[Suggestion] LDAP Authentication
- Thread starter dcasux
- Start date
Jason Voice
New member
DeskPro’s probably the best ticketing system out there for the money by far for many reasons – and we audit a lot of them - believe me.
If you’re looking for full AD integration in a forum then Jitbit (http://www.jitbit.com/asp-net-forum/) seems to be the best solution at the moment. Delving deeper in in to phbpbb’s ldap implementation has revealed a comedic lack of ability and some very worrying levels of security too.
Assuming you have some Windows servers around if you’re using AD, Jitbit is an asp.net forum that offers support for MySQL. Would prefer to use Xenforo as it’s much prettier, but Jitbit seems pretty much it for full on hassle free AD integration at the mo.
Main Company
Active member
Never heard of Jitbit, thanks for mentioning. Unfortunately we're running Ubuntu Linux servers exclusively.DeskPro’s probably the best ticketing system out there for the money by far for many reasons – and we audit a lot of them - believe me.
If you’re looking for full AD integration in a forum then Jitbit (http://www.jitbit.com/asp-net-forum/) seems to be the best solution at the moment. Delving deeper in in to phbpbb’s ldap implementation has revealed a comedic lack of ability and some very worrying levels of security too.
Assuming you have some Windows servers around if you’re using AD, Jitbit is an asp.net forum that offers support for MySQL. Would prefer to use Xenforo as it’s much prettier, but Jitbit seems pretty much it for full on hassle free AD integration at the mo.
What have others found in a forum product that supports LDAP? I saw PHPBB v3.0.12 mentioned in an earlier post in this thread, but have no experience with that product. Is there anything else that runs on a Unix OS that I can look at?
Jason Voice
New member
PHPBB3 is good if you want a free forum, but its LDAP implementation is very basic. It will search a forest entirely but if you operate lots of child domains then it gets very messy very quickly. It also seems to be taking a copy of the authenticated user’s password and is saving it in its own database for some unfathomable reason - posing a security issue. It also clearly authenticates against this record it takes, so you have the situation where if a user changes their password on the domain, PHPBB will authenticate to their old password as well as their new one!! I imagine you could add a routine to some sort of cron to delete the contents of whatever table is holding a copy of the passwords every min or so, but the ldap implementation is so basic it wouldn’t have done the job for me anyway, so I gave up on it.
If you go the PHPBB route then do be wary of that record keeping it’s doing.
Main Company
Active member
Ugh, guess I'll keep looking and will stay with XF until I either find an LDAP alternative or XF implements LDAP. Thanks.
Jason Voice
New member
I'm currently having chats with the guys at Burning Board (http://www.woltlab.com/) They have a chargeable ldap plug-in that is pretty basic, but they are currently working on an extended model that will bring more direct AD integration - in-line with other more advanced AD plug-in solutions such as the one DeskPro uses. I'm trying out a few possible solutions for them at the moment and it's looking good so far - but not really clear on when it will be complete.
If you don't opperate any child domains then their current implementation will work well for you.
Main Company
Active member
Given this thread over there, it looks like there are still some issues. I would love to see how they respond to this poster's questions and whether they can work through the items he's identifying.
Jason Voice
New member
I would too. That poster is me. 
I have a separate thread going with them in their ticketing system. I think they'll have multi domain solution very soon - which is all I need. It's not that hard to be honest to mod the extra facility in to their existing ldap module. I've already been approached by a number of users there who have written their own ldap mods to cope with child domains based on their base module, but I'm sticking with the main guys for the time being if they can be quick - which they're promising (at the moment anyway).
If you are simply operating one domain then it will work for you already. I have it running on a test server on one domain and it's fine.
I have a separate thread going with them in their ticketing system. I think they'll have multi domain solution very soon - which is all I need. It's not that hard to be honest to mod the extra facility in to their existing ldap module. I've already been approached by a number of users there who have written their own ldap mods to cope with child domains based on their base module, but I'm sticking with the main guys for the time being if they can be quick - which they're promising (at the moment anyway).
If you are simply operating one domain then it will work for you already. I have it running on a test server on one domain and it's fine.
Main Company
Active member
Fantastic! Please let me know what you hear back when they finally answers your questions and respond. I'm very interested.I would too. That poster is me.
I am employing multiple subdomains for various applications. So, for example, users access the forum via discuss.domain.com; and they access our cloud data storage server (OwnCloud.org) by visiting files.domain.com; and they access our web mail services (Zimbra.com) by visiting mail.domain.com. (OwnCloud & Zimbra are LDAP compliant services). So, in our case, a user is going to have access to all of the services across our domain space, with users possessing different access rights within those services.
Given your understanding of their current architecture, am I going to have an issue as well?
Thanks for your assistance.
