LDAP/Active Directory (not Azure or Entra ID)

My first link was to macareux digital. There’s a contact email at the bottom of that link. I thought he might be able to help you out with some of his experience with this issue.

You can’t ‘find a copy’ unless ExchangeCore sells it to you. It’s proprietary code still owned by ExchangeCore.

https://docs.exchangecore.com/c5ldap/release/license/

ExchangeCore LDAP Authentication was never migrated to the new marketplace because it’s not v9+ compatible.

If I were you, I’d contact support@exchangecore.com to see if they are planning on releasing a compatible version or can provide a direct sale to previous versions.

Well at the moment it looked like a relevant instructional blog post, so I didn’t get the impression they were directly involved with the addon itself. As such I didn’t notice the contact E-Mail and I missed that context of contacting them for assistant.

And yes, I’m fully willing to pay for this if that is an option, but I’m exploring any option available to me to get a copy of the addon.

The particular Concrete CMS installation is still using v8.5.x and the v9 aspect is not a blocker for us currently.

I have tried to contact exchangecore in multiple different ways, including that E-Mail address. The support@exchangecore.com address goes to a (formerly operational?) automated ticketing system. I know this because multiple years ago I E-Mailed it regarding a functionality question, it automatically created the ticket, and I forgot about the ticket all this time.

I can understand the (verification of) v9 compatibility aspect being a requirement for addons for the modern marketplace. However that is not a blocker for this particular project.

So yeah, thanks for the help here folks and hopefully we can figure something out for getting a copy of that addon. Again, fully willing to pay if that option is available but I am open to other options for this addon too.

There are at least a few projects which might be used as a foundation for rolling your own solution if that’s an option:

• GitHub - SimonEast/concrete5-windows-single-signon-sso: Some intial proof-of-concept code for implementing transparent pass-through authentication (SSO) from Windows machines into concrete5 via LDAP/ActiveDirectory/Kerberos
• GitHub - marcokuoni/azure_active_directory: Authorize with Azure Active DIrectory

I really am hoping to just get a copy of the ExchangeCore addon as it already has all of this written. The ecosystem doesn’t currently have any SSO protocols active so that’s added time cost in just setting those aspects up, in addition to “rolling your own solution” as you speak to. Rolling my own solution really is not feasible in the near future at all.

Additionally, I already mentioned Azure anything (in case your second link, Azure Active Directory) is not in scope and is not acceptable for this particular implementation and environment.

Direct LDAP and Active Directory interfacing on-premises is still a very commonplace thing in IT environments globally. The upside to trying to get access to that ExchangeCore package again isn’t just for me but for other people in the future too that need the same thing.

Today I am primarily concerned with my own interests, but it also seems extremely beneficial to the greater community for this particular addon to become available to the community at large with the understanding of it being provided “as-is”. Yes it has been outlined it’s not validated against Concrete CMS v9.x+, but there’s a very high probability it “just works” anyways.

Either way, still interested in trying to get my grubby mits on the ExchangeCore AD/LDAP addon one way or another.

I didn’t read all the comments on this thread, but someone mentioned me, so I replied to the most important point.

By all appearances that add-on would be from macareux digital. @hissy may be able to help you find a copy of the addon!!

No, it’s not our add-on.

The rights are owned by Joe at ExchangeCore.

Yes, it’s developed by ExchangeCore.

Hi, @BloodyIron , I’m another customer of that ExchangeCore’s add-on. I also tried several ways to contact them, but I couldn’t receive any response from them. So we (@MacareuxDigital) decided to develop a similar package, and it’s already done. We’re now developing a migration script to move all data from EC LDAP add-on to our alternative add-on. If everything is done, we’ll submit the add-on to the marketplace, so please wait a while if you can.

Any chance you have some sort of ETA/Roadmap? How long-ish is a piece of string, er I mean “a while”? Trying to get some sort of realistic perspective here.

Also, yay! What can you tell me about that package in terms of capabilities? There were other features in that package we planned to take advantage of in the future.

I don’t know about your requirements, but our package has enough features for our customers. I believe it’ll be on the marketplace soon because we have already used it as a beta version for our projects. Anyway, our team is in the new-year holiday season, so I’ll update information next week.

I look forward to the updated info! Thanks for chiming in I’m excited!

Oh a few questions if you don’t mind about the package you speak to:

1. Can it handle interfacing with multiple LDAP/AD Domain Controllers/endpoints/servers?
2. Are there controls for encryption modes, certificate settings, and aspects like that?
3. Is it possible for groups and users to sync without a user logging in first? (or any other details you can share on related aspects?)
4. Is it possible to define the User->ID mapping mechanism/method when mapping an LDAP/AD user to the UserID in Concrete CMS?
5. Is there a way to sync the User Avatar/Logo/Image from LDAP/AD into Concrete CMS? (and have it check/update each time a user logs in?)
6. Can it work with Concrete CMS v8.5.x?

I’ll take whatever answers you can share, few, many, whatever, thanks again for your time!

