Jump to content

What are you currently building ?

Peter Knight

Recommended Posts

17 minutes ago, WinnieB said:

I came to this thread searching for Active Directory solutions. Does anyone have wisdom to share on the best LDAP for AD to work with PW3.x these days? Just arose as a possible requirement on a project.

I'd first look into setting up SAML integration. Overall I think that a SAML powered SSO solution is always easier and more user-friendly approach. SAML Auth handles this quite nicely, though it may take a bit of configuring to get everything right, and it also looks like the module hasn't been updated in a couple of years – so I'd first make sure that there are no issues with the bundled OneLogin's SAML PHP Toolkit.

... and if there are, perhaps you could try updating it and submitting a pull request? ?

There are some LDAP modules as well, and I actually have one just sitting on my local machine that I'd really like to share. It's a module I built in my last job for a client project, and I know it's powering at least one production site already, but I just haven't had the time to add the last finishing touches on it yet. Also, I don't really have a need for LDAP stuff in my personal projects, so there's that ?

Anyway, I can't give a specific timeframe but I'll make a note to get the module finished and published.

  • Like 6
Link to comment
Share on other sites

7 hours ago, WinnieB said:

Thank you Teppo, to be honest I had never heard of SAML before. This project has undergone quite a bit of scope creep so I'm hoping to implement the simplest sufficient solution.

Sounds familiar ?

SAML is actually a pretty simple concept. I'm not an expert, but to summarise:

  • LDAP is a general purpose protocol for communicating with directory services. When it comes to authentication, typically the way you'd set this up is by providing a local login form (ProcessWire's native one or something else), and when the user has provided credentials, you use the LDAP protocol to pass them to the AD server for validation, and then – depending on the reply – either log the user in (creating user object in the process if necessary), or display an error if provided credentials couldn't be validated.
  • SAML is a SSO standard for authentication. Here the identity provider (often ADFS or Azure AD) takes on more responsibilities: in the case of SAML Auth 1) the user attempts to access the admin or other protected area, 2) the module detects this and redirects the user to the IDP's web based GUI, where 3) (unless there's already an open session) the user has to provide authentication details, after which 4) IDP redirects the user back to the site with a SAML response, and finally 5) the module either logs the user in (creating user object if one didn't exist yet) or displays an error.

The reasons I personally prefer SAML is that it's an SSO solution – which means that if the user is already authenticated to the AD server they don't have to authenticate again – and that the IDP actually handles a bigger part of the process, meaning that you don't have to pass credentials to third party services, etc. That being said it doesn't really matter that much which approach you use.

If the client has a backend capable of using SAML, I'd recommend that, but if not then LDAP is a decent fallback. To be honest I'm not really familiar with the service layer, but most commonly you'll find some Microsoft product from the other end. If there's ADFS (Active Directory Federation Services), it should support SAML. On the other hand if the client is using Azure AD, there's actually no LDAP support at all (unless they also use Azure AD DS), so in this case SAML might be your only option.

  • Like 2
Link to comment
Share on other sites

  • 6 months later...
12 hours ago, bernhard said:

I was tired of adding 6 different fields to an event-template just for storing the time range of the event...

Great. Can't wait to see it (if you plan to release this) ? Any plans for recurring events?

  • Like 1
Link to comment
Share on other sites

  • 7 months later...
  • 1 year later...

I want to love Nextcloud but I've always found it unusably slow once you have a lot of files and folders. I am running it on an system with several TB of data so maybe that's a bit high, but I still don't really understand why that's impacting its responsiveness, or even it's search for that matter. I used to use Pydio (and its previous incarnation as Ajaxplorer) and it had its problems with search but was generally but better performance.

PS - I just updated to v21 and it does seem better - maybe they have improved things.

  • Like 1
Link to comment
Share on other sites

Yes, that update was likely the booster: https://nextcloud.com/blog/nextcloud-faster-than-ever-introducing-files-high-performance-back-end/ 

Where/how do you store TBs of data?

23 hours ago, adrian said:

I want to love Nextcloud but I've always found it unusably slow once

I want to love it as well, but it always makes me super happy to come back to ProcessWire. Everything looks great at first sight, but then you realize that either things do not work at all or they do not work as one would expect and have lots of limitations which make the apps almost useless... This seems the case for both customizations (we are so blessed with our hooks!) or with developing apps, which is really too complicated for me and which makes me love the easy of PW even more.

Nonetheless the file syncing and - if it works - collaboration features are cool. And I've talked with a friend recently why there is no central media manager for PW... as I was working with NextCloud the next day I thought I'd try to run NextCloud from within PW and it just worked! We'll see how far I come with NextCloud this time until I get annoyed...

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...