WebMO - Computational chemistry on the WWW
Recent news

WebMO 17.0 is now available for free download!

WebMO 17.0 Pro and Enterprise have a variety of additional features and is available for purchase.

The WebMO app is now available for iOS and Android.

August 23, 2019

Active Directory Authentication Log Out | Topics | Search
Moderators | Edit Profile

WebMO Support Forum » Administering WebMO » User Manager » Active Directory Authentication « Previous Next »

Author Message
Robert Badger
Unregistered guest
Posted on Tuesday, August 30, 2016 - 11:34 am:   

I found a perl module:

Authen::Simple::ActiveDirectory

that suggests I may be able to use our campus active directory for authentication with the enterprise version. Before I purchase the upgrade to webmo enterprise server, I would like to know if anyone has implemented active director authentication successfully.

Thank you, Robert Badger.
JR Schmidt
Moderator
Username: Schmidt

Post Number: 522
Registered: 11-2006
Posted on Tuesday, August 30, 2016 - 1:51 pm:   

Robert,

I don't think anyone has used this with WebMO Enterprise, but it should work fine with only trivial tweaks. WebMO should be able to use any of the Authen::Simple:XXX plugins. I would just do some basic testing of the Authen::Simple::ActiveDirectory module itself, from a simple script, to make sure it works with your campus setup. If so, integrating into WebMO should be trivial.
John Keller
Unregistered guest
Posted on Wednesday, November 02, 2016 - 12:22 am:   

Is the "Authen::Simple::ActiveDirectory" perl module required for active directory authentication? I thought Authen::Simple::LDAP" was what we should use for this. Anyway, I did install the latter, and edited authen.conf with the appropriate dn=blah, dn=edu suffix. I defined a group and tried to log in as an AD user with the AD password, and I got "Invalid username/password" message. What am I missing?
John Keller
Unregistered guest
Posted on Wednesday, November 02, 2016 - 12:57 am:   

If in fact Active Directory authentication is different than LDAP authentication, how do I invoke it? An "Active Directory" entry does not appear in the Authentication pull-down menu under System Manager.
JR Schmidt
Moderator
Username: Schmidt

Post Number: 539
Registered: 11-2006
Posted on Wednesday, November 02, 2016 - 10:13 am:   

ActiveDirectory is different than LDAP. Active Directory is not explicitly supported by WebMO (mainly because I do not have the means to test it!).

That said, it should be straightforward to use. Install Authen::Simple::ActiveDirectory Perl module. Then one must edit 'password_external.cgi' to use ActiveDirectrory rather than LDAP. See the CPAN documentation for a list of options for the module.
Shawn Cutting
Unregistered guest
Posted on Monday, May 01, 2017 - 11:17 am:   

I have just set up WebMO to authenticate against Active Directory using Authen::Simple::LDAP.

As stated by JR Schmidt, you have to edit the "password_external.cgi" file as follows:

if (/^ldap$/)
{
require Authen::Simple::LDAP;
$auth = Authen::Simple::LDAP->new(
host => $ldapHost,
filter => "(samaccountname=%s)",
binddn => "<full>",
bindpw => "<password>",
basedn => $ldapBaseDN);
last SWITCH;
}

I also found that you may need to "uri_unescape($password) in the "sub check_external_password" of the same file:

sub check_external_password
{
use URI::Escape;
my($username, $password) = @_;
if ($auth == undef) { _init_auth() };
return $auth->authenticate($username, uri_unescape($password));
}

I had to cpan URI to make this work.
Shawn Cutting
Unregistered guest
Posted on Monday, May 01, 2017 - 11:20 am:   

Edit:
The binddn and password in my post should be:
"full DN of a user who can search AD" and
"password of the binddn user"

Add Your Message Here
Post:
Username: Posting Information:
This is a public posting area. Enter your username and password if you have an account. Otherwise, enter your full name as your username and leave the password blank. Your e-mail address is optional.
Password:
E-mail:
Options: Post as "Anonymous"
Enable HTML code in message
Automatically activate URLs in message
Action:

Topics | Last Day | Last Week | Tree View | Search | Help/Instructions | Program Credits Administration