Using the search, I only found outdated threads or such with no definite answer, so I am interested what the current state of myBB is:
Is there any way (aside from coding it myself) to authenticate using an LDAP-Server instead of the internal user database? If not: Has anyone adopted this feature in their short-term roadmap?
I want to create a forum for an organization that already has a large user data base and does not want to maintain two seperate systems with separate passwords, so syncing the myBB internal Logins manually with the LDAP system is out of question.
It appears that myBB is leaving professional environments based on LDAP ungrudgingly to phpBB3 and vBulletin... I would definitely prefer the great GUI of myBB over the overloaded phpBB3, but unfortunately, the missing LDAP functionality seems to be a definite knockout.
I'm going to be honest it's not a common request around here(but one that I agree we should have).
In theory the old posts you found should still work though.
the simplest solution would be to give the option to connect with a LDAP server and then populate the mybbuser table with the LDAP username and password, much like the facebook connect and other plugins do.
once authenticated and the new account created, you can go from there. when logging in, verify the user is an LDAP account and grab/update the mybb password to match the LDAP password. then log the user in.
so it would still require user interaction to login, but it would first check an LDAP server(s).
(2011-08-30, 02:53 PM)Alex Smith Wrote: [ -> ]I'm going to be honest it's not a common request around here(but one that I agree we should have).
Honesty ist what I was looking for
So I understand there ist no short-term solution at hand except to learn php and writing my own mod (which ist not a preferrable solution for me). Synchronizing LDAP accounts to another (=myBB) DB would also not satisfy security demands of our IT department.
Even though I had hoped that myBB is fitter for LDAP-integration: Thank you both for your quick and precise answers! I appreciate it.
(2011-08-30, 02:53 PM)Alex Smith Wrote: [ -> ]I'm going to be honest it's not a common request around here(but one that I agree we should have).
In theory the old posts you found should still work though.
Actua;;y this is the third or fourht thread i can recall of this.
@Mark
You're more active than I am in recent times
. I can't recall a recent one.
(2011-09-08, 05:49 AM)Alex Smith Wrote: [ -> ]@Mark
You're more active than I am in recent times . I can't recall a recent one.
I used to just answer plugin requests, since every second one was a free alternantive to a labrocca plugin. Iregardless, from memory these are last year and the year before.
(2011-08-31, 11:25 AM)novamax Wrote: [ -> ]So I understand there ist no short-term solution at hand
Define "short-term solution". I'm working on a plugin. I still have to figure out the login, "change a password", "add an account" and "how to authenticate an account" hooks, but I've figured out how to write a plugin, and LDAP is trivial (for someone who's written a few packages that use it).
Give me a while (I have no idea if that means days or weeks - it depends on how much paid work I have, how fast I can find plugins that do parts of what I need to learn and how fast I can learn MyBB) and I'll release an alpha test version. That means "it works on my computer and network, but don't blame me if it unsolders your CPU, trashes your LDAP server and burns your building down". IOW, if the network admin doesn't owe you his life, set up a test LDAP server.
The plugin is only going to read the LDAP server (and only one tree, not a forest - yet). You'll have choices - automatically add an account if there is none, how to add it (require email, admin approval, board default, etc.) and, in case of fire, you can disable the whole LDAP code by changing one value in the database (it'll be documented), although if you can still log into the ACP you can disable it in Settings too.
It'll be tested on a Windows 2003 AD LDAP server. No guarantees for anything else, but the basic code does work on 2008 and OpenLDAP, so this should too.
As I say, give me a while. (Or learn to write plugins.)
Update. I submitted a test plugin today. We'll see how long it takes for the powers that be to approve or disapprove it. It only works if there's an account on MyBB for that login so far (but if the LDAP server authenticates the login/password, it changes the password in MyBB to match the one in LDAP.) I'm going to start trying to figure out how to tell MyBB to create a new account.
So it's not done yet, it's not released yet, but it's probably close to being released and adding the account if there is none shouldn't be too difficult (I hope).