Single Sign-On with a Domain Controller

tleeson's picture

Hey,

I'm a computer programming student working at a local library for the summer. I was asked to build an intranet website using Drupal, and I've hit a bit of a snag when it comes to the authentication.

They've asked me to set up a Single Sign-On system, wherein employees that log into their staff stations are automatically logged in to the staff intranet website. I've learned from the IT workers (the library outsources their IT to another company) that the authentication is done using a Domain Controller. The server runs on Apache, not sure of the OS at this point. (I think it might be linux...) We're on Drupal 5.7.

Has anyone had any experience with this sort of thing? What steps did you take?

Comments

You can use LDAP to

highermath's picture

You can use LDAP to authenticate against a Windows domain.

Single sign on is much more difficult to accomplish. As much as I avoid the Drupal/IIS combo, it would probably be much easier to keep the authentication within the purview of Windows using IIS. Unless there is a single sign-on solution in place at your library, that would be my suggestion.

Thanks for the reply

tleeson's picture

The server is running on Apache, so IIS is a no go. I've found a guide, and I'm waiting on that to be set up (located here: http://drupal.org/node/44718?destination=node%2F44718 ). I'm going to give that a go, and see how it works.

As far as the LDAP, I'm not sure if it'll work, but I'll definitely look into it.

Thanks,

Tom.

Hmmm

mikeybusiness's picture

They've asked me to set up a Single Sign-On system, wherein employees that log into their staff stations are automatically logged in to the staff intranet website.

I think this is one of those things that seems easy in theory but is a little trickier to do in reality. It might be impossible considering that you are not a domain admin.

I have a maybe semi-solution but it doesn't exactly answer your question. There may be other ways to do something better.

Being that not everyone needs to create content, plus computers may be shared between staff or whatever, you could allow anonymous to see the site on the internal network. If someone wanted to create content, they would log in. You could also lock out patrons by a group policy keeping the intranet visible only to staff.

Is the goal to allow staff to see content while keeping out patrons or to make it easier on staff with one less login?

Libraries

Group organizers

Group categories

Resources

Group events

Add to calendar

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds: