Jump to content

Active Directory Integration


Marvin Scharle
 Share

Recommended Posts

Hello everybody,
 
a few weeks have been passed since the last update. As you maybe remember, we introduced LdapSignIn, a module which allows you to sign in via an LDAP server account. Since you guys reported that there are many features missing to call it a "solution for Active Directory".
 
Well, during the last weeks, we've thrown the module away, restructured and rebuilt it from the ground up. So we can now truely say: yes, this is a real solution for this porpuse.
 
First of all, we've split the LdapSignIn module into 3 different modules

  • WireAD handles the connection between ProcessWire and the Active Directory. It delivers a straight-forward API for authentication and accessing objects in the Active Directory. So your modules can access it as well.
  • LoginAD extends the ProcessWire login process, so users from the Active Directory can log in.
  • LoginSingleSignOnAD enables Single Sing On for ProcessWire using an Active Directory.

Second, the modules also include a set of realy nice features:

  • User and Group Migration
    You can define rules to map Active Directory user and group attributes into ProcessWire user and roles fields.
  • Groups in Groups
    WireAD is able to detect groups in groups. So if user A is member of group B and group B is member of group C, user A is migrated as member of both group B and C.
  • TLS and SSL
    WireAD handles connections via SSL or TLS to your domain controllers
  • Load Balancing
    You can specify more than one domain controller to load balance between them
  • Auto-detect Base DN or manually specify it
  • Unique User and Role Objects
    Users and groups are migrated using their Active Directory GUID, so they are mapped as unique objects in ProcessWire

Third, I created a demo video to show you some of these features:

So what do you think? Please leave a comment below.

Greetings from Germany

Marvin

  • Like 14
Link to comment
Share on other sites

Marvin, this looks great -- the feature set has most of the things I can think of right now, and, in fact, this looks like something we could use pretty much out of the box. Many of our sites these days are using the UserGroups module, so I'd probably be looking into adding a few fine-tuning settings to make these modules work together nicely, though  :)

What's your take on cleaning up users/sessions, i.e. does this module check if user account is still valid and active (and, preferably, if groups have changed) in the AD? That's something we've found pretty important in "more serious" use cases.

Also: do we get to play with the source, is this a free or commercial package.. what's your plan here? :)

  • Like 3
Link to comment
Share on other sites

This looks great Marvin.

My only suggestion would be to have the GUID as a separate field and not use the name field. I think I know why you have, but for example I already have an Intranet with a lot of code that relies on the name field doing what it does now for some other checks I have (yes, it's a bit selfish of me :P).

What you could do is have the module install a new field for the GUID and attach it to roles template as well as the users template so that the role name displays in the list instead of the GUID - same with the user name at the bottom-right of the screen. You could then have the module hook into field delete to make sure that field doesn't get deleted by anyone unless they uninstall the module. You also then have some meaningful content in the name fields if someone did un-link their site from AD for whatever reason.

Either way, this is amazing work and I would happily pay for it if it's a commercial module :)

  • Like 3
Link to comment
Share on other sites

  • 2 weeks later...
  • 5 months later...
  • 1 year later...
  • 2 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...