Authentication hooks

Hi stickmus,

This question comes up a lot; you may want to search the forums for other perspectives.

Our needs are very simple; all we want is to validate the password against Active Directory given a username that already exists in ExpressionEngine’s database. Everything else will use the existing code. We want to minimize the impact of our hack to make things easier to upgrade as EllisLab releases new versions.

We’re probably going to address this by deleting the code between the “Check password” and “Invalid password” comments in cp.login.php (this is lines 208-229 in version 1.6.3) and replacing it with a custom hook. The bulk of the code is based on an existing authentication library we’ve written, which we’ll modify into an EE extension.

Sorry, I don’t expect that my employer will allow me to release the source code for this, but I will be sure to ask in a couple months when I get to this part of the project.

Jesse,

Thanks for this detailed info. I’m going to start looking into something similar for us with internal ldap auth functions.

For anyone that’s interested, has the PHP know how and time, Knowledgtree’s community version has an LDAP auth module that works great both with openLDAP and AD. The source for their LDAP functions is in there ‘xxx…baseauthentication…xxx’.php files. I would think it could be similarly ported over for EE, but per the conditions, I’m not a php guru, but would be willing to help someone who is, in trying to work out such an extension.

I have an LDAP extention… working very nice and willing to help anybody trying to overcome this…

!! Whatever you have I would be extremely greatful and willing to try to test/enhance as much as I can! Post or PM me!

+1

Would be nice if this was made public if possible.