Windows Authentication - LDAP

[vtphilk]

Is there any thought of adding windows authentication so that users can login to the web page of pacsone with their normal windows username password? It would just likely have to support LDAP. I have not dug thru the php but maybe this is something I could hack in but just wondering if there is a supported or will be a supported way of doing this..

Thanks!

[pacsone]

It's certainly possible to run the user authentication against a LDAP backend, but a more difficult question is do we need to bypass the browser login page where the users enter their username/password information? If so, how do we get the current Active Directory (AD) username/password supplied to the web browser before they can be authenticated against LDAP?

[vtphilk]

while it would be nice to have SSO (Single Sign On) I was just referring to the possibility to use the same LDAP password.

So the process would be, setting in pacsone that points to LDAP server rather local authentication. Then admin would have to create user just as today but the password field would be blank as it would just pass the authentication piece onto LDAP.

I frequently use the ldap class in PHP:
http://adldap.sourceforge.net/

However, I believe there is builtin support for LDAP in most apache installs.

[pacsone]

Thanks for the URL link, and we'll see what we can do to add LDAP integration for user authentication.

[marcos]

Has this been done?
if so how do i set it up.

[pacsone]

We haven't got a chance to attend to this feature, but how useful is it without the SSO (Single Sign On) because users would still have to enter their username/password information into their browser in order to login?

In the meanwhile, other users may consider SSO a security risk rather than a convenience. That's why this feature has not been given a high priority on our To-Do list.