1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.5 xenForo Active Directory/LDAP

Discussion in 'XenForo Questions and Support' started by Foxtrek_64, Jan 30, 2016.

  1. Foxtrek_64

    Foxtrek_64 Member

    Hello all,

    After looking around on the forums, I found this thread discussing LDAP and Active Directory. However, seeing as the thread was from 2011, I thought it better to make my own thread instead of necro-ing the other one.

    That being said, I am trying to use LDAP to enable Single Sign-On capability between my xenForo forum and the Hawkeye user administration plugin for Minecraft.

    Both xenForo and the Hawkeye Web Interface use a mssql database to hold usernames and passwords (so I might just be able to tell Hawkeye to read from the xenForo user database, or at least synchronize particular users), however I'm looking for a solution that allows for future-proofing.

    That being said, have there been any additions or changes to xenForo in the past five years to allow for LDAP or similar capability? I have xenForo running in a DMZ (created by a Cisco ASA 5510 firewall), so I could very easily either put an AD server there or on my internal network to handle authentication.

    Alternatively, for persistent sign-on, xenForo likely uses cookies in the browser or some kind of certificate-based authentication (so you don't have to log in again every time you go to another page). Would it be possible to have my Hawkeye server request this cookie/certificate and allow people to connect in this way, alternatively prompting for a username and password if this is not available?

    After doing a bit of research, I've found this modification for Hawkeye. It seems correct code-wise, but will the plugin still work with xenForo? I'm a bit wary about using three-year old code.
    Last edited: Jan 30, 2016
  2. Mike

    Mike XenForo Developer Staff Member

    As it stands, no not currently.

    Conceptually that might work, though this specific one doesn't appear to use the current XenForo password scheme (bcrypt). It would probably need a different approach.
  3. Foxtrek_64

    Foxtrek_64 Member

    Given the base framework available in the Hawkeye modification, I might be able to get that to work. Is there any documentation available for bycrypt or will I need to spin up my xenForo vm and take a look at the login code?
  4. Mike

    Mike XenForo Developer Staff Member

    It's not as simple to process Bcrypt as basic SHA passwords, depending on your PHP version. XenForo uses a library (http://www.openwall.com/phpass/) to help.

Share This Page