WebMO - Computational chemistry on the WWW
Recent news

WebMO 19.0 is now available for free download!

WebMO 19.0 Pro and Enterprise have a variety of additional features and is available for purchase.

The WebMO app is now available for iOS and Android.

March 31, 2020

Active Directory Authentication Log Out | Topics | Search
Moderators | Edit Profile

WebMO Support Forum » Administering WebMO » User Manager » Active Directory Authentication « Previous Next »

Author Message
Robert Badger
Unregistered guest
Posted on Tuesday, August 30, 2016 - 11:34 am:   

I found a perl module:


that suggests I may be able to use our campus active directory for authentication with the enterprise version. Before I purchase the upgrade to webmo enterprise server, I would like to know if anyone has implemented active director authentication successfully.

Thank you, Robert Badger.
JR Schmidt
Username: Schmidt

Post Number: 522
Registered: 11-2006
Posted on Tuesday, August 30, 2016 - 1:51 pm:   


I don't think anyone has used this with WebMO Enterprise, but it should work fine with only trivial tweaks. WebMO should be able to use any of the Authen::Simple:XXX plugins. I would just do some basic testing of the Authen::Simple::ActiveDirectory module itself, from a simple script, to make sure it works with your campus setup. If so, integrating into WebMO should be trivial.
John Keller
Unregistered guest
Posted on Wednesday, November 02, 2016 - 12:22 am:   

Is the "Authen::Simple::ActiveDirectory" perl module required for active directory authentication? I thought Authen::Simple::LDAP" was what we should use for this. Anyway, I did install the latter, and edited authen.conf with the appropriate dn=blah, dn=edu suffix. I defined a group and tried to log in as an AD user with the AD password, and I got "Invalid username/password" message. What am I missing?
John Keller
Unregistered guest
Posted on Wednesday, November 02, 2016 - 12:57 am:   

If in fact Active Directory authentication is different than LDAP authentication, how do I invoke it? An "Active Directory" entry does not appear in the Authentication pull-down menu under System Manager.
JR Schmidt
Username: Schmidt

Post Number: 539
Registered: 11-2006
Posted on Wednesday, November 02, 2016 - 10:13 am:   

ActiveDirectory is different than LDAP. Active Directory is not explicitly supported by WebMO (mainly because I do not have the means to test it!).

That said, it should be straightforward to use. Install Authen::Simple::ActiveDirectory Perl module. Then one must edit 'password_external.cgi' to use ActiveDirectrory rather than LDAP. See the CPAN documentation for a list of options for the module.
Shawn Cutting
Unregistered guest
Posted on Monday, May 01, 2017 - 11:17 am:   

I have just set up WebMO to authenticate against Active Directory using Authen::Simple::LDAP.

As stated by JR Schmidt, you have to edit the "password_external.cgi" file as follows:

if (/^ldap$/)
require Authen::Simple::LDAP;
$auth = Authen::Simple::LDAP->new(
host => $ldapHost,
filter => "(samaccountname=%s)",
binddn => "<full>",
bindpw => "<password>",
basedn => $ldapBaseDN);
last SWITCH;

I also found that you may need to "uri_unescape($password) in the "sub check_external_password" of the same file:

sub check_external_password
use URI::Escape;
my($username, $password) = @_;
if ($auth == undef) { _init_auth() };
return $auth->authenticate($username, uri_unescape($password));

I had to cpan URI to make this work.
Shawn Cutting
Unregistered guest
Posted on Monday, May 01, 2017 - 11:20 am:   

The binddn and password in my post should be:
"full DN of a user who can search AD" and
"password of the binddn user"
Posted on Friday, February 21, 2020 - 8:44 pm:   

JR's suggestion works. Our campus uses Active Directory for user authentication. We are using WebMO 19 on a CentOS 7 system. First install the CPAN module with
$ perl -MCPAN -e "install Authen::Simple::ActiveDirectory"
Then edit the password_external.cgi file by changing the ldap section as follows (you'll need to get the host name of your active directory server from your tech office).

if (/^ldap$/)
require Authen::Simple::ActiveDirectory;
$auth = Authen::Simple::ActiveDirectory->new(
host => 'myuni.ad.mystate.edu',
principal => 'mystate.edu');
last SWITCH;

Finally under System Manager, choose LDAP authentication.

Add Your Message Here
Username: Posting Information:
This is a public posting area. Enter your username and password if you have an account. Otherwise, enter your full name as your username and leave the password blank. Your e-mail address is optional.
Options: Post as "Anonymous"
Enable HTML code in message
Automatically activate URLs in message

Topics | Last Day | Last Week | Tree View | Search | Help/Instructions | Program Credits Administration