Wordpress
For this article we used Wordpress version 2.7.1. To authenticate Wordpress users with Active Directory you will need to download a Wordpress plugin called 'Simple LDAP Login'. The plugin can be downloaded from the URL http://downloads.wordpress.org/plugin/simple-ldap-login.1.2.zip. Unzip the downloaded file in the directory wp-content/plugins directory.
Next, log into Wordpress as admin. First, we will need to activate the 'Simple LDAP Login' plugin. For this, click on the Plugins menu on the left. Click on the Activate link besides the 'Simple LDAP Login' plugin. Next, click on Settings>?Simple LDAP Login? on the left. Type in the following:

Account Suffix: @pcqlinux.net
Base DN: CN=Users,DC=pcqlinux,DC=net
Domain Controller(s): ad.pcqlinux.net

Here the account suffix matches the domain in the 'User logon name' specified in the Active Directory. Finally, you will need to create Wordpress users whose usernames match the Active Directory logon names. Similar to SugarCRM and Joomla, this setup allows users to login using either their Active Directory password or the Wordpress password (specified while creating the Wordpress user).

phpBB
In case of phpBB (3.0.4), unlike the above products, the users can be authenticated only against one source ? either the Active Directory or the phpBB database. For this reason, while phpBB installation, the username of the admin user must match with the logon name of a Active Directory user. So if you opt for the username as admin, do not forget to create a user named admin in the Active Directory. After installation, login to the ACP (Administration Control Panel). Under 'Client Configuration' click on Authentication and fill in the following:

Select an authentication method: Ldap
LDAP server name: ad.pcqlinux.net
LDAP base dn: CN=User,DC=pcqlinux,DC=net
LDAP uid: sAMAccountName
LDAP user filder:
LDAP e-mail attribute: mail
LDAP user dn: CN=Administrator,CN=Users,DC=pcqlinux,DC=net
LDAP password: pass@word1

Click on submit.

phpList
For phpList we will use the adLDAP library (see above). The Active Directory authentication can be used for the list admins. Create a list admin by following 'Main page'>admins (under Administrator functions). Click on add new admin. For the username type in the Active Directory logon name (i.e. shekhar.govindarajan in our case). Setup other parameters as per your case.
Next, we will modify the phpList code in such a way that besides admin (the default list admin) all other list admins will be authenticated against the Active Directory. Assuming that you have already modified adLDAP.php file as explained above, copy this file to the subdirectory lists/admin of phpList. Next open the file named phplist_auth.inc, found in lists/admin /auth, in a text editor add the following line after

require_once dirname(__FILE__).'/../adLDAP.php';

Modify function validateLogin($login,$password) function, so that it looks as follows:

function validateLogin($login,$password) {
$adldap = new adLDAP();
$admindata = Sql_Fetch_Array_Query(sprintf('select password,disabled,id from %s where loginname = "%s"',$GLOBALS["tables"]["admin"],$login));
if ($admindata["disabled"]) {
return array(0,"your account has been disabled");
} elseif ($admindata[0] && (($login=="admin" && $admindata[0] == $password) || $adldap->authenticate($login,$password)) && strlen($admindata[0]) > 3) {
return array($admindata["id"],"OK");
} else {
return array(0,"invalid password");
}
return array(0,"Login failed");
}

Save the file. From now on, non 'admin' users will be authenticated against the Active Directory.

Take home
Last year with PCQLinux 2008 (bundled with the March 2008 issue of PCQuest) we had the appliances for CMS (Alfresco), web meeting (Webhuddle) and Messaging (Zimbra) authenticating against LDAP-based Fedora Directory Services. This time, in this article we looked at how to authenticate our own PHP applications with Active Directory.

We picked up popular open source, PHP-based products for CRM, CMS, Blog and discussion forums, and configured them to authenticate against Windows 2007 Active Directory. We went to the extent of modifying the code of an open source product (thanks to it being open source) for Active Directory authentication. We hope that we have given you enough meat to meet the central authentication nirvana with open source platform.