Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By dshaw on
I'm looking to create a drupal website for my employer. We have a Windows environment. That is, everyone runs Windows (XP, 2003, etc) on their desktops. We all log into a global domain. Some people use IE, others Firefox, a few Opera, as their browser. The drupal site will probably run on a Unix (Solaris 9) server with Apache 2, PHP 4.4 and MySQL 5.0.
Company websites on the intranet manage to do single sign on. That is, once I've logged into the global domain on my PC, my credentials are passed to the website in question and I am allowed to view pages. (I'm not sure of the exact mechanism here: it might be related to NTLM or Kerberos or Windows Active Directory.)
I'd like to be able to do the same with the drupal website. Primarily because if users have to create an account and remember another password they are unlikely to use the site. Even if they can use a "remember me" function. Is this possible with drupal? If so, how do I go about it?
Comments
Related Stuff
I promise I did read some of the existing docs in this area, but they either didn't quite cover it or seemed a bit old. I'd really like to hear from people who've managed to get this to work and how they did it.
Existing Docs:
There are two modules which
There are two modules which could be handy in your situation - as to how you would go about configuring them in your particular environment, I would be at a loss to help remotely.
The LDAP module can be used to allow users to authenticate against any LDAP directory - which MS Active directory is one. I trialled this module, but found it to be very in depth and far more than I really need for intranet purposes.: http://drupal.org/project/ldap_integration
The one that did the trick for me was the Webserver Auth module: http://drupal.org/project/webserver_auth
In this case, I have a large Active Directory based website with single sign on. When a user opens up their browser it defaults to the intranet home page and they are logged in, as if by magic. The web server is a domain joined, Windows based machine though, so I can forsee you having some problems getting Solaris talking nicely.
It worked (finally)
I finally got this to work. Although the tricky stuff was the exact configuration of the the underlying NTLM authentication handler and not drupal.
So I have drupal 4.7.x, running on Solaris 9, with PHP 4.4.* and MySQL 5.0.* authenticating against a Windows domain controller.
I used the webserver_auth module. It just needs to be installed, enabled and an e-mail domain set and that's it. Underneath I hooked apache into NTLM authentication as described here. Note: I used the Apache2::AuthenNTLM handler (not mod_ntlm, etc.). The handler was a little tricky to configure.
And it works very well. While logged into our Windows domain on their PCs, our users simply browse to our website and they are authenticated automatically (no typing!). If they don't have an account one is created for them (again automatically). For MS IE there's nothing to do. For Firefox we had to modify the network.automatic-ntlm-auth.trusted-uris variable at about:config to include our website URL.