LDAP login into Discourse


(Roni Baby) #1

Can you possible to integrate LDAP login into Discourse? If possible let me know the steps
We are using Discourse in Ubuntu 12.04LTS server

Thanks
Roni


Brand new plugin interface
(Geo PC) #2

Myself and Roni are working in same organization and we need to integrate Discourse with openldap. Please let us know is it possible? If possible please update us the steps.

Still now we didn’t got any proper solution for this.

Thanks
Geo


(Sam Saffron) #3

This is possible today using the new plugin interface, see:

You would include the gem and implement those 3 methods.


(Telmo X) #4

@sam is the plugin interface documented somewhere? I am trying to get auth working against ActiveDirectory with the omniauth-ldap gem however I can’t quote figure out how to actually configure the Strategy itself, since it needs to know what AD controller to connect to… port and a myriad of other things.


(Ariel Jannai) #5

Hi telmox, did you manage to integrate Discourse with the Active Directory? If so, is it working with SSO?
thanks


(José F Romaniello) #6

As an alternative, we have just published an Auth0 plugin for discourse here. You can hook this plugin to your discourse and configure your LDAP connection in auth0. You will see a gif in the readme explaining the steps.

Basically Auth0 is an authentication broker, with this setup;

Your discourse talks oauth with Auth0, Auth0 talks with a “connector” you have to install inside your company. The connector talks with LDAP.

If your LDAP is AD, please note that it is also possible to enable Kerberos authentication for a certain range of ip address (also shown in the README). This is transparent for you, when you are inside the ip range, it will automatically let you sign in and discourse will see your profile, if you are outside of the ip-range you will have to enter your AD credentials.

This also works for other type of enterprise directories like google apps and office365. Feel free to contact Auth0 if you need more information.

Disclaimer: I work for auth0 and this is my first post.


(Michael - DiscourseHosting.com) #7

Very nice. Will it be a lot of extra work to move the settings into SiteSettings, and will it be multisite-proof then?


(José F Romaniello) #8

@michaeld I think it will not require much work, just that I’m not familiar with this part of the Discourse plugin API and couldn’t find much information yet. Any links?

As you can see in the repository I already defined the settings but I was having an issue when using SiteSettings (sitesettings is not defined), maybe I was using it a little bit early?

I need also to use some of the settings in the javascript asset, not sure how to do this either.


(Michael - DiscourseHosting.com) #9

For some reason the server side is called SiteSetting and the client side is called SiteSettings.


(Sam Saffron) #10

We should clean this up.


(José F Romaniello) #11

@michaeld thanks for your interest and the great tips. I’ve updated the plugin and now is configurable through site_settings:


(Sam Saffron) #12

Do you mind posting a separate post with your plugin and information and flagging it, so I can move it to the plugin category


(José F Romaniello) #13

@sam I just did! thanks


A working ldap plugin for discourse
(Ravikiran Janardhana) #14

If anyone is looking to add SSO auth to Discourse via LDAP, take a look at discourse-sso-python-ldap. The README has instructions on how to get it working with your ldap server.


(Jon Bake) #15

I wrote a Discourse Plugin to make this a bit easier: GitHub - jonmbake/discourse-ldap-auth: Discourse plugin to enable LDAP/Active Directory authentication..


(Sam Saffron) #16

Would you like to post a plugin post here? I added you to plugin authors


(Jon Bake) #17

There is already this solid post on plugins: Beginner's Guide to Creating Discourse Plugins - Part 1. Not sure how much more I could add to the discussion.


(Erlend Sogge Heggen) #18

Heh, I’m pretty sure Sam was asking if you would like to create a dedicated topic to properly present your new plugin, so that it can be more easily found.


#19

Great stuff! Thanks.

Funny there are now two ldap auth plugins coming within last 48 hours.


(Andre Kosak) #20

thanks! your plugin worked for my Windows 2008 Active Directory perfectly