As per @andrew 's direction in this github issue comment ( LDAP and Active Directory capabilities? Or bring back the plugin that was providing it? · Issue #12382 · concretecms/concretecms · GitHub ), I’d like to request that @EvanCooper see if they can retrieve the particular addon from the old marketplace please.

I’m afraid we can’t bring back the old unsupported Concrete v8.x LDAP extension that was created by ExchangeCore.

You’ll have to explore one of the other options mentioned.

Even if I’m willing to pay fair and square?

It looks to me like your best bet is to work with hissy. If you’re trying to pay for something, perhaps ask him - as he is writing code he owns and will most likely maintain for the foreseeable future.

I feel your frustration, but it wouldn’t be fair for me to sell you someone else’s old unsupported code for a legacy version of Concrete. You’re welcome to use whatever code you’ve purchased from us and downloaded indefinitely. Also bear in mind, we only provide critical security updates for 8.x at this point, and that won’t last forever either.

I wish I could help more, but I think hissy’s new extension is your best path for a solid solution.

Yeah I hear you on the pros/cons of an older extension like that, and for the ExchangeCore addon I’d be willing to take on those pros/cons. Namely as it’s compatible with the version actually being ran v8.5.x

And I do hear you about the whole state of updates for v8.x. I’m not trying to completely stick my head in the sand and ignore those aspects. It’s more that I have to juggle priorities and updating the blockers to v9.3.x or similar is not achievable until further ahead in time. The LDAP/AD interfacing is significantly higher priority.

I will bring the relevant system to v9.x/onward, for all the right reasons (including delicious features) but that’s not yet.

I look forward to hearing what @hissy can share on the matter, but otherwise I’m still stuck in the mud here

Also, thanks to everyone chiming in here and doing what they can to help. It’s really appreciated!

Any news @hissy ? 20char 20char

Hi, this is Biplob from Macareux Digital Inc., Japan. Let me address your questions:

1. Multiple LDAP/AD Domains

Yes, it supports interfacing with multiple LDAP/AD domains. You can select the desired domain from the login menu. Additionally, this can be customized to meet your specific requirements by overriding the view.

2. Encryption Modes and Certificate Settings

Yes, there are controls for various options, including encryption modes, certificate settings, and other related configurations.

3. Group and User Synchronization Without Login

Groups can be imported using CSV, and group mapping can be configured from the dashboard. Users are automatically assigned to the appropriate groups upon login. For a specific project, we’ve implemented an automated job to sync users before login with a particular provider. However, this functionality does not work with all providers, and you may need to implement a custom solution for your use case.

4. User-to-ID Mapping

You can define user attribute mappings, including the unique identifier, when mapping an LDAP/AD user to the UserID in Concrete CMS.

5. Syncing User Avatar/Logo/Image

We have not previously attempted to sync the User Avatar/Logo/Image from LDAP/AD into Concrete CMS. However, this could potentially be implemented as a custom feature if needed.

6. Compatibility with Concrete CMS Versions

Yes, it is compatible with both Concrete CMS v8.5.x and v9.x.

Currently, we are very busy with in-house projects. Please allow us a couple of weeks to prepare and submit this to the marketplace.

If you need it urgently, please feel free to contact @hissy .

Thank you for your patience and understanding!

Okay some questions and misunderstandings:

1. I specifically meant Domain… CONTROLLERS. So it’s neat to hear it can support multiple domains (I hadn’t even considered that so hmm). BUT for this particular use-case it’s a single Domain with multiple Domain Controllers. So can this package work with multiple Domain Controllers for graceful fail-over of authentication? (if one or multiple of the DCs are offline but one or more of the DCs are online).
2. Groups imported via CSV is really clunky. Is there any way to have Groups from the LDAP query scope just automatically provision from the LDAP/AD domain into Concrete CMS? Creating new groups on the domain side and forgetting to import them via CSV into Concrete CMS is probably going to happen, so an automated provisioning component really is needed here. Is that possible or going to be possible?
3. For the User-to-ID Mapping you speak of, is it possible to have the UserID in ConcreteCMS (when the user is provisioned in CMS from AD/LDAP) match the SID of the user in AD/LDAP? As in, instead of just using the serialised incremented ID in Concrete CMS, make it be a GUID (in this case SID)? This has a good chance of mattering for consistency across multiple Concrete CMS systems, maybe.
4. Yeah we really do need User Avatar/Logo/Image sync, even with updates, from AD/LDAP into Concrete CMS. So not just the first time a user is provisioned, but any time the user updates their graphic on the AD/LDAP we would need that updated in Concrete CMS immediately too, or something like that.
5. Yay to compatibility!
6. What is the price going to be?

I can wait a couple of weeks so long as this is a for sure thing.

I greatly appreciate your engagement here! Thanks!

So… any chance I can get an update from @hissy or @biplob ? Still waiting here

Yeah I’m REALLY needing a solution here. This is about to be a total-show-blocker for me not having an LDAP/AD integration mechanism. Can I get any sort of status update please @hissy or @biplob ?