LDAP Support

1, 2, 3
avatar arion Jul 24. 2006. 2:24 pm #1
Is there any plan to implement LDAP support?

Thanks,
Arion
avatar davidmcalduch Jul 26. 2006. 5:30 am #2
Connect with AD like it

David Martínez
avatar Ilija Studen Staff Jul 26. 2006. 5:50 am #3
There is plan, but nothing for sure. I'm thinking about abstracting authentification so you can use aC user database, LDAP, user database of other application or anything else.

Thats just a plan, I can't tell you when it will be implemented.
avatar jaga Aug 3. 2006. 9:41 am #4
For what it is worth, another vote for ldap.
avatar cgk Sep 3. 2006. 4:50 pm #5
Same here, another vote for ldap authentication. I am running off a dreamhost installation which allows me to run the program without having to ram it through IT, but limits how many users I can reasonably add to the system manually. Cheers

--chris
avatar Ilija Studen Staff Sep 4. 2006. 12:45 am #6
Abstracting authetication is one of the things that will be added to 0.8 so you can create your own authentication sources - will it be some existing database, web service, LDAP or whatever, you will be able to make it. activeCollab will ship with default source (current implementation) and if you need something specific just use or write a different plugin.
avatar Nabeel Sep 6. 2006. 9:59 am #7
It's not too hard to hack the auth. Right now in aC i've changed a bit of the a uth so it just checks the username in aC, but the password and username get tossed to our internal intranet login app that then tosses it to an ldap, then i just read the callback within aC.

it's in accesscontroller.class.php.
avatar ffletch Nov 1. 2006. 3:55 pm #8
Nabeel,

Do you mind posting an example of your code? Heck, if anyone has an example, I would love to try it out.
avatar madhu Nov 8. 2006. 7:32 pm #9
To authenticate all users but admin against AD, we replaced

if(!$user->isValidPassword($password)) {
tpl_assign('error', new Error(lang('invalid login data')));
$this->render();
} // if

With

// use internal ldap password check unless admin
if ($username == "admin") {
if(!$user->isValidPassword($password)) {
tpl_assign('error', new Error(lang('invalid login data')));
$this->render();
} // if
} else {
$ad=ldap_connect("<AD SERVER>");
ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 3);
$bd = @ldap_bind($ad,$username."@<DOMAIN>",$password);
ldap_unbind($ad);
if (!$bd) {
tpl_assign('error', new Error(lang('invalid login data')));
$this->render();
}
}

The user must first have an account within aC with the same username that allows them to authenticate against the AD.
avatar drivencompassion Nov 9. 2006. 11:59 am #10
Will this be merged into the next build for testing? Much love!
or Go To Next Page