Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We've moved the forum!

Please use forum.silverstripe.org for any new questions (announcement).
The forum archive will stick around, but will be read only.

You can also use our Slack channel or StackOverflow to ask for help.
Check out our community overview for more options to contribute.

Archive /

Our old forums are still available as a read-only archive.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo

LDAP support for Silverstripe


Go to End


31 Posts   17160 Views

Avatar
lancer

57 Posts

4 November 2007 at 6:50am

OK, nothing much to do today so....

I recoded the LDAP module into the Simple Authentication Module. It has 2 drivers now, LDAP and IMAP/POP3. Not submitting this to trac yet, since it isn't finished. It works, but I still need to do the internationalization (and maybe more drivers).

Putting it here to give people a chance to look at it first and/or play with it. Unpack it in your silverstripe root dir and look at the documentation to do the rest.

Avatar
Tim

Community Member, 201 Posts

4 November 2007 at 9:19am

Dude, you rock! Keep up the great work :-)

Avatar
Ingo

Forum Moderator, 801 Posts

4 November 2007 at 3:31pm

wow, looks very good so far! thanks for your work

one little suggestion: the naming of "SimpleAuthenticator" is a bit confusing.
we currently have MemberAuthenticator (arguably the "simplest" method) and OpenIDAuthenticator. especially if we decide to include ldap-auth into sapphire (rather than a module), it doesn't really aid the developer in choosing the preferred method. how about ServiceAuthenticator? ProtocolAuthenticator? DirectoryAuthenticator?

ingo

Avatar
lancer

57 Posts

4 November 2007 at 11:48pm

Then I simply go with what it reads on the login page tab; "External Authenticator". That OK?

Some suggestions for useful drivers? (Like SMB/SMTP, but they probably won't work without some PEAR modules. AD should be supported already, but I forgot the default settings for it so I should do dome digging around in my archives).

Also for 0.2 I plan to have a user autocreate possibility (with preset group memberships and permissions).

After the renaming I'll continue this thread in the "Modules" topic and create a wiki page for documentation.

Avatar
Markus

Google Summer of Code Hacker, 152 Posts

5 November 2007 at 5:22am

I would suggest to name them POP3Authenticator, IMAPAuthenticator, LDAPAuthenticator, ...

Avatar
Tim

Community Member, 201 Posts

5 November 2007 at 10:53am

Edited: 05/11/2007 10:57am

SMB is really interesting idea, I may be miss understanding it, but would that in theory enable us to browse a remote SMB directory from within a SilverStripe site? If so that opens up a wide range of possibilities in terms of Intranet applications, for example if a company wanted open up part of their file server as as part of an extranet (which we've had a number of requests for in the past).

It also brings up the bigger issue of other "file systems" - for example, some video based content which we stream for clients, we host on Streaming net , a mini Alkami service, other clients with lots of big files may want to host those files on the Amazon S3 service as the bandwidth and storage is cheaper than what can be offered by most web hosts.

So, in the future I'm guessing we'll need to deal with a number of "files" areas, beyond "files on your webserver"..

...another file based authentication protocol to think about is WebDAV.

Anyway, really excited by your work :-)

Avatar
lancer

57 Posts

5 November 2007 at 7:00pm

Edited: 06/11/2007 5:47am

@Markus, not possible. It is one module (that needs the name) with 2 different drivers and maybe more in the future.

@Tim, the PEAR stuff I worked with was just for password. If you want that kind of functionality I think you'd have to add a filesystem virtualization layer to SilverStripe. The best and easiest filesystem types to add first would be DAV and ftp, but I think you will need PEAR/PECL modules to do it (unless you want to do it all by yourself). That means that this will probably only be usable for "managed" servers. Those servers already have an alternative. Either mount SMB/CIFS natively or use FUSE (http://fuse.sourceforge.net), which is becoming more common in the newer Linux distributions (which you'd already need because of the PHP5 requirement). I use it personally to mount my network homedir, using only the ssh daemon server side. Windows users are out of luck though (but hey, Windows certainly supports SMB natively ;-) )

---> Continued in Modules with new pre release

Go to Top