Ive posted here before but never received any responses.  I can no longer "sweep the issue under the carpet" so I must begin development very soon.....

I understand the built-in Active Directory authentication, but what I need to do is authenticate against a non-Active Directory LDAP setup.  Basically a server running OpenLDAP, the user password is encrypted and saved as a user attribute in the LDAP tree.

I cant figure out the best way to go about linking DNN up with this system.  I figure I have two choices: 1.  Create a login module that calls out to the LDAP system to see if the password is valid, and then log the user in if they are.  2.  Create a custom authentication provider that does the same, then just configure the site to use the custom provider.

The issues Ive run into with both approaches:

Approach #1.  Calling the LDAP system is trivial, Ive used components to do that before.  However, exactly what needs to be done to log the user into DNN?  I still need to declare group membership (we will be running modules that rely on data segregation based on users logging in), and I would want to save the user in the DNN userbase just for informational purposes.  How does one go about doing this programmatically?

Approach #2.  Ive opened the ADSIAuthenticationProvider project to look and see whats going on.  It looks quite complex, and I wouldnt know where to start to try and create my own provider.  I havent found any tutorials on how to do such a thing, as such Im beginning to think a custom module would be the easiest way to go....however, I would prefer the auth provider approach because then it (should) become a lot more reusable and modular (i.e. I can setup a different portal and just leave that auth provider set to the default).  *IF* I write a custom provider, what are the steps for "registering" (if any) it with the DNN system, and what steps would need to be taken to configure the portal to use the new provider?

This is really a stickler in our project, as the LDAP system is not going away anytime soon (although a migration to AD is planned, we all know how slowly things like that happen).  ANY (I mean ANY) help you can provide would be greatly appreciated.

Thanks in advance.
-Chris

Without meaning to trivialise the issue in any way, it seems to me that a rewrite of WindowsSignin.aspx might be the easiest way to achieve a seamless login.  That way you dont need to modify the core in any way; rather just point the site at WindowsSigninCustom.aspx.  It also means that you don't need to work through the authentication stuff.

I'm faced with a similar problem and have decided to look at one of two alternatives:

1.   Grab the Windows Login info and then query an (imported) database (from MS Exchange) (the only valid store of User data).  The advantage here is the ability to pick up Group information based on standard Email groups;

or

2.   Using CDO, query the Exchange Server to determine the user ID.

In both cases I dont need a password, as the User has already been authenticated through their standard Windows login.

I might point out that our use of AD (a historical problem) is rubbish and therefore I need to look at workarounds.

HTH in some way.

Steve T