LDAP - one more time

1, 2
avatar m80junk2 Sep 3. 2009. 1:10 am #11
Definitely would support this! Crucial :(
avatar proskurin-kv Sep 3. 2009. 10:59 am #12
So we have many peaple what could support development of this simple plugin.

Is here any developers who can do this work?
avatar Fei Y. Dev Sep 7. 2009. 10:15 am #13
Hi everyone, I have developed a LDAP module and now it's for sale!

Visit my website http://www.activecollabmod.com for more info!

Highlights
· Enables LDAP login ability for ActiveCollab 2.x
· Built with safety in mind
· Automatically synchronizes user information with LDAP server
· Highly customizable
· Tested on Microsoft Active Directory for Windows Server 2003
· Potentially supports other LDAP providers
www.activecollabmod.com
Professional activeCollab module/integration provider
avatar proskurin-kv Sep 7. 2009. 10:48 am #14
activecollabmod:
Hi everyone, I have developed a LDAP module and now it's for sale!

Visit my website http://www.activecollabmod.com for more info!

Highlights
· Enables LDAP login ability for ActiveCollab 2.x
· Built with safety in mind
· Automatically synchronizes user information with LDAP server
· Highly customizable
· Tested on Microsoft Active Directory for Windows Server 2003
· Potentially supports other LDAP providers


Sounds great but we use OpenLDAP and before purchase we want to be sure what it is works well. For example - it will work if in UUID fild we chose "mail"?
So login will be like 'localpart@domain.org',

Muiltydomain?
eg -> 'localpart@domain2.org', 'localpart@domain3.org' and so on.

Search filters? Group mapping?
avatar Fei Y. Dev Sep 7. 2009. 6:26 pm #15
proskurin-kv:

Sounds great but we use OpenLDAP and before purchase we want to be sure what it is works well. For example - it will work if in UUID fild we chose "mail"?
So login will be like 'localpart@domain.org',

Muiltydomain?
eg -> 'localpart@domain2.org', 'localpart@domain3.org' and so on.

Search filters? Group mapping?


Yes, if you want to use mail as the unique identifying field just put it in the setting and turn off "is binary" option. This module is very customizable.

For multi domain, user can enter their full login name containing domain name then system will not assume the default domain. Also you'll need to increase the scope of the baseDN setting to dc=org. Right now it cannot work in the case of you have both .org and .com.

I haven't thought about Search filters and group mapping but thanks for your advice I will keep improving the module.

This is NOT a "as is" piece of code. Customers will receive support.
www.activecollabmod.com
Professional activeCollab module/integration provider
avatar proskurin-kv Sep 7. 2009. 7:12 pm #16
Yes, if you want to use mail as the unique identifying field just put it in the setting and turn off "is binary" option. This module is very customizable.

For multi domain, user can enter their full login name containing domain name then system will not assume the default domain. Also you'll need to increase the scope of the baseDN setting to dc=org. Right now it cannot work in the case of you have both .org and .com.

I haven't thought about Search filters and group mapping but thanks for your advice I will keep improving the module.

This is NOT a "as is" piece of code. Customers will receive support.


Support is sounds really good!
I ask you few more question just because I can see or test your plugin. :-)

1) As I understand baseDN is hardcoded? Our baseDN is "dc=CAS" for example. it is not a big problem if we can easly change it in your code. Could we?

2) As I understand some search filter is hardcoded too. Like "ObjectClass=*" ?
Search filter is important because we - and many others - have many different type of accounts in LDAP and they have a same attribute like "uid" or "mail". So it will broke auth if it auth against wrong account.

So - it is possible to easly change a search filter?
For example we will want this: "ObjectClass: mailUser"
avatar Fei Y. Dev Sep 8. 2009. 6:33 am #17
proskurin-kv:
Support is sounds really good!
I ask you few more question just because I can see or test your plugin. :-)

1) As I understand baseDN is hardcoded? Our baseDN is "dc=CAS" for example. it is not a big problem if we can easly change it in your code. Could we?

2) As I understand some search filter is hardcoded too. Like "ObjectClass=*" ?
Search filter is important because we - and many others - have many different type of accounts in LDAP and they have a same attribute like "uid" or "mail". So it will broke auth if it auth against wrong account.

So - it is possible to easly change a search filter?
For example we will want this: "ObjectClass: mailUser"


Thank you for your advice. Let me answer your questions:
1. baseDN can be changed from admin panel. It is not hardcoded.
2. search filter is somewhat hardcoded. You can easily add more filters into the source code.
3. In the original design I thought about group mapping but didn't come up a decent way to implement it. The thing is users in ActiveCollab can have only one system role but in LDAP they can belong to many. So I only provide a setting to default an ActiveCollab role to first time LDAP users.
www.activecollabmod.com
Professional activeCollab module/integration provider
avatar Fei Y. Dev Sep 21. 2009. 1:46 am #18
Some updates (see my website http://www.activecollabmod.com/ for screenshot):
Added multiple group mapping based on directory
Added search filters
Tested on OpenLDAP
www.activecollabmod.com
Professional activeCollab module/integration provider
avatar fernando.silva Sep 30. 2009. 12:36 pm #19
Interested. A single sign on interface (CAS, Shibbollet...) would be even better.
avatar SimpsonTech Jul 2. 2010. 2:13 am #20
Yea, remember that it wouldn't necessarily need AD/LDAP directly, using some of the existing authentication/federation options would be fine as well - PAM/RADIUS/OpenID...