Fall back to DB authentication if LDAP fails

https://www.phpbb.com/ideas/
Post Reply
Author:
Loosus456
Posted:
Tue Nov 14, 2017 1:45 pm
Rating:
Status:
New
Ideas Bot
Registered User
Posts: 358
Joined: Sat Oct 13, 2012 10:06 am

Fall back to DB authentication if LDAP fails

Post by Ideas Bot » Tue Nov 14, 2017 1:45 pm

I recently setup phpBB with LDAP authentication. Everything was working fine.

We have an organization policy that requires us to change the passwords on service accounts (such as the service account that phpBB uses for LDAP authentication) every 90 days.

When the password on the service account was changed, I predictably could no longer login to phpBB using an LDAP account. However, this situation completely locked me out of phpBB. My only alternative was to manually go into the backend database to change the authentication method back to DB and to delete the cached PHP settings page.

Could we provide a new option that works something like this:
Attempt LDAP.
--If the LDAP connection is successful, authenticate the user against LDAP.
--If LDAP connection is unsuccessful, authenticate the user against DB.

This could be an opt-in setting in case an administrator doesn't want to use it for some reason.

For troubleshooting, we could indicate in the ACP which method was used to authenticate the user. For example, in the upper-left corner, it currently reads as follows:

You are logged in as:
admin [ Logout ][ ACP Logout ]


This could be changed to the following:

You are logged in as:
admin (LDAP) [ Logout ][ ACP Logout ]

User avatar
AmigoJack
Registered User
Posts: 4991
Joined: Tue Jun 15, 2010 11:33 am
Location: グリーン ヒル ゾーン
Contact:

Re: Fall back to DB authentication if LDAP fails

Post by AmigoJack » Wed Nov 15, 2017 8:41 am

That's more like a personal request than an idea helping everyone, as it doesn't honor all the other authentication methods. A better idea would be an ability to define multiple authentication methods in a given order, not bound to LDAP issues only.
The worst thing about censorship is ███████████

Loosus456
Registered User
Posts: 6
Joined: Tue Nov 14, 2017 2:41 am

Re: Fall back to DB authentication if LDAP fails

Post by Loosus456 » Wed Nov 15, 2017 8:53 pm

AmigoJack wrote:
Wed Nov 15, 2017 8:41 am
That's more like a personal request than an idea helping everyone, as it doesn't honor all the other authentication methods. A better idea would be an ability to define multiple authentication methods in a given order, not bound to LDAP issues only.
Whatever is fine as long as it accomplishes the above ideal.

What I think is interesting, though, is that you downvoted the entire idea rather than supporting the idea with above tweaks. It's been pretty eye-opening to see the attitudes of members of the phpBB community. It explains a lot about the current state of phpBB.

User avatar
KhurramMunawar
Registered User
Posts: 534
Joined: Tue Mar 25, 2014 2:20 am
Location: Islamabad, Pakistan
Name: Khurram Munawar
Contact:

Re: Fall back to DB authentication if LDAP fails

Post by KhurramMunawar » Wed Nov 15, 2017 9:19 pm

What I think is interesting, though, is that you downvoted the entire idea rather than supporting the idea with above tweaks. It's been pretty eye-opening to see the attitudes of members of the phpBB community. It explains a lot about the current state of phpBB.
Downvoting the idea is the right of phpBB community. We support for what we think is right for other phpBB users, and we dislike for what we think is not necessary for phpBB community.
As a phpBB user you have the same rights too, hence your attitude doesn't reflect the current state of phpBB. Your attitude only reflects you.
My forum:
DearHelper.org

Loosus456
Registered User
Posts: 6
Joined: Tue Nov 14, 2017 2:41 am

Re: Fall back to DB authentication if LDAP fails

Post by Loosus456 » Wed Nov 15, 2017 10:53 pm

KhurramMunawar wrote:
Wed Nov 15, 2017 9:19 pm

Downvoting the idea is the right of phpBB community. We support for what we think is right for other phpBB users, and we dislike for what we think is not necessary for phpBB community.
As a phpBB user you have the same rights too, hence your attitude doesn't reflect the current state of phpBB. Your attitude only reflects you.
Sure, it goes without saying that you can do or say whatever you want.

But no, the community explains the current state of phpBB. There is an enormous amount of negativity and reluctance to change with the times. As you said, this is just what I have repeatedly observed and may not be absolutely everyone's experience.

In any case, this isn't the place for this discussion and I will not further respond to you. Thanks.

User avatar
AmigoJack
Registered User
Posts: 4991
Joined: Tue Jun 15, 2010 11:33 am
Location: グリーン ヒル ゾーン
Contact:

Re: Fall back to DB authentication if LDAP fails

Post by AmigoJack » Thu Nov 16, 2017 7:56 am

Thought it would be obvious I downvoted for the reasons I stated, and the current idea (which can't be modified) is wrong. That's not negative, that's consistent.
The worst thing about censorship is ███████████

User avatar
Mick
Support Team Member
Support Team Member
Posts: 18114
Joined: Fri Aug 29, 2008 9:49 am
Location: Cardiff

Re: Fall back to DB authentication if LDAP fails

Post by Mick » Thu Nov 16, 2017 10:26 am

Loosus456 wrote:
Wed Nov 15, 2017 8:53 pm
What I think is interesting, though, is that you downvoted the entire idea rather than supporting the idea with above tweaks.
You have two choices and that’s democracy.
"The more connected we get the more alone we become" - Kyle Broflovski

There are no ‘threads’ in phpBB, they are topics.
Forza Garibaldi

Post Reply

Return to “phpBB Ideas”

Who is online

Users browsing this forum: Highgirl and 4 guests

cron