All the Perl that's Practical to Extract and Report

YaBB with Active Directory?

ajt on 2005-03-23T16:37:50

At work we run YaBB as a discussion board for our technical support staff. The original plan was to use a News server, and a newsreader, but IT didn't want staff using any extra software, so we install YaBB on our Linux/Apache servers, and let them access via a web browser.

It's proved quite popular, but there is a problem, the users can't remember their username/passwords. For some time there was an unreported SMTP fault that was recently corrected that may have caused some password reminder problems. Basically IT want a product that support M$ Active Directory, so the users don't need to logon explicitly to the discussion forum.

A quick search with Google didn't turn up anything helpful. I need to find a way of patching YaBB to support AD, or find a discussion board software package with AD support. I don't do NT/IIS, and all I know about AD, is that it's a broken/proprietary version of LDAP.

Start with LDAP

autarch on 2005-03-23T17:00:25

MSAD does support at least some of LDAP, so that's the place to start (and probably your only hope).

Re:Start with LDAP

ajt on 2005-03-23T20:06:43

I considered LDAP, that's at least civilised, it's getting it to work with NTLM on a Linux/Apache box with YaBB that's going to be fun. While YaBB is Perl based, it's not very well written, and a bit of a hack. We're also running an older version - which reminds me I need to patch it anyway. I'm not a happy bunny, it's not my project, and it's not something I'm exactly keen to work on.

Re:Start with LDAP

Dom2 on 2005-03-23T21:56:17

Can YaBB use Apache's own authentication (basic auth)? If so, then you should be able to make Apache authenticate against the AD server. Apache2 comes with mod_auth_ldap builtin. I think that there's an NTLM authentication module out there as well.

Here's an example of making a subversion server talk to an AD server.

-Dom

Re:Start with LDAP

ajt on 2005-03-24T12:03:04

I must confess to knowing very little about YaBB, I didn't do the evaluation or the installation, it landed on my desk after a departmental re-organisation.

The server is currently an Apache 1.3.x system, though it will upgrade to Apache 2.x when we eventually upgrade the server. Getting LDAP to work with AD is probably possible, as you and others have suggested, making it work with NTLM is more interesting.

While NTLM is very convenient, it's very weak crypto, and makes your whole organisation weak, especially when it's all Windows based. Thankfully when the system collapses one of these days the Linux systems will sit in glorious isolation....

perl.com article

link on 2005-03-23T22:29:48

perl.com has an article about authenticating with active directory from perl,looks like its exactly what you need
http://www.perl.com/pub/a/2001/12/19/xmlrpc.html

Re:perl.com article

ajt on 2005-03-24T12:04:09

Ta, it's printed out now, and I'll have to give it a read.