Blog

ExpressionEngine, CodeIgniter and Laravel Developer

How to integrate ExpressionEngine in Microsoft Active Directory or LDAP servers

 

More about ADConnet on: app.25hweb.com

In enterprise IT environments Windows Server is often adopted because of the features offered by Active Directory. This component allows the implementation of a local domain to centralize management of user accounts, user policy, permissions etc.

Using ExpressionEngine inside company with a IT environmente will meet sooner or later the need to interface your ExpressionEngine web application with Active Directory.

The scenario is often the following:

  • all business users already have a domain account;
  • you must allow the business user to login with the same account within the application built with ExpressionEngine.

This is possible with a custom module for ExpressionEngine. If you are interested in a product like this please contact me. The module developed by me is called Ad Connect and currently implements the following features:

  • authentication in Active Directory environments Microsoft Windows 2012 Server;
  • User automatic registration of domain in a default Members Group;
  • password synchronization;
  • option to allow the authentication of ExpressionEngine even if the Microsoft Windows 2012 domain controller appears to be offline or does not respond within a preset timeout;
  • integration with the Developer Logs in ExpressionEngine;
  • ExpressionEngine v. 3.3.0.
 
AUTHENTICATION ON ACTIVE DIRECTORY ENVIRONMENT IN MICROSOFT WINDOWS 2012 SERVER

Microsoft domain users can access to the control panel, or sign in using the login form tag.

 

AUTOMATIC REGISTRATION OF DOMAIN USER GROUP MEMBERS IN A DEFAULT

During the first attempt to access to the control panel or via the tag login form, if user and password are correct, it will automatically create a new user within ExpressionEngine. This will be added to a Member Group previously created. This means that you will have a "native"  ExpressionEngine Members, so you can use all the tags and third-party addons that use Members.

 

Password synchronization

This feature allows you to properly manage the domain user's password. A domain network administrator and the domain user himself could change their password. This means that the next positive login in ExpressionEngine, Ad Connect will update the user's password in ExpressionEngine. Passwords are stored in encrypted according to the SHA1 hashing algorithm.

 

AUTHENTICATION ON ExpressionEngine EVEN IF MICROSOFT WINDOWS 2012 DOMAIN CONTROLLER IS BEING ONLINE OR IF YOU DO NOT RESPOND WITHIN ONE PRESET TIMEOUT

This feature, which can be enabled or disabled, allowing you to login to a domain user (who has already made once the access to ExpressionEngine) to access to the control panel or front-end in the event that the domain controller appears offline or does not respond within a certain time. This will mean that users can access to your system based on EE during  problems due to the infrastructure of the LAN or corporate network systems. It also allows on a new scenario to release your application or Web site from IT environment ad  maintaining and running all Members regardless of the Microsoft corporate domain.

 

INTEGRATION WITH THE DEVELOPER LOG ExpressionEngine

Logs are foundations especially when you are talk about different systems managed by different people. In this sense Ad Connect is integrated with Developer Logs available in ExpressionEngine. All operations, errors and warnings are logged. This enables you rapid troubleshooting.

 

ExpressionEngine V. 3.3.0

Ad Connect is compatible with EE v. 3 but is possibile to make a port to EE v. 2.x.