff
Ilija Studen
on Jul 23. 2008. 5:16 pm
Users can log in with their AD credential and system will automatically create user accounts for them and log them in. This can be beneficial if you already have a lot of users in AD and don't want to import them manually. If custom authentication fails system falls back to default, build in behavior.
activeCollab Team Member | Experiment: activeCollab on Twitter
Pro
Hi, I am using activeCollab v1.1.2. I tried installing the module per the instructions and it is not working. AC is acting like it is not trying to authenticate the users at all with the module. If I change the AUTH_AD_BIND username or password to something I know is incorrect I do not get any errors, so I don't think the module is being called.
I did not have the define('AUTH_PROVIDER', 'BasicAuthenticationProvider'); line in the config/config.php as the instructions stated so I just added the define('AUTH_PROVIDER', 'ActiveDirectoryAuthenticationProvider'); line and the other define lines with the correct info for my AD system.
Is there a setting in AC to tell it to use the authentication? Or am I missing something else simple?
Thanks for any help
I did not have the define('AUTH_PROVIDER', 'BasicAuthenticationProvider'); line in the config/config.php as the instructions stated so I just added the define('AUTH_PROVIDER', 'ActiveDirectoryAuthenticationProvider'); line and the other define lines with the correct info for my AD system.
Is there a setting in AC to tell it to use the authentication? Or am I missing something else simple?
Thanks for any help
Pro
Steve Mitchell
on Jul 31. 2008. 4:32 pm
Hello,
I've installed this module, but users cannot login even though LDAP authentication is successful.
Here's what I've done to troubleshoot:
I'm capturing packets (via tcpdump) on the host with ActiveCollab installed, and I can see the request go out to our Active Directory server to bind using the service account, which is successful. I then see a bind request for the user attempting to login, and that is also successful.
However, from the users perspective, he/she can never login and is given a "Failed to log you in with data your provided. Please check your data and try again" error.
I know all of the settings in my config are correct since the LDAP auth is working perfectly, and I can see that in tcpdumps. I think there may be another issue here - either it's not passing the right group or role identifier, so things bail, or something else.
There's a cryptic reference to email addresses and login names needing to be the same. What does this mean? My active directory setup definitely does not work this way... we have the following:
usernames in Active Directory are like: steve@internal.companyinternal.com
email addresses are like: steve@company.com
The domains are completely different. Will this matter?
I've installed this module, but users cannot login even though LDAP authentication is successful.
Here's what I've done to troubleshoot:
I'm capturing packets (via tcpdump) on the host with ActiveCollab installed, and I can see the request go out to our Active Directory server to bind using the service account, which is successful. I then see a bind request for the user attempting to login, and that is also successful.
However, from the users perspective, he/she can never login and is given a "Failed to log you in with data your provided. Please check your data and try again" error.
I know all of the settings in my config are correct since the LDAP auth is working perfectly, and I can see that in tcpdumps. I think there may be another issue here - either it's not passing the right group or role identifier, so things bail, or something else.
There's a cryptic reference to email addresses and login names needing to be the same. What does this mean? My active directory setup definitely does not work this way... we have the following:
usernames in Active Directory are like: steve@internal.companyinternal.com
email addresses are like: steve@company.com
The domains are completely different. Will this matter?
Pro
jackmortondigital
on Aug 4. 2008. 4:16 pm
Hi,
I seem to be having the same issues as Steve. At least I'm at the same point - main auth working, the authenticate.php script that comes with adLDAP is working fine, but I just get a bad login error when trying to login to activeCollab. I've tried a bunch of different things in the email address field, including all the possibilities that our AD could be using, but with no luck.
Any suggestions for how to proceed would be much appreciated. I'll respond here if I make any progress.
Thanks.
- Evan
I seem to be having the same issues as Steve. At least I'm at the same point - main auth working, the authenticate.php script that comes with adLDAP is working fine, but I just get a bad login error when trying to login to activeCollab. I've tried a bunch of different things in the email address field, including all the possibilities that our AD could be using, but with no luck.
Any suggestions for how to proceed would be much appreciated. I'll respond here if I make any progress.
Thanks.
- Evan
Pro
Hi,
Will this work with open ldap implementation?
Thanks
Bert
Will this work with open ldap implementation?
Thanks
Bert
jayson.phillips
on Oct 13. 2008. 7:06 pm
All -
We've made a work around for the "email address needs to be the username" issue with using this module.
Once cleaned up a slight bit, I'll be posting a link to the github repository that contains the fork of this module.
It includes a "config" file that allows you to set what fields you are looking for in AD, as well as the domain (if any) needed for logging in.
You should be able to customize it from there if you're remotely comfortable with PHP and LDAP/AD authentication.
Right now it's internally referred to as the "Username Based Active Directory Authentication Provider" or "U-BAD-AP" for short, but we'll be cleaning that and placing the appropriate credits in a readme/changelog that will come with the repository.
We've made a work around for the "email address needs to be the username" issue with using this module.
Once cleaned up a slight bit, I'll be posting a link to the github repository that contains the fork of this module.
It includes a "config" file that allows you to set what fields you are looking for in AD, as well as the domain (if any) needed for logging in.
You should be able to customize it from there if you're remotely comfortable with PHP and LDAP/AD authentication.
Right now it's internally referred to as the "Username Based Active Directory Authentication Provider" or "U-BAD-AP" for short, but we'll be cleaning that and placing the appropriate credits in a readme/changelog that will come with the repository.
Cheers,
jayson j. phillips
Web Developer, Enterprise Applications
jayson j. phillips
Web Developer, Enterprise Applications
Pro
manager-it
on Oct 15. 2008. 1:26 am
Regarding the issue Steve and Jack mention...
Add the line " define('AUTH_AD_EMAIL_SUFFIX','@yourdomainhere.com'); " to the config.php. This addresses the email domain and AD domain being different, and fixes the condition statement in the AD auth file.
-Brad
Add the line " define('AUTH_AD_EMAIL_SUFFIX','@yourdomainhere.com'); " to the config.php. This addresses the email domain and AD domain being different, and fixes the condition statement in the AD auth file.
-Brad
Pro
brettrandall
on Nov 4. 2008. 10:34 pm
I've had the same issue that Steve and Jack have talked about, but adding the AUTH_AD_EMAIL_SUFFIX line does not make any difference... Is this new U-BAD-AP that Jayson was talking about available yet at all?
Thanks
Brett
Thanks
Brett